]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - nixops/modules/websites/tools/tools/wallabag.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Move tools to new secrets location
[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / tools / wallabag.nix
diff --git a/nixops/modules/websites/tools/tools/wallabag.nix b/nixops/modules/websites/tools/tools/wallabag.nix
index c808eb14a62c6acbb3f211c3ea1c36ea05c65005..596b9bc8940d06f4425cc0b710180d641467d6b6 100644 (file)
--- a/nixops/modules/websites/tools/tools/wallabag.nix
+++ b/nixops/modules/websites/tools/tools/wallabag.nix
@@ -2,11 +2,11 @@
 let
   wallabag = rec {
     varDir = "/var/lib/wallabag";
-    keys.tools-wallabag = {
-      destDir = "/run/keys/webapps";
+    keys = [{
+      dest = "webapps/tools-wallabag";
       user = apache.user;
       group = apache.group;
-      permissions = "0700";
+      permissions = "0400";
       text = ''
         # This file is auto-generated during the composer install
         parameters:
@@ -65,7 +65,7 @@ let
                 class:     Swift_SendmailTransport
                 arguments: ['/run/wrappers/bin/sendmail -bs']
         '';
-    };
+    }];
     webappDir = composerEnv.buildPackage rec {
       packages = {
         "fr3d/ldap-bundle" = {
@@ -110,7 +110,7 @@ let
       '';
       postInstall = ''
         rm -rf web/assets var/{cache,logs,sessions} app/config/parameters.yml data
-        ln -sf /run/keys/webapps/tools-wallabag app/config/parameters.yml
+        ln -sf /var/secrets/webapps/tools-wallabag app/config/parameters.yml
         ln -sf ${varDir}/var/{cache,logs,sessions} var
         ln -sf ${varDir}/data data
         ln -sf ${varDir}/assets web/assets
@@ -119,15 +119,6 @@ let
     activationScript = ''
       install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
         ${varDir}/var ${varDir}/data/db ${varDir}/assets/images
-      if [ ! -f "${varDir}/currentWebappDir" -o \
-          "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then
-        pushd ${webappDir} > /dev/null
-        $wrapperDir/sudo -u wwwrun ./bin/console --env=prod cache:clear
-        rm -rf /var/lib/wallabag/var/cache/pro_
-        $wrapperDir/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction
-        popd > /dev/null
-        echo -n "${webappDir}" > ${varDir}/currentWebappDir
-      fi
       '';
     webRoot = "${webappDir}/web";
     # Domain migration: Table wallabag_entry contains whole
@@ -169,8 +160,22 @@ let
         '';
     };
     phpFpm = rec {
-      serviceDeps = [ "postgresql.service" "openldap.service" "tools-wallabag-key.service" ];
-      basedir = builtins.concatStringsSep ":" [ webappDir "/run/keys/webapps/tools-wallabag" varDir ];
+      preStart = ''
+        if [ ! -f "${varDir}/currentWebappDir" -o \
+            ! -f "${varDir}/currentKey" -o \
+            "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] \
+            || ! sha512sum -c --status ${varDir}/currentKey; then
+          pushd ${webappDir} > /dev/null
+          /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod cache:clear
+          rm -rf /var/lib/wallabag/var/cache/pro_
+          /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction
+          popd > /dev/null
+          echo -n "${webappDir}" > ${varDir}/currentWebappDir
+          sha512sum /var/secrets/webapps/tools-wallabag > ${varDir}/currentKey
+        fi
+        '';
+      serviceDeps = [ "postgresql.service" "openldap.service" ];
+      basedir = builtins.concatStringsSep ":" [ webappDir "/var/secrets/webapps/tools-wallabag" varDir ];
       socket = "/var/run/phpfpm/wallabag.sock";
       pool = ''
         listen = ${socket}
My infrastructure configuration