Add a filesWatcher service to restart them when secrets change

[perso/Immae/Config/Nix.git] / modules / private / websites / aten / integration.nix

diff --git a/modules/private/websites/aten/integration.nix b/modules/private/websites/aten/integration.nix
index 790c5a93998596635b5ca3df465f7a92eb4e6ba4..384b32454e191d01eda6706d493cb54ae37759b9 100644 (file)
--- a/modules/private/websites/aten/integration.nix
+++ b/modules/private/websites/aten/integration.nix
@@ -13,14 +13,12 @@ in {
 
   config = lib.mkIf cfg.enable {
     secrets.keys = aten.keys;
-    services.myPhpfpm.preStart.aten_dev = aten.phpFpm.preStart;
-    services.myPhpfpm.serviceDependencies.aten_dev = aten.phpFpm.serviceDeps;
-    services.myPhpfpm.poolConfigs.aten_dev = aten.phpFpm.pool;
+    systemd.services.phpfpm-aten_dev.preStart = lib.mkAfter aten.phpFpm.preStart;
+    systemd.services.phpfpm-aten_dev.after = lib.mkAfter aten.phpFpm.serviceDeps;
+    systemd.services.phpfpm-aten_dev.wants = aten.phpFpm.serviceDeps;
+    services.phpfpm.poolConfigs.aten_dev = aten.phpFpm.pool;
     system.activationScripts.aten_dev = aten.activationScript;
-    system.extraSystemBuilderCmds = ''
-      mkdir -p $out/webapps
-      ln -s ${aten.app.webRoot} $out/webapps/${aten.apache.webappName}
-      '';
+    myServices.websites.webappDirs."${aten.apache.webappName}" = aten.app.webRoot;
     services.websites.integration.modules = aten.apache.modules;
     services.websites.integration.vhostConfs.aten = {
       certName    = "eldiron";
@@ -29,6 +27,9 @@ in {
       root        = aten.apache.root;
       extraConfig = [ aten.apache.vhostConf ];
     };
+    services.websites.integration.watchPaths = [
+      "/var/secrets/webapps/${aten.app.environment}-aten"
+    ];
   };
 }