X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Ftools%2Fpeertube%2Fdefault.nix;h=1f88a1563a40abceff8f942ced3ae3f48cd35577;hb=85f5ed68104de9edd8f8e532dc0c2de931e3ca1b;hp=38c2608e55c1f484dbea9eb402adec3dc33d675b;hpb=0eaac6ba283159841da70fdfd74cb0ef7c6203ab;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/nixops/modules/websites/tools/peertube/default.nix b/nixops/modules/websites/tools/peertube/default.nix index 38c2608..1f88a15 100644 --- a/nixops/modules/websites/tools/peertube/default.nix +++ b/nixops/modules/websites/tools/peertube/default.nix @@ -20,7 +20,7 @@ in { uid = config.ids.uids.peertube; group = "peertube"; description = "Peertube user"; - home = peertube.webappDir; + home = peertube.varDir; useDefaultShell = true; }; @@ -29,8 +29,8 @@ in { systemd.services.peertube = { description = "Peertube"; wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "postgresql.service" ]; - wants = [ "postgresql.service" ]; + after = [ "network.target" "postgresql.service" "tools-peertube-key.service" ]; + wants = [ "postgresql.service" "tools-peertube-key.service" ]; environment.NODE_CONFIG_DIR = "${peertube.varDir}/config"; environment.NODE_ENV = "production"; @@ -57,12 +57,20 @@ in { unitConfig.RequiresMountsFor = peertube.varDir; }; + deployment.keys.tools-peertube = { + destDir = "/run/keys/webapps"; + user = "peertube"; + group = "peertube"; + permissions = "0400"; + text = peertube.config; + }; + system.activationScripts.peertube = { deps = [ "users" ]; text = '' - install -m 0755 -o peertube -g peertube -d ${peertube.varDir} - install -m 0755 -o peertube -g peertube -d ${peertube.varDir}/config - install -m 0644 -o peertube -g peertube -T ${peertube.config} ${peertube.varDir}/config/production.yaml + install -m 0750 -o peertube -g peertube -d ${peertube.varDir} + install -m 0750 -o peertube -g peertube -d ${peertube.varDir}/config + install -m 0640 -o peertube -g peertube -T /run/keys/webapps/tools-peertube ${peertube.varDir}/config/production.yaml ''; };