Fix secret permissions

author Ismaël Bouya <ismael.bouya@normalesup.org>

Mon, 15 Apr 2019 23:48:11 +0000 (01:48 +0200)

committer Ismaël Bouya <ismael.bouya@normalesup.org>

Mon, 15 Apr 2019 23:48:11 +0000 (01:48 +0200)
author Ismaël Bouya <ismael.bouya@normalesup.org>
Mon, 15 Apr 2019 23:48:11 +0000 (01:48 +0200)
committer Ismaël Bouya <ismael.bouya@normalesup.org>
Mon, 15 Apr 2019 23:48:11 +0000 (01:48 +0200)
diff --git a/nixops/modules/websites/aten/aten.nix b/nixops/modules/websites/aten/aten.nix

index ac102c9d5d26e59b7bf7f7c6f7628d8a88319d04..6059eb6b85fd64eb07ae1d59c0054b1be88c9d83 100644 (file)
--- a/nixops/modules/websites/aten/aten.nix
+++ b/nixops/modules/websites/aten/aten.nix
@@ -34,7 +34,7 @@ let
        destDir = "/run/keys/webapps";
        user = apache.user;
        group = apache.group;
        destDir = "/run/keys/webapps";
        user = apache.user;
        group = apache.group;
-      permissions = "0700";
+      permissions = "0400";
        text = ''
          SetEnv APP_ENV      "${environment}"
          SetEnv APP_SECRET   "${config.secret}"
        text = ''
          SetEnv APP_ENV      "${environment}"
          SetEnv APP_SECRET   "${config.secret}"
diff --git a/nixops/modules/websites/connexionswing/connexionswing.nix b/nixops/modules/websites/connexionswing/connexionswing.nix

index 7bc1d514e8eb91348cc6ad38bce5bd4a0794c2df..2960c6a84e282d87ad8a3537d3c1cf7f76644d54 100644 (file)
--- a/nixops/modules/websites/connexionswing/connexionswing.nix
+++ b/nixops/modules/websites/connexionswing/connexionswing.nix
@@ -7,7 +7,7 @@ let
        destDir = "/run/keys/webapps";
        user = apache.user;
        group = apache.group;
        destDir = "/run/keys/webapps";
        user = apache.user;
        group = apache.group;
-      permissions = "0700";
+      permissions = "0400";
        text = ''
          # This file is auto-generated during the composer install
          parameters:
        text = ''
          # This file is auto-generated during the composer install
          parameters:
diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix

index 9782e683dfd37f26cdcf7a8c68e7113ba2ded979..cd2b38aefecc95a4a7160bc329e8b45e08c179fe 100644 (file)
--- a/nixops/modules/websites/default.nix
+++ b/nixops/modules/websites/default.nix
@@ -232,7 +232,7 @@ in
      deployment.keys.apache-ldap = {
        user = "wwwrun";
        group = "wwwrun";
      deployment.keys.apache-ldap = {
        user = "wwwrun";
        group = "wwwrun";
-      permissions = "0700";
+      permissions = "0400";
        text = ''
          <Macro LDAPConnect>
            <IfModule authnz_ldap_module>
        text = ''
          <Macro LDAPConnect>
            <IfModule authnz_ldap_module>
diff --git a/nixops/modules/websites/ftp/jerome.nix b/nixops/modules/websites/ftp/jerome.nix

index 218060f3f58fc30e35b4800948da17d0586b6df8..6c0decd188497594a2b130f9f8c2c84bb7bc73c8 100644 (file)
--- a/nixops/modules/websites/ftp/jerome.nix
+++ b/nixops/modules/websites/ftp/jerome.nix
@@ -33,6 +33,7 @@ in {
        destDir = "/run/keys/webapps";
        user = "wwwrun";
        group = "wwwrun";
        destDir = "/run/keys/webapps";
        user = "wwwrun";
        group = "wwwrun";
+      permissions = "0400";
        text = ''
          <?php
          $mysql_user = '${env.mysql.user}' ;
        text = ''
          <?php
          $mysql_user = '${env.mysql.user}' ;
diff --git a/nixops/modules/websites/ludivine/ludivinecassal.nix b/nixops/modules/websites/ludivine/ludivinecassal.nix

index b5450e61ea6526fdcb2cd07b08511f1c3f87b134..423bbda4fa6aa5d69f9950c667ffed42a90933ed 100644 (file)
--- a/nixops/modules/websites/ludivine/ludivinecassal.nix
+++ b/nixops/modules/websites/ludivine/ludivinecassal.nix
@@ -7,7 +7,7 @@ let
        destDir = "/run/keys/webapps";
        user = apache.user;
        group = apache.group;
        destDir = "/run/keys/webapps";
        user = apache.user;
        group = apache.group;
-      permissions = "0700";
+      permissions = "0400";
        text = ''
          # This file is auto-generated during the composer install
          parameters:
        text = ''
          # This file is auto-generated during the composer install
          parameters:
diff --git a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix

index 8dab8ddfa47725e2e921f22a312470854f4ebb2b..1c7e983f72eaa6679d4e10c4d1bd91dd7cb8189d 100644 (file)
--- a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix
+++ b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix
@@ -7,7 +7,7 @@ let
        destDir = "/run/keys/webapps";
        user = apache.user;
        group = apache.group;
        destDir = "/run/keys/webapps";
        user = apache.user;
        group = apache.group;
-      permissions = "0700";
+      permissions = "0400";
        text = ''
          # This file is auto-generated during the composer install
          parameters:
        text = ''
          # This file is auto-generated during the composer install
          parameters:
diff --git a/nixops/modules/websites/tellesflorian/tellesflorian.nix b/nixops/modules/websites/tellesflorian/tellesflorian.nix

index 142ba9833d440216d58046cfceaf1e21e7e6c872..a8e741e85dcd3e88755218867be5e31f3ffb6f3d 100644 (file)
--- a/nixops/modules/websites/tellesflorian/tellesflorian.nix
+++ b/nixops/modules/websites/tellesflorian/tellesflorian.nix
@@ -7,7 +7,7 @@ let
        destDir = "/run/keys/webapps";
        user = apache.user;
        group = apache.group;
        destDir = "/run/keys/webapps";
        user = apache.user;
        group = apache.group;
-      permissions = "0700";
+      permissions = "0400";
        text = ''
          # This file is auto-generated during the composer install
          parameters:
        text = ''
          # This file is auto-generated during the composer install
          parameters:
@@ -58,7 +58,7 @@ let
        destDir = "/run/keys/webapps";
        user = apache.user;
        group = apache.group;
        destDir = "/run/keys/webapps";
        user = apache.user;
        group = apache.group;
-      permissions = "0700";
+      permissions = "0400";
        text = ''
          invite:${config.invite_passwords}
        '';
        text = ''
          invite:${config.invite_passwords}
        '';
diff --git a/nixops/modules/websites/tools/dav/davical.nix b/nixops/modules/websites/tools/dav/davical.nix

index 4e464ebfda106da940bfeaf1749795a8604728d5..32f548398b3d24fbf51869f371945ebe78490a82 100644 (file)
--- a/nixops/modules/websites/tools/dav/davical.nix
+++ b/nixops/modules/websites/tools/dav/davical.nix
@@ -20,7 +20,7 @@ let
        destDir = "/run/keys/webapps";
        user = apache.user;
        group = apache.group;
        destDir = "/run/keys/webapps";
        user = apache.user;
        group = apache.group;
-      permissions = "0700";
+      permissions = "0400";
        text = ''
          <?php
          $c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}";
        text = ''
          <?php
          $c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}";
diff --git a/nixops/modules/websites/tools/diaspora/diaspora.nix b/nixops/modules/websites/tools/diaspora/diaspora.nix

index 074dfb2e4372d5f0d72a065d4cae35abf8c37b4e..c7af9dab808f9107737316a369c83dfe16e1e764 100644 (file)
--- a/nixops/modules/websites/tools/diaspora/diaspora.nix
+++ b/nixops/modules/websites/tools/diaspora/diaspora.nix
@@ -33,7 +33,7 @@ let
      destDir = "/run/keys/webapps";
      user = "diaspora";
      group = "diaspora";
      destDir = "/run/keys/webapps";
      user = "diaspora";
      group = "diaspora";
-    permissions = "0700";
+    permissions = "0400";
      text = ''
        Diaspora::Application.config.secret_key_base = '${env.secret_token}'
      '';
      text = ''
        Diaspora::Application.config.secret_key_base = '${env.secret_token}'
      '';
@@ -42,7 +42,7 @@ let
      destDir = "/run/keys/webapps";
      user = "diaspora";
      group = "diaspora";
      destDir = "/run/keys/webapps";
      user = "diaspora";
      group = "diaspora";
-    permissions = "0700";
+    permissions = "0400";
      text = ''
        configuration:
          environment:
      text = ''
        configuration:
          environment:
@@ -121,7 +121,7 @@ let
      destDir = "/run/keys/webapps";
      user = "diaspora";
      group = "diaspora";
      destDir = "/run/keys/webapps";
      user = "diaspora";
      group = "diaspora";
-    permissions = "0700";
+    permissions = "0400";
      text = ''
        postgresql: &postgresql
          adapter: postgresql
      text = ''
        postgresql: &postgresql
          adapter: postgresql
diff --git a/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix b/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix

index 00580b5a66a49945603ce7bf3f65921a945f3d4b..2c7422def9554f5bee308b785e58759a551637f0 100644 (file)
--- a/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix
+++ b/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix
@@ -21,7 +21,7 @@ let
        destDir = "/run/keys/webapps";
        user = apache.user;
        group = apache.group;
        destDir = "/run/keys/webapps";
        user = apache.user;
        group = apache.group;
-      permissions = "0700";
+      permissions = "0400";
        text = ''
          <?php
          $g_hostname              = '${env.postgresql.socket}';
        text = ''
          <?php
          $g_hostname              = '${env.postgresql.socket}';
diff --git a/nixops/modules/websites/tools/peertube/default.nix b/nixops/modules/websites/tools/peertube/default.nix

index dbdeb76a7d31616b94f2c7660bfa1093fd332d9c..1f88a1563a40abceff8f942ced3ae3f48cd35577 100644 (file)
--- a/nixops/modules/websites/tools/peertube/default.nix
+++ b/nixops/modules/websites/tools/peertube/default.nix
@@ -61,7 +61,7 @@ in {
        destDir = "/run/keys/webapps";
        user = "peertube";
        group = "peertube";
        destDir = "/run/keys/webapps";
        user = "peertube";
        group = "peertube";
-      permissions = "0700";
+      permissions = "0400";
        text = peertube.config;
      };
  
        text = peertube.config;
      };
  
diff --git a/nixops/modules/websites/tools/tools/kanboard.nix b/nixops/modules/websites/tools/tools/kanboard.nix

index 35ed2aaace690e8f7db96f1bed37fd4631d028f5..dd5b18f7a0e4c49f276848a5736cf2445832b112 100644 (file)
--- a/nixops/modules/websites/tools/tools/kanboard.nix
+++ b/nixops/modules/websites/tools/tools/kanboard.nix
@@ -14,7 +14,7 @@ rec {
      destDir = "/run/keys/webapps";
      user = apache.user;
      group = apache.group;
      destDir = "/run/keys/webapps";
      user = apache.user;
      group = apache.group;
-    permissions = "0700";
+    permissions = "0400";
      text = ''
        <?php
        define('MAIL_FROM', 'kanboard@tools.immae.eu');
      text = ''
        <?php
        define('MAIL_FROM', 'kanboard@tools.immae.eu');
diff --git a/nixops/modules/websites/tools/tools/ldap.nix b/nixops/modules/websites/tools/tools/ldap.nix

index 9d988373ef7cbb20bd9a8aafca39c5b3015939ad..008dffe211b3a1aa591bb673902d2343dab86513 100644 (file)
--- a/nixops/modules/websites/tools/tools/ldap.nix
+++ b/nixops/modules/websites/tools/tools/ldap.nix
@@ -4,7 +4,7 @@ rec {
      destDir = "/run/keys/webapps";
      user = apache.user;
      group = apache.group;
      destDir = "/run/keys/webapps";
      user = apache.user;
      group = apache.group;
-    permissions = "0700";
+    permissions = "0400";
      text = ''
        <?php
        $config->custom->appearance['show_clear_password'] = true;
      text = ''
        <?php
        $config->custom->appearance['show_clear_password'] = true;
diff --git a/nixops/modules/websites/tools/tools/roundcubemail.nix b/nixops/modules/websites/tools/tools/roundcubemail.nix

index 38066794adc368c1d50a914a63d98860a94fb142..5fc34126e9fb4606aa19b6aa89e65d3ce6220f60 100644 (file)
--- a/nixops/modules/websites/tools/tools/roundcubemail.nix
+++ b/nixops/modules/websites/tools/tools/roundcubemail.nix
@@ -82,7 +82,7 @@ let
        destDir = "/run/keys/webapps";
        user = apache.user;
        group = apache.group;
        destDir = "/run/keys/webapps";
        user = apache.user;
        group = apache.group;
-      permissions = "0700";
+      permissions = "0400";
        text = ''
          <?php
            $config['db_dsnw'] = '${env.psql_url}';
        text = ''
          <?php
            $config['db_dsnw'] = '${env.psql_url}';
diff --git a/nixops/modules/websites/tools/tools/shaarli.nix b/nixops/modules/websites/tools/tools/shaarli.nix

index 543518152bd781096bd3d03ce2bde2af21c827eb..56658fd482dc5fe07837fcc8ede9b4849312de42 100644 (file)
--- a/nixops/modules/websites/tools/tools/shaarli.nix
+++ b/nixops/modules/websites/tools/tools/shaarli.nix
@@ -65,7 +65,7 @@ in rec {
      destDir = "/run/keys/webapps";
      user = apache.user;
      group = apache.group;
      destDir = "/run/keys/webapps";
      user = apache.user;
      group = apache.group;
-    permissions = "0700";
+    permissions = "0400";
      text = ''
        SetEnv SHAARLI_LDAP_PASSWORD "${env.ldap.password}"
        SetEnv SHAARLI_LDAP_DN       "${env.ldap.dn}"
      text = ''
        SetEnv SHAARLI_LDAP_PASSWORD "${env.ldap.password}"
        SetEnv SHAARLI_LDAP_DN       "${env.ldap.dn}"
diff --git a/nixops/modules/websites/tools/tools/ttrss.nix b/nixops/modules/websites/tools/tools/ttrss.nix

index 6a5efd995fd70e17e1bbc896f43457f7f37a8393..0fe94f9840cc7f71aeb1e12a2026a64313226814 100644 (file)
--- a/nixops/modules/websites/tools/tools/ttrss.nix
+++ b/nixops/modules/websites/tools/tools/ttrss.nix
@@ -56,7 +56,7 @@ let
        destDir = "/run/keys/webapps";
        user = apache.user;
        group = apache.group;
        destDir = "/run/keys/webapps";
        user = apache.user;
        group = apache.group;
-      permissions = "0700";
+      permissions = "0400";
        text = ''
          <?php
  
        text = ''
          <?php
  
diff --git a/nixops/modules/websites/tools/tools/wallabag.nix b/nixops/modules/websites/tools/tools/wallabag.nix

index c808eb14a62c6acbb3f211c3ea1c36ea05c65005..0cacad329762b0bbb9fdb9f2f2b878e033f3f5a0 100644 (file)
--- a/nixops/modules/websites/tools/tools/wallabag.nix
+++ b/nixops/modules/websites/tools/tools/wallabag.nix
@@ -6,7 +6,7 @@ let
        destDir = "/run/keys/webapps";
        user = apache.user;
        group = apache.group;
        destDir = "/run/keys/webapps";
        user = apache.user;
        group = apache.group;
-      permissions = "0700";
+      permissions = "0400";
        text = ''
          # This file is auto-generated during the composer install
          parameters:
        text = ''
          # This file is auto-generated during the composer install
          parameters:
diff --git a/nixops/modules/websites/tools/tools/yourls.nix b/nixops/modules/websites/tools/tools/yourls.nix

index 64ec48ad290e6512084b6aa53c3b36ede4f22822..e82856f2f3440ba84a63317346c48f7e1b611c0c 100644 (file)
--- a/nixops/modules/websites/tools/tools/yourls.nix
+++ b/nixops/modules/websites/tools/tools/yourls.nix
@@ -17,7 +17,7 @@ let
        destDir = "/run/keys/webapps";
        user = apache.user;
        group = apache.group;
        destDir = "/run/keys/webapps";
        user = apache.user;
        group = apache.group;
-      permissions = "0700";
+      permissions = "0400";
        text = ''
          <?php
          define( 'YOURLS_DB_USER', '${env.mysql.user}' );
        text = ''
          <?php
          define( 'YOURLS_DB_USER', '${env.mysql.user}' );
author	Ismaël Bouya <ismael.bouya@normalesup.org>
	Mon, 15 Apr 2019 23:48:11 +0000 (01:48 +0200)
committer	Ismaël Bouya <ismael.bouya@normalesup.org>
	Mon, 15 Apr 2019 23:48:11 +0000 (01:48 +0200)
nixops/modules/websites/aten/aten.nix		patch \| blob \| blame \| history
nixops/modules/websites/connexionswing/connexionswing.nix		patch \| blob \| blame \| history
nixops/modules/websites/default.nix		patch \| blob \| blame \| history
nixops/modules/websites/ftp/jerome.nix		patch \| blob \| blame \| history
nixops/modules/websites/ludivine/ludivinecassal.nix		patch \| blob \| blame \| history
nixops/modules/websites/piedsjaloux/piedsjaloux.nix		patch \| blob \| blame \| history
nixops/modules/websites/tellesflorian/tellesflorian.nix		patch \| blob \| blame \| history
nixops/modules/websites/tools/dav/davical.nix		patch \| blob \| blame \| history
nixops/modules/websites/tools/diaspora/diaspora.nix		patch \| blob \| blame \| history
nixops/modules/websites/tools/git/mantisbt/mantisbt.nix		patch \| blob \| blame \| history
nixops/modules/websites/tools/peertube/default.nix		patch \| blob \| blame \| history
nixops/modules/websites/tools/tools/kanboard.nix		patch \| blob \| blame \| history
nixops/modules/websites/tools/tools/ldap.nix		patch \| blob \| blame \| history
nixops/modules/websites/tools/tools/roundcubemail.nix		patch \| blob \| blame \| history
nixops/modules/websites/tools/tools/shaarli.nix		patch \| blob \| blame \| history
nixops/modules/websites/tools/tools/ttrss.nix		patch \| blob \| blame \| history
nixops/modules/websites/tools/tools/wallabag.nix		patch \| blob \| blame \| history
nixops/modules/websites/tools/tools/yourls.nix		patch \| blob \| blame \| history