install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
'';
};
- keys.tools-ttrss = {
- destDir = "/run/keys/webapps";
+ keys = [{
+ dest = "webapps/tools-ttrss";
user = apache.user;
group = apache.group;
- permissions = "0700";
+ permissions = "0400";
text = ''
<?php
define('LDAP_AUTH_LOG_ATTEMPTS', FALSE);
define('LDAP_AUTH_DEBUG', FALSE);
'';
- };
+ }];
webRoot = stdenv.mkDerivation (fetchedGit ./tt-rss.json // rec {
buildPhase = ''
rm -rf lock feed-icons cache
'';
installPhase = ''
cp -a . $out
- ln -s /run/keys/webapps/tools-ttrss $out/config.php
+ ln -s /var/secrets/webapps/tools-ttrss $out/config.php
${builtins.concatStringsSep "\n" (
lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/plugins/${name}") plugins
)}
'';
};
phpFpm = rec {
- serviceDeps = [ "postgresql.service" "openldap.service" "tools-ttrss-key.service" ];
+ serviceDeps = [ "postgresql.service" "openldap.service" ];
basedir = builtins.concatStringsSep ":" (
- [ webRoot "/run/keys/webapps/tools-ttrss" varDir ]
+ [ webRoot "/var/secrets/webapps/tools-ttrss" varDir ]
++ lib.attrsets.mapAttrsToList (name: value: value) plugins);
socket = "/var/run/phpfpm/ttrss.sock";
pool = ''