Harden role security: file permissions, service binding, no_log, strict defaults

- Add no_log: true to tasks that handle passwords/secrets - Tighten config file permissions (0644 -> 0600/0640 where appropriate) - Bind pleroma to 127.0.0.1 instead of 0.0.0.0 - Tighten ergo unix socket mode 0777 -> 0770 - Remove weak defaults; roles now fail explicitly if required vars not set
author: Luke Hoersten <[email protected]> 2026-04-05 21:19:55 -0500
committer: Luke Hoersten <[email protected]> 2026-04-05 21:19:55 -0500
commit: 06b69bd8def0aae07d3fb565d19193be1a8dfe20 (patch)
tree: 1bf679924a56775f356bc1c378f629264edd1ca8 /transmission/defaults/main.yaml
parent: 0b402a7a0a773dfa40e5549235941cd1217617d3 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/transmission/defaults/main.yaml b/transmission/defaults/main.yaml
index 5ffae18..b616a3c 100644
--- a/transmission/defaults/main.yaml
+++ b/transmission/defaults/main.yaml
@@ -2,6 +2,6 @@
 
 transmission_config: "/etc/transmission-daemon/settings.json"
 transmission_port: "9091"
-transmission_passwd: "transmission"
+# transmission_passwd: — required, set in host_vars
 transmission_download_dir: "/var/lib/transmission-daemon/downloads"
 transmission_user: "debian-transmission"
author	Luke Hoersten <[email protected]>	2026-04-05 21:19:55 -0500
committer	Luke Hoersten <[email protected]>	2026-04-05 21:19:55 -0500
commit	06b69bd8def0aae07d3fb565d19193be1a8dfe20 (patch)
tree	1bf679924a56775f356bc1c378f629264edd1ca8 /transmission/defaults/main.yaml
parent	0b402a7a0a773dfa40e5549235941cd1217617d3 (diff)