enableSSL = true;
sslServerCert = "/var/lib/acme/${vhostConf.certName}/cert.pem";
sslServerKey = "/var/lib/acme/${vhostConf.certName}/key.pem";
- sslServerChain = "/var/lib/acme/${vhostConf.certName}/fullchain.pem";
+ sslServerChain = "/var/lib/acme/${vhostConf.certName}/chain.pem";
logFormat = "combinedVhost";
listen = map (ip: { inherit ip; port = 443; }) cfg.ips;
hostName = builtins.head vhostConf.hosts;
./ftp/florian.nix
./ftp/denisejerome.nix
./ftp/leila.nix
+ ./ftp/papa.nix
./ftp/immae.nix
./ftp/release.nix
./ftp/temp.nix
services.myWebsites.Nassime.production.enable = cfg.production.enable;
services.myWebsites.Florian.production.enable = cfg.production.enable;
services.myWebsites.Leila.production.enable = cfg.production.enable;
+ services.myWebsites.Papa.production.enable = cfg.production.enable;
services.myWebsites.DeniseJerome.production.enable = cfg.production.enable;
services.myWebsites.Emilia.production.enable = cfg.production.enable;
services.myWebsites.Capitaines.production.enable = cfg.production.enable;
services.myWebsites.TellesFlorian.integration.enable = true;
services.myWebsites.Florian.integration.enable = true;
- deployment.keys.apache-ldap = {
+ mySecrets.keys = [{
+ dest = "apache-ldap";
user = "wwwrun";
group = "wwwrun";
- permissions = "0700";
+ permissions = "0400";
text = ''
<Macro LDAPConnect>
<IfModule authnz_ldap_module>
</IfModule>
</Macro>
'';
- };
+ }];
services.myWebsites.apacheConfig = {
gzip = {
LDAPOpCacheTTL 600
</IfModule>
- Include /run/keys/apache-ldap
+ Include /var/secrets/apache-ldap
'';
};
global = {
install -d -m 0755 /var/lib/acme/acme-challenge
install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions
install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/adminer
+ install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/tmp/adminer
install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/mantisbt
install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/davical
+ install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/phpldapadmin
'';
};