Install systemd service/timer as 644

Resolve warning from systemd that setting service/timer files to 600 is useless, as systemd still makes them accessible via APIs without restrictions. Closes: #222

Install systemd service/timer as 644
Resolve warning from systemd that setting service/timer files to 600 is useless, as systemd still makes them accessible via APIs without restrictions. Closes: #222
feaccbdd · Jelle van der Waa · 11e26b39 · feaccbdd
Verified Commit feaccbdd authored Jan 02, 2021 by Jelle van der Waa 🚧
--- a/roles/prometheus_exporters/tasks/main.yml
+++ b/roles/prometheus_exporters/tasks/main.yml
@@ -61,20 +61,20 @@
    - archive-textcollector.sh

 - name: install arch textcollector service
-  template: src=prometheus-arch-textcollector.service.j2 dest=/etc/systemd/system/prometheus-arch-textcollector.service owner=root group=root mode=600
+  template: src=prometheus-arch-textcollector.service.j2 dest=/etc/systemd/system/prometheus-arch-textcollector.service owner=root group=root mode=644

 - name: install arch textcollector timer
-  template: src=prometheus-arch-textcollector.timer.j2 dest=/etc/systemd/system/prometheus-arch-textcollector.timer owner=root group=root mode=600
+  template: src=prometheus-arch-textcollector.timer.j2 dest=/etc/systemd/system/prometheus-arch-textcollector.timer owner=root group=root mode=644

 - name: enable and start prometheus arch textcollector timer
  systemd: name=prometheus-arch-textcollector.timer enabled=yes daemon_reload=yes state=started

 - name: install borg textcollector service
-  template: src=prometheus-borg-textcollector.service.j2 dest=/etc/systemd/system/prometheus-borg-textcollector.service owner=root group=root mode=600
+  template: src=prometheus-borg-textcollector.service.j2 dest=/etc/systemd/system/prometheus-borg-textcollector.service owner=root group=root mode=644
  when: "'borg_clients' in group_names"

 - name: install borg textcollector timer
-  template: src=prometheus-borg-textcollector.timer.j2 dest=/etc/systemd/system/prometheus-borg-textcollector.timer owner=root group=root mode=600
+  template: src=prometheus-borg-textcollector.timer.j2 dest=/etc/systemd/system/prometheus-borg-textcollector.timer owner=root group=root mode=644
  when: "'borg_clients' in group_names"

 - name: enable and start prometheus borg textcollector timer
@@ -86,11 +86,11 @@
  when: "'prometheus' in group_names"

 - name: install rebuilderd textcollector service
-  template: src=prometheus-rebuilderd-textcollector.service.j2 dest=/etc/systemd/system/prometheus-rebuilderd-textcollector.service owner=root group=root mode=600
+  template: src=prometheus-rebuilderd-textcollector.service.j2 dest=/etc/systemd/system/prometheus-rebuilderd-textcollector.service owner=root group=root mode=644
  when: "'rebuilderd' in group_names"

 - name: install rebuilderd textcollector timer
-  template: src=prometheus-rebuilderd-textcollector.timer.j2 dest=/etc/systemd/system/prometheus-rebuilderd-textcollector.timer owner=root group=root mode=600
+  template: src=prometheus-rebuilderd-textcollector.timer.j2 dest=/etc/systemd/system/prometheus-rebuilderd-textcollector.timer owner=root group=root mode=644
  when: "'rebuilderd' in group_names"

 - name: enable and start prometheus rebuilderd textcollector timer
@@ -98,11 +98,11 @@
  when: "'rebuilderd' in group_names"

 - name: install rebuilderd textcollector service
-  template: src=prometheus-archive-textcollector.service.j2 dest=/etc/systemd/system/prometheus-archive-textcollector.service owner=root group=root mode=600
+  template: src=prometheus-archive-textcollector.service.j2 dest=/etc/systemd/system/prometheus-archive-textcollector.service owner=root group=root mode=644
  when: "'archive_mirrors' in group_names or inventory_hostname == 'gemini.archlinux.org'"

 - name: install rebuilderd textcollector timer
-  template: src=prometheus-archive-textcollector.timer.j2 dest=/etc/systemd/system/prometheus-archive-textcollector.timer owner=root group=root mode=600
+  template: src=prometheus-archive-textcollector.timer.j2 dest=/etc/systemd/system/prometheus-archive-textcollector.timer owner=root group=root mode=644
  when: "'archive_mirrors' in group_names or inventory_hostname == 'gemini.archlinux.org'"

 - name: enable and start prometheus archive textcollector timer