From 18c629d8ffda4d3fd7c1046c82ad51aa85d21fa5 Mon Sep 17 00:00:00 2001
From: Andrejus <hi@andrejus.uk>
Date: Mon, 3 May 2021 00:52:39 +0100
Subject: [PATCH] fix: bucket acls, readme

---
 README.md                     |  6 +++---
 terraform/module/main.tf      | 15 ++++++++++++++-
 terraform/module/variables.tf |  5 +++++
 3 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index b34c462..e57697d 100644
--- a/README.md
+++ b/README.md
@@ -2,13 +2,13 @@
 
 Collection of my dotfiles and supporting install scripts
 
-## Install
+## Installer
 
 [![Dotfiles publisher](https://github.com/andrejusk/dotfiles/actions/workflows/publish.yml/badge.svg?branch=master)](https://github.com/andrejusk/dotfiles/actions/workflows/publish.yml)
 
     wget https://dots.andrejus.dev/setup.sh -qO - | bash
 
-## Stack
+## The Stack
 
 [![Dotfiles CI](https://github.com/andrejusk/dotfiles/actions/workflows/ci.yml/badge.svg)](https://github.com/andrejusk/dotfiles/actions/workflows/ci.yml)
 
@@ -21,7 +21,7 @@ Tested and maintained against Debian buster
 ### Editors
 
 - neovim (+ vim-plug)
-- emacs
+- spacemacs
 
 ### Languages
 
diff --git a/terraform/module/main.tf b/terraform/module/main.tf
index 4c81429..b2cf845 100644
--- a/terraform/module/main.tf
+++ b/terraform/module/main.tf
@@ -29,11 +29,24 @@ resource "google_storage_bucket_acl" "bucket_acl" {
   bucket = google_storage_bucket.bucket.name
 
   role_entity = [
-    "READER:allUsers",
+    "OWNER:project-owners-${var.project_number}",
+    "OWNER:project-editors-${var.project_number}",
+    "READER:project-viewers-${var.project_number}",
     "OWNER:user-${google_service_account.uploader_sa.email}",
   ]
 }
 
+resource "google_storage_default_object_acl" "default_acl" {
+  bucket = google_storage_bucket.bucket.name
+
+  role_entity = [
+    "READER:allUsers",
+    "OWNER:project-owners-${var.project_number}",
+    "OWNER:project-editors-${var.project_number}",
+    "READER:project-viewers-${var.project_number}",
+  ]
+}
+
 resource "google_storage_bucket_object" "index" {
   name   = "index.html"
   source = "${path.module}/public/index.html"
diff --git a/terraform/module/variables.tf b/terraform/module/variables.tf
index e37ac54..15fffd0 100644
--- a/terraform/module/variables.tf
+++ b/terraform/module/variables.tf
@@ -8,6 +8,11 @@ variable "project" {
   type        = string
 }
 
+variable "project_number" {
+  type        = string
+  description = "The numeric project ID"
+}
+
 variable "domain" {
   description = "DNS name to serve static content"
   type        = string