From 312745399f8a7e6720f3e4a47d5fb1aa3247e012 Mon Sep 17 00:00:00 2001
From: Michele Azzolari <michele@azzolari.it>
Date: Sun, 3 Dec 2023 06:56:39 +0100
Subject: [PATCH] use more strict permissions on files

---
 tasks/theo-agent.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/tasks/theo-agent.yml b/tasks/theo-agent.yml
index 80138dc..4cc3960 100644
--- a/tasks/theo-agent.yml
+++ b/tasks/theo-agent.yml
@@ -70,23 +70,25 @@
     path: "{{ theo_agent_cache_dir }}"
     state: directory
     owner: "{{ theo_agent_user }}"
-    mode: 0755
+    mode: 0700
 
 - name: Create config directory
   file:
     path: "{{ theo_agent_config_dir }}"
     state: directory
-    mode: 0755
+    mode: 0700
 
 - name: Create config file
   template:
     src: config.yml.j2
     dest: "{{ theo_agent_config_path }}"
-    mode: 0644
+    owner: "{{ theo_agent_user }}"
+    mode: 0600
 
 - name: Create public key file
   copy:
     dest: "{{ theo_agent_public_key_path }}"
-    mode: 0644
+    owner: "{{ theo_agent_user }}"
+    mode: 0600
     content: "{{ theo_agent_public_key }}"
   when: theo_agent_verify_signature|bool