From aaebdd2839b88f6d75252817cb9209ea017b1ba7 Mon Sep 17 00:00:00 2001
From: Paul Brinkmeier <hallo@pbrinkmeier.de>
Date: Mon, 12 Sep 2022 20:29:43 +0200
Subject: [PATCH] Make docker config files unreadable

---
 ansible/misc-docker.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ansible/misc-docker.yaml b/ansible/misc-docker.yaml
index a67d6e9..d8dba26 100644
--- a/ansible/misc-docker.yaml
+++ b/ansible/misc-docker.yaml
@@ -6,6 +6,10 @@
       copy:
         src: ../docker
         dest: /etc/pbri
+        # Files should inaccessible to non-root users.
+        mode: u=rw,g=,o=
+        # Directories should be listable
+        directory_mode: u=rwx,g=rx,o=rx
     - name: Create global docker volumes
       become: yes
       docker_volume: