Fix the permissions on the DOMAIN/provider.json file for static sites.

1 files changed, 18 insertions, 4 deletions

diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp
index 4a722d62..8063d432 100644
--- a/puppet/modules/site_static/manifests/init.pp
+++ b/puppet/modules/site_static/manifests/init.pp
@@ -13,20 +13,34 @@ class site_static {
   $bootstrap     = $static['bootstrap_files']
   $tor           = hiera('tor', false)
 
+  file {
+    '/srv/static/':
+      ensure => 'directory',
+      owner => 'root',
+      group => 'root',
+      mode  => '0744';
+    '/srv/static/public':
+      ensure => 'directory',
+      owner => 'root',
+      group => 'root',
+      mode  => '0744';
+  }
+
   if $bootstrap['enabled'] {
     $bootstrap_domain  = $bootstrap['domain']
     $bootstrap_client  = $bootstrap['client_version']
-    file { '/srv/leap/provider.json':
+    file { '/srv/static/public/provider.json':
       content => $bootstrap['provider_json'],
       owner   => 'www-data',
       group   => 'www-data',
-      mode    => '0444';
+      mode    => '0444',
+      notify  => Service[apache];
     }
     # It is important to always touch provider.json: the client needs to check x-min-client-version header,
     # but this is only sent when the file has been modified (otherwise 304 is sent by apache). The problem
     # is that changing min client version won't alter the content of provider.json, so we must touch it.
-    exec { '/bin/touch /srv/leap/provider.json':
-      require => File['/srv/leap/provider.json'];
+    exec { '/bin/touch /srv/static/public/provider.json':
+      require => File['/srv/static/public/provider.json'];
     }
   }