Cleanup php session directories

[perso/Immae/Config/Nix.git] / nixops / modules / websites / default.nix

diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix
index f820c83ceb04c5a301ae7fd0522d6a13d998309e..927243b2e31cb31da62d594528db42690ff3db67 100644 (file)
--- a/nixops/modules/websites/default.nix
+++ b/nixops/modules/websites/default.nix
@@ -8,7 +8,7 @@ let
       enableSSL = true;
       sslServerCert = "/var/lib/acme/${vhostConf.certName}/cert.pem";
       sslServerKey = "/var/lib/acme/${vhostConf.certName}/key.pem";
-      sslServerChain = "/var/lib/acme/${vhostConf.certName}/fullchain.pem";
+      sslServerChain = "/var/lib/acme/${vhostConf.certName}/chain.pem";
       logFormat = "combinedVhost";
       listen = map (ip: { inherit ip; port = 443; }) cfg.ips;
       hostName = builtins.head vhostConf.hosts;
@@ -232,7 +232,7 @@ in
     deployment.keys.apache-ldap = {
       user = "wwwrun";
       group = "wwwrun";
-      permissions = "0700";
+      permissions = "0400";
       text = ''
         <Macro LDAPConnect>
           <IfModule authnz_ldap_module>
@@ -406,8 +406,10 @@ in
         install -d -m 0755 /var/lib/acme/acme-challenge
         install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions
         install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/adminer
+        install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/tmp/adminer
         install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/mantisbt
         install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/davical
+        install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/phpldapadmin
         '';
     };