diff options
Diffstat (limited to 'genenetwork-development.scm')
| -rw-r--r-- | genenetwork-development.scm | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/genenetwork-development.scm b/genenetwork-development.scm index 59fbf37..5848ae5 100644 --- a/genenetwork-development.scm +++ b/genenetwork-development.scm @@ -680,17 +680,25 @@ described by CONFIG, a <genenetwork-configuration> object." (define (genenetwork-activation config) (match-record config <genenetwork-configuration> - (auth-db-path) + (gn2-secrets gn3-secrets auth-db-path) (with-imported-modules '((guix build utils)) #~(begin (use-modules (guix build utils)) + ;; Set ownership of files. (for-each (lambda (file) (chown file (passwd:uid (getpw "genenetwork")) (passwd:gid (getpw "genenetwork")))) - (find-files #$(dirname auth-db-path) - #:directories? #t)))))) + (cons* #$gn2-secrets + #$gn3-secrets + (find-files #$(dirname auth-db-path) + #:directories? #t))) + ;; Prevent other users from reading secret files. + (for-each (lambda (file) + (chmod file #o600)) + (list #$gn2-secrets + #$gn3-secrets)))))) (define genenetwork-service-type (service-type |