X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Ftools%2Fether%2Fdefault.nix;h=c4685a443b7db8102388ffc74ce989164e072220;hb=1247e537b0c8e5ed780ab890cbce4612714a0fa7;hp=7fdcb57f0d0ad091ab234cb6c28640e9f75b32a3;hpb=e905cd0bda71f359597ecb1f4554d3edb27e2ccb;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/nixops/modules/websites/tools/ether/default.nix b/nixops/modules/websites/tools/ether/default.nix
index 7fdcb57..c4685a4 100644
--- a/nixops/modules/websites/tools/ether/default.nix
+++ b/nixops/modules/websites/tools/ether/default.nix
@@ -1,10 +1,11 @@
 { lib, pkgs, config, myconfig, mylibs, ... }:
 let
   etherpad = pkgs.callPackage ./etherpad_lite.nix {
-    inherit (mylibs) fetchedGithub;
+    inherit (pkgs.webapps) etherpad-lite etherpad-lite-modules;
     env = myconfig.env.tools.etherpad-lite;
   };
 
+  varDir = etherpad.webappDir.varDir;
   cfg = config.services.myWebsites.tools.etherpad-lite;
 in {
   options.services.myWebsites.tools.etherpad-lite = {
@@ -12,12 +13,12 @@ in {
   };
 
   config = lib.mkIf cfg.enable {
-    deployment.keys = etherpad.keys;
+    mySecrets.keys = etherpad.keys;
     systemd.services.etherpad-lite = {
       description = "Etherpad-lite";
       wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" "postgresql.service" "tools-etherpad-key.service" "tools-etherpad-apikey-key.service" "tools-etherpad-sessionkey-key.service" ];
-      wants = [ "postgresql.service" "tools-etherpad-key.service" "tools-etherpad-apikey-key.service" "tools-etherpad-sessionkey-key.service" ];
+      after = [ "network.target" "postgresql.service" ];
+      wants = [ "postgresql.service" ];
 
       environment.NODE_ENV = "production";
       environment.HOME = etherpad.webappDir;
@@ -26,7 +27,9 @@ in {
 
       script = ''
         exec ${pkgs.nodejs}/bin/node ${etherpad.webappDir}/src/node/server.js \
-          --settings /run/keys/webapps/tools-etherpad
+          --sessionkey /var/secrets/webapps/tools-etherpad-sessionkey \
+          --apikey /var/secrets/webapps/tools-etherpad-apikey \
+          --settings /var/secrets/webapps/tools-etherpad
       '';
 
       serviceConfig = {
@@ -44,7 +47,12 @@ in {
         Restart = "always";
         Type = "simple";
         TimeoutSec = 60;
-        ExecStartPre = "+${pkgs.coreutils}/bin/chown etherpad-lite:etherpad-lite /run/keys/webapps/tools-etherpad /run/keys/webapps/tools-etherpad-sessionkey /run/keys/webapps/tools-etherpad-apikey";
+        # Use ReadWritePaths= instead if varDir is outside of /var/lib
+        StateDirectory="etherpad-lite";
+        ExecStartPre = [
+          "+${pkgs.coreutils}/bin/install -d -m 0755 -o etherpad-lite -g etherpad-lite ${varDir}/ep_initialized"
+          "+${pkgs.coreutils}/bin/chown -R etherpad-lite:etherpad-lite ${varDir} /var/secrets/webapps/tools-etherpad /var/secrets/webapps/tools-etherpad-sessionkey /var/secrets/webapps/tools-etherpad-apikey"
+        ];
       };
     };