From 4aa133ebdaf972b0a7cdb617798d39ab4d5cdb85 Mon Sep 17 00:00:00 2001
From: Mathieu Gauthier-Pilote <mgauthier+git@evolix.ca>
Date: Fri, 13 Jan 2023 10:26:48 -0500
Subject: [PATCH] Allow nginx to read public assets

---
 webapps/mastodon/tasks/main.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/webapps/mastodon/tasks/main.yml b/webapps/mastodon/tasks/main.yml
index bcd8f887..cecbc9ba 100644
--- a/webapps/mastodon/tasks/main.yml
+++ b/webapps/mastodon/tasks/main.yml
@@ -32,6 +32,7 @@
     version: "{{ git_version | default(omit) }}"
     #force: yes
     update: yes
+    umask: '0022'
   become_user: "{{ service }}"
 
 - block:
@@ -133,6 +134,14 @@
     executable: /bin/bash # fails with /bin/sh
   become_user: "{{ service }}"
 
+- name: Adjust permissions of files in public folder
+  file:
+    path: "~/mastodon/public"
+    state: directory
+    mode: 'o=rX'
+    recurse: true
+  become_user: "{{ service }}"
+
 - name: Add systemd target
   template:
     src: "mastodon.target.j2"