From de785d4ad91eaef6485a56ce52a9f2e61f6c5f19 Mon Sep 17 00:00:00 2001
From: DOMjudge team <team@domjudge.org>
Date: Sat, 13 Apr 2024 15:53:30 +0200
Subject: [PATCH] Run keepalived notification scripts as domjudge user

This both prevents/fixes some security alerts and also makes
sure that the files that the alerting script copies are the
right ones.
---
 .../ansible/roles/keepalived/templates/keepalived.conf.j2        | 1 +
 1 file changed, 1 insertion(+)

diff --git a/provision-contest/ansible/roles/keepalived/templates/keepalived.conf.j2 b/provision-contest/ansible/roles/keepalived/templates/keepalived.conf.j2
index 9d3a77d5..18d87b04 100644
--- a/provision-contest/ansible/roles/keepalived/templates/keepalived.conf.j2
+++ b/provision-contest/ansible/roles/keepalived/templates/keepalived.conf.j2
@@ -11,6 +11,7 @@ vrrp_instance lb_ipv4 {
 		auth_type PASS
 		auth_pass {{REPLICATION_PASSWORD}}
 	}
+	script_user domjudge domjudge
 	notify_backup /home/domjudge/bin/trigger_alert.sh
 	notify_master /home/domjudge/bin/trigger_alert.sh
 	notify_fault /home/domjudge/bin/trigger_alert.sh