From a16208b1c3f78e7bdb353bf59faa0cdc1921cd0f Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <ynerant@crans.org>
Date: Sat, 2 Jan 2021 21:47:21 +0100
Subject: [PATCH] [nginx] Add template permissions

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
---
 roles/nginx/tasks/main.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 061f1992..87721eae 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -11,6 +11,9 @@
   template:
     src: "nginx/snippets/{{ item }}.j2"
     dest: "/etc/nginx/snippets/{{ item }}"
+    owner: root
+    group: root
+    mode: 0644
   loop:
     - options-ssl.conf
     - options-proxypass.conf
@@ -19,6 +22,9 @@
   template:
     src: letsencrypt/dhparam.j2
     dest: /etc/letsencrypt/dhparam
+    owner: root
+    group: root
+    mode: 0644
 
 - name: Disable default site
   file:
@@ -30,6 +36,8 @@
   template:
     src: "nginx/sites-available/{{ item }}.j2"
     dest: "/etc/nginx/sites-available/{{ item }}"
+    owner: root
+    group: root
     mode: 0644
   loop:
     - reverseproxy
@@ -42,6 +50,8 @@
   file:
     src: "/etc/nginx/sites-available/{{ item }}"
     dest: "/etc/nginx/sites-enabled/{{ item }}"
+    owner: root
+    group: root
     state: link
   loop:
     - reverseproxy
@@ -55,6 +65,8 @@
   template:
     src: "nginx/sites-available/service.j2"
     dest: "/etc/nginx/sites-available/service"
+    owner: root
+    group: root
     mode: 0644
   notify: Reload nginx
 
@@ -63,6 +75,8 @@
   file:
     src: "/etc/nginx/sites-available/service"
     dest: "/etc/nginx/sites-enabled/service"
+    owner: root
+    group: root
     state: link
   notify: Reload nginx
   ignore_errors: "{{ ansible_check_mode }}"
-- 
GitLab