From 578919a2c431e28e406907f2314555fded5d5686 Mon Sep 17 00:00:00 2001
From: Lennart Betz <lennart.betz@netways.de>
Date: Mon, 24 Jun 2024 07:44:33 +0200
Subject: [PATCH] Fix private key permissions

bla
---
 README.md                 | 29 +++++++++++++++++++++++++++--
 manifests/cert.pp         |  2 +-
 metadata.json             |  3 ++-
 spec/defines/cert_spec.rb |  2 +-
 4 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index e86a4c6..3a25e47 100644
--- a/README.md
+++ b/README.md
@@ -30,9 +30,34 @@ This module provides several non private helper classes for the other official I
 * [icingadb](https://github.com/voxpupuli/puppet-icingadb)
 * [icingaweb2](https://github.com/voxpupuli/puppet-icingaweb2)
 
-### How to use the classes for Icinga Web an databases with MariaDB on Debian bookwork
+### How to use the classes for Icinga Web or any database use on Ubuntu Noble
 
-To get Icinga Web 2 running on Debian bookworm use puppet-php >=8.1.0 (no longer necessary if puppet-php >= 10.2.0 is used) and set:
+To get Icinga Web 2 running on Ubutunt Noble use puppet-php >=8.3.0 and set:
+
+```yaml
+php::globals::php_version: '8.3'
+```
+
+The current MariaDB logs to syslog by default so set:
+
+```yaml
+mysql::server::override_options:
+  mysqld:
+    log-error: ~
+```
+
+This disables the logging to file and the requirement and management of an existing directory /var/log/mysql.
+
+If using PostgreSQL you have to set the version to '16':
+
+```yaml
+---
+postgresql::globals::version: '16'
+```
+
+### How to use the classes for Icinga Web or databases with MariaDB on Debian Bookwork
+
+To get Icinga Web 2 running on Debian Bookworm use puppet-php >=8.2.0 (no longer necessary if puppet-php >= 10.2.0 is used) and set:
 
 ```yaml
 php::globals::php_version: '8.2'
diff --git a/manifests/cert.pp b/manifests/cert.pp
index cce2f95..01e7cec 100644
--- a/manifests/cert.pp
+++ b/manifests/cert.pp
@@ -24,7 +24,7 @@
       group => $group,
       mode  => '0640',
     }
-    $key_mode = '0400'
+    $key_mode = '0440'
   }
 
   if $args[key] {
diff --git a/metadata.json b/metadata.json
index 3466c42..be85837 100644
--- a/metadata.json
+++ b/metadata.json
@@ -69,7 +69,8 @@
       "operatingsystem": "Ubuntu",
       "operatingsystemrelease": [
         "20.04",
-        "22.04"
+        "22.04",
+        "24.04"
       ]
     },
     {
diff --git a/spec/defines/cert_spec.rb b/spec/defines/cert_spec.rb
index 4bfa031..7b26eda 100644
--- a/spec/defines/cert_spec.rb
+++ b/spec/defines/cert_spec.rb
@@ -43,7 +43,7 @@
             {
               'owner' => 'foo',
               'group' => 'bar',
-              'mode'  => '0400',
+              'mode'  => '0440',
             }
           ).with_content('key')
         }