From f8d19ffd5cc588a4caf8fa49665dd06db35df131 Mon Sep 17 00:00:00 2001
From: Tobias Werth <git@never-mind.eu>
Date: Mon, 6 May 2024 21:58:55 +0200
Subject: [PATCH] Run keepalived notification scripts as domjudge user (#140)

This both prevents/fixes some security alerts and also makes
sure that the files that the alerting script copies are the
right ones.

Co-authored-by: DOMjudge team <team@domjudge.org>
---
 .../ansible/roles/keepalived/templates/keepalived.conf.j2        | 1 +
 1 file changed, 1 insertion(+)

diff --git a/provision-contest/ansible/roles/keepalived/templates/keepalived.conf.j2 b/provision-contest/ansible/roles/keepalived/templates/keepalived.conf.j2
index 9d3a77d5..18d87b04 100644
--- a/provision-contest/ansible/roles/keepalived/templates/keepalived.conf.j2
+++ b/provision-contest/ansible/roles/keepalived/templates/keepalived.conf.j2
@@ -11,6 +11,7 @@ vrrp_instance lb_ipv4 {
 		auth_type PASS
 		auth_pass {{REPLICATION_PASSWORD}}
 	}
+	script_user domjudge domjudge
 	notify_backup /home/domjudge/bin/trigger_alert.sh
 	notify_master /home/domjudge/bin/trigger_alert.sh
 	notify_fault /home/domjudge/bin/trigger_alert.sh