Add yourls

[perso/Immae/Config/Nix.git] / virtual / eldiron.nix

diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix
index 8168abc651670a73df2508e822a0e137b786ad28..337ea2f376bfd8a5ae7172bc14d1ed82f2980adf 100644 (file)
--- a/virtual/eldiron.nix
+++ b/virtual/eldiron.nix
@@ -4,19 +4,13 @@
     enableRollback = true;
   };
 
-  # FIXME: improve purity by enforcing sandbox = true in
-  # /etc/nix/nix.conf (need to do something about environment variables
-  # before)
-
-  # Full backup:
-  # The star after /var/lib/* avoids deleting all folders in case of problem
-  # rsync -e "ssh -i /root/.ssh/id_charon_vpn" -aAXvz --delete --numeric-ids --super --rsync-path="sudo rsync" /var/lib/* immae@immae.eu:
   eldiron = { config, pkgs, mylibs, myconfig, ... }:
     with mylibs;
   {
     _module.args = {
       mylibs = import ../libs.nix;
       myconfig = {
+        env = import ./environment.nix;
         ips = {
           main = "176.9.151.89";
           production = "176.9.151.154";
@@ -47,8 +41,8 @@
     deployment = {
       targetEnv = "hetzner";
       hetzner = {
-        #robotUser = "defined in HETZNER_ROBOT_USER";
-        #robotPass = "defined in HETZNER_ROBOT_PASS";
+        robotUser = myconfig.env.hetzner.user;
+        robotPass = myconfig.env.hetzner.pass;
         mainIPv4 = myconfig.ips.main;
         partitions = ''
           clearpart --all --initlabel --drives=sda,sdb
@@ -77,12 +71,11 @@
 
     environment.etc."ssh/ldap_authorized_keys" = let
       ldap_authorized_keys =
-        assert checkEnv "NIXOPS_SSHD_LDAP_PASSWORD";
         wrap {
           name = "ldap_authorized_keys";
           file = ./ldap_authorized_keys.sh;
           vars = {
-            LDAP_PASS = builtins.getEnv "NIXOPS_SSHD_LDAP_PASSWORD";
+            LDAP_PASS = myconfig.env.sshd.ldap.password;
             GITOLITE_SHELL = "${pkgs.gitolite}/bin/gitolite-shell";
             ECHO = "${pkgs.coreutils}/bin/echo";
           };