X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Ftools%2Fpeertube%2Fdefault.nix;h=1ad79d7acd2c19a42300a1e39da0d28fa95f8be3;hb=bf3b7671904b8a8bf4da4eba30564140387499f9;hp=38c2608e55c1f484dbea9eb402adec3dc33d675b;hpb=0eaac6ba283159841da70fdfd74cb0ef7c6203ab;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/nixops/modules/websites/tools/peertube/default.nix b/nixops/modules/websites/tools/peertube/default.nix
index 38c2608..1ad79d7 100644
--- a/nixops/modules/websites/tools/peertube/default.nix
+++ b/nixops/modules/websites/tools/peertube/default.nix
@@ -20,8 +20,9 @@ in {
       uid = config.ids.uids.peertube;
       group = "peertube";
       description = "Peertube user";
-      home = peertube.webappDir;
+      home = peertube.varDir;
       useDefaultShell = true;
+      extraGroups = [ "keys" ];
     };
 
     users.groups.peertube.gid = config.ids.gids.peertube;
@@ -57,12 +58,20 @@ in {
       unitConfig.RequiresMountsFor = peertube.varDir;
     };
 
+    mySecrets.keys = [{
+      dest = "webapps/tools-peertube";
+      user = "peertube";
+      group = "peertube";
+      permissions = "0640";
+      text = peertube.config;
+    }];
+
     system.activationScripts.peertube = {
       deps = [ "users" ];
       text = ''
-        install -m 0755 -o peertube -g peertube -d ${peertube.varDir}
-        install -m 0755 -o peertube -g peertube -d ${peertube.varDir}/config
-        install -m 0644 -o peertube -g peertube -T ${peertube.config} ${peertube.varDir}/config/production.yaml
+        install -m 0750 -o peertube -g peertube -d ${peertube.varDir}
+        install -m 0750 -o peertube -g peertube -d ${peertube.varDir}/config
+        ln -sf /var/secrets/webapps/tools-peertube ${peertube.varDir}/config/production.yaml
         '';
     };