From 85f5ed68104de9edd8f8e532dc0c2de931e3ca1b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Tue, 16 Apr 2019 01:48:11 +0200
Subject: Fix secret permissions

---
 nixops/modules/websites/tools/dav/davical.nix           | 2 +-
 nixops/modules/websites/tools/diaspora/diaspora.nix     | 6 +++---
 nixops/modules/websites/tools/git/mantisbt/mantisbt.nix | 2 +-
 nixops/modules/websites/tools/peertube/default.nix      | 2 +-
 nixops/modules/websites/tools/tools/kanboard.nix        | 2 +-
 nixops/modules/websites/tools/tools/ldap.nix            | 2 +-
 nixops/modules/websites/tools/tools/roundcubemail.nix   | 2 +-
 nixops/modules/websites/tools/tools/shaarli.nix         | 2 +-
 nixops/modules/websites/tools/tools/ttrss.nix           | 2 +-
 nixops/modules/websites/tools/tools/wallabag.nix        | 2 +-
 nixops/modules/websites/tools/tools/yourls.nix          | 2 +-
 11 files changed, 13 insertions(+), 13 deletions(-)

(limited to 'nixops/modules/websites/tools')

diff --git a/nixops/modules/websites/tools/dav/davical.nix b/nixops/modules/websites/tools/dav/davical.nix
index 4e464eb..32f5483 100644
--- a/nixops/modules/websites/tools/dav/davical.nix
+++ b/nixops/modules/websites/tools/dav/davical.nix
@@ -20,7 +20,7 @@ let
       destDir = "/run/keys/webapps";
       user = apache.user;
       group = apache.group;
-      permissions = "0700";
+      permissions = "0400";
       text = ''
         <?php
         $c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}";
diff --git a/nixops/modules/websites/tools/diaspora/diaspora.nix b/nixops/modules/websites/tools/diaspora/diaspora.nix
index 074dfb2..c7af9da 100644
--- a/nixops/modules/websites/tools/diaspora/diaspora.nix
+++ b/nixops/modules/websites/tools/diaspora/diaspora.nix
@@ -33,7 +33,7 @@ let
     destDir = "/run/keys/webapps";
     user = "diaspora";
     group = "diaspora";
-    permissions = "0700";
+    permissions = "0400";
     text = ''
       Diaspora::Application.config.secret_key_base = '${env.secret_token}'
     '';
@@ -42,7 +42,7 @@ let
     destDir = "/run/keys/webapps";
     user = "diaspora";
     group = "diaspora";
-    permissions = "0700";
+    permissions = "0400";
     text = ''
       configuration:
         environment:
@@ -121,7 +121,7 @@ let
     destDir = "/run/keys/webapps";
     user = "diaspora";
     group = "diaspora";
-    permissions = "0700";
+    permissions = "0400";
     text = ''
       postgresql: &postgresql
         adapter: postgresql
diff --git a/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix b/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix
index 00580b5..2c7422d 100644
--- a/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix
+++ b/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix
@@ -21,7 +21,7 @@ let
       destDir = "/run/keys/webapps";
       user = apache.user;
       group = apache.group;
-      permissions = "0700";
+      permissions = "0400";
       text = ''
         <?php
         $g_hostname              = '${env.postgresql.socket}';
diff --git a/nixops/modules/websites/tools/peertube/default.nix b/nixops/modules/websites/tools/peertube/default.nix
index dbdeb76..1f88a15 100644
--- a/nixops/modules/websites/tools/peertube/default.nix
+++ b/nixops/modules/websites/tools/peertube/default.nix
@@ -61,7 +61,7 @@ in {
       destDir = "/run/keys/webapps";
       user = "peertube";
       group = "peertube";
-      permissions = "0700";
+      permissions = "0400";
       text = peertube.config;
     };
 
diff --git a/nixops/modules/websites/tools/tools/kanboard.nix b/nixops/modules/websites/tools/tools/kanboard.nix
index 35ed2aa..dd5b18f 100644
--- a/nixops/modules/websites/tools/tools/kanboard.nix
+++ b/nixops/modules/websites/tools/tools/kanboard.nix
@@ -14,7 +14,7 @@ rec {
     destDir = "/run/keys/webapps";
     user = apache.user;
     group = apache.group;
-    permissions = "0700";
+    permissions = "0400";
     text = ''
       <?php
       define('MAIL_FROM', 'kanboard@tools.immae.eu');
diff --git a/nixops/modules/websites/tools/tools/ldap.nix b/nixops/modules/websites/tools/tools/ldap.nix
index 9d98837..008dffe 100644
--- a/nixops/modules/websites/tools/tools/ldap.nix
+++ b/nixops/modules/websites/tools/tools/ldap.nix
@@ -4,7 +4,7 @@ rec {
     destDir = "/run/keys/webapps";
     user = apache.user;
     group = apache.group;
-    permissions = "0700";
+    permissions = "0400";
     text = ''
       <?php
       $config->custom->appearance['show_clear_password'] = true;
diff --git a/nixops/modules/websites/tools/tools/roundcubemail.nix b/nixops/modules/websites/tools/tools/roundcubemail.nix
index 3806679..5fc3412 100644
--- a/nixops/modules/websites/tools/tools/roundcubemail.nix
+++ b/nixops/modules/websites/tools/tools/roundcubemail.nix
@@ -82,7 +82,7 @@ let
       destDir = "/run/keys/webapps";
       user = apache.user;
       group = apache.group;
-      permissions = "0700";
+      permissions = "0400";
       text = ''
         <?php
           $config['db_dsnw'] = '${env.psql_url}';
diff --git a/nixops/modules/websites/tools/tools/shaarli.nix b/nixops/modules/websites/tools/tools/shaarli.nix
index 5435181..56658fd 100644
--- a/nixops/modules/websites/tools/tools/shaarli.nix
+++ b/nixops/modules/websites/tools/tools/shaarli.nix
@@ -65,7 +65,7 @@ in rec {
     destDir = "/run/keys/webapps";
     user = apache.user;
     group = apache.group;
-    permissions = "0700";
+    permissions = "0400";
     text = ''
       SetEnv SHAARLI_LDAP_PASSWORD "${env.ldap.password}"
       SetEnv SHAARLI_LDAP_DN       "${env.ldap.dn}"
diff --git a/nixops/modules/websites/tools/tools/ttrss.nix b/nixops/modules/websites/tools/tools/ttrss.nix
index 6a5efd9..0fe94f9 100644
--- a/nixops/modules/websites/tools/tools/ttrss.nix
+++ b/nixops/modules/websites/tools/tools/ttrss.nix
@@ -56,7 +56,7 @@ let
       destDir = "/run/keys/webapps";
       user = apache.user;
       group = apache.group;
-      permissions = "0700";
+      permissions = "0400";
       text = ''
         <?php
 
diff --git a/nixops/modules/websites/tools/tools/wallabag.nix b/nixops/modules/websites/tools/tools/wallabag.nix
index c808eb1..0cacad3 100644
--- a/nixops/modules/websites/tools/tools/wallabag.nix
+++ b/nixops/modules/websites/tools/tools/wallabag.nix
@@ -6,7 +6,7 @@ let
       destDir = "/run/keys/webapps";
       user = apache.user;
       group = apache.group;
-      permissions = "0700";
+      permissions = "0400";
       text = ''
         # This file is auto-generated during the composer install
         parameters:
diff --git a/nixops/modules/websites/tools/tools/yourls.nix b/nixops/modules/websites/tools/tools/yourls.nix
index 64ec48a..e82856f 100644
--- a/nixops/modules/websites/tools/tools/yourls.nix
+++ b/nixops/modules/websites/tools/tools/yourls.nix
@@ -17,7 +17,7 @@ let
       destDir = "/run/keys/webapps";
       user = apache.user;
       group = apache.group;
-      permissions = "0700";
+      permissions = "0400";
       text = ''
         <?php
         define( 'YOURLS_DB_USER', '${env.mysql.user}' );
-- 
cgit v1.2.3