Move websites/tools to modules

[perso/Immae/Config/Nix.git] / nixops / modules / task / default.nix
diff --git a/nixops/modules/task/default.nix b/nixops/modules/task/default.nix

index 01d032da1d9f22c3d314344088a384f9f79bb041..9aeaa3f72de809d6cf28555eea1b0e82d051eeac 100644 (file)
--- a/nixops/modules/task/default.nix
+++ b/nixops/modules/task/default.nix
@@ -1,4 +1,4 @@
-{ lib, pkgs, config, myconfig, mylibs, ... }:
+{ lib, pkgs, config, myconfig,  ... }:
  let
    cfg = config.services.myTasks;
    server_vardir = config.services.taskserver.dataDir;
@@ -101,10 +101,10 @@ in {
            SetEnv TASKD_LDAP_FILTER   "${env.ldap.search}"
          '';
      }];
-    security.acme.certs."eldiron".extraDomains.${fqdn} = null;
-    services.myWebsites.tools.modules = [ "proxy_fcgi" "sed" ];
-    services.myWebsites.tools.vhostConfs.task = {
+    services.websites.tools.modules = [ "proxy_fcgi" "sed" ];
+    services.websites.tools.vhostConfs.task = {
        certName    = "eldiron";
+      addToCerts  = true;
        hosts       = [ "task.immae.eu" ];
        root        = "/run/current-system/webapps/_task";
        extraConfig = [ ''
@@ -160,7 +160,7 @@ in {
          </Location>
          '') env.taskwarrior-web);
      };
-    services.myPhpfpm.poolConfigs = {
+    services.phpfpm.poolConfigs = {
        tasks = ''
          listen = /var/run/phpfpm/task.sock
          user = ${user}
@@ -180,9 +180,7 @@ in {
        '';
      };
  
-    system.extraSystemBuilderCmds = ''
-      ln -s ${./www} $out/webapps/_task
-      '';
+    myServices.websites.webappDirs._task = ./www;
  
      security.acme.certs."task" = config.services.myCertificates.certConfig // {
        inherit user group;
@@ -236,21 +234,15 @@ in {
        inherit fqdn;
        listenHost = "::";
        pki.manual.ca.cert = "${server_vardir}/keys/ca.cert";
-      pki.manual.server.cert = "/var/lib/acme/task/fullchain.pem";
-      pki.manual.server.crl = "/var/lib/acme/task/invalid.crl";
-      pki.manual.server.key = "/var/lib/acme/task/key.pem";
+      pki.manual.server.cert = "${config.security.acme.directory}/task/fullchain.pem";
+      pki.manual.server.crl = "${config.security.acme.directory}/task/invalid.crl";
+      pki.manual.server.key = "${config.security.acme.directory}/task/key.pem";
        requestLimit = 104857600;
      };
  
      system.activationScripts.taskwarrior-web = {
        deps = [ "users" ];
        text = ''
-        install -m 0755 -o ${user} -g ${group} -d ${socketsDir}
-        install -m 0750 -o ${user} -g ${group} -d ${varDir}
-        ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList
-          (k: v: "install -m 0750 -o ${user} -g ${group} -d ${varDir}/${k}")
-          env.taskwarrior-web
-        )}
          if [ ! -f ${server_vardir}/userkeys/taskwarrior-web.cert.pem ]; then
            ${taskserver-user-certs}/bin/taskserver-user-certs taskwarrior-web
            chown taskd:taskd ${server_vardir}/userkeys/taskwarrior-web.cert.pem ${server_vardir}/userkeys/taskwarrior-web.key.pem
@@ -315,6 +307,12 @@ in {
            TimeoutSec = 60;
            Type = "simple";
            WorkingDirectory = taskwarrior-web;
+          StateDirectoryMode = 0750;
+          StateDirectory = assert lib.strings.hasPrefix "/var/lib/" varDir;
+            (lib.strings.removePrefix "/var/lib/" varDir + "/${name}");
+          RuntimeDirectoryPreserve = "yes";
+          RuntimeDirectory = assert lib.strings.hasPrefix "/run/" socketsDir;
+            lib.strings.removePrefix "/run/" socketsDir;
          };
  
          unitConfig.RequiresMountsFor = varDir;