unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: certbot selinux and rsync

Browse Source 
- fix rsync to use 755 permissions
- add rsync selinux booleans
This commit is contained in:
Ben Vincent 2024-07-08 23:17:38 +10:00
parent 899e2cbf49
commit d9a2966ffd
2 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
modules/certbot/manifests/selinux.pp
View File

@ -17,6 +17,18 @@ class certbot::selinux (
persistent => true, persistent => true,
value => 'on', value => 'on',
} }
selboolean { 'rsync_client':
persistent => true,
value => 'on',
}
selboolean { 'rsync_export_all_ro':
persistent => true,
value => 'on',
}
selboolean { 'rsync_full_access':
persistent => true,
value => 'on',
}
exec { "restorecon_${data_root}/pub": exec { "restorecon_${data_root}/pub":
path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'], path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],

4
modules/certbot/templates/certbot-syncer.service.epp
View File

@ -3,8 +3,6 @@ Description=certbot-syncer service
[Service] [Service]
Type=oneshot Type=oneshot
ExecStart=/usr/bin/rsync --chmod=D2755,F644 -aL /etc/letsencrypt/live/ <%= $data_root %>/pub/ ExecStart=/usr/bin/rsync --chmod=755 -aL /etc/letsencrypt/live/ <%= $data_root %>/pub/
User=root User=root
Group=root Group=root
PermissionsStartOnly=false
PrivateTmp=no