]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - nixops/modules/websites/aten/aten.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix secret permissions
[perso/Immae/Config/Nix.git] / nixops / modules / websites / aten / aten.nix
diff --git a/nixops/modules/websites/aten/aten.nix b/nixops/modules/websites/aten/aten.nix
index 897b3ba4146d385b3d4de4987f0a1cb483c937af..6059eb6b85fd64eb07ae1d59c0054b1be88c9d83 100644 (file)
--- a/nixops/modules/websites/aten/aten.nix
+++ b/nixops/modules/websites/aten/aten.nix
@@ -4,6 +4,7 @@ let
     environment = config.environment;
     varDir = "/var/lib/aten_${environment}";
     phpFpm = rec {
+      serviceDeps = [ "postgresql.service" "${environment}-aten-key.service" ];
       socket = "/var/run/phpfpm/aten-${environment}.sock";
       pool = ''
         listen = ${socket}
@@ -33,7 +34,7 @@ let
       destDir = "/run/keys/webapps";
       user = apache.user;
       group = apache.group;
-      permissions = "0700";
+      permissions = "0400";
       text = ''
         SetEnv APP_ENV      "${environment}"
         SetEnv APP_SECRET   "${config.secret}"
My infrastructure configuration