Move tools to new secrets location

[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / tools / kanboard.nix

diff --git a/nixops/modules/websites/tools/tools/kanboard.nix b/nixops/modules/websites/tools/tools/kanboard.nix
index dd5b18f7a0e4c49f276848a5736cf2445832b112..37cb8ccfb8a01c5b00dab1168af5cc5aad0c348e 100644 (file)
--- a/nixops/modules/websites/tools/tools/kanboard.nix
+++ b/nixops/modules/websites/tools/tools/kanboard.nix
@@ -10,8 +10,8 @@ rec {
       install -TDm644 ${webRoot}/dataold/web.config ${varDir}/data/web.config
     '';
   };
-  keys.tools-kanboard = {
-    destDir = "/run/keys/webapps";
+  keys = [{
+    dest = "webapps/tools-kanboard";
     user = apache.user;
     group = apache.group;
     permissions = "0400";
@@ -37,12 +37,12 @@ rec {
       define('LDAP_GROUP_ADMIN_DN', 'cn=admins,cn=kanboard,ou=services,dc=immae,dc=eu');
       ?>
       '';
-  };
+  }];
   webRoot = stdenv.mkDerivation (fetchedGithub ./kanboard.json // rec {
     dontBuild = true;
     installPhase = ''
       cp -a . $out
-      ln -s /run/keys/webapps/tools-kanboard $out/config.php
+      ln -s /var/secrets/webapps/tools-kanboard $out/config.php
       mv $out/data $out/dataold
       ln -s ${varDir}/data $out/data
       '';
@@ -71,8 +71,8 @@ rec {
       '';
   };
   phpFpm = rec {
-    serviceDeps = [ "postgresql.service" "openldap.service" "tools-kanboard-key.service" ];
-    basedir = builtins.concatStringsSep ":" [ webRoot varDir "/run/keys/webapps/tools-kanboard" ];
+    serviceDeps = [ "postgresql.service" "openldap.service" ];
+    basedir = builtins.concatStringsSep ":" [ webRoot varDir "/var/secrets/webapps/tools-kanboard" ];
     socket = "/var/run/phpfpm/kanboard.sock";
     pool = ''
       listen = ${socket}