From 4a05d9f562aaaba3ad63f7d7ed50a1281d6293a2 Mon Sep 17 00:00:00 2001
From: Andreas Neue <andreas@dnix.de>
Date: Mon, 5 Jun 2023 09:36:36 +0200
Subject: [PATCH] dont leave secrets* world wide readable

---
 Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Makefile b/Makefile
index f38fe34..3508c8b 100644
--- a/Makefile
+++ b/Makefile
@@ -93,6 +93,7 @@ ifdef DEPLOY_HOSTS
 	@- $(foreach host,$(DEPLOY_HOSTS), \
 		ssh $(SSH_USER)@$(host) "mkdir -p $(DEPLOY_PATH)/$(DEPLOY_NAME)"; \
 		rsync -rav --exclude '*~' --exclude '.git*' --exclude '*.swp' . $(SSH_USER)@$(host):$(DEPLOY_PATH)/$(DEPLOY_NAME); \
+		ssh $(SSH_USER)@$(host) "cd $(DEPLOY_PATH)/$(DEPLOY_NAME) && chmod o-r .env secrets*" \
 	)
 endif