diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-16 01:48:11 +0200 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-16 01:48:11 +0200 |
| commit | 85f5ed68104de9edd8f8e532dc0c2de931e3ca1b (patch) | |
| tree | 4a5da5f6d5e808db249f282a4743a1e56680aace /nixops | |
| parent | ec2a5ffb986e9b21dff31e16d112aa9052a4bc5c (diff) | |
| download | Nix-85f5ed68104de9edd8f8e532dc0c2de931e3ca1b.tar.gz Nix-85f5ed68104de9edd8f8e532dc0c2de931e3ca1b.tar.zst Nix-85f5ed68104de9edd8f8e532dc0c2de931e3ca1b.zip | |
Fix secret permissions
Diffstat (limited to 'nixops')
18 files changed, 21 insertions, 20 deletions
diff --git a/nixops/modules/websites/aten/aten.nix b/nixops/modules/websites/aten/aten.nix index ac102c9..6059eb6 100644 --- a/nixops/modules/websites/aten/aten.nix +++ b/nixops/modules/websites/aten/aten.nix | |||
| @@ -34,7 +34,7 @@ let | |||
| 34 | destDir = "/run/keys/webapps"; | 34 | destDir = "/run/keys/webapps"; |
| 35 | user = apache.user; | 35 | user = apache.user; |
| 36 | group = apache.group; | 36 | group = apache.group; |
| 37 | permissions = "0700"; | 37 | permissions = "0400"; |
| 38 | text = '' | 38 | text = '' |
| 39 | SetEnv APP_ENV "${environment}" | 39 | SetEnv APP_ENV "${environment}" |
| 40 | SetEnv APP_SECRET "${config.secret}" | 40 | SetEnv APP_SECRET "${config.secret}" |
diff --git a/nixops/modules/websites/connexionswing/connexionswing.nix b/nixops/modules/websites/connexionswing/connexionswing.nix index 7bc1d51..2960c6a 100644 --- a/nixops/modules/websites/connexionswing/connexionswing.nix +++ b/nixops/modules/websites/connexionswing/connexionswing.nix | |||
| @@ -7,7 +7,7 @@ let | |||
| 7 | destDir = "/run/keys/webapps"; | 7 | destDir = "/run/keys/webapps"; |
| 8 | user = apache.user; | 8 | user = apache.user; |
| 9 | group = apache.group; | 9 | group = apache.group; |
| 10 | permissions = "0700"; | 10 | permissions = "0400"; |
| 11 | text = '' | 11 | text = '' |
| 12 | # This file is auto-generated during the composer install | 12 | # This file is auto-generated during the composer install |
| 13 | parameters: | 13 | parameters: |
diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix index 9782e68..cd2b38a 100644 --- a/nixops/modules/websites/default.nix +++ b/nixops/modules/websites/default.nix | |||
| @@ -232,7 +232,7 @@ in | |||
| 232 | deployment.keys.apache-ldap = { | 232 | deployment.keys.apache-ldap = { |
| 233 | user = "wwwrun"; | 233 | user = "wwwrun"; |
| 234 | group = "wwwrun"; | 234 | group = "wwwrun"; |
| 235 | permissions = "0700"; | 235 | permissions = "0400"; |
| 236 | text = '' | 236 | text = '' |
| 237 | <Macro LDAPConnect> | 237 | <Macro LDAPConnect> |
| 238 | <IfModule authnz_ldap_module> | 238 | <IfModule authnz_ldap_module> |
diff --git a/nixops/modules/websites/ftp/jerome.nix b/nixops/modules/websites/ftp/jerome.nix index 218060f..6c0decd 100644 --- a/nixops/modules/websites/ftp/jerome.nix +++ b/nixops/modules/websites/ftp/jerome.nix | |||
| @@ -33,6 +33,7 @@ in { | |||
| 33 | destDir = "/run/keys/webapps"; | 33 | destDir = "/run/keys/webapps"; |
| 34 | user = "wwwrun"; | 34 | user = "wwwrun"; |
| 35 | group = "wwwrun"; | 35 | group = "wwwrun"; |
| 36 | permissions = "0400"; | ||
| 36 | text = '' | 37 | text = '' |
| 37 | <?php | 38 | <?php |
| 38 | $mysql_user = '${env.mysql.user}' ; | 39 | $mysql_user = '${env.mysql.user}' ; |
diff --git a/nixops/modules/websites/ludivine/ludivinecassal.nix b/nixops/modules/websites/ludivine/ludivinecassal.nix index b5450e6..423bbda 100644 --- a/nixops/modules/websites/ludivine/ludivinecassal.nix +++ b/nixops/modules/websites/ludivine/ludivinecassal.nix | |||
| @@ -7,7 +7,7 @@ let | |||
| 7 | destDir = "/run/keys/webapps"; | 7 | destDir = "/run/keys/webapps"; |
| 8 | user = apache.user; | 8 | user = apache.user; |
| 9 | group = apache.group; | 9 | group = apache.group; |
| 10 | permissions = "0700"; | 10 | permissions = "0400"; |
| 11 | text = '' | 11 | text = '' |
| 12 | # This file is auto-generated during the composer install | 12 | # This file is auto-generated during the composer install |
| 13 | parameters: | 13 | parameters: |
diff --git a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix index 8dab8dd..1c7e983 100644 --- a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix +++ b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix | |||
| @@ -7,7 +7,7 @@ let | |||
| 7 | destDir = "/run/keys/webapps"; | 7 | destDir = "/run/keys/webapps"; |
| 8 | user = apache.user; | 8 | user = apache.user; |
| 9 | group = apache.group; | 9 | group = apache.group; |
| 10 | permissions = "0700"; | 10 | permissions = "0400"; |
| 11 | text = '' | 11 | text = '' |
| 12 | # This file is auto-generated during the composer install | 12 | # This file is auto-generated during the composer install |
| 13 | parameters: | 13 | parameters: |
diff --git a/nixops/modules/websites/tellesflorian/tellesflorian.nix b/nixops/modules/websites/tellesflorian/tellesflorian.nix index 142ba98..a8e741e 100644 --- a/nixops/modules/websites/tellesflorian/tellesflorian.nix +++ b/nixops/modules/websites/tellesflorian/tellesflorian.nix | |||
| @@ -7,7 +7,7 @@ let | |||
| 7 | destDir = "/run/keys/webapps"; | 7 | destDir = "/run/keys/webapps"; |
| 8 | user = apache.user; | 8 | user = apache.user; |
| 9 | group = apache.group; | 9 | group = apache.group; |
| 10 | permissions = "0700"; | 10 | permissions = "0400"; |
| 11 | text = '' | 11 | text = '' |
| 12 | # This file is auto-generated during the composer install | 12 | # This file is auto-generated during the composer install |
| 13 | parameters: | 13 | parameters: |
| @@ -58,7 +58,7 @@ let | |||
| 58 | destDir = "/run/keys/webapps"; | 58 | destDir = "/run/keys/webapps"; |
| 59 | user = apache.user; | 59 | user = apache.user; |
| 60 | group = apache.group; | 60 | group = apache.group; |
| 61 | permissions = "0700"; | 61 | permissions = "0400"; |
| 62 | text = '' | 62 | text = '' |
| 63 | invite:${config.invite_passwords} | 63 | invite:${config.invite_passwords} |
| 64 | ''; | 64 | ''; |
diff --git a/nixops/modules/websites/tools/dav/davical.nix b/nixops/modules/websites/tools/dav/davical.nix index 4e464eb..32f5483 100644 --- a/nixops/modules/websites/tools/dav/davical.nix +++ b/nixops/modules/websites/tools/dav/davical.nix | |||
| @@ -20,7 +20,7 @@ let | |||
| 20 | destDir = "/run/keys/webapps"; | 20 | destDir = "/run/keys/webapps"; |
| 21 | user = apache.user; | 21 | user = apache.user; |
| 22 | group = apache.group; | 22 | group = apache.group; |
| 23 | permissions = "0700"; | 23 | permissions = "0400"; |
| 24 | text = '' | 24 | text = '' |
| 25 | <?php | 25 | <?php |
| 26 | $c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}"; | 26 | $c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}"; |
diff --git a/nixops/modules/websites/tools/diaspora/diaspora.nix b/nixops/modules/websites/tools/diaspora/diaspora.nix index 074dfb2..c7af9da 100644 --- a/nixops/modules/websites/tools/diaspora/diaspora.nix +++ b/nixops/modules/websites/tools/diaspora/diaspora.nix | |||
| @@ -33,7 +33,7 @@ let | |||
| 33 | destDir = "/run/keys/webapps"; | 33 | destDir = "/run/keys/webapps"; |
| 34 | user = "diaspora"; | 34 | user = "diaspora"; |
| 35 | group = "diaspora"; | 35 | group = "diaspora"; |
| 36 | permissions = "0700"; | 36 | permissions = "0400"; |
| 37 | text = '' | 37 | text = '' |
| 38 | Diaspora::Application.config.secret_key_base = '${env.secret_token}' | 38 | Diaspora::Application.config.secret_key_base = '${env.secret_token}' |
| 39 | ''; | 39 | ''; |
| @@ -42,7 +42,7 @@ let | |||
| 42 | destDir = "/run/keys/webapps"; | 42 | destDir = "/run/keys/webapps"; |
| 43 | user = "diaspora"; | 43 | user = "diaspora"; |
| 44 | group = "diaspora"; | 44 | group = "diaspora"; |
| 45 | permissions = "0700"; | 45 | permissions = "0400"; |
| 46 | text = '' | 46 | text = '' |
| 47 | configuration: | 47 | configuration: |
| 48 | environment: | 48 | environment: |
| @@ -121,7 +121,7 @@ let | |||
| 121 | destDir = "/run/keys/webapps"; | 121 | destDir = "/run/keys/webapps"; |
| 122 | user = "diaspora"; | 122 | user = "diaspora"; |
| 123 | group = "diaspora"; | 123 | group = "diaspora"; |
| 124 | permissions = "0700"; | 124 | permissions = "0400"; |
| 125 | text = '' | 125 | text = '' |
| 126 | postgresql: &postgresql | 126 | postgresql: &postgresql |
| 127 | adapter: postgresql | 127 | adapter: postgresql |
diff --git a/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix b/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix index 00580b5..2c7422d 100644 --- a/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix +++ b/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix | |||
| @@ -21,7 +21,7 @@ let | |||
| 21 | destDir = "/run/keys/webapps"; | 21 | destDir = "/run/keys/webapps"; |
| 22 | user = apache.user; | 22 | user = apache.user; |
| 23 | group = apache.group; | 23 | group = apache.group; |
| 24 | permissions = "0700"; | 24 | permissions = "0400"; |
| 25 | text = '' | 25 | text = '' |
| 26 | <?php | 26 | <?php |
| 27 | $g_hostname = '${env.postgresql.socket}'; | 27 | $g_hostname = '${env.postgresql.socket}'; |
diff --git a/nixops/modules/websites/tools/peertube/default.nix b/nixops/modules/websites/tools/peertube/default.nix index dbdeb76..1f88a15 100644 --- a/nixops/modules/websites/tools/peertube/default.nix +++ b/nixops/modules/websites/tools/peertube/default.nix | |||
| @@ -61,7 +61,7 @@ in { | |||
| 61 | destDir = "/run/keys/webapps"; | 61 | destDir = "/run/keys/webapps"; |
| 62 | user = "peertube"; | 62 | user = "peertube"; |
| 63 | group = "peertube"; | 63 | group = "peertube"; |
| 64 | permissions = "0700"; | 64 | permissions = "0400"; |
| 65 | text = peertube.config; | 65 | text = peertube.config; |
| 66 | }; | 66 | }; |
| 67 | 67 | ||
diff --git a/nixops/modules/websites/tools/tools/kanboard.nix b/nixops/modules/websites/tools/tools/kanboard.nix index 35ed2aa..dd5b18f 100644 --- a/nixops/modules/websites/tools/tools/kanboard.nix +++ b/nixops/modules/websites/tools/tools/kanboard.nix | |||
| @@ -14,7 +14,7 @@ rec { | |||
| 14 | destDir = "/run/keys/webapps"; | 14 | destDir = "/run/keys/webapps"; |
| 15 | user = apache.user; | 15 | user = apache.user; |
| 16 | group = apache.group; | 16 | group = apache.group; |
| 17 | permissions = "0700"; | 17 | permissions = "0400"; |
| 18 | text = '' | 18 | text = '' |
| 19 | <?php | 19 | <?php |
| 20 | define('MAIL_FROM', 'kanboard@tools.immae.eu'); | 20 | define('MAIL_FROM', 'kanboard@tools.immae.eu'); |
diff --git a/nixops/modules/websites/tools/tools/ldap.nix b/nixops/modules/websites/tools/tools/ldap.nix index 9d98837..008dffe 100644 --- a/nixops/modules/websites/tools/tools/ldap.nix +++ b/nixops/modules/websites/tools/tools/ldap.nix | |||
| @@ -4,7 +4,7 @@ rec { | |||
| 4 | destDir = "/run/keys/webapps"; | 4 | destDir = "/run/keys/webapps"; |
| 5 | user = apache.user; | 5 | user = apache.user; |
| 6 | group = apache.group; | 6 | group = apache.group; |
| 7 | permissions = "0700"; | 7 | permissions = "0400"; |
| 8 | text = '' | 8 | text = '' |
| 9 | <?php | 9 | <?php |
| 10 | $config->custom->appearance['show_clear_password'] = true; | 10 | $config->custom->appearance['show_clear_password'] = true; |
diff --git a/nixops/modules/websites/tools/tools/roundcubemail.nix b/nixops/modules/websites/tools/tools/roundcubemail.nix index 3806679..5fc3412 100644 --- a/nixops/modules/websites/tools/tools/roundcubemail.nix +++ b/nixops/modules/websites/tools/tools/roundcubemail.nix | |||
| @@ -82,7 +82,7 @@ let | |||
| 82 | destDir = "/run/keys/webapps"; | 82 | destDir = "/run/keys/webapps"; |
| 83 | user = apache.user; | 83 | user = apache.user; |
| 84 | group = apache.group; | 84 | group = apache.group; |
| 85 | permissions = "0700"; | 85 | permissions = "0400"; |
| 86 | text = '' | 86 | text = '' |
| 87 | <?php | 87 | <?php |
| 88 | $config['db_dsnw'] = '${env.psql_url}'; | 88 | $config['db_dsnw'] = '${env.psql_url}'; |
diff --git a/nixops/modules/websites/tools/tools/shaarli.nix b/nixops/modules/websites/tools/tools/shaarli.nix index 5435181..56658fd 100644 --- a/nixops/modules/websites/tools/tools/shaarli.nix +++ b/nixops/modules/websites/tools/tools/shaarli.nix | |||
| @@ -65,7 +65,7 @@ in rec { | |||
| 65 | destDir = "/run/keys/webapps"; | 65 | destDir = "/run/keys/webapps"; |
| 66 | user = apache.user; | 66 | user = apache.user; |
| 67 | group = apache.group; | 67 | group = apache.group; |
| 68 | permissions = "0700"; | 68 | permissions = "0400"; |
| 69 | text = '' | 69 | text = '' |
| 70 | SetEnv SHAARLI_LDAP_PASSWORD "${env.ldap.password}" | 70 | SetEnv SHAARLI_LDAP_PASSWORD "${env.ldap.password}" |
| 71 | SetEnv SHAARLI_LDAP_DN "${env.ldap.dn}" | 71 | SetEnv SHAARLI_LDAP_DN "${env.ldap.dn}" |
diff --git a/nixops/modules/websites/tools/tools/ttrss.nix b/nixops/modules/websites/tools/tools/ttrss.nix index 6a5efd9..0fe94f9 100644 --- a/nixops/modules/websites/tools/tools/ttrss.nix +++ b/nixops/modules/websites/tools/tools/ttrss.nix | |||
| @@ -56,7 +56,7 @@ let | |||
| 56 | destDir = "/run/keys/webapps"; | 56 | destDir = "/run/keys/webapps"; |
| 57 | user = apache.user; | 57 | user = apache.user; |
| 58 | group = apache.group; | 58 | group = apache.group; |
| 59 | permissions = "0700"; | 59 | permissions = "0400"; |
| 60 | text = '' | 60 | text = '' |
| 61 | <?php | 61 | <?php |
| 62 | 62 | ||
diff --git a/nixops/modules/websites/tools/tools/wallabag.nix b/nixops/modules/websites/tools/tools/wallabag.nix index c808eb1..0cacad3 100644 --- a/nixops/modules/websites/tools/tools/wallabag.nix +++ b/nixops/modules/websites/tools/tools/wallabag.nix | |||
| @@ -6,7 +6,7 @@ let | |||
| 6 | destDir = "/run/keys/webapps"; | 6 | destDir = "/run/keys/webapps"; |
| 7 | user = apache.user; | 7 | user = apache.user; |
| 8 | group = apache.group; | 8 | group = apache.group; |
| 9 | permissions = "0700"; | 9 | permissions = "0400"; |
| 10 | text = '' | 10 | text = '' |
| 11 | # This file is auto-generated during the composer install | 11 | # This file is auto-generated during the composer install |
| 12 | parameters: | 12 | parameters: |
diff --git a/nixops/modules/websites/tools/tools/yourls.nix b/nixops/modules/websites/tools/tools/yourls.nix index 64ec48a..e82856f 100644 --- a/nixops/modules/websites/tools/tools/yourls.nix +++ b/nixops/modules/websites/tools/tools/yourls.nix | |||
| @@ -17,7 +17,7 @@ let | |||
| 17 | destDir = "/run/keys/webapps"; | 17 | destDir = "/run/keys/webapps"; |
| 18 | user = apache.user; | 18 | user = apache.user; |
| 19 | group = apache.group; | 19 | group = apache.group; |
| 20 | permissions = "0700"; | 20 | permissions = "0400"; |
| 21 | text = '' | 21 | text = '' |
| 22 | <?php | 22 | <?php |
| 23 | define( 'YOURLS_DB_USER', '${env.mysql.user}' ); | 23 | define( 'YOURLS_DB_USER', '${env.mysql.user}' ); |