Move tools to new secrets location

[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / tools / ttrss.nix

diff --git a/nixops/modules/websites/tools/tools/ttrss.nix b/nixops/modules/websites/tools/tools/ttrss.nix
index 0fe94f9840cc7f71aeb1e12a2026a64313226814..e6cad5693864a643de6df71bf7aca990a101accb 100644 (file)
--- a/nixops/modules/websites/tools/tools/ttrss.nix
+++ b/nixops/modules/websites/tools/tools/ttrss.nix
@@ -52,8 +52,8 @@ let
         install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
       '';
     };
-    keys.tools-ttrss = {
-      destDir = "/run/keys/webapps";
+    keys = [{
+      dest = "webapps/tools-ttrss";
       user = apache.user;
       group = apache.group;
       permissions = "0400";
@@ -120,7 +120,7 @@ let
           define('LDAP_AUTH_LOG_ATTEMPTS', FALSE);
           define('LDAP_AUTH_DEBUG', FALSE);
         '';
-    };
+    }];
     webRoot = stdenv.mkDerivation (fetchedGit ./tt-rss.json // rec {
       buildPhase = ''
         rm -rf lock feed-icons cache
@@ -128,7 +128,7 @@ let
       '';
       installPhase = ''
         cp -a . $out
-        ln -s /run/keys/webapps/tools-ttrss $out/config.php
+        ln -s /var/secrets/webapps/tools-ttrss $out/config.php
         ${builtins.concatStringsSep "\n" (
           lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/plugins/${name}") plugins
         )}
@@ -155,9 +155,9 @@ let
         '';
     };
     phpFpm = rec {
-      serviceDeps = [ "postgresql.service" "openldap.service" "tools-ttrss-key.service" ];
+      serviceDeps = [ "postgresql.service" "openldap.service" ];
       basedir = builtins.concatStringsSep ":" (
-        [ webRoot "/run/keys/webapps/tools-ttrss" varDir ]
+        [ webRoot "/var/secrets/webapps/tools-ttrss" varDir ]
         ++ lib.attrsets.mapAttrsToList (name: value: value) plugins);
       socket = "/var/run/phpfpm/ttrss.sock";
       pool = ''