X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=sidebyside;f=nixops%2Fmodules%2Fwebsites%2Ftools%2Fpeertube%2Fdefault.nix;h=dbdeb76a7d31616b94f2c7660bfa1093fd332d9c;hb=4a65e38be86fb755b0ab57027b0d3b7d28c9b096;hp=c4f38179b8edb662d99a918d5b3eef169c80f750;hpb=5f08b34c5247ee0c4de2a9264d059b69271e3473;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/nixops/modules/websites/tools/peertube/default.nix b/nixops/modules/websites/tools/peertube/default.nix
index c4f3817..dbdeb76 100644
--- a/nixops/modules/websites/tools/peertube/default.nix
+++ b/nixops/modules/websites/tools/peertube/default.nix
@@ -29,8 +29,8 @@ in {
     systemd.services.peertube = {
       description = "Peertube";
       wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" "postgresql.service" ];
-      wants = [ "postgresql.service" ];
+      after = [ "network.target" "postgresql.service" "tools-peertube-key.service" ];
+      wants = [ "postgresql.service" "tools-peertube-key.service" ];
 
       environment.NODE_CONFIG_DIR = "${peertube.varDir}/config";
       environment.NODE_ENV = "production";
@@ -57,12 +57,20 @@ in {
       unitConfig.RequiresMountsFor = peertube.varDir;
     };
 
+    deployment.keys.tools-peertube = {
+      destDir = "/run/keys/webapps";
+      user = "peertube";
+      group = "peertube";
+      permissions = "0700";
+      text = peertube.config;
+    };
+
     system.activationScripts.peertube = {
       deps = [ "users" ];
       text = ''
-        install -m 0755 -o peertube -g peertube -d ${peertube.varDir}
-        install -m 0755 -o peertube -g peertube -d ${peertube.varDir}/config
-        install -m 0644 -o peertube -g peertube -T ${peertube.config} ${peertube.varDir}/config/production.yaml
+        install -m 0750 -o peertube -g peertube -d ${peertube.varDir}
+        install -m 0750 -o peertube -g peertube -d ${peertube.varDir}/config
+        install -m 0640 -o peertube -g peertube -T /run/keys/webapps/tools-peertube ${peertube.varDir}/config/production.yaml
         '';
     };