better file permissions

README.md

@@ -1,5 +1,4 @@
 # OpenPunk's Ansible playbook
-
 This is my failsafe (and also my helpful migration tool) for restoring the OpenPunk server. This handles setting everything back up, including:
 
 - gitea
@@ -12,18 +11,15 @@ This is my failsafe (and also my helpful migration tool) for restoring the OpenP
 This playbook assumes the target VPS is running the latest debian stable release.
 
 ## Notes to my future self
-
 The deadswitch has the deadtrigger setup every run, so you have a 14-day timer to add a one-liner to your crontab to keep that deadtrigger set.
 
 ## Usage
-
 ```sh
 ansible-playbook -i hosts --ask-vault-pass run.yml
 ```
 > NOTE: The 'secrets' directory has been omitted from this repo (so it's not going to run without the provided files)
 
 ## Example hosts file
-
 ```
 [hosts]
 openpunk-vps ansible_host=104.238.138.76 ansible_user=root ansible_connection=ssh

tasks/blog.yml

@@ -13,7 +13,7 @@
   template:
     src: templates/blog/updateBlog
     dest: /usr/local/bin/updateBlog
-    mode: u+rwx
+    mode: u+rx
 
 # Rebuild blog every hour
 - name: Setup blog cron job

tasks/deadswitch.yml

@@ -8,19 +8,19 @@
   copy:
     src: static/blog/deadswitch
     dest: /usr/local/bin/deadswitch
-    mode: u+rwx
+    mode: u+rx
 
 - name: Install imdead.sh
   copy:
     src: static/blog/imdead.sh
     dest: /root/deadman/imdead.sh
-    mode: u+rwx
+    mode: u+rx
 
 - name: Copy dead patch
   copy:
     src: secrets/dead.patch
     dest: /root/deadman/dead.patch
-    mode: u+rwx
+    mode: u+rw
 
 - name: Install deadtrigger
   file: