diff --git a/modules/forgejo-actions-runner/default.nix b/modules/forgejo-actions-runner/default.nix index 0cd3c8e2..27742370 100644 --- a/modules/forgejo-actions-runner/default.nix +++ b/modules/forgejo-actions-runner/default.nix @@ -8,7 +8,7 @@ { age.secrets.forgejo-actions-runner-token = { file = "${flake.self}/secrets/forgejo-actions-runner-token.age"; - mode = "644"; + mode = "440"; }; # Trust docker bridge interface traffic diff --git a/modules/grafana/default.nix b/modules/grafana/default.nix index be124743..624caf3d 100644 --- a/modules/grafana/default.nix +++ b/modules/grafana/default.nix @@ -8,18 +8,18 @@ { age.secrets.grafana-admin-password = { file = "${flake.self}/secrets/grafana-admin-password.age"; - mode = "644"; + mode = "440"; owner = "grafana"; }; age.secrets.grafana-smtp-password = { file = "${flake.self}/secrets/grafana-smtp-password.age"; - mode = "644"; + mode = "440"; owner = "grafana"; group = "prometheus"; }; age.secrets.grafana-keycloak-client-secret = { file = "${flake.self}/secrets/grafana-keycloak-client-secret.age"; - mode = "644"; + mode = "440"; owner = "grafana"; };