From b12d697e79e2b76c656b328067476bddf40360d7 Mon Sep 17 00:00:00 2001
From: Paul Belanger <pabelanger@redhat.com>
Date: Fri, 15 Feb 2019 17:20:50 -0500
Subject: [PATCH] Default borgmatic_file_config_yaml_mode: 0640

It is possible to add secrets to the configuration file, as a result
don't allow world readable.

Change-Id: I32ce383759c48a88431dd753ddcdec0a2e7f49db
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
---
 defaults/main.yaml          | 2 +-
 molecule/tests/test_role.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yaml b/defaults/main.yaml
index 80836a5..86883e9 100644
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@@ -25,7 +25,7 @@ borgmatic_user_home: /root
 borgmatic_file_config_yaml_dest:
   "{{ borgmatic_user_home }}/.config/borgmatic/config.yaml"
 borgmatic_file_config_yaml_group: "{{ borgmatic_user_group }}"
-borgmatic_file_config_yaml_mode: 0644
+borgmatic_file_config_yaml_mode: 0640
 borgmatic_file_config_yaml_owner: "{{ borgmatic_user_name }}"
 borgmatic_file_config_yaml_src: root/.config/borgmatic/config.yaml.j2
 
diff --git a/molecule/tests/test_role.py b/molecule/tests/test_role.py
index a16f0f5..df5c040 100644
--- a/molecule/tests/test_role.py
+++ b/molecule/tests/test_role.py
@@ -27,7 +27,7 @@ def test_borgmatic_config(host):
     assert f.is_file
     assert f.user == 'root'
     assert f.group == 'root'
-    assert f.mode == 0o644
+    assert f.mode == 0o640
     del f