From feaccbdd7542851a31834f55a0aac2bd867cadd2 Mon Sep 17 00:00:00 2001
From: Jelle van der Waa <jelle@archlinux.org>
Date: Sat, 2 Jan 2021 16:51:37 +0100
Subject: [PATCH] Install systemd service/timer as 644

Resolve warning from systemd that setting service/timer files to 600
is useless, as systemd still makes them accessible via APIs without
restrictions.

Closes: #222
---
 roles/prometheus_exporters/tasks/main.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/roles/prometheus_exporters/tasks/main.yml b/roles/prometheus_exporters/tasks/main.yml
index 90d7ea42..098d8d3a 100644
--- a/roles/prometheus_exporters/tasks/main.yml
+++ b/roles/prometheus_exporters/tasks/main.yml
@@ -61,20 +61,20 @@
     - archive-textcollector.sh
 
 - name: install arch textcollector service
-  template: src=prometheus-arch-textcollector.service.j2 dest=/etc/systemd/system/prometheus-arch-textcollector.service owner=root group=root mode=600
+  template: src=prometheus-arch-textcollector.service.j2 dest=/etc/systemd/system/prometheus-arch-textcollector.service owner=root group=root mode=644
 
 - name: install arch textcollector timer
-  template: src=prometheus-arch-textcollector.timer.j2 dest=/etc/systemd/system/prometheus-arch-textcollector.timer owner=root group=root mode=600
+  template: src=prometheus-arch-textcollector.timer.j2 dest=/etc/systemd/system/prometheus-arch-textcollector.timer owner=root group=root mode=644
 
 - name: enable and start prometheus arch textcollector timer
   systemd: name=prometheus-arch-textcollector.timer enabled=yes daemon_reload=yes state=started
 
 - name: install borg textcollector service
-  template: src=prometheus-borg-textcollector.service.j2 dest=/etc/systemd/system/prometheus-borg-textcollector.service owner=root group=root mode=600
+  template: src=prometheus-borg-textcollector.service.j2 dest=/etc/systemd/system/prometheus-borg-textcollector.service owner=root group=root mode=644
   when: "'borg_clients' in group_names"
 
 - name: install borg textcollector timer
-  template: src=prometheus-borg-textcollector.timer.j2 dest=/etc/systemd/system/prometheus-borg-textcollector.timer owner=root group=root mode=600
+  template: src=prometheus-borg-textcollector.timer.j2 dest=/etc/systemd/system/prometheus-borg-textcollector.timer owner=root group=root mode=644
   when: "'borg_clients' in group_names"
 
 - name: enable and start prometheus borg textcollector timer
@@ -86,11 +86,11 @@
   when: "'prometheus' in group_names"
 
 - name: install rebuilderd textcollector service
-  template: src=prometheus-rebuilderd-textcollector.service.j2 dest=/etc/systemd/system/prometheus-rebuilderd-textcollector.service owner=root group=root mode=600
+  template: src=prometheus-rebuilderd-textcollector.service.j2 dest=/etc/systemd/system/prometheus-rebuilderd-textcollector.service owner=root group=root mode=644
   when: "'rebuilderd' in group_names"
 
 - name: install rebuilderd textcollector timer
-  template: src=prometheus-rebuilderd-textcollector.timer.j2 dest=/etc/systemd/system/prometheus-rebuilderd-textcollector.timer owner=root group=root mode=600
+  template: src=prometheus-rebuilderd-textcollector.timer.j2 dest=/etc/systemd/system/prometheus-rebuilderd-textcollector.timer owner=root group=root mode=644
   when: "'rebuilderd' in group_names"
 
 - name: enable and start prometheus rebuilderd textcollector timer
@@ -98,11 +98,11 @@
   when: "'rebuilderd' in group_names"
 
 - name: install rebuilderd textcollector service
-  template: src=prometheus-archive-textcollector.service.j2 dest=/etc/systemd/system/prometheus-archive-textcollector.service owner=root group=root mode=600
+  template: src=prometheus-archive-textcollector.service.j2 dest=/etc/systemd/system/prometheus-archive-textcollector.service owner=root group=root mode=644
   when: "'archive_mirrors' in group_names or inventory_hostname == 'gemini.archlinux.org'"
 
 - name: install rebuilderd textcollector timer
-  template: src=prometheus-archive-textcollector.timer.j2 dest=/etc/systemd/system/prometheus-archive-textcollector.timer owner=root group=root mode=600
+  template: src=prometheus-archive-textcollector.timer.j2 dest=/etc/systemd/system/prometheus-archive-textcollector.timer owner=root group=root mode=644
   when: "'archive_mirrors' in group_names or inventory_hostname == 'gemini.archlinux.org'"
 
 - name: enable and start prometheus archive textcollector timer
-- 
GitLab