From 9d90e7e281e8f4cf9371c17c812a1ac9c08aa66d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Tue, 22 Jan 2019 12:49:20 +0100 Subject: [PATCH] Remove use of environment variables Fixes https://git.immae.eu/mantisbt/view.php?id=113 --- libs.nix | 2 -- virtual/eldiron.nix | 8 +++--- virtual/modules/databases/default.nix | 12 ++++---- virtual/modules/gitolite/default.nix | 8 ++---- virtual/modules/websites/aten/aten.nix | 20 ++++++------- virtual/modules/websites/aten/default.nix | 12 +++++--- virtual/modules/websites/chloe/chloe.nix | 28 +++++++------------ virtual/modules/websites/chloe/default.nix | 12 +++++--- .../connexionswing/connexionswing.nix | 20 ++++++------- .../websites/connexionswing/default.nix | 12 +++++--- virtual/modules/websites/default.nix | 7 ++--- virtual/modules/websites/ludivine/default.nix | 12 +++++--- .../websites/ludivine/ludivinecassal.nix | 28 +++++++------------ .../modules/websites/piedsjaloux/default.nix | 12 +++++--- .../websites/piedsjaloux/piedsjaloux.nix | 19 +++++-------- .../websites/tellesflorian/default.nix | 8 ++++-- .../websites/tellesflorian/tellesflorian.nix | 25 ++++++----------- .../modules/websites/tools/cloud/default.nix | 6 ++-- .../websites/tools/cloud/nextcloud.nix | 23 ++++++--------- .../modules/websites/tools/dav/davical.nix | 11 +++----- .../modules/websites/tools/dav/default.nix | 6 ++-- .../websites/tools/diaspora/default.nix | 5 ++-- .../websites/tools/diaspora/diaspora.nix | 19 +++++-------- .../modules/websites/tools/git/default.nix | 7 +++-- .../websites/tools/git/mantisbt/mantisbt.nix | 11 +++----- .../websites/tools/mastodon/default.nix | 5 ++-- .../websites/tools/mastodon/mastodon.nix | 27 ++++++------------ .../websites/tools/mediagoblin/default.nix | 5 ++-- .../tools/mediagoblin/mediagoblin.nix | 11 +++----- .../modules/websites/tools/tools/default.nix | 11 +++++--- .../websites/tools/tools/roundcubemail.nix | 11 +++----- .../modules/websites/tools/tools/ttrss.nix | 11 +++----- .../modules/websites/tools/tools/wallabag.nix | 14 ++++------ 33 files changed, 189 insertions(+), 239 deletions(-) diff --git a/libs.nix b/libs.nix index ad517f2..57b0f64 100644 --- a/libs.nix +++ b/libs.nix @@ -36,8 +36,6 @@ in src = fetchgitPrivate json.git; }; - checkEnv = var: builtins.stringLength (builtins.getEnv var) > 0; - wrap = { paths ? [], vars ? {}, file ? null, script ? null, name ? "wrap" }: assert file != null || script != null || abort "wrap needs 'file' or 'script' argument"; diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix index 48266c8..337ea2f 100644 --- a/virtual/eldiron.nix +++ b/virtual/eldiron.nix @@ -10,6 +10,7 @@ _module.args = { mylibs = import ../libs.nix; myconfig = { + env = import ./environment.nix; ips = { main = "176.9.151.89"; production = "176.9.151.154"; @@ -40,8 +41,8 @@ deployment = { targetEnv = "hetzner"; hetzner = { - #robotUser = "defined in HETZNER_ROBOT_USER"; - #robotPass = "defined in HETZNER_ROBOT_PASS"; + robotUser = myconfig.env.hetzner.user; + robotPass = myconfig.env.hetzner.pass; mainIPv4 = myconfig.ips.main; partitions = '' clearpart --all --initlabel --drives=sda,sdb @@ -70,12 +71,11 @@ environment.etc."ssh/ldap_authorized_keys" = let ldap_authorized_keys = - assert checkEnv "NIXOPS_SSHD_LDAP_PASSWORD"; wrap { name = "ldap_authorized_keys"; file = ./ldap_authorized_keys.sh; vars = { - LDAP_PASS = builtins.getEnv "NIXOPS_SSHD_LDAP_PASSWORD"; + LDAP_PASS = myconfig.env.sshd.ldap.password; GITOLITE_SHELL = "${pkgs.gitolite}/bin/gitolite-shell"; ECHO = "${pkgs.coreutils}/bin/echo"; }; diff --git a/virtual/modules/databases/default.nix b/virtual/modules/databases/default.nix index e3a5612..0912830 100644 --- a/virtual/modules/databases/default.nix +++ b/virtual/modules/databases/default.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, config, mylibs, ... }: +{ lib, pkgs, config, myconfig, mylibs, ... }: let cfg = config.services.myDatabases; in { @@ -112,20 +112,18 @@ in { security.pam.services = let pam_ldap = pkgs.pam_ldap; - pam_ldap_mysql = assert mylibs.checkEnv "NIXOPS_MYSQL_PAM_PASSWORD"; - pkgs.writeText "mysql.conf" '' + pam_ldap_mysql = pkgs.writeText "mysql.conf" '' host ldap.immae.eu base dc=immae,dc=eu binddn cn=mysql,cn=pam,ou=services,dc=immae,dc=eu - bindpw ${builtins.getEnv "NIXOPS_MYSQL_PAM_PASSWORD"} + bindpw ${myconfig.env.databases.mysql.pam_password} pam_filter memberOf=cn=users,cn=mysql,cn=pam,ou=services,dc=immae,dc=eu ''; - pam_ldap_postgresql_replication = assert mylibs.checkEnv "NIXOPS_ELDIRON_LDAP_PASSWORD"; - pkgs.writeText "postgresql.conf" '' + pam_ldap_postgresql_replication = pkgs.writeText "postgresql.conf" '' host ldap.immae.eu base dc=immae,dc=eu binddn cn=eldiron,ou=hosts,dc=immae,dc=eu - bindpw ${builtins.getEnv "NIXOPS_ELDIRON_LDAP_PASSWORD"} + bindpw ${myconfig.env.ldap.password} pam_login_attribute cn ''; in [ diff --git a/virtual/modules/gitolite/default.nix b/virtual/modules/gitolite/default.nix index b8ecb15..21eabc4 100644 --- a/virtual/modules/gitolite/default.nix +++ b/virtual/modules/gitolite/default.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, config, mylibs, ... }: +{ lib, pkgs, config, myconfig, mylibs, ... }: let cfg = config.services.myGitolite; in { @@ -33,14 +33,12 @@ in { basePath = "${cfg.gitoliteDir}/repositories"; }; - system.activationScripts.gitolite = - assert mylibs.checkEnv "NIXOPS_GITOLITE_LDAP_PASSWORD"; - let + system.activationScripts.gitolite = let gitolite_ldap_groups = mylibs.wrap { name = "gitolite_ldap_groups.sh"; file = ./gitolite_ldap_groups.sh; vars = { - LDAP_PASS = builtins.getEnv "NIXOPS_GITOLITE_LDAP_PASSWORD"; + LDAP_PASS = myconfig.env.tools.gitolite.ldap.password; }; paths = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.coreutils ]; }; diff --git a/virtual/modules/websites/aten/aten.nix b/virtual/modules/websites/aten/aten.nix index 7eec525..1520439 100644 --- a/virtual/modules/websites/aten/aten.nix +++ b/virtual/modules/websites/aten/aten.nix @@ -1,9 +1,8 @@ -{ lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, yarn }: +{ lib, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, yarn }: let - aten = { environment ? "dev" }: rec { - varPrefix = "ATEN"; + aten = { config }: rec { + environment = config.environment; varDir = "/var/lib/aten_${environment}"; - envName= lib.strings.toUpper environment; phpFpm = rec { socket = "/var/run/phpfpm/aten-${environment}.sock"; pool = '' @@ -34,17 +33,14 @@ let user = "wwwrun"; group = "wwwrun"; modules = [ "proxy_fcgi" ]; - vhostConf = - assert checkEnv "NIXOPS_${varPrefix}_${envName}_SECRET"; - assert checkEnv "NIXOPS_${varPrefix}_${envName}_PSQL_URL"; - '' + vhostConf = '' SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" SetEnv APP_ENV "${environment}" - SetEnv APP_SECRET "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"} - SetEnv DATABASE_URL "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_PSQL_URL"} + SetEnv APP_SECRET "${config.secret}" + SetEnv DATABASE_URL "${config.psql_url}" ${if environment == "dev" then '' @@ -96,8 +92,8 @@ let export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt export APP_ENV="${environment}" - export DATABASE_URL="${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_PSQL_URL"}" - export APP_SECRET="${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"}" + export DATABASE_URL="${config.psql_url}" + export APP_SECRET="${config.secret}" ${if environment == "dev" then '' composer install diff --git a/virtual/modules/websites/aten/default.nix b/virtual/modules/websites/aten/default.nix index 2f319bb..db2ab49 100644 --- a/virtual/modules/websites/aten/default.nix +++ b/virtual/modules/websites/aten/default.nix @@ -1,8 +1,12 @@ -{ lib, pkgs, config, mylibs, ... }: +{ lib, pkgs, config, myconfig, mylibs, ... }: let - aten = pkgs.callPackage ./aten.nix { inherit (mylibs) checkEnv fetchedGitPrivate; }; - aten_dev = aten { environment = "dev"; }; - aten_prod = aten { environment = "prod"; }; + aten = pkgs.callPackage ./aten.nix { inherit (mylibs) fetchedGitPrivate; }; + aten_dev = aten { + config = myconfig.env.websites.aten.integration; + }; + aten_prod = aten { + config = myconfig.env.websites.aten.production; + }; cfg = config.services.myWebsites.Aten; in { diff --git a/virtual/modules/websites/chloe/chloe.nix b/virtual/modules/websites/chloe/chloe.nix index ca34b5a..dcf076d 100644 --- a/virtual/modules/websites/chloe/chloe.nix +++ b/virtual/modules/websites/chloe/chloe.nix @@ -1,18 +1,10 @@ -{ stdenv, lib, checkEnv, fetchzip, fetchurl, fetchedGitPrivate, sassc }: +{ stdenv, lib, fetchzip, fetchurl, fetchedGitPrivate, sassc }: let - chloe = { environment ? "dev" }: rec { - varPrefix = "CHLOE"; - envName= lib.strings.toUpper environment; + chloe = { config }: rec { + environment = config.environment; phpFpm = rec { socket = "/var/run/phpfpm/chloe-${environment}.sock"; - pool = - assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"; - assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"; - assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_DB"; - assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_DN"; - assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD"; - assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH"; - '' + pool = '' listen = ${socket} user = ${apache.user} group = ${apache.group} @@ -28,13 +20,13 @@ let env[SPIP_SITE] = "chloe-${environment}" env[SPIP_LDAP_BASE] = "dc=immae,dc=eu" env[SPIP_LDAP_HOST] = "ldaps://ldap.immae.eu" - env[SPIP_LDAP_SEARCH_DN] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_DN"}" - env[SPIP_LDAP_SEARCH_PW] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD"}" - env[SPIP_LDAP_SEARCH] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH"}" + env[SPIP_LDAP_SEARCH_DN] = "${config.ldap.dn}" + env[SPIP_LDAP_SEARCH_PW] = "${config.ldap.password}" + env[SPIP_LDAP_SEARCH] = "${config.ldap.search}" env[SPIP_MYSQL_HOST] = "db-1.immae.eu" - env[SPIP_MYSQL_DB] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_DB"}" - env[SPIP_MYSQL_USER] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"}" - env[SPIP_MYSQL_PASSWORD] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"}" + env[SPIP_MYSQL_DB] = "${config.mysql.name}" + env[SPIP_MYSQL_USER] = "${config.mysql.user}" + env[SPIP_MYSQL_PASSWORD] = "${config.mysql.password}" ${if environment == "dev" then '' pm = ondemand pm.max_children = 5 diff --git a/virtual/modules/websites/chloe/default.nix b/virtual/modules/websites/chloe/default.nix index de85e92..94cd4be 100644 --- a/virtual/modules/websites/chloe/default.nix +++ b/virtual/modules/websites/chloe/default.nix @@ -1,8 +1,12 @@ -{ lib, pkgs, config, mylibs, ... }: +{ lib, pkgs, config, myconfig, mylibs, ... }: let - chloe = pkgs.callPackage ./chloe.nix { inherit (mylibs) checkEnv fetchedGitPrivate; }; - chloe_dev = chloe { environment = "dev"; }; - chloe_prod = chloe { environment = "prod"; }; + chloe = pkgs.callPackage ./chloe.nix { inherit (mylibs) fetchedGitPrivate; }; + chloe_dev = chloe { + config = myconfig.env.websites.chloe.integration; + }; + chloe_prod = chloe { + config = myconfig.env.websites.chloe.production; + }; cfg = config.services.myWebsites.Chloe; in { diff --git a/virtual/modules/websites/connexionswing/connexionswing.nix b/virtual/modules/websites/connexionswing/connexionswing.nix index 71f3c0b..66c9b53 100644 --- a/virtual/modules/websites/connexionswing/connexionswing.nix +++ b/virtual/modules/websites/connexionswing/connexionswing.nix @@ -1,29 +1,25 @@ -{ lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert }: +{ lib, writeText, fetchedGitPrivate, stdenv, php, git, cacert }: let - connexionswing = { environment ? "dev" }: rec { + connexionswing = { config }: rec { + environment = config.environment; varDir = "/var/lib/connexionswing_${environment}"; envName= lib.strings.toUpper environment; configRoot = - assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_PASSWORD"; - assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_USER"; - assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_NAME"; - assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_SECRET"; - assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_EMAIL"; writeText "parameters.yml" '' # This file is auto-generated during the composer install parameters: database_host: db-1.immae.eu database_port: null - database_name: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_NAME"} - database_user: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_USER"} - database_password: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_PASSWORD"} + database_name: ${config.mysql.name} + database_user: ${config.mysql.user} + database_password: ${config.mysql.password} mailer_transport: smtp mailer_host: mail.immae.eu mailer_user: null mailer_password: null - subscription_email: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_EMAIL"} + subscription_email: ${config.email} allow_robots: true - secret: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_SECRET"} + secret: ${config.secret} ''; phpFpm = rec { socket = "/var/run/phpfpm/connexionswing-${environment}.sock"; diff --git a/virtual/modules/websites/connexionswing/default.nix b/virtual/modules/websites/connexionswing/default.nix index 5667c91..2e4dfc7 100644 --- a/virtual/modules/websites/connexionswing/default.nix +++ b/virtual/modules/websites/connexionswing/default.nix @@ -1,8 +1,12 @@ -{ lib, pkgs, config, mylibs, ... }: +{ lib, pkgs, config, mylibs, myconfig, ... }: let - connexionswing = pkgs.callPackage ./connexionswing.nix { inherit (mylibs) checkEnv fetchedGitPrivate; }; - connexionswing_dev = connexionswing { environment = "dev"; }; - connexionswing_prod = connexionswing { environment = "prod"; }; + connexionswing = pkgs.callPackage ./connexionswing.nix { inherit (mylibs) fetchedGitPrivate; }; + connexionswing_dev = connexionswing { + config = myconfig.env.websites.connexionswing.integration; + }; + connexionswing_prod = connexionswing { + config = myconfig.env.websites.connexionswing.production; + }; cfg = config.services.myWebsites.Connexionswing; in { diff --git a/virtual/modules/websites/default.nix b/virtual/modules/websites/default.nix index f2f0be1..59b9e47 100644 --- a/virtual/modules/websites/default.nix +++ b/virtual/modules/websites/default.nix @@ -1,8 +1,5 @@ { lib, pkgs, config, mylibs, myconfig, ... }: let - mypkgs = pkgs.callPackage ../../packages.nix { - inherit (mylibs) checkEnv fetchedGit fetchedGithub; - }; cfg = config.services.myWebsites; makeService = name: cfg: let toVhost = vhostConf: { @@ -205,7 +202,7 @@ in }; ldap = { modules = [ "ldap" "authnz_ldap" ]; - extraConfig = assert mylibs.checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; '' + extraConfig = '' LDAPSharedCacheSize 500000 LDAPCacheEntries 1024 @@ -218,7 +215,7 @@ in AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu - AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}" + AuthLDAPBindPassword "${myconfig.env.httpd.ldap.password}" AuthType Basic AuthName "Authentification requise (Acces LDAP)" AuthBasicProvider ldap diff --git a/virtual/modules/websites/ludivine/default.nix b/virtual/modules/websites/ludivine/default.nix index 6aa1862..d13d700 100644 --- a/virtual/modules/websites/ludivine/default.nix +++ b/virtual/modules/websites/ludivine/default.nix @@ -1,8 +1,12 @@ -{ lib, pkgs, config, mylibs, ... }: +{ lib, pkgs, config, myconfig, mylibs, ... }: let - ludivinecassal = pkgs.callPackage ./ludivinecassal.nix { inherit (mylibs) checkEnv fetchedGitPrivate; }; - ludivinecassal_dev = ludivinecassal { environment = "dev"; }; - ludivinecassal_prod = ludivinecassal { environment = "prod"; }; + ludivinecassal = pkgs.callPackage ./ludivinecassal.nix { inherit (mylibs) fetchedGitPrivate; }; + ludivinecassal_dev = ludivinecassal { + config = myconfig.env.websites.ludivinecassal.integration; + }; + ludivinecassal_prod = ludivinecassal { + config = myconfig.env.websites.ludivinecassal.production; + }; cfg = config.services.myWebsites.Ludivine; in { diff --git a/virtual/modules/websites/ludivine/ludivinecassal.nix b/virtual/modules/websites/ludivine/ludivinecassal.nix index 138ea9f..342c698 100644 --- a/virtual/modules/websites/ludivine/ludivinecassal.nix +++ b/virtual/modules/websites/ludivine/ludivinecassal.nix @@ -1,30 +1,22 @@ -{ lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, ruby, sass, imagemagick }: +{ lib, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, ruby, sass, imagemagick }: let - ludivinecassal = { environment ? "dev" }: rec { - varPrefix = "LUDIVINECASSAL"; + ludivinecassal = { config }: rec { + environment = config.environment; varDir = "/var/lib/ludivinecassal_${environment}"; - envName= lib.strings.toUpper environment; configRoot = - assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"; - assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"; - assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"; - assert checkEnv "NIXOPS_${varPrefix}_${envName}_SECRET"; - assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD"; - assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_DN"; - assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_FILTER"; writeText "parameters.yml" '' # This file is auto-generated during the composer install parameters: database_host: db-1.immae.eu database_port: null - database_name: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"} - database_user: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"} - database_password: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"} + database_name: ${config.mysql.name} + database_user: ${config.mysql.user} + database_password: ${config.mysql.password} mailer_transport: smtp mailer_host: mail.immae.eu mailer_user: null mailer_password: null - secret: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"} + secret: ${config.secret} ldap_host: ldap.immae.eu ldap_port: 636 ldap_version: 3 @@ -32,9 +24,9 @@ let ldap_tls: false ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu' ldap_base_dn: 'dc=immae,dc=eu' - ldap_search_dn: '${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_DN"}' - ldap_search_password: '${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD"}' - ldap_search_filter: '${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_FILTER"}' + ldap_search_dn: '${config.ldap.dn}' + ldap_search_password: '${config.ldap.password}' + ldap_search_filter: '${config.ldap.search}' leapt_im: binary_path: ${imagemagick}/bin assetic: diff --git a/virtual/modules/websites/piedsjaloux/default.nix b/virtual/modules/websites/piedsjaloux/default.nix index 80261a3..f1bb760 100644 --- a/virtual/modules/websites/piedsjaloux/default.nix +++ b/virtual/modules/websites/piedsjaloux/default.nix @@ -1,8 +1,12 @@ -{ lib, pkgs, config, mylibs, ... }: +{ lib, pkgs, config, myconfig, mylibs, ... }: let - piedsjaloux = pkgs.callPackage ./piedsjaloux.nix { inherit (mylibs) checkEnv fetchedGitPrivate; }; - piedsjaloux_dev = piedsjaloux { environment = "dev"; }; - piedsjaloux_prod = piedsjaloux { environment = "prod"; }; + piedsjaloux = pkgs.callPackage ./piedsjaloux.nix { inherit (mylibs) fetchedGitPrivate; }; + piedsjaloux_dev = piedsjaloux { + config = myconfig.env.websites.piedsjaloux.integration; + }; + piedsjaloux_prod = piedsjaloux { + config = myconfig.env.websites.piedsjaloux.production; + }; cfg = config.services.myWebsites.PiedsJaloux; in { diff --git a/virtual/modules/websites/piedsjaloux/piedsjaloux.nix b/virtual/modules/websites/piedsjaloux/piedsjaloux.nix index 4bbf148..3d30b89 100644 --- a/virtual/modules/websites/piedsjaloux/piedsjaloux.nix +++ b/virtual/modules/websites/piedsjaloux/piedsjaloux.nix @@ -1,27 +1,22 @@ -{ lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, texlive, imagemagick }: +{ lib, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, texlive, imagemagick }: let - piedsjaloux = { environment ? "dev" }: rec { - varPrefix = "PIEDSJALOUX"; + piedsjaloux = { config }: rec { + environment = config.environment; varDir = "/var/lib/piedsjaloux_${environment}"; - envName= lib.strings.toUpper environment; configRoot = - assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"; - assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"; - assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"; - assert checkEnv "NIXOPS_${varPrefix}_${envName}_SECRET"; writeText "parameters.yml" '' # This file is auto-generated during the composer install parameters: database_host: db-1.immae.eu database_port: null - database_name: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"} - database_user: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"} - database_password: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"} + database_name: ${config.mysql.name} + database_user: ${config.mysql.user} + database_password: ${config.mysql.password} mailer_transport: smtp mailer_host: mail.immae.eu mailer_user: null mailer_password: null - secret: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"} + secret: ${config.secret} pdflatex: "${texlive.combine { inherit (texlive) attachfile preprint scheme-small; }}/bin/pdflatex" leapt_im: binary_path: ${imagemagick}/bin diff --git a/virtual/modules/websites/tellesflorian/default.nix b/virtual/modules/websites/tellesflorian/default.nix index 8f8c35a..f347169 100644 --- a/virtual/modules/websites/tellesflorian/default.nix +++ b/virtual/modules/websites/tellesflorian/default.nix @@ -1,9 +1,11 @@ -{ lib, pkgs, config, mylibs, ... }: +{ lib, pkgs, config, myconfig, mylibs, ... }: let adminer = pkgs.callPackage ../commons/adminer.nix {}; - tellesflorian = pkgs.callPackage ./tellesflorian.nix { inherit (mylibs) checkEnv fetchedGitPrivate; }; - tellesflorian_dev = tellesflorian { environment = "dev"; }; + tellesflorian = pkgs.callPackage ./tellesflorian.nix { inherit (mylibs) fetchedGitPrivate; }; + tellesflorian_dev = tellesflorian { + config = myconfig.env.websites.tellesflorian.integration; + }; cfg = config.services.myWebsites.TellesFlorian; in { diff --git a/virtual/modules/websites/tellesflorian/tellesflorian.nix b/virtual/modules/websites/tellesflorian/tellesflorian.nix index 2191b31..03b1faf 100644 --- a/virtual/modules/websites/tellesflorian/tellesflorian.nix +++ b/virtual/modules/websites/tellesflorian/tellesflorian.nix @@ -1,27 +1,22 @@ -{ lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages }: +{ lib, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages }: let - tellesflorian = { environment ? "dev" }: rec { - varPrefix = "TELLESFLORIAN"; + tellesflorian = { config }: rec { + environment = config.environment; varDir = "/var/lib/tellesflorian_${environment}"; - envName= lib.strings.toUpper environment; configRoot = - assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"; - assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"; - assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"; - assert checkEnv "NIXOPS_${varPrefix}_${envName}_SECRET"; writeText "parameters.yml" '' # This file is auto-generated during the composer install parameters: database_host: db-1.immae.eu database_port: null - database_name: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"} - database_user: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"} - database_password: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"} + database_name: ${config.mysql.name} + database_user: ${config.mysql.user} + database_password: ${config.mysql.password} mailer_transport: smtp mailer_host: mail.immae.eu mailer_user: null mailer_password: null - secret: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"} + secret: ${config.secret} ''; phpFpm = rec { socket = "/var/run/phpfpm/floriantelles-${environment}.sock"; @@ -49,10 +44,8 @@ let pm.max_spare_servers = 3 ''}''; }; - passwords = - assert checkEnv "NIXOPS_${varPrefix}_${envName}_INVITE_PASSWORDS"; - writeText "tellesflorian_passwords" '' - invite:${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_INVITE_PASSWORDS"} + passwords = writeText "tellesflorian_passwords" '' + invite:${config.invite_passwords} ''; apache = { user = "wwwrun"; diff --git a/virtual/modules/websites/tools/cloud/default.nix b/virtual/modules/websites/tools/cloud/default.nix index 7dd5c6e..241b982 100644 --- a/virtual/modules/websites/tools/cloud/default.nix +++ b/virtual/modules/websites/tools/cloud/default.nix @@ -1,6 +1,8 @@ -{ lib, pkgs, config, mylibs, ... }: +{ lib, pkgs, config, myconfig, mylibs, ... }: let - nextcloud = pkgs.callPackage ./nextcloud.nix { inherit (mylibs) checkEnv; }; + nextcloud = pkgs.callPackage ./nextcloud.nix { + env = myconfig.env.tools.nextcloud; + }; cfg = config.services.myWebsites.tools.cloud; in { diff --git a/virtual/modules/websites/tools/cloud/nextcloud.nix b/virtual/modules/websites/tools/cloud/nextcloud.nix index b9c8d04..815254b 100644 --- a/virtual/modules/websites/tools/cloud/nextcloud.nix +++ b/virtual/modules/websites/tools/cloud/nextcloud.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, checkEnv, writeText, lib, phpPackages, php }: +{ stdenv, fetchurl, env, writeText, lib, phpPackages, php }: let nextcloud = let buildApp = { appName, version, url, sha256, installPhase ? "mkdir -p $out && cp -R . $out/" }: @@ -96,27 +96,20 @@ let }; in rec { varDir = "/var/lib/nextcloud"; - config_php = - assert checkEnv "NIXOPS_NEXTCLOUD_PASSWORD_SALT"; - assert checkEnv "NIXOPS_NEXTCLOUD_DB_USER"; - assert checkEnv "NIXOPS_NEXTCLOUD_DB_PASSWORD"; - assert checkEnv "NIXOPS_NEXTCLOUD_INSTANCE_ID"; - assert checkEnv "NIXOPS_NEXTCLOUD_SECRET"; - assert checkEnv "NIXOPS_NEXTCLOUD_REDIS_DB_INDEX"; - writeText "config.php" '' + config_php = writeText "config.php" '' '${builtins.getEnv "NIXOPS_NEXTCLOUD_INSTANCE_ID"}', + 'instanceid' => '${env.instance_id}', 'datadirectory' => '/var/lib/nextcloud/', - 'passwordsalt' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_PASSWORD_SALT"}', + 'passwordsalt' => '${env.password_salt}', 'debug' => false, 'dbtype' => 'pgsql', 'version' => '15.0.0.10', 'dbname' => 'webapps', 'dbhost' => '/run/postgresql', 'dbtableprefix' => 'oc_', - 'dbuser' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_DB_USER"}', - 'dbpassword' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_DB_PASSWORD"}', + 'dbuser' => '${env.postgresql.user}', + 'dbpassword' => '${env.postgresql.password}', 'installed' => true, 'maxZipInputSize' => 0, 'allowZipDownload' => true, @@ -127,7 +120,7 @@ let array ( 0 => 'cloud.immae.eu', ), - 'secret' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_SECRET"}', + 'secret' => '${env.secret}', 'appstoreenabled' => false, 'appstore.experimental.enabled' => true, 'loglevel' => 0, @@ -147,7 +140,7 @@ let array ( 'host' => 'localhost', 'port' => 6379, - 'dbindex' => ${builtins.getEnv "NIXOPS_NEXTCLOUD_REDIS_DB_INDEX"}, + 'dbindex' => ${env.redis.db_index}, ), 'overwrite.cli.url' => 'https://cloud.immae.eu', 'ldapIgnoreNamingRules' => false, diff --git a/virtual/modules/websites/tools/dav/davical.nix b/virtual/modules/websites/tools/dav/davical.nix index cf528ad..4d0639f 100644 --- a/virtual/modules/websites/tools/dav/davical.nix +++ b/virtual/modules/websites/tools/dav/davical.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, gettext, writeText, checkEnv }: +{ stdenv, fetchurl, gettext, writeText, env }: let awl = stdenv.mkDerivation rec { version = "0.59"; @@ -16,12 +16,9 @@ let ''; }; davical = rec { - config = - assert checkEnv "NIXOPS_DAVICAL_DB_PASSWORD"; - assert checkEnv "NIXOPS_DAVICAL_LDAP_PASSWORD"; - writeText "davical_config.php" '' + config = writeText "davical_config.php" '' pg_connect[] = "dbname=davical user=davical_app host=db-1.immae.eu password=${builtins.getEnv "NIXOPS_DAVICAL_DB_PASSWORD"}"; + $c->pg_connect[] = "dbname=davical user=davical_app host=db-1.immae.eu password=${env.postgresql.password}"; $c->readonly_webdav_collections = false; @@ -44,7 +41,7 @@ let 'port' => '389', 'startTLS' => 'yes', 'bindDN'=> 'cn=davical,ou=services,dc=immae,dc=eu', - 'passDN'=> '${builtins.getEnv "NIXOPS_DAVICAL_LDAP_PASSWORD"}', + 'passDN'=> '${env.ldap.password}', 'protocolVersion' => '3', 'baseDNUsers'=> array('ou=users,dc=immae,dc=eu', 'ou=group_users,dc=immae,dc=eu'), 'filterUsers' => 'memberOf=cn=users,cn=davical,ou=services,dc=immae,dc=eu', diff --git a/virtual/modules/websites/tools/dav/default.nix b/virtual/modules/websites/tools/dav/default.nix index 201da38..ef9735e 100644 --- a/virtual/modules/websites/tools/dav/default.nix +++ b/virtual/modules/websites/tools/dav/default.nix @@ -1,7 +1,9 @@ -{ lib, pkgs, config, mylibs, ... }: +{ lib, pkgs, config, myconfig, mylibs, ... }: let infcloud = pkgs.callPackage ./infcloud.nix {}; - davical = pkgs.callPackage ./davical.nix { inherit (mylibs) checkEnv; }; + davical = pkgs.callPackage ./davical.nix { + env = myconfig.env.tools.davical; + }; cfg = config.services.myWebsites.tools.dav; in { diff --git a/virtual/modules/websites/tools/diaspora/default.nix b/virtual/modules/websites/tools/diaspora/default.nix index 8285d6c..b15b9ce 100644 --- a/virtual/modules/websites/tools/diaspora/default.nix +++ b/virtual/modules/websites/tools/diaspora/default.nix @@ -1,7 +1,8 @@ -{ lib, pkgs, config, mylibs, ... }: +{ lib, pkgs, config, myconfig, mylibs, ... }: let diaspora = pkgs.callPackage ./diaspora.nix { - inherit (mylibs) fetchedGithub checkEnv; + inherit (mylibs) fetchedGithub; + env = myconfig.env.tools.diaspora; }; cfg = config.services.myWebsites.tools.diaspora; diff --git a/virtual/modules/websites/tools/diaspora/diaspora.nix b/virtual/modules/websites/tools/diaspora/diaspora.nix index 961e1f8..39de202 100644 --- a/virtual/modules/websites/tools/diaspora/diaspora.nix +++ b/virtual/modules/websites/tools/diaspora/diaspora.nix @@ -1,4 +1,4 @@ -{ checkEnv, fetchedGithub, stdenv, defaultGemConfig, writeText, bundlerEnv, ruby_2_4, pkgs, cacert }: +{ env, fetchedGithub, stdenv, defaultGemConfig, writeText, bundlerEnv, ruby_2_4, pkgs, cacert }: let gems = bundlerEnv { name = "diaspora-env"; @@ -30,13 +30,10 @@ let ''; propagatedBuildInputs = buildInputs; }); - secret_token = assert checkEnv "NIXOPS_DIASPORA_SECRET_TOKEN"; - writeText "secret_token.rb" '' - Diaspora::Application.config.secret_key_base = '${builtins.getEnv "NIXOPS_DIASPORA_SECRET_TOKEN"}' + secret_token = writeText "secret_token.rb" '' + Diaspora::Application.config.secret_key_base = '${env.secret_token}' ''; - config = - assert checkEnv "NIXOPS_DIASPORA_LDAP_PASSWORD"; - writeText "diaspora.yml" '' + config = writeText "diaspora.yml" '' configuration: environment: url: "https://diaspora.immae.eu/" @@ -101,7 +98,7 @@ let skip_email_confirmation: true use_bind_dn: true bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu" - bind_pw: "${builtins.getEnv "NIXOPS_DIASPORA_LDAP_PASSWORD"}" + bind_pw: "${env.ldap.password}" search_base: "dc=immae,dc=eu" search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))" production: @@ -109,15 +106,13 @@ let development: environment: ''; - database_config = - assert checkEnv "NIXOPS_DIASPORA_SQL_PASSWORD"; - writeText "database.yml" '' + database_config = writeText "database.yml" '' postgresql: &postgresql adapter: postgresql host: db-1.immae.eu port: 5432 username: "diaspora" - password: "${builtins.getEnv "NIXOPS_DIASPORA_SQL_PASSWORD"}" + password: "${env.postgresql.password}" encoding: unicode common: &common <<: *postgresql diff --git a/virtual/modules/websites/tools/git/default.nix b/virtual/modules/websites/tools/git/default.nix index f53350e..91aa1d0 100644 --- a/virtual/modules/websites/tools/git/default.nix +++ b/virtual/modules/websites/tools/git/default.nix @@ -1,6 +1,9 @@ -{ lib, pkgs, config, mylibs, ... }: +{ lib, pkgs, config, myconfig, mylibs, ... }: let - mantisbt = pkgs.callPackage ./mantisbt/mantisbt.nix { inherit (mylibs) checkEnv fetchedGithub; }; + mantisbt = pkgs.callPackage ./mantisbt/mantisbt.nix { + inherit (mylibs) fetchedGithub; + env = myconfig.env.tools.mantisbt; + }; gitweb = pkgs.callPackage ./gitweb/gitweb.nix { gitoliteDir = config.services.myGitolite.gitoliteDir; }; cfg = config.services.myWebsites.tools.git; diff --git a/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix b/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix index c1cb60d..bc2ff3a 100644 --- a/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix +++ b/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix @@ -1,4 +1,4 @@ -{ lib, checkEnv, writeText, stdenv, fetchurl, fetchedGithub }: +{ lib, env, writeText, stdenv, fetchurl, fetchedGithub }: let mantisbt = let plugins = { @@ -18,17 +18,14 @@ let }; in rec { config = - assert checkEnv "NIXOPS_MANTISBT_DB_PASSWORD"; - assert checkEnv "NIXOPS_MANTISBT_MASTER_SALT"; - assert checkEnv "NIXOPS_MANTISBT_LDAP_PASSWORD"; writeText "config_inc.php" '' array("verify_peer" => false)); $config['smtp_server'] = 'tls://mail.immae.eu'; @@ -27,7 +24,7 @@ let $config['support_url'] = '''; - $config['des_key'] = '${builtins.getEnv "NIXOPS_ROUNDCUBEMAIL_SECRET"}'; + $config['des_key'] = '${env.secret}'; $config['plugins'] = array(); diff --git a/virtual/modules/websites/tools/tools/ttrss.nix b/virtual/modules/websites/tools/tools/ttrss.nix index 2659afd..76105be 100644 --- a/virtual/modules/websites/tools/tools/ttrss.nix +++ b/virtual/modules/websites/tools/tools/ttrss.nix @@ -1,4 +1,4 @@ -{ lib, php, checkEnv, writeText, stdenv, fetchedGit, fetchedGithub }: +{ lib, php, env, writeText, stdenv, fetchedGit, fetchedGithub }: let ttrss = let plugins = { @@ -52,10 +52,7 @@ let install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions ''; }; - config = - assert checkEnv "NIXOPS_TTRSS_DB_PASSWORD"; - assert checkEnv "NIXOPS_TTRSS_LDAP_PASSWORD"; - writeText "config.php" '' + config = writeText "config.php" ''