JensWH/netz39-infra-ansible
1
0
Fork 0
forked from Netz39_Admin/netz39-infra-ansible
Code Pull requests Activity

🚑 pottwal: Change group of prosody certs dir

Browse source 
prosody runs as unpriviledged user inside of its docker container with
this uid/gid:

    root@676f7272aaa6:/etc/prosody# id prosody
    uid=101(prosody) gid=102(prosody) groups=102(prosody),101(ssl-cert)

The certs dir has 0750 permissions and thus the process can not access
it and finds no certs, leading to stream errors for s2s and c2s
connections.  We can not use group name, because the same group has a
different gid on the host.  Numerical is fine (even if ansible needs
this as a string, `chown` seems to know how to handle this).

References: !119
Signed-off-by: Alexander Dahl <alex@netz39.de>
This commit is contained in:
Alexander Dahl 2023-01-02 17:53:25 +01:00
parent fca99114a4
commit 0e0e93d880
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
host-pottwal.yml
View file

@ -135,6 +135,8 @@
ansible.builtin.file:
path: "{{ prosody_config_dir }}/certs"
state: directory
# group 'ssl-cert' inside of the container
group: "101"
mode: 0750
- name: Ensure prosody conf.avail dir exists