SetEnv TASKD_LDAP_FILTER "${env.ldap.search}"
'';
}];
- security.acme.certs."eldiron".extraDomains.${fqdn} = null;
- services.myWebsites.tools.modules = [ "proxy_fcgi" "sed" ];
- services.myWebsites.tools.vhostConfs.task = {
+ services.websites.tools.modules = [ "proxy_fcgi" "sed" ];
+ services.websites.tools.vhostConfs.task = {
certName = "eldiron";
+ addToCerts = true;
hosts = [ "task.immae.eu" ];
root = "/run/current-system/webapps/_task";
extraConfig = [ ''
</Location>
'') env.taskwarrior-web);
};
- services.myPhpfpm.poolConfigs = {
+ services.phpfpm.poolConfigs = {
tasks = ''
listen = /var/run/phpfpm/task.sock
user = ${user}
inherit fqdn;
listenHost = "::";
pki.manual.ca.cert = "${server_vardir}/keys/ca.cert";
- pki.manual.server.cert = "/var/lib/acme/task/fullchain.pem";
- pki.manual.server.crl = "/var/lib/acme/task/invalid.crl";
- pki.manual.server.key = "/var/lib/acme/task/key.pem";
+ pki.manual.server.cert = "${config.security.acme.directory}/task/fullchain.pem";
+ pki.manual.server.crl = "${config.security.acme.directory}/task/invalid.crl";
+ pki.manual.server.key = "${config.security.acme.directory}/task/key.pem";
requestLimit = 104857600;
};
system.activationScripts.taskwarrior-web = {
deps = [ "users" ];
text = ''
- install -m 0755 -o ${user} -g ${group} -d ${socketsDir}
- install -m 0750 -o ${user} -g ${group} -d ${varDir}
- ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList
- (k: v: "install -m 0750 -o ${user} -g ${group} -d ${varDir}/${k}")
- env.taskwarrior-web
- )}
if [ ! -f ${server_vardir}/userkeys/taskwarrior-web.cert.pem ]; then
${taskserver-user-certs}/bin/taskserver-user-certs taskwarrior-web
chown taskd:taskd ${server_vardir}/userkeys/taskwarrior-web.cert.pem ${server_vardir}/userkeys/taskwarrior-web.key.pem
TimeoutSec = 60;
Type = "simple";
WorkingDirectory = taskwarrior-web;
+ StateDirectoryMode = 0750;
+ StateDirectory = assert lib.strings.hasPrefix "/var/lib/" varDir;
+ (lib.strings.removePrefix "/var/lib/" varDir + "/${name}");
+ RuntimeDirectoryPreserve = "yes";
+ RuntimeDirectory = assert lib.strings.hasPrefix "/run/" socketsDir;
+ lib.strings.removePrefix "/run/" socketsDir;
};
unitConfig.RequiresMountsFor = varDir;