X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=sidebyside;f=nixops%2Fmodules%2Fwebsites%2Fchloe%2Fchloe.nix;h=0861cdf69c326b51b176c59c06fed63bcc89b703;hb=906065a0b7aada3282309791a051e71e5e1cf16d;hp=7ad23fede7c3a3d9569a3faa37b33881cd2b6700;hpb=50933a04f9db56a6368f40bdfe33e988d1a269df;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/nixops/modules/websites/chloe/chloe.nix b/nixops/modules/websites/chloe/chloe.nix
index 7ad23fe..0861cdf 100644
--- a/nixops/modules/websites/chloe/chloe.nix
+++ b/nixops/modules/websites/chloe/chloe.nix
@@ -3,6 +3,7 @@ let
   chloe = { config }: rec {
     environment = config.environment;
     phpFpm = rec {
+      serviceDeps = [ "mysql.service" "${environment}-chloe-key.service" ];
       socket = "/var/run/phpfpm/chloe-${environment}.sock";
       pool = ''
         listen = ${socket}
@@ -15,19 +16,6 @@ let
         ;php_admin_flag[log_errors] = on
         php_admin_value[open_basedir] = "${../commons/spip/spip_mes_options.php}:${configDir}:${webRoot}:${varDir}:/tmp"
         php_admin_value[session.save_path] = "${varDir}/phpSessions"
-        env[SPIP_CONFIG_DIR] = "${configDir}"
-        env[SPIP_VAR_DIR] = "${varDir}"
-        env[SPIP_SITE] = "chloe-${environment}"
-        env[SPIP_LDAP_BASE] = "dc=immae,dc=eu"
-        env[SPIP_LDAP_HOST] = "ldaps://ldap.immae.eu"
-        env[SPIP_LDAP_SEARCH_DN] = "${config.ldap.dn}"
-        env[SPIP_LDAP_SEARCH_PW] = "${config.ldap.password}"
-        env[SPIP_LDAP_SEARCH] = "${config.ldap.search}"
-        env[SPIP_MYSQL_HOST] = "${config.mysql.host}"
-        env[SPIP_MYSQL_PORT] = "${config.mysql.port}"
-        env[SPIP_MYSQL_DB] = "${config.mysql.name}"
-        env[SPIP_MYSQL_USER] = "${config.mysql.user}"
-        env[SPIP_MYSQL_PASSWORD] = "${config.mysql.password}"
         ${if environment == "dev" then ''
         pm = ondemand
         pm.max_children = 5
@@ -40,6 +28,27 @@ let
         pm.max_spare_servers = 3
         ''}'';
     };
+    keys."${environment}-chloe" = {
+      destDir = "/run/keys/webapps";
+      user = apache.user;
+      group = apache.group;
+      permissions = "0400";
+      text = ''
+        SetEnv SPIP_CONFIG_DIR     "${configDir}"
+        SetEnv SPIP_VAR_DIR        "${varDir}"
+        SetEnv SPIP_SITE           "chloe-${environment}"
+        SetEnv SPIP_LDAP_BASE      "dc=immae,dc=eu"
+        SetEnv SPIP_LDAP_HOST      "ldaps://ldap.immae.eu"
+        SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}"
+        SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}"
+        SetEnv SPIP_LDAP_SEARCH    "${config.ldap.search}"
+        SetEnv SPIP_MYSQL_HOST     "${config.mysql.host}"
+        SetEnv SPIP_MYSQL_PORT     "${config.mysql.port}"
+        SetEnv SPIP_MYSQL_DB       "${config.mysql.name}"
+        SetEnv SPIP_MYSQL_USER     "${config.mysql.user}"
+        SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}"
+      '';
+    };
     apache = rec {
       user = "wwwrun";
       group = "wwwrun";
@@ -47,6 +56,8 @@ let
       webappName = "chloe_${environment}";
       root = "/run/current-system/webapps/${webappName}";
       vhostConf = ''
+        Include /run/keys/webapps/${environment}-chloe
+
         RewriteEngine On
         ${if environment == "prod" then ''
         RewriteRule ^/news.rss  /spip.php?page=backend&id_rubrique=1