install -m 0755 -o ftp -g ftp -d /var/lib/ftp
'';
- deployment.keys.pure-ftpd-ldap = {
+ mySecrets.keys = [{
+ dest = "pure-ftpd-ldap";
permissions = "0400";
user = "ftp";
group = "ftp";
# Compile dans pure-ftpd directement avec immaeFtpUid / immaeFtpGid
LDAPHomeDir immaeFtpDirectory
'';
- };
+ }];
systemd.services.pure-ftpd = let
configFile = pkgs.writeText "pure-ftpd.conf" ''
SyslogFacility ftp
DontResolve yes
MaxIdleTime 15
- LDAPConfigFile /run/keys/pure-ftpd-ldap
+ LDAPConfigFile /var/secrets/pure-ftpd-ldap
LimitRecursion 10000 8
AnonymousCanCreateDirs no
MaxLoad 4
nixpkgs.overlays = [ (self: super: rec {
mpd = (self.callPackage ./mpd.nix {}).mpd;
}) ];
- deployment.keys = {
- mpd = {
+ mySecrets.keys = [
+ {
+ dest = "mpd";
permissions = "0400";
text = myconfig.env.mpd.password;
- };
- mpd-config = {
+ }
+ {
+ dest = "mpd-config";
permissions = "0400";
user = "mpd";
group = "mpd";
text = ''
password "${myconfig.env.mpd.password}@read,add,control,admin"
'';
- };
- };
+ }
+ ];
networking.firewall.allowedTCPPorts = [ 6600 ];
users.users.mpd.extraGroups = [ "wwwrun" "keys" ];
system.activationScripts.mpd = ''
network.listenAddress = "any";
musicDirectory = myconfig.env.mpd.folder;
extraConfig = ''
- include "/run/keys/mpd-config"
+ include "/var/secrets/mpd-config"
audio_output {
type "null"
name "No Output"
AuthorizedKeysCommandUser nobody
'';
- deployment.keys = {
- ssh-ldap = {
- user = "nobody";
- group = "nobody";
- permissions = "0400";
- text = myconfig.env.sshd.ldap.password;
- };
- };
+ mySecrets.keys = [{
+ dest = "ssh-ldap";
+ user = "nobody";
+ group = "nobody";
+ permissions = "0400";
+ text = myconfig.env.sshd.ldap.password;
+ }];
system.activationScripts.sshd = ''
- install -Dm400 -o nobody -g nobody -T /run/keys/ssh-ldap /etc/ssh/ldap_password
+ install -Dm400 -o nobody -g nobody -T /var/secrets/ssh-ldap /etc/ssh/ldap_password
'';
# ssh is strict about parent directory having correct rights, don't
# move it in the nix store.
description = "Standalone MPD Web GUI written in C";
wantedBy = [ "multi-user.target" ];
script = ''
- export MPD_PASSWORD=$(cat /run/keys/mpd)
+ export MPD_PASSWORD=$(cat /var/secrets/mpd)
${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
'';
};
projects / perso / Immae / Config / Nix.git / commitdiff
