From 67aa31cf1874806f33c997df8d9fa0ce9eefa351 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thorben=20G=C3=BCnther?= <admin@xenrox.net>
Date: Mon, 13 Feb 2023 22:43:18 +0100
Subject: [PATCH] prometheus: Config file should not be world readable

There are multiple secrets contained inside.
---
 roles/prometheus/tasks/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml
index 6362293..1163194 100644
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@@ -19,8 +19,8 @@
     src: prometheus.yml.j2
     dest: /etc/prometheus/prometheus.yml
     owner: root
-    group: root
-    mode: 0644
+    group: prometheus
+    mode: 0640
   notify: Reload prometheus
 
 - name: Install cli configuration
-- 
2.44.0