X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Ftasks%2Fdefault.nix;h=78e07c1adb2862137b0c65a00602863fdd0106f2;hb=441da8aac378f401625e82caf281fa0e26128310;hp=83a1b616b13934f567a6d509a5d4f76ac617a6db;hpb=17f6eae9907a122d4472da727ae8b1ac1c40c027;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/tasks/default.nix b/modules/private/tasks/default.nix index 83a1b61..78e07c1 100644 --- a/modules/private/tasks/default.nix +++ b/modules/private/tasks/default.nix @@ -1,10 +1,10 @@ -{ lib, pkgs, config, myconfig, ... }: +{ lib, pkgs, config, ... }: let cfg = config.myServices.tasks; server_vardir = config.services.taskserver.dataDir; fqdn = "task.immae.eu"; user = config.services.taskserver.user; - env = myconfig.env.tools.task; + env = config.myEnv.tools.task; group = config.services.taskserver.group; taskserver-user-certs = pkgs.runCommand "taskserver-user-certs" {} '' mkdir -p $out/bin @@ -86,6 +86,15 @@ in { }; config = lib.mkIf cfg.enable { + services.duplyBackup.profiles.tasks = { + rootDir = "/var/lib"; + excludeFile = '' + + /var/lib/taskserver + + /var/lib/taskwarrior-web + - /var/lib + ''; + }; + secrets.keys = [{ dest = "webapps/tools-taskwarrior-web"; user = "wwwrun"; @@ -98,12 +107,12 @@ in { SetEnv TASKD_LDAP_DN "${env.ldap.dn}" SetEnv TASKD_LDAP_PASSWORD "${env.ldap.password}" SetEnv TASKD_LDAP_BASE "${env.ldap.base}" - SetEnv TASKD_LDAP_FILTER "${env.ldap.search}" + SetEnv TASKD_LDAP_FILTER "${env.ldap.filter}" ''; }]; - services.websites.tools.watchPaths = [ "/var/secrets/webapps/tools-taskwarrior-web" ]; - services.websites.tools.modules = [ "proxy_fcgi" "sed" ]; - services.websites.tools.vhostConfs.task = { + services.websites.env.tools.watchPaths = [ "/var/secrets/webapps/tools-taskwarrior-web" ]; + services.websites.env.tools.modules = [ "proxy_fcgi" "sed" ]; + services.websites.env.tools.vhostConfs.task = { certName = "eldiron"; addToCerts = true; hosts = [ "task.immae.eu" ]; @@ -161,31 +170,33 @@ in { '') env.taskwarrior-web); }; - services.phpfpm.poolConfigs = { - tasks = '' - listen = /var/run/phpfpm/task.sock - user = ${user} - group = ${group} - listen.owner = wwwrun - listen.group = wwwrun - pm = dynamic - pm.max_children = 60 - pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 10 + services.phpfpm.pools = { + tasks = { + listen = "/var/run/phpfpm/task.sock"; + extraConfig = '' + user = ${user} + group = ${group} + listen.owner = wwwrun + listen.group = wwwrun + pm = dynamic + pm.max_children = 60 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 10 - ; Needed to avoid clashes in browser cookies (same domain) - env[PATH] = "/etc/profiles/per-user/${user}/bin" - php_value[session.name] = TaskPHPSESSID - php_admin_value[open_basedir] = "${./www}:/tmp:${server_vardir}:/etc/profiles/per-user/${user}/bin/" - ''; + ; Needed to avoid clashes in browser cookies (same domain) + env[PATH] = "/etc/profiles/per-user/${user}/bin" + php_value[session.name] = TaskPHPSESSID + php_admin_value[open_basedir] = "${./www}:/tmp:${server_vardir}:/etc/profiles/per-user/${user}/bin/" + ''; + }; }; myServices.websites.webappDirs._task = ./www; - security.acme.certs."task" = config.services.myCertificates.certConfig // { + security.acme2.certs."task" = config.myServices.certificates.certConfig // { inherit user group; - plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" ]; + plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" "account_reg.json" ]; domain = fqdn; postRun = '' systemctl restart taskserver.service @@ -235,9 +246,9 @@ in { inherit fqdn; listenHost = "::"; pki.manual.ca.cert = "${server_vardir}/keys/ca.cert"; - pki.manual.server.cert = "${config.security.acme.directory}/task/fullchain.pem"; - pki.manual.server.crl = "${config.security.acme.directory}/task/invalid.crl"; - pki.manual.server.key = "${config.security.acme.directory}/task/key.pem"; + pki.manual.server.cert = "${config.security.acme2.certs.task.directory}/fullchain.pem"; + pki.manual.server.crl = "${config.security.acme2.certs.task.directory}/invalid.crl"; + pki.manual.server.key = "${config.security.acme2.certs.task.directory}/key.pem"; requestLimit = 104857600; };