Use attrs for secrets instead of lists

[perso/Immae/Config/Nix.git] / modules / private / websites / tools / commento / default.nix

{ lib, pkgs, config, ... }:
let
  cfg = config.myServices.websites.tools.commento;
  env = config.myEnv.tools.commento;
  webPort = "${host}:${port}";
  port = toString env.listenPort;
  host = "localhost";
  postgresql_url = "postgres://${env.postgresql.user}:${env.postgresql.password}@localhost:${env.postgresql.port}/${env.postgresql.database}?sslmode=disable";
in
{
  options.myServices.websites.tools.commento = {
    enable = lib.mkEnableOption "Enable commento website";
  };
  config = lib.mkIf cfg.enable {
    secrets.keys = {
      "commento/env" = {
        permissions = "0400";
        text = ''
          COMMENTO_ORIGIN=https://commento.immae.eu/
          COMMENTO_PORT=${port}
          COMMENTO_POSTGRES=${postgresql_url}
          COMMENTO_FORBID_NEW_OWNERS=true
          COMMENTO_BIND_ADDRESS=${host}
          COMMENTO_GZIP_STATIC=true
          COMMENTO_SMTP_HOST=${env.smtp.host}
          COMMENTO_SMTP_PORT=${env.smtp.port}
          COMMENTO_SMTP_USERNAME=${env.smtp.email}
          COMMENTO_SMTP_PASSWORD=${env.smtp.password}
          COMMENTO_SMTP_FROM_ADDRESS=${env.smtp.email}
        '';
      };
    };

    services.websites.env.tools.vhostConfs.commento = {
      certName = "eldiron";
      addToCerts = true;
      hosts = [ "commento.immae.eu" ];
      root = null;
      extraConfig = [
        ''
          ProxyPass / http://${webPort}/
          ProxyPassReverse / http://${webPort}/
          ProxyPreserveHost On
        ''
      ];
    };
    systemd.services.commento = {
      description = "Commento";
      wantedBy = [ "multi-user.target" ];
      requires = ["postgresql.service"];
      after = ["network.target" "postgresql.service"];
      serviceConfig = {
        User = "wwwrun";
        ExecStart = "${pkgs.commento}/commento";
        EnvironmentFile = config.secrets.fullPaths."commento/env";
      };
    };
  };
}