archtechx/nix
1
0
Fork 0
mirror of https://github.com/archtechx/nix.git synced 2025-12-12 03:24:02 +00:00
Code Activity

Limit perms, no reads by other users

Browse source
This commit is contained in:
Samuel Štancl 2025-08-13 03:00:17 +02:00
parent 9516c3e43e
commit 737e13ab4f
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
laravel.nix
View file

@ -57,8 +57,8 @@ in {
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /srv 0755 root root - -" "d /srv 0755 root root - -"
"d /home 0755 root root - -" "d /home 0755 root root - -"
"d /srv/${name} 0755 ${mkUsername name} ${mkUsername name} - -" "d /srv/${name} 0750 ${mkUsername name} ${mkUsername name} - -"
"C /home/${mkUsername name}/.bashrc 0644 ${mkUsername name} ${mkUsername name} - /etc/laravel-${name}-bashrc" "C /home/${mkUsername name}/.bashrc 0640 ${mkUsername name} ${mkUsername name} - /etc/laravel-${name}-bashrc"
]; ];
services.cron.systemCronJobs = [ services.cron.systemCronJobs = [
@ -106,7 +106,7 @@ in {
chown -R ${mkUsername name}:${mkUsername name} "$SSH_DIR" chown -R ${mkUsername name}:${mkUsername name} "$SSH_DIR"
chmod 700 "$SSH_DIR" chmod 700 "$SSH_DIR"
chmod 600 "$KEY_FILE" chmod 600 "$KEY_FILE"
chmod 644 "$KEY_FILE.pub" chmod 640 "$KEY_FILE.pub"
echo "SSH key generated: $KEY_FILE.pub" echo "SSH key generated: $KEY_FILE.pub"
echo "Public key for deploy key:" echo "Public key for deploy key:"
cat "$KEY_FILE.pub" cat "$KEY_FILE.pub"