]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - nixops/modules/websites/default.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix secret permissions
[perso/Immae/Config/Nix.git] / nixops / modules / websites / default.nix
diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix
index f820c83ceb04c5a301ae7fd0522d6a13d998309e..cd2b38aefecc95a4a7160bc329e8b45e08c179fe 100644 (file)
--- a/nixops/modules/websites/default.nix
+++ b/nixops/modules/websites/default.nix
@@ -8,7 +8,7 @@ let
       enableSSL = true;
       sslServerCert = "/var/lib/acme/${vhostConf.certName}/cert.pem";
       sslServerKey = "/var/lib/acme/${vhostConf.certName}/key.pem";
-      sslServerChain = "/var/lib/acme/${vhostConf.certName}/fullchain.pem";
+      sslServerChain = "/var/lib/acme/${vhostConf.certName}/chain.pem";
       logFormat = "combinedVhost";
       listen = map (ip: { inherit ip; port = 443; }) cfg.ips;
       hostName = builtins.head vhostConf.hosts;
@@ -232,7 +232,7 @@ in
     deployment.keys.apache-ldap = {
       user = "wwwrun";
       group = "wwwrun";
-      permissions = "0700";
+      permissions = "0400";
       text = ''
         <Macro LDAPConnect>
           <IfModule authnz_ldap_module>
My infrastructure configuration