]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - nixops/modules/websites/ludivine/ludivinecassal.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Move websites to new secrets
[perso/Immae/Config/Nix.git] / nixops / modules / websites / ludivine / ludivinecassal.nix
diff --git a/nixops/modules/websites/ludivine/ludivinecassal.nix b/nixops/modules/websites/ludivine/ludivinecassal.nix
index 439d3c98e73737904c4ff10a20c06c0ad51ccadd..c12d89ca4ac4183d81fd63edf8d11c7747e884bc 100644 (file)
--- a/nixops/modules/websites/ludivine/ludivinecassal.nix
+++ b/nixops/modules/websites/ludivine/ludivinecassal.nix
@@ -3,8 +3,8 @@ let
   ludivinecassal = { config }: rec {
     environment = config.environment;
     varDir = "/var/lib/ludivinecassal_${environment}";
-    keys."${environment}-ludivinecassal" = {
-      destDir = "/run/keys/webapps";
+    keys = [{
+      dest = "webapps/${environment}-ludivinecassal";
       user = apache.user;
       group = apache.group;
       permissions = "0400";
@@ -38,7 +38,7 @@ let
             sass: ${sass}/bin/sass
             ruby: ${ruby}/bin/ruby
       '';
-    };
+    }];
     phpFpm = rec {
       preStart = ''
         if [ ! -f "${varDir}/currentWebappDir" -o \
@@ -49,10 +49,10 @@ let
           /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
           popd > /dev/null
           echo -n "${webappDir}" > ${varDir}/currentWebappDir
-          sha512sum /run/keys/webapps/${environment}-ludivinecassal > ${varDir}/currentKey
+          sha512sum /var/secrets/webapps/${environment}-ludivinecassal > ${varDir}/currentKey
         fi
         '';
-      serviceDeps = [ "mysql.service" "${environment}-ludivinecassal-key.service" ];
+      serviceDeps = [ "mysql.service" ];
       socket = "/var/run/phpfpm/ludivinecassal-${environment}.sock";
       pool = ''
         listen = ${socket}
@@ -63,7 +63,7 @@ let
         php_admin_value[upload_max_filesize] = 20M
         php_admin_value[post_max_size] = 20M
         ;php_admin_flag[log_errors] = on
-        php_admin_value[open_basedir] = "/run/keys/webapps/${environment}-ludivinecassal:${webappDir}:${varDir}:/tmp"
+        php_admin_value[open_basedir] = "/var/secrets/webapps/${environment}-ludivinecassal:${webappDir}:${varDir}:/tmp"
         php_admin_value[session.save_path] = "${varDir}/phpSessions"
         ${if environment == "dev" then ''
         pm = ondemand
@@ -177,7 +177,7 @@ let
         postInstall = ''
           rm -rf var/{logs,cache,data,miniatures,tmp}
           ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/
-          ln -sf /run/keys/webapps/${environment}-ludivinecassal app/config/parameters.yml
+          ln -sf /var/secrets/webapps/${environment}-ludivinecassal app/config/parameters.yml
           '';
         buildInputs = [ sass ];
       });
My infrastructure configuration