X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Faten%2Faten.nix;h=6059eb6b85fd64eb07ae1d59c0054b1be88c9d83;hb=85f5ed68104de9edd8f8e532dc0c2de931e3ca1b;hp=d9286c3fa7bd402ccfadd2f6e0d3d9100cfaf5c1;hpb=33aa7e5c92daffce2f09639eb57cb995754fbd6b;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/nixops/modules/websites/aten/aten.nix b/nixops/modules/websites/aten/aten.nix
index d9286c3..6059eb6 100644
--- a/nixops/modules/websites/aten/aten.nix
+++ b/nixops/modules/websites/aten/aten.nix
@@ -4,6 +4,7 @@ let
     environment = config.environment;
     varDir = "/var/lib/aten_${environment}";
     phpFpm = rec {
+      serviceDeps = [ "postgresql.service" "${environment}-aten-key.service" ];
       socket = "/var/run/phpfpm/aten-${environment}.sock";
       pool = ''
         listen = ${socket}
@@ -29,6 +30,17 @@ let
         pm.max_spare_servers = 3
         ''}'';
     };
+    keys."${environment}-aten" = {
+      destDir = "/run/keys/webapps";
+      user = apache.user;
+      group = apache.group;
+      permissions = "0400";
+      text = ''
+        SetEnv APP_ENV      "${environment}"
+        SetEnv APP_SECRET   "${config.secret}"
+        SetEnv DATABASE_URL "${config.psql_url}"
+        '';
+    };
     apache = rec {
       user = "wwwrun";
       group = "wwwrun";
@@ -40,9 +52,7 @@ let
         SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
       </FilesMatch>
 
-      SetEnv APP_ENV      "${environment}"
-      SetEnv APP_SECRET   "${config.secret}"
-      SetEnv DATABASE_URL "${config.psql_url}"
+      Include /run/keys/webapps/${environment}-aten
 
       ${if environment == "dev" then ''
       <Location />
@@ -124,8 +134,6 @@ let
         preInstall = ''
           export SYMFONY_ENV="${environment}"
           export APP_ENV="${environment}"
-          export DATABASE_URL="${config.psql_url}"
-          export APP_SECRET="${config.secret}"
           '';
         postInstall = ''
           ln -sf ${yarnModules}/node_modules .