Fix secret permissions

[perso/Immae/Config/Nix.git] / nixops / modules / websites / tellesflorian / tellesflorian.nix

diff --git a/nixops/modules/websites/tellesflorian/tellesflorian.nix b/nixops/modules/websites/tellesflorian/tellesflorian.nix
index 4c76a76b6af245cfa8057d6f72a6c6831194d4aa..a8e741e85dcd3e88755218867be5e31f3ffb6f3d 100644 (file)
--- a/nixops/modules/websites/tellesflorian/tellesflorian.nix
+++ b/nixops/modules/websites/tellesflorian/tellesflorian.nix
@@ -7,7 +7,7 @@ let
       destDir = "/run/keys/webapps";
       user = apache.user;
       group = apache.group;
-      permissions = "0700";
+      permissions = "0400";
       text = ''
         # This file is auto-generated during the composer install
         parameters:
@@ -24,6 +24,11 @@ let
       '';
     };
     phpFpm = rec {
+      serviceDeps = [
+        "mysql.service"
+        "${environment}-tellesflorian-passwords-key.service"
+        "${environment}-tellesflorian-key.service"
+      ];
       socket = "/var/run/phpfpm/floriantelles-${environment}.sock";
       pool = ''
         listen = ${socket}
@@ -53,7 +58,7 @@ let
       destDir = "/run/keys/webapps";
       user = apache.user;
       group = apache.group;
-      permissions = "0700";
+      permissions = "0400";
       text = ''
         invite:${config.invite_passwords}
       '';