From 0a11ab74d09a0aa7b886f4ac688ef3c3255f1ff1 Mon Sep 17 00:00:00 2001
From: John Jarvis <john@jarv.org>
Date: Fri, 15 Nov 2013 18:57:09 -0500
Subject: [PATCH] gnupg dir needs to be owned by the web user

Unfortunately this is necessary since temp files are written to this dir
---
 playbooks/roles/certs/tasks/main.yml | 15 +++------------
 1 file changed, 3 insertions(+), 12 deletions(-)

diff --git a/playbooks/roles/certs/tasks/main.yml b/playbooks/roles/certs/tasks/main.yml
index 9daa749..1e99863 100644
--- a/playbooks/roles/certs/tasks/main.yml
+++ b/playbooks/roles/certs/tasks/main.yml
@@ -57,7 +57,7 @@
 - name: certs | create certs gpg dir
   file: >
     path="{{ certs_gpg_dir }}" state=directory
-    owner="{{ certs_user }}" group="{{ certs_user }}"
+    owner="{{ common_web_user }}"
     mode=0700
   notify: certs | restart certs
 
@@ -65,7 +65,7 @@
   copy: >
     src={{ CERTS_LOCAL_PRIVATE_KEY }}
     dest={{ certs_app_dir }}/{{ CERTS_LOCAL_PRIVATE_KEY|basename }}
-    owner={{ certs_user }} mode=0600
+    owner={{ common_web_user }} mode=0600
   notify: certs | restart certs
   register: certs_gpg_key
 
@@ -73,19 +73,10 @@
 - name: certs | load the gpg key
   shell: >
     /usr/bin/gpg --homedir {{ certs_gpg_dir }} --import {{ certs_app_dir }}/{{ CERTS_LOCAL_PRIVATE_KEY|basename }}
-  sudo_user: "{{ certs_user }}"
+  sudo_user: "{{ common_web_user }}"
   when: certs_gpg_key.changed
   notify: certs | restart certs
 
-- name: certs | set permission to the certs_gpg_dir so that it can be read by the web user
-  file: >
-    path={{ certs_gpg_dir }}
-    owner={{ certs_user }}
-    group={{ common_web_user }}
-    mode=0640 recurse=yes
-    state=directory
-  notify: certs | restart certs
-
 - include: deploy.yml
 
 - name: certs | create a symlink for venv python
--
libgit2 0.26.0