From ba171135b1d6166a41a02a5aae0dd6f69b5f6965 Mon Sep 17 00:00:00 2001
From: Jeltz <tom.barthe+aurore@ens-paris-saclay.fr>
Date: Wed, 10 Mar 2021 03:27:19 +0100
Subject: [PATCH] Add explicit permissions for nftables config

---
 roles/nftables_router/tasks/main.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/nftables_router/tasks/main.yml b/roles/nftables_router/tasks/main.yml
index ac00d92..6d58a18 100644
--- a/roles/nftables_router/tasks/main.yml
+++ b/roles/nftables_router/tasks/main.yml
@@ -19,6 +19,9 @@
   template:
     src: "{{ item }}.j2"
     dest: "/etc/{{ item }}"
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=
   loop:
     - nftables.d/10-vars.conf
     - nftables.d/20-blacklist.conf