From d293fc15606614a6476d5aa03b81ef820b6c9674 Mon Sep 17 00:00:00 2001
From: Grant Slater <github@firefishy.com>
Date: Tue, 20 Dec 2022 18:34:25 +0000
Subject: [PATCH] community: container definitions should not be world readable

---
 cookbooks/community/recipes/default.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/cookbooks/community/recipes/default.rb b/cookbooks/community/recipes/default.rb
index f3888c61a..08f316d68 100644
--- a/cookbooks/community/recipes/default.rb
+++ b/cookbooks/community/recipes/default.rb
@@ -58,7 +58,7 @@ template "/srv/community.openstreetmap.org/docker/containers/data.yml" do
   source "data.yml.erb"
   owner "root"
   group "root"
-  mode "644"
+  mode "640"
   variables :passwords => passwords
   notifies :run, "execute[discourse_container_data_rebuild]"
 end
@@ -67,7 +67,7 @@ template "/srv/community.openstreetmap.org/docker/containers/web_only.yml" do
   source "web_only.yml.erb"
   owner "root"
   group "root"
-  mode "644"
+  mode "640"
   variables :license_keys => license_keys, :passwords => passwords
   notifies :run, "execute[discourse_container_web_only_bootstrap]"
 end
@@ -76,7 +76,7 @@ template "/srv/community.openstreetmap.org/docker/containers/mail-receiver.yml"
   source "mail-receiver.yml.erb"
   owner "root"
   group "root"
-  mode "644"
+  mode "640"
   variables :passwords => passwords
   notifies :run, "execute[discourse_container_mail_receiver_rebuild]"
 end
-- 
2.39.5