X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Ftask%2Fdefault.nix;h=9671725b7f9f4d38f08a0ad35e134562ad0ad6ae;hb=521a721dbf22bc65dfb61d899354c32ebb1fd8ae;hp=0b8d2d743f079b8fb520fd28675a9467b7c6b062;hpb=587b9e340bb5cb14ca55e62a0498295e702b56c5;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/nixops/modules/task/default.nix b/nixops/modules/task/default.nix
index 0b8d2d7..9671725 100644
--- a/nixops/modules/task/default.nix
+++ b/nixops/modules/task/default.nix
@@ -1,4 +1,4 @@
-{ lib, pkgs, pkgsPrevious, config, myconfig, mylibs, ... }:
+{ lib, pkgs, config, myconfig, mylibs, ... }:
 let
   cfg = config.services.myTasks;
   vardir = config.services.taskserver.dataDir;
@@ -40,7 +40,7 @@ let
     chmod a+x $out/bin/taskserver-user-certs
     patchShebangs $out/bin/taskserver-user-certs
     '';
-  taskwarrior-web = pkgsPrevious.callPackage ./taskwarrior-web.nix {
+  taskwarrior-web = pkgs.callPackage ./taskwarrior-web.nix {
     inherit (mylibs) fetchedGithub;
     inherit env;
   };
@@ -87,6 +87,21 @@ in {
   };
 
   config = lib.mkIf cfg.enable {
+    mySecrets.keys = [{
+      dest = "webapps/tools-taskwarrior-web";
+      user = "wwwrun";
+      group = "wwwrun";
+      permissions = "0400";
+      text = ''
+          SetEnv TASKD_HOST          "${fqdn}:${toString config.services.taskserver.listenPort}"
+          SetEnv TASKD_VARDIR        "${vardir}"
+          SetEnv TASKD_LDAP_HOST     "ldaps://${env.ldap.host}"
+          SetEnv TASKD_LDAP_DN       "${env.ldap.dn}"
+          SetEnv TASKD_LDAP_PASSWORD "${env.ldap.password}"
+          SetEnv TASKD_LDAP_BASE     "${env.ldap.base}"
+          SetEnv TASKD_LDAP_FILTER   "${env.ldap.search}"
+        '';
+    }];
     security.acme.certs."eldiron".extraDomains.${fqdn} = null;
     services.myWebsites.tools.modules = [ "proxy_fcgi" "sed" ];
     services.myWebsites.tools.vhostConfs.task = {
@@ -101,13 +116,7 @@ in {
           <FilesMatch "\.php$">
             SetHandler "proxy:unix:/var/run/phpfpm/task.sock|fcgi://localhost"
           </FilesMatch>
-          SetEnv TASKD_HOST          "${fqdn}:${toString config.services.taskserver.listenPort}"
-          SetEnv TASKD_VARDIR        "${vardir}"
-          SetEnv TASKD_LDAP_HOST     "ldaps://${env.ldap.host}"
-          SetEnv TASKD_LDAP_DN       "${env.ldap.dn}"
-          SetEnv TASKD_LDAP_PASSWORD "${env.ldap.password}"
-          SetEnv TASKD_LDAP_BASE     "${env.ldap.base}"
-          SetEnv TASKD_LDAP_FILTER   "${env.ldap.search}"
+          Include /var/secrets/webapps/tools-taskwarrior-web
         </Directory>
         ''
         ''
@@ -292,12 +301,12 @@ in {
         path = [ pkgs.taskwarrior ];
 
         environment.TASKRC = taskrc;
-        environment.BUNDLE_PATH = "${taskwarrior-web.gems}/lib/ruby/gems/2.5.0";
+        environment.BUNDLE_PATH = "${taskwarrior-web.gems}/${taskwarrior-web.gems.ruby.gemPath}";
         environment.BUNDLE_GEMFILE = "${taskwarrior-web.gems.confFiles}/Gemfile";
         environment.LC_ALL = "fr_FR.UTF-8";
 
         script = ''
-          exec ${taskwarrior-web.gems}/lib/ruby/gems/2.5.0/bin/bundle exec thin start -R config.ru -S ${taskwarrior-web.socketsDir}/${name}.sock
+          exec ${taskwarrior-web.gems}/${taskwarrior-web.gems.ruby.gemPath}/bin/bundle exec thin start -R config.ru -S ${taskwarrior-web.socketsDir}/${name}.sock
         '';
 
         serviceConfig = {