From d5cd31eb3ac20112916f8348104d56a554b0ce6c Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Fri, 19 Feb 2021 20:13:10 +0200
Subject: [PATCH] Match the permissions of the private key.

In the renew-certs playbook the permissions are 444, but 644 in the
debian_server role. Settle on 444.
---
 roles/debian_server/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/debian_server/tasks/main.yml b/roles/debian_server/tasks/main.yml
index df12fda..578f4ca 100644
--- a/roles/debian_server/tasks/main.yml
+++ b/roles/debian_server/tasks/main.yml
@@ -177,7 +177,7 @@
 
 - name: Make sure the private key is accessible
   file:
-    mode: 0o0644
+    mode: 0o0444
     path: /var/ssl/site.key
     state: file
 
-- 
GitLab