fix(powerdns-tsig-key): fix permissions on files for nicer integration with lego

2024-05-19 20:39:05 +02:00
parent e7886d8c98
commit eab7b7e915
1 changed files with 4 additions and 4 deletions
--- a/roles/powerdns_tsig_key/tasks/main.yml
+++ b/roles/powerdns_tsig_key/tasks/main.yml
@@ -29,7 +29,7 @@
    state: directory
    owner: "{{ powerdns_tsig_key_path_owner | default(omit) }}"
    group: "{{ powerdns_tsig_key_path_group | default(omit) }}"
-    mode: "u+rwX,g-rwx,o-rwx"
+    mode: "u+rwX,g+rX"
    recurse: true
 - name: Ensure a TSIG key is configured and persisted
@@ -55,7 +55,7 @@
        (powerdns_tsig_key_name ~ '. ' ~ powerdns_tsig_key_algo ~ '. ')
        not in powerdns_tsig_key_powerdns_info.stdout
      delegate_to: "{{ powerdns_tsig_key_hostname }}"
-      register: powerdns_tsig_key_powerdns_generated_key
+      register: powerdns_tsig_key_powerdns_generated_tsig_key
      throttle: 1
      become: true
@@ -82,11 +82,11 @@
        dest: "{{ powerdns_tsig_key_path }}"
        owner: "{{ powerdns_tsig_key_path_owner | default(omit) }}"
        group: "{{ powerdns_tsig_key_path_group | default(omit) }}"
-        mode: "0600"
+        mode: "0640"
 - name: Ensure TSIG key permissions on {{ powerdns_tsig_key_path }} are correct
  ansible.builtin.file:
    path: "{{ powerdns_tsig_key_path }}"
    owner: "{{ powerdns_tsig_key_path_owner | default(omit) }}"
    group: "{{ powerdns_tsig_key_path_group | default(omit) }}"
-    mode: "0600"
+    mode: "u+rwX,g+rwX"