From 4e0108d96b3053b6345797d091da77beb222efdf Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Tue, 25 Sep 2018 22:25:58 +0200
Subject: [PATCH] Forget the git group, use setfacl

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
---
 roles/pagure/frontend/tasks/main.yml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/roles/pagure/frontend/tasks/main.yml b/roles/pagure/frontend/tasks/main.yml
index bef5b69183..5b57310cf6 100644
--- a/roles/pagure/frontend/tasks/main.yml
+++ b/roles/pagure/frontend/tasks/main.yml
@@ -159,8 +159,6 @@
       group: paguremirroring
       shell: /bin/nologin
       home: /srv/mirror
-      groups: git
-      append: yes
   when: env == 'pagure-staging'
   tags:
   - pagure
@@ -321,6 +319,13 @@
   notify:
   - restart apache
 
+- name: let paguremirroring read the pagure config
+  command: /usr/bin/setfacl -dm user:paguremirroring:rx /etc/pagure/pagure.cfg
+  when: env == 'pagure-staging'
+  tags:
+  - pagure
+  - mirror
+
 - name: Add default facl so apache can read git repos
   acl: default=yes etype=user entity=apache permissions="rx" name=/srv/git state=present
   register: acl_updates