options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.immae_temp.rootDir = varDir;
- services.duplyBackup.profiles.immae_temp_surfer.rootDir = "/var/lib/surfer";
services.websites.env.production.vhostConfs.immae_temp = {
certName = "immae";
addToCerts = true;
'' ];
};
- secrets.keys = [
- {
- dest = "webapps/surfer";
- permissions = "0400";
- user = "wwwrun";
- group = "wwwrun";
- text = ''
- CLOUDRON_LDAP_URL=ldaps://${env.ldap.host}
- CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
- TOKENSTORE_FILE=/var/lib/surfer/tokens.json
- CLOUDRON_LDAP_BIND_DN=${env.ldap.dn}
- CLOUDRON_LDAP_BIND_PASSWORD=${env.ldap.password}
- CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
- CLOUDRON_LDAP_FILTER="${env.ldap.filter}"
- LISTEN=/run/surfer/listen.sock
- '';
- }
- ];
+ secrets.keys."webapps/surfer" = {
+ permissions = "0400";
+ user = "wwwrun";
+ group = "wwwrun";
+ text = ''
+ CLOUDRON_LDAP_URL=ldaps://${env.ldap.host}
+ CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
+ TOKENSTORE_FILE=/var/lib/surfer/tokens.json
+ CLOUDRON_LDAP_BIND_DN=${env.ldap.dn}
+ CLOUDRON_LDAP_BIND_PASSWORD=${env.ldap.password}
+ CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
+ CLOUDRON_LDAP_FILTER="${env.ldap.filter}"
+ LISTEN=/run/surfer/listen.sock
+ '';
+ };
systemd.services.surfer = {
description = "Surfer";
exec ${pkgs.webapps.surfer}/bin/surfer-server ${varDir}
'';
serviceConfig = {
- EnvironmentFile = "/var/secrets/webapps/surfer";
+ EnvironmentFile = config.secrets.fullPaths."webapps/surfer";
User = "wwwrun";
Group = "wwwrun";
StateDirectory = "surfer";
projects / perso / Immae / Config / Nix.git / blobdiff