From: Ismaƫl Bouya Date: Mon, 15 Apr 2019 23:48:11 +0000 (+0200) Subject: Fix secret permissions X-Git-Tag: nur_publish~142 X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=commitdiff_plain;h=85f5ed68104de9edd8f8e532dc0c2de931e3ca1b Fix secret permissions --- diff --git a/nixops/modules/websites/aten/aten.nix b/nixops/modules/websites/aten/aten.nix index ac102c9..6059eb6 100644 --- a/nixops/modules/websites/aten/aten.nix +++ b/nixops/modules/websites/aten/aten.nix @@ -34,7 +34,7 @@ let destDir = "/run/keys/webapps"; user = apache.user; group = apache.group; - permissions = "0700"; + permissions = "0400"; text = '' SetEnv APP_ENV "${environment}" SetEnv APP_SECRET "${config.secret}" diff --git a/nixops/modules/websites/connexionswing/connexionswing.nix b/nixops/modules/websites/connexionswing/connexionswing.nix index 7bc1d51..2960c6a 100644 --- a/nixops/modules/websites/connexionswing/connexionswing.nix +++ b/nixops/modules/websites/connexionswing/connexionswing.nix @@ -7,7 +7,7 @@ let destDir = "/run/keys/webapps"; user = apache.user; group = apache.group; - permissions = "0700"; + permissions = "0400"; text = '' # This file is auto-generated during the composer install parameters: diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix index 9782e68..cd2b38a 100644 --- a/nixops/modules/websites/default.nix +++ b/nixops/modules/websites/default.nix @@ -232,7 +232,7 @@ in deployment.keys.apache-ldap = { user = "wwwrun"; group = "wwwrun"; - permissions = "0700"; + permissions = "0400"; text = '' diff --git a/nixops/modules/websites/ftp/jerome.nix b/nixops/modules/websites/ftp/jerome.nix index 218060f..6c0decd 100644 --- a/nixops/modules/websites/ftp/jerome.nix +++ b/nixops/modules/websites/ftp/jerome.nix @@ -33,6 +33,7 @@ in { destDir = "/run/keys/webapps"; user = "wwwrun"; group = "wwwrun"; + permissions = "0400"; text = '' pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}"; diff --git a/nixops/modules/websites/tools/diaspora/diaspora.nix b/nixops/modules/websites/tools/diaspora/diaspora.nix index 074dfb2..c7af9da 100644 --- a/nixops/modules/websites/tools/diaspora/diaspora.nix +++ b/nixops/modules/websites/tools/diaspora/diaspora.nix @@ -33,7 +33,7 @@ let destDir = "/run/keys/webapps"; user = "diaspora"; group = "diaspora"; - permissions = "0700"; + permissions = "0400"; text = '' Diaspora::Application.config.secret_key_base = '${env.secret_token}' ''; @@ -42,7 +42,7 @@ let destDir = "/run/keys/webapps"; user = "diaspora"; group = "diaspora"; - permissions = "0700"; + permissions = "0400"; text = '' configuration: environment: @@ -121,7 +121,7 @@ let destDir = "/run/keys/webapps"; user = "diaspora"; group = "diaspora"; - permissions = "0700"; + permissions = "0400"; text = '' postgresql: &postgresql adapter: postgresql diff --git a/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix b/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix index 00580b5..2c7422d 100644 --- a/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix +++ b/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix @@ -21,7 +21,7 @@ let destDir = "/run/keys/webapps"; user = apache.user; group = apache.group; - permissions = "0700"; + permissions = "0400"; text = '' custom->appearance['show_clear_password'] = true; diff --git a/nixops/modules/websites/tools/tools/roundcubemail.nix b/nixops/modules/websites/tools/tools/roundcubemail.nix index 3806679..5fc3412 100644 --- a/nixops/modules/websites/tools/tools/roundcubemail.nix +++ b/nixops/modules/websites/tools/tools/roundcubemail.nix @@ -82,7 +82,7 @@ let destDir = "/run/keys/webapps"; user = apache.user; group = apache.group; - permissions = "0700"; + permissions = "0400"; text = ''