From fb25b52e7a650ee9121cd0e2f9834d18b846b8c6 Mon Sep 17 00:00:00 2001
From: Ian Fijolek <ian@iamthefij.com>
Date: Fri, 14 Apr 2023 14:23:58 -0700
Subject: [PATCH] Restrict permissions to wesher config

---
 ansible_playbooks/wesher.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ansible_playbooks/wesher.yml b/ansible_playbooks/wesher.yml
index ee183f4..0e5b2e0 100644
--- a/ansible_playbooks/wesher.yml
+++ b/ansible_playbooks/wesher.yml
@@ -39,6 +39,8 @@
         create: true
         regexp: "^{{ item.split('=')[0] }}"
         line: "{{ item }}"
+        owner: root
+        mode: "0600"
       loop:
         - WESHER_CLUSTER_KEY={{ wesher_key }}
         - WESHER_JOIN={% for host in ansible_play_hosts %}{{ hostvars[host].ansible_default_ipv4.address }}{% if not loop.last %},{% endif %}{% endfor %}