Merge commit '83cbad92d73216bb0d9187c56cce0b91f9121d5a' into main

author: Mx Kookie <kookie@spacekookie.de> 2020-12-09 18:55:19 +0000
committer: Mx Kookie <kookie@spacekookie.de> 2020-12-09 18:55:19 +0000
commit: 80d90d9b204f7c17912740f9f414fe5d59f293ba (patch)
tree: 5f2065a06e724270610760d59d01c6888b375a46 /infra/libkookie/nixpkgs/nixos/modules/security/acme.nix
parent: 3a31a84c7d3e589035ad08499206aac44a81f424 (diff)
parent: 83cbad92d73216bb0d9187c56cce0b91f9121d5a (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/infra/libkookie/nixpkgs/nixos/modules/security/acme.nix b/infra/libkookie/nixpkgs/nixos/modules/security/acme.nix
index 5732620f2908..47f6bead7c3e 100644
--- a/infra/libkookie/nixpkgs/nixos/modules/security/acme.nix
+++ b/infra/libkookie/nixpkgs/nixos/modules/security/acme.nix
@@ -63,7 +63,7 @@ let
     script = with builtins; concatStringsSep "\n" (mapAttrsToList (cert: data: ''
       for fixpath in /var/lib/acme/${escapeShellArg cert} /var/lib/acme/.lego/${escapeShellArg cert}; do
         if [ -d "$fixpath" ]; then
-          chmod -R 750 "$fixpath"
+          chmod -R u=rwX,g=rX,o= "$fixpath"
           chown -R acme:${data.group} "$fixpath"
         fi
       done
@@ -271,7 +271,7 @@ let
 
         mv domainhash.txt certificates/
         chmod 640 certificates/*
-        chmod -R 700 accounts/*
+        chmod -R u=rwX,g=,o= accounts/*
 
         # Group might change between runs, re-apply it
         chown 'acme:${data.group}' certificates/*
author	Mx Kookie <kookie@spacekookie.de>	2020-12-09 18:55:19 +0000
committer	Mx Kookie <kookie@spacekookie.de>	2020-12-09 18:55:19 +0000
commit	80d90d9b204f7c17912740f9f414fe5d59f293ba (patch)
tree	5f2065a06e724270610760d59d01c6888b375a46 /infra/libkookie/nixpkgs/nixos/modules/security/acme.nix
parent	3a31a84c7d3e589035ad08499206aac44a81f424 (diff)
parent	83cbad92d73216bb0d9187c56cce0b91f9121d5a (diff)