X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Fimmae%2Ftemp.nix;h=19aef1a5acfdfcd48c0d88d259f39d51d114446b;hb=5315b439af1f72c3282549508ae58d86d66e38ec;hp=fd54f5e0d86708383b6972b3684dcf2b28e534ab;hpb=91b3d06b6a9147e0e03b49d25cdcecb8a617a4f7;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/websites/immae/temp.nix b/modules/private/websites/immae/temp.nix
index fd54f5e..19aef1a 100644
--- a/modules/private/websites/immae/temp.nix
+++ b/modules/private/websites/immae/temp.nix
@@ -7,8 +7,6 @@ in {
   options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website";
 
   config = lib.mkIf cfg.enable {
-    services.duplyBackup.profiles.immae_temp.rootDir = varDir;
-    services.duplyBackup.profiles.immae_temp_surfer.rootDir = "/var/lib/surfer";
     services.websites.env.production.vhostConfs.immae_temp = {
       certName    = "immae";
       addToCerts  = true;
@@ -28,24 +26,21 @@ in {
       '' ];
     };
 
-    secrets.keys = [
-      {
-        dest = "webapps/surfer";
-        permissions = "0400";
-        user = "wwwrun";
-        group = "wwwrun";
-        text = ''
-          CLOUDRON_LDAP_URL=ldaps://${env.ldap.host}
-          CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
-          TOKENSTORE_FILE=/var/lib/surfer/tokens.json
-          CLOUDRON_LDAP_BIND_DN=${env.ldap.dn}
-          CLOUDRON_LDAP_BIND_PASSWORD=${env.ldap.password}
-          CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
-          CLOUDRON_LDAP_FILTER="${env.ldap.filter}"
-          LISTEN=/run/surfer/listen.sock
-        '';
-      }
-    ];
+    secrets.keys."webapps/surfer" = {
+      permissions = "0400";
+      user = "wwwrun";
+      group = "wwwrun";
+      text = ''
+        CLOUDRON_LDAP_URL=ldaps://${env.ldap.host}
+        CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
+        TOKENSTORE_FILE=/var/lib/surfer/tokens.json
+        CLOUDRON_LDAP_BIND_DN=${env.ldap.dn}
+        CLOUDRON_LDAP_BIND_PASSWORD=${env.ldap.password}
+        CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
+        CLOUDRON_LDAP_FILTER="${env.ldap.filter}"
+        LISTEN=/run/surfer/listen.sock
+      '';
+    };
 
     systemd.services.surfer = {
       description = "Surfer";
@@ -56,7 +51,7 @@ in {
         exec ${pkgs.webapps.surfer}/bin/surfer-server ${varDir}
       '';
       serviceConfig = {
-        EnvironmentFile = "/var/secrets/webapps/surfer";
+        EnvironmentFile = config.secrets.fullPaths."webapps/surfer";
         User = "wwwrun";
         Group = "wwwrun";
         StateDirectory = "surfer";