X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Faten%2Faten.nix;h=6059eb6b85fd64eb07ae1d59c0054b1be88c9d83;hb=85f5ed68104de9edd8f8e532dc0c2de931e3ca1b;hp=897b3ba4146d385b3d4de4987f0a1cb483c937af;hpb=a754e9dbf5d6c35398f3c4ec52c3daf5f8ed2dd3;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/nixops/modules/websites/aten/aten.nix b/nixops/modules/websites/aten/aten.nix
index 897b3ba..6059eb6 100644
--- a/nixops/modules/websites/aten/aten.nix
+++ b/nixops/modules/websites/aten/aten.nix
@@ -4,6 +4,7 @@ let
     environment = config.environment;
     varDir = "/var/lib/aten_${environment}";
     phpFpm = rec {
+      serviceDeps = [ "postgresql.service" "${environment}-aten-key.service" ];
       socket = "/var/run/phpfpm/aten-${environment}.sock";
       pool = ''
         listen = ${socket}
@@ -33,7 +34,7 @@ let
       destDir = "/run/keys/webapps";
       user = apache.user;
       group = apache.group;
-      permissions = "0700";
+      permissions = "0400";
       text = ''
         SetEnv APP_ENV      "${environment}"
         SetEnv APP_SECRET   "${config.secret}"