Use attrs for secrets instead of lists

[perso/Immae/Config/Nix.git] / modules / private / websites / default.nix

diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix
index 809f6159eb0dd035335af198557faf4402bb2798..e8193242b08e2c3980de7d0c026361051656b62a 100644 (file)
--- a/modules/private/websites/default.nix
+++ b/modules/private/websites/default.nix
@@ -52,7 +52,7 @@ let
           LDAPOpCacheTTL 600
         </IfModule>
 
-        Include /var/secrets/apache-ldap
+        Include ${config.secrets.fullPaths."apache-ldap"}
       '';
     };
     global = {
@@ -109,8 +109,7 @@ in
     users.users.wwwrun.extraGroups = [ "keys" ];
     networking.firewall.allowedTCPPorts = [ 80 443 ];
 
-    secrets.keys = [{
-      dest = "apache-ldap";
+    secrets.keys."apache-ldap" = {
       user = "wwwrun";
       group = "wwwrun";
       permissions = "0400";
@@ -126,7 +125,7 @@ in
           </IfModule>
         </Macro>
         '';
-    }];
+    };
 
     system.activationScripts = {
       httpd = ''
@@ -149,9 +148,9 @@ in
       };
     };
 
-    services.filesWatcher.httpdProd.paths = [ "/var/secrets/apache-ldap" ];
-    services.filesWatcher.httpdInte.paths = [ "/var/secrets/apache-ldap" ];
-    services.filesWatcher.httpdTools.paths = [ "/var/secrets/apache-ldap" ];
+    services.filesWatcher.httpdProd.paths = [ config.secrets.fullPaths."apache-ldap" ];
+    services.filesWatcher.httpdInte.paths = [ config.secrets.fullPaths."apache-ldap" ];
+    services.filesWatcher.httpdTools.paths = [ config.secrets.fullPaths."apache-ldap" ];
 
     services.websites.env.production = {
       enable = true;