From 06b69bd8def0aae07d3fb565d19193be1a8dfe20 Mon Sep 17 00:00:00 2001 From: Luke Hoersten Date: Sun, 5 Apr 2026 21:19:55 -0500 Subject: Harden role security: file permissions, service binding, no_log, strict defaults - Add no_log: true to tasks that handle passwords/secrets - Tighten config file permissions (0644 -> 0600/0640 where appropriate) - Bind pleroma to 127.0.0.1 instead of 0.0.0.0 - Tighten ergo unix socket mode 0777 -> 0770 - Remove weak defaults; roles now fail explicitly if required vars not set --- nostr/relayer/defaults/main.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nostr/relayer') diff --git a/nostr/relayer/defaults/main.yaml b/nostr/relayer/defaults/main.yaml index 7d30aa6..c89e0e2 100644 --- a/nostr/relayer/defaults/main.yaml +++ b/nostr/relayer/defaults/main.yaml @@ -6,4 +6,4 @@ relayer_pubkey: "" relayer_port: "7447" relayer_db: "relayer" relayer_db_user: "relayer" -relayer_db_pass: "relayer" +# relayer_db_pass: — required, set in host_vars -- cgit v1.2.3