environment = config.environment;
varDir = "/var/lib/aten_${environment}";
phpFpm = rec {
+ serviceDeps = [ "postgresql.service" "${environment}-aten-key.service" ];
socket = "/var/run/phpfpm/aten-${environment}.sock";
pool = ''
listen = ${socket}
destDir = "/run/keys/webapps";
user = apache.user;
group = apache.group;
- permissions = "0700";
+ permissions = "0400";
text = ''
SetEnv APP_ENV "${environment}"
SetEnv APP_SECRET "${config.secret}"