Move secrets to flakes

[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / dmarc_reports.nix

diff --git a/modules/private/websites/tools/tools/dmarc_reports.nix b/modules/private/websites/tools/tools/dmarc_reports.nix
index 2e445264e39366183a185cbdaaf51ea1f137e3fc..5fdf0b62ad09394d19f3920a4137497d66d1d9fb 100644 (file)
--- a/modules/private/websites/tools/tools/dmarc_reports.nix
+++ b/modules/private/websites/tools/tools/dmarc_reports.nix
@@ -1,4 +1,4 @@
-{ env }:
+{ env, config }:
 rec {
   keys = [{
     dest = "webapps/tools-dmarc-reports.php";
@@ -12,6 +12,7 @@ rec {
       $dbuser = "${env.mysql.user}";
       $dbpass = "${env.mysql.password}";
       $dbport = "${env.mysql.port}";
+      $anonymous_key = "${env.anonymous_key}";
       ?>
     '';
   }];
@@ -32,13 +33,17 @@ rec {
 
         AllowOverride None
         Options +FollowSymlinks
+
+        SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
+        Use LDAPConnect
         Require all granted
+        Require ldap-attribute uid=immae
       </Directory>
       '';
   };
   phpFpm = rec {
     basedir = builtins.concatStringsSep ":"
-      [ webRoot "/var/secrets/webapps/tools-dmarc-reports.php" ];
+      [ webRoot config.secrets.fullPaths."webapps/tools-dmarc-reports.php" ];
     pool = {
       "listen.owner" = apache.user;
       "listen.group" = apache.group;
@@ -50,7 +55,7 @@ rec {
       "php_admin_value[open_basedir]" = "${basedir}:/tmp";
     };
     phpEnv = {
-      SECRETS_FILE = "/var/secrets/webapps/tools-dmarc-reports.php";
+      SECRETS_FILE = config.secrets.fullPaths."webapps/tools-dmarc-reports.php";
     };
   };
 }