-{ checkEnv, fetchedGithub, stdenv, writeText, pkgs, cacert }:
+{ env, fetchedGithub, stdenv, writeText, pkgs, cacert }:
let
varDir = "/var/lib/mastodon_immae";
socketsDir = "/run/mastodon";
jemalloc which postgresql python3 cacert
];
});
- config =
- assert checkEnv "NIXOPS_MASTODON_DB_PASS";
- assert checkEnv "NIXOPS_MASTODON_PAPERCLIP_SECRET";
- assert checkEnv "NIXOPS_MASTODON_SECRET_KEY_BASE";
- assert checkEnv "NIXOPS_MASTODON_OTP_SECRET";
- assert checkEnv "NIXOPS_MASTODON_VAPID_PRIVATE_KEY";
- assert checkEnv "NIXOPS_MASTODON_VAPID_PUBLIC_KEY";
- assert checkEnv "NIXOPS_MASTODON_OTP_SECRET";
- assert checkEnv "NIXOPS_MASTODON_LDAP_PASSWORD";
- writeText "mastodon_environment" ''
+ config = writeText "mastodon_environment" ''
REDIS_HOST=localhost
REDIS_PORT=6379
REDIS_DB=13
DB_HOST=/run/postgresql
DB_USER=mastodon
DB_NAME=mastodon
- DB_PASS=${builtins.getEnv "NIXOPS_MASTODON_DB_PASS"}
+ DB_PASS=${env.postgresql.password}
DB_PORT=5432
LOCAL_DOMAIN=mastodon.immae.eu
LOCAL_HTTPS=true
ALTERNATE_DOMAINS=immae.eu
- PAPERCLIP_SECRET=${builtins.getEnv "NIXOPS_MASTODON_PAPERCLIP_SECRET"}
- SECRET_KEY_BASE=${builtins.getEnv "NIXOPS_MASTODON_SECRET_KEY_BASE"}
- OTP_SECRET=${builtins.getEnv "NIXOPS_MASTODON_OTP_SECRET"}
+ PAPERCLIP_SECRET=${env.paperclip_secret}
+ SECRET_KEY_BASE=${env.secret_key_base}
+ OTP_SECRET=${env.otp_secret}
- VAPID_PRIVATE_KEY=${builtins.getEnv "NIXOPS_MASTODON_VAPID_PRIVATE_KEY"}
- VAPID_PUBLIC_KEY=${builtins.getEnv "NIXOPS_MASTODON_VAPID_PUBLIC_KEY"}
+ VAPID_PRIVATE_KEY=${env.vapid.private}
+ VAPID_PUBLIC_KEY=${env.vapid.public}
SMTP_SERVER=mail.immae.eu
SMTP_PORT=587
LDAP_METHOD=simple_tls
LDAP_BASE="dc=immae,dc=eu"
LDAP_BIND_DN="cn=mastodon,ou=services,dc=immae,dc=eu"
- LDAP_PASSWORD="${builtins.getEnv "NIXOPS_MASTODON_LDAP_PASSWORD"}"
+ LDAP_PASSWORD="${env.ldap.password}"
LDAP_UID="uid"
LDAP_SEARCH_FILTER="(&(%{uid}=%{email})(memberOf=cn=users,cn=mastodon,ou=services,dc=immae,dc=eu))"
'';