description = "Peertube user";
home = peertube.varDir;
useDefaultShell = true;
+ extraGroups = [ "keys" ];
};
users.groups.peertube.gid = config.ids.gids.peertube;
systemd.services.peertube = {
description = "Peertube";
wantedBy = [ "multi-user.target" ];
- after = [ "network.target" "postgresql.service" "tools-peertube-key.service" ];
- wants = [ "postgresql.service" "tools-peertube-key.service" ];
+ after = [ "network.target" "postgresql.service" ];
+ wants = [ "postgresql.service" ];
environment.NODE_CONFIG_DIR = "${peertube.varDir}/config";
environment.NODE_ENV = "production";
unitConfig.RequiresMountsFor = peertube.varDir;
};
- deployment.keys.tools-peertube = {
- destDir = "/run/keys/webapps";
+ mySecrets.keys = [{
+ dest = "webapps/tools-peertube";
user = "peertube";
group = "peertube";
- permissions = "0700";
+ permissions = "0640";
text = peertube.config;
- };
+ }];
system.activationScripts.peertube = {
deps = [ "users" ];
text = ''
install -m 0750 -o peertube -g peertube -d ${peertube.varDir}
install -m 0750 -o peertube -g peertube -d ${peertube.varDir}/config
- install -m 0640 -o peertube -g peertube -T /run/keys/webapps/tools-peertube ${peertube.varDir}/config/production.yaml
+ ln -sf /var/secrets/webapps/tools-peertube ${peertube.varDir}/config/production.yaml
'';
};