From d1a68a7c13e31f4eb337815da64fd69fe2404ecf Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 12 May 2024 22:18:28 +0200 Subject: [PATCH] secrets: fix too open permissions --- modules/forgejo-actions-runner/default.nix | 2 +- modules/grafana/default.nix | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/forgejo-actions-runner/default.nix b/modules/forgejo-actions-runner/default.nix index 0cd3c8e2..27742370 100644 --- a/modules/forgejo-actions-runner/default.nix +++ b/modules/forgejo-actions-runner/default.nix @@ -8,7 +8,7 @@ { age.secrets.forgejo-actions-runner-token = { file = "${flake.self}/secrets/forgejo-actions-runner-token.age"; - mode = "644"; + mode = "440"; }; # Trust docker bridge interface traffic diff --git a/modules/grafana/default.nix b/modules/grafana/default.nix index be124743..624caf3d 100644 --- a/modules/grafana/default.nix +++ b/modules/grafana/default.nix @@ -8,18 +8,18 @@ { age.secrets.grafana-admin-password = { file = "${flake.self}/secrets/grafana-admin-password.age"; - mode = "644"; + mode = "440"; owner = "grafana"; }; age.secrets.grafana-smtp-password = { file = "${flake.self}/secrets/grafana-smtp-password.age"; - mode = "644"; + mode = "440"; owner = "grafana"; group = "prometheus"; }; age.secrets.grafana-keycloak-client-secret = { file = "${flake.self}/secrets/grafana-keycloak-client-secret.age"; - mode = "644"; + mode = "440"; owner = "grafana"; };