From f8c01d46f634b58ce53f7f5b477854e042d51666 Mon Sep 17 00:00:00 2001
From: Felix Stupp <felix.stupp@outlook.com>
Date: Mon, 18 May 2020 15:09:57 +0200
Subject: [PATCH] dns/master: Fix permissions for dns env dir

---
 roles/dns/master/tasks/main.yml | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/roles/dns/master/tasks/main.yml b/roles/dns/master/tasks/main.yml
index 8038b26..d315e13 100644
--- a/roles/dns/master/tasks/main.yml
+++ b/roles/dns/master/tasks/main.yml
@@ -9,7 +9,7 @@
     mode: "u=rw,g=r,o="
   delegate_to: localhost
 
-- name: Create zone directory writeable
+- name: Create zone directory writeable for bind
   file:
     path: "{{ domain_directory }}"
     state: directory
@@ -17,16 +17,21 @@
     group: "{{ dns_user }}"
     mode: u=rwx,g=rwx,o=
 
-- name: Create other zone directories readable
+- name: Create key directory readable for bind
   file:
-    path: "{{ item }}"
+    path: "{{ keys_directory }}"
     state: directory
     owner: root
     group: "{{ dns_user }}"
     mode: u=rwx,g=rx,o=
-  loop:
-    - "{{ keys_directory }}"
-    - "{{ domain_environment_directory }}"
+
+- name: Create domain environment directory
+  file:
+    path: "{{ domain_environment_directory }}"
+    state: directory
+    owner: root
+    group: root
+    mode: u=rwx,g=rx,o=
 
 - name: Determine if keys are generated already
   find:
@@ -43,8 +48,8 @@
     src: zone.db
     dest: "{{ domain_environment_directory }}/0_main.db"
     owner: root
-    group: "{{ dns_user }}"
-    mode: "u=rw,g=r,o=r"
+    group: root
+    mode: u=rw,g=r,o=
     validate: "named-checkzone {{ domain }} %s"
   notify: rebuild dns zones