aboutsummaryrefslogtreecommitdiff
path: root/nixops
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2019-04-16 01:48:11 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2019-04-16 01:48:11 +0200
commit85f5ed68104de9edd8f8e532dc0c2de931e3ca1b (patch)
tree4a5da5f6d5e808db249f282a4743a1e56680aace /nixops
parentec2a5ffb986e9b21dff31e16d112aa9052a4bc5c (diff)
downloadNix-85f5ed68104de9edd8f8e532dc0c2de931e3ca1b.tar.gz
Nix-85f5ed68104de9edd8f8e532dc0c2de931e3ca1b.tar.zst
Nix-85f5ed68104de9edd8f8e532dc0c2de931e3ca1b.zip
Fix secret permissions
Diffstat (limited to 'nixops')
-rw-r--r--nixops/modules/websites/aten/aten.nix2
-rw-r--r--nixops/modules/websites/connexionswing/connexionswing.nix2
-rw-r--r--nixops/modules/websites/default.nix2
-rw-r--r--nixops/modules/websites/ftp/jerome.nix1
-rw-r--r--nixops/modules/websites/ludivine/ludivinecassal.nix2
-rw-r--r--nixops/modules/websites/piedsjaloux/piedsjaloux.nix2
-rw-r--r--nixops/modules/websites/tellesflorian/tellesflorian.nix4
-rw-r--r--nixops/modules/websites/tools/dav/davical.nix2
-rw-r--r--nixops/modules/websites/tools/diaspora/diaspora.nix6
-rw-r--r--nixops/modules/websites/tools/git/mantisbt/mantisbt.nix2
-rw-r--r--nixops/modules/websites/tools/peertube/default.nix2
-rw-r--r--nixops/modules/websites/tools/tools/kanboard.nix2
-rw-r--r--nixops/modules/websites/tools/tools/ldap.nix2
-rw-r--r--nixops/modules/websites/tools/tools/roundcubemail.nix2
-rw-r--r--nixops/modules/websites/tools/tools/shaarli.nix2
-rw-r--r--nixops/modules/websites/tools/tools/ttrss.nix2
-rw-r--r--nixops/modules/websites/tools/tools/wallabag.nix2
-rw-r--r--nixops/modules/websites/tools/tools/yourls.nix2
18 files changed, 21 insertions, 20 deletions
diff --git a/nixops/modules/websites/aten/aten.nix b/nixops/modules/websites/aten/aten.nix
index ac102c9..6059eb6 100644
--- a/nixops/modules/websites/aten/aten.nix
+++ b/nixops/modules/websites/aten/aten.nix
@@ -34,7 +34,7 @@ let
34 destDir = "/run/keys/webapps"; 34 destDir = "/run/keys/webapps";
35 user = apache.user; 35 user = apache.user;
36 group = apache.group; 36 group = apache.group;
37 permissions = "0700"; 37 permissions = "0400";
38 text = '' 38 text = ''
39 SetEnv APP_ENV "${environment}" 39 SetEnv APP_ENV "${environment}"
40 SetEnv APP_SECRET "${config.secret}" 40 SetEnv APP_SECRET "${config.secret}"
diff --git a/nixops/modules/websites/connexionswing/connexionswing.nix b/nixops/modules/websites/connexionswing/connexionswing.nix
index 7bc1d51..2960c6a 100644
--- a/nixops/modules/websites/connexionswing/connexionswing.nix
+++ b/nixops/modules/websites/connexionswing/connexionswing.nix
@@ -7,7 +7,7 @@ let
7 destDir = "/run/keys/webapps"; 7 destDir = "/run/keys/webapps";
8 user = apache.user; 8 user = apache.user;
9 group = apache.group; 9 group = apache.group;
10 permissions = "0700"; 10 permissions = "0400";
11 text = '' 11 text = ''
12 # This file is auto-generated during the composer install 12 # This file is auto-generated during the composer install
13 parameters: 13 parameters:
diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix
index 9782e68..cd2b38a 100644
--- a/nixops/modules/websites/default.nix
+++ b/nixops/modules/websites/default.nix
@@ -232,7 +232,7 @@ in
232 deployment.keys.apache-ldap = { 232 deployment.keys.apache-ldap = {
233 user = "wwwrun"; 233 user = "wwwrun";
234 group = "wwwrun"; 234 group = "wwwrun";
235 permissions = "0700"; 235 permissions = "0400";
236 text = '' 236 text = ''
237 <Macro LDAPConnect> 237 <Macro LDAPConnect>
238 <IfModule authnz_ldap_module> 238 <IfModule authnz_ldap_module>
diff --git a/nixops/modules/websites/ftp/jerome.nix b/nixops/modules/websites/ftp/jerome.nix
index 218060f..6c0decd 100644
--- a/nixops/modules/websites/ftp/jerome.nix
+++ b/nixops/modules/websites/ftp/jerome.nix
@@ -33,6 +33,7 @@ in {
33 destDir = "/run/keys/webapps"; 33 destDir = "/run/keys/webapps";
34 user = "wwwrun"; 34 user = "wwwrun";
35 group = "wwwrun"; 35 group = "wwwrun";
36 permissions = "0400";
36 text = '' 37 text = ''
37 <?php 38 <?php
38 $mysql_user = '${env.mysql.user}' ; 39 $mysql_user = '${env.mysql.user}' ;
diff --git a/nixops/modules/websites/ludivine/ludivinecassal.nix b/nixops/modules/websites/ludivine/ludivinecassal.nix
index b5450e6..423bbda 100644
--- a/nixops/modules/websites/ludivine/ludivinecassal.nix
+++ b/nixops/modules/websites/ludivine/ludivinecassal.nix
@@ -7,7 +7,7 @@ let
7 destDir = "/run/keys/webapps"; 7 destDir = "/run/keys/webapps";
8 user = apache.user; 8 user = apache.user;
9 group = apache.group; 9 group = apache.group;
10 permissions = "0700"; 10 permissions = "0400";
11 text = '' 11 text = ''
12 # This file is auto-generated during the composer install 12 # This file is auto-generated during the composer install
13 parameters: 13 parameters:
diff --git a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix
index 8dab8dd..1c7e983 100644
--- a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix
+++ b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix
@@ -7,7 +7,7 @@ let
7 destDir = "/run/keys/webapps"; 7 destDir = "/run/keys/webapps";
8 user = apache.user; 8 user = apache.user;
9 group = apache.group; 9 group = apache.group;
10 permissions = "0700"; 10 permissions = "0400";
11 text = '' 11 text = ''
12 # This file is auto-generated during the composer install 12 # This file is auto-generated during the composer install
13 parameters: 13 parameters:
diff --git a/nixops/modules/websites/tellesflorian/tellesflorian.nix b/nixops/modules/websites/tellesflorian/tellesflorian.nix
index 142ba98..a8e741e 100644
--- a/nixops/modules/websites/tellesflorian/tellesflorian.nix
+++ b/nixops/modules/websites/tellesflorian/tellesflorian.nix
@@ -7,7 +7,7 @@ let
7 destDir = "/run/keys/webapps"; 7 destDir = "/run/keys/webapps";
8 user = apache.user; 8 user = apache.user;
9 group = apache.group; 9 group = apache.group;
10 permissions = "0700"; 10 permissions = "0400";
11 text = '' 11 text = ''
12 # This file is auto-generated during the composer install 12 # This file is auto-generated during the composer install
13 parameters: 13 parameters:
@@ -58,7 +58,7 @@ let
58 destDir = "/run/keys/webapps"; 58 destDir = "/run/keys/webapps";
59 user = apache.user; 59 user = apache.user;
60 group = apache.group; 60 group = apache.group;
61 permissions = "0700"; 61 permissions = "0400";
62 text = '' 62 text = ''
63 invite:${config.invite_passwords} 63 invite:${config.invite_passwords}
64 ''; 64 '';
diff --git a/nixops/modules/websites/tools/dav/davical.nix b/nixops/modules/websites/tools/dav/davical.nix
index 4e464eb..32f5483 100644
--- a/nixops/modules/websites/tools/dav/davical.nix
+++ b/nixops/modules/websites/tools/dav/davical.nix
@@ -20,7 +20,7 @@ let
20 destDir = "/run/keys/webapps"; 20 destDir = "/run/keys/webapps";
21 user = apache.user; 21 user = apache.user;
22 group = apache.group; 22 group = apache.group;
23 permissions = "0700"; 23 permissions = "0400";
24 text = '' 24 text = ''
25 <?php 25 <?php
26 $c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}"; 26 $c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}";
diff --git a/nixops/modules/websites/tools/diaspora/diaspora.nix b/nixops/modules/websites/tools/diaspora/diaspora.nix
index 074dfb2..c7af9da 100644
--- a/nixops/modules/websites/tools/diaspora/diaspora.nix
+++ b/nixops/modules/websites/tools/diaspora/diaspora.nix
@@ -33,7 +33,7 @@ let
33 destDir = "/run/keys/webapps"; 33 destDir = "/run/keys/webapps";
34 user = "diaspora"; 34 user = "diaspora";
35 group = "diaspora"; 35 group = "diaspora";
36 permissions = "0700"; 36 permissions = "0400";
37 text = '' 37 text = ''
38 Diaspora::Application.config.secret_key_base = '${env.secret_token}' 38 Diaspora::Application.config.secret_key_base = '${env.secret_token}'
39 ''; 39 '';
@@ -42,7 +42,7 @@ let
42 destDir = "/run/keys/webapps"; 42 destDir = "/run/keys/webapps";
43 user = "diaspora"; 43 user = "diaspora";
44 group = "diaspora"; 44 group = "diaspora";
45 permissions = "0700"; 45 permissions = "0400";
46 text = '' 46 text = ''
47 configuration: 47 configuration:
48 environment: 48 environment:
@@ -121,7 +121,7 @@ let
121 destDir = "/run/keys/webapps"; 121 destDir = "/run/keys/webapps";
122 user = "diaspora"; 122 user = "diaspora";
123 group = "diaspora"; 123 group = "diaspora";
124 permissions = "0700"; 124 permissions = "0400";
125 text = '' 125 text = ''
126 postgresql: &postgresql 126 postgresql: &postgresql
127 adapter: postgresql 127 adapter: postgresql
diff --git a/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix b/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix
index 00580b5..2c7422d 100644
--- a/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix
+++ b/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix
@@ -21,7 +21,7 @@ let
21 destDir = "/run/keys/webapps"; 21 destDir = "/run/keys/webapps";
22 user = apache.user; 22 user = apache.user;
23 group = apache.group; 23 group = apache.group;
24 permissions = "0700"; 24 permissions = "0400";
25 text = '' 25 text = ''
26 <?php 26 <?php
27 $g_hostname = '${env.postgresql.socket}'; 27 $g_hostname = '${env.postgresql.socket}';
diff --git a/nixops/modules/websites/tools/peertube/default.nix b/nixops/modules/websites/tools/peertube/default.nix
index dbdeb76..1f88a15 100644
--- a/nixops/modules/websites/tools/peertube/default.nix
+++ b/nixops/modules/websites/tools/peertube/default.nix
@@ -61,7 +61,7 @@ in {
61 destDir = "/run/keys/webapps"; 61 destDir = "/run/keys/webapps";
62 user = "peertube"; 62 user = "peertube";
63 group = "peertube"; 63 group = "peertube";
64 permissions = "0700"; 64 permissions = "0400";
65 text = peertube.config; 65 text = peertube.config;
66 }; 66 };
67 67
diff --git a/nixops/modules/websites/tools/tools/kanboard.nix b/nixops/modules/websites/tools/tools/kanboard.nix
index 35ed2aa..dd5b18f 100644
--- a/nixops/modules/websites/tools/tools/kanboard.nix
+++ b/nixops/modules/websites/tools/tools/kanboard.nix
@@ -14,7 +14,7 @@ rec {
14 destDir = "/run/keys/webapps"; 14 destDir = "/run/keys/webapps";
15 user = apache.user; 15 user = apache.user;
16 group = apache.group; 16 group = apache.group;
17 permissions = "0700"; 17 permissions = "0400";
18 text = '' 18 text = ''
19 <?php 19 <?php
20 define('MAIL_FROM', 'kanboard@tools.immae.eu'); 20 define('MAIL_FROM', 'kanboard@tools.immae.eu');
diff --git a/nixops/modules/websites/tools/tools/ldap.nix b/nixops/modules/websites/tools/tools/ldap.nix
index 9d98837..008dffe 100644
--- a/nixops/modules/websites/tools/tools/ldap.nix
+++ b/nixops/modules/websites/tools/tools/ldap.nix
@@ -4,7 +4,7 @@ rec {
4 destDir = "/run/keys/webapps"; 4 destDir = "/run/keys/webapps";
5 user = apache.user; 5 user = apache.user;
6 group = apache.group; 6 group = apache.group;
7 permissions = "0700"; 7 permissions = "0400";
8 text = '' 8 text = ''
9 <?php 9 <?php
10 $config->custom->appearance['show_clear_password'] = true; 10 $config->custom->appearance['show_clear_password'] = true;
diff --git a/nixops/modules/websites/tools/tools/roundcubemail.nix b/nixops/modules/websites/tools/tools/roundcubemail.nix
index 3806679..5fc3412 100644
--- a/nixops/modules/websites/tools/tools/roundcubemail.nix
+++ b/nixops/modules/websites/tools/tools/roundcubemail.nix
@@ -82,7 +82,7 @@ let
82 destDir = "/run/keys/webapps"; 82 destDir = "/run/keys/webapps";
83 user = apache.user; 83 user = apache.user;
84 group = apache.group; 84 group = apache.group;
85 permissions = "0700"; 85 permissions = "0400";
86 text = '' 86 text = ''
87 <?php 87 <?php
88 $config['db_dsnw'] = '${env.psql_url}'; 88 $config['db_dsnw'] = '${env.psql_url}';
diff --git a/nixops/modules/websites/tools/tools/shaarli.nix b/nixops/modules/websites/tools/tools/shaarli.nix
index 5435181..56658fd 100644
--- a/nixops/modules/websites/tools/tools/shaarli.nix
+++ b/nixops/modules/websites/tools/tools/shaarli.nix
@@ -65,7 +65,7 @@ in rec {
65 destDir = "/run/keys/webapps"; 65 destDir = "/run/keys/webapps";
66 user = apache.user; 66 user = apache.user;
67 group = apache.group; 67 group = apache.group;
68 permissions = "0700"; 68 permissions = "0400";
69 text = '' 69 text = ''
70 SetEnv SHAARLI_LDAP_PASSWORD "${env.ldap.password}" 70 SetEnv SHAARLI_LDAP_PASSWORD "${env.ldap.password}"
71 SetEnv SHAARLI_LDAP_DN "${env.ldap.dn}" 71 SetEnv SHAARLI_LDAP_DN "${env.ldap.dn}"
diff --git a/nixops/modules/websites/tools/tools/ttrss.nix b/nixops/modules/websites/tools/tools/ttrss.nix
index 6a5efd9..0fe94f9 100644
--- a/nixops/modules/websites/tools/tools/ttrss.nix
+++ b/nixops/modules/websites/tools/tools/ttrss.nix
@@ -56,7 +56,7 @@ let
56 destDir = "/run/keys/webapps"; 56 destDir = "/run/keys/webapps";
57 user = apache.user; 57 user = apache.user;
58 group = apache.group; 58 group = apache.group;
59 permissions = "0700"; 59 permissions = "0400";
60 text = '' 60 text = ''
61 <?php 61 <?php
62 62
diff --git a/nixops/modules/websites/tools/tools/wallabag.nix b/nixops/modules/websites/tools/tools/wallabag.nix
index c808eb1..0cacad3 100644
--- a/nixops/modules/websites/tools/tools/wallabag.nix
+++ b/nixops/modules/websites/tools/tools/wallabag.nix
@@ -6,7 +6,7 @@ let
6 destDir = "/run/keys/webapps"; 6 destDir = "/run/keys/webapps";
7 user = apache.user; 7 user = apache.user;
8 group = apache.group; 8 group = apache.group;
9 permissions = "0700"; 9 permissions = "0400";
10 text = '' 10 text = ''
11 # This file is auto-generated during the composer install 11 # This file is auto-generated during the composer install
12 parameters: 12 parameters:
diff --git a/nixops/modules/websites/tools/tools/yourls.nix b/nixops/modules/websites/tools/tools/yourls.nix
index 64ec48a..e82856f 100644
--- a/nixops/modules/websites/tools/tools/yourls.nix
+++ b/nixops/modules/websites/tools/tools/yourls.nix
@@ -17,7 +17,7 @@ let
17 destDir = "/run/keys/webapps"; 17 destDir = "/run/keys/webapps";
18 user = apache.user; 18 user = apache.user;
19 group = apache.group; 19 group = apache.group;
20 permissions = "0700"; 20 permissions = "0400";
21 text = '' 21 text = ''
22 <?php 22 <?php
23 define( 'YOURLS_DB_USER', '${env.mysql.user}' ); 23 define( 'YOURLS_DB_USER', '${env.mysql.user}' );