Add restic_mode variable

README.md

@@ -27,6 +27,7 @@ All variables which can be overridden are stored in [defaults/main.yml](defaults
 | `restic_group` | "root" | system group to run restic |
 | `restic_shell` | "/bin/false" | the shell for the restic user, change this if you want to be able to su to it |
 | `restic_install_path` | "/usr/local/bin" | directory where restic binary will be installed |
+| `restic_mode` | 0750 | permissions of the restic binary, change to 0755 if you want to allow all users to run restic |
 | `restic_cron_mailto` | restic_user | who to mail results of the restic crons to, set to "" to not mail |
 | `restic_cron_stdout_file` | null | what file to log restic output to, null means include in mailto, use /dev/null to discard |
 | `restic_cron_stderr_file` | null | what file to log restic errors to, null means include in mailto, use /dev/null to discard |

defaults/main.yml

@@ -5,6 +5,7 @@ restic_user: root
 restic_group: "{{ restic_user }}"
 restic_shell: "/bin/false"
 restic_home: "/var/lib/restic"
+restic_mode: 0750
 
 restic_install_path: '/usr/local/bin'
 

tasks/install.yml

@@ -68,10 +68,15 @@
   copy:
     src: "/tmp/restic_{{ restic_version }}_{{ go_arch }}"
     dest: '{{ restic_install_path }}/restic'
-    mode: '0750'
+    mode: '{{ restic_mode }}'
     owner: 'root'
     group: '{{ restic_group }}'
 
+- name: Read status of restic binary
+  stat:
+    path: '{{ restic_install_path }}/restic'
+  register: restic_binary
+
 - name: Install libcap on Debian systems
   apt:
     name: "libcap2-bin"
@@ -80,6 +85,7 @@
   when:
     - ansible_os_family | lower == "debian"
     - restic_user != 'root'
+    - restic_group != 'root'
 
 - name: Set proper capabilities for restic binary
   capabilities:
@@ -88,4 +94,6 @@
     state: present
   when:
     - restic_user != 'root'
+    - restic_group != 'root'
     - not ansible_check_mode
+    - not restic_binary.stat.xoth