]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - modules/private/websites/tools/diaspora/default.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use attrs for secrets instead of lists
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / diaspora / default.nix
diff --git a/modules/private/websites/tools/diaspora/default.nix b/modules/private/websites/tools/diaspora/default.nix
index 5d2b19f27fa88d7affd70518961155f53ab10161..9119ead35e31e3e9a683c7f9dc1f09661f2479a4 100644 (file)
--- a/modules/private/websites/tools/diaspora/default.nix
+++ b/modules/private/websites/tools/diaspora/default.nix
@@ -16,9 +16,14 @@ in {
     };
     users.users.diaspora.extraGroups = [ "keys" ];
 
-    secrets.keys = [
-      {
-        dest = "webapps/diaspora/diaspora.yml";
+    secrets.keys = {
+      "webapps/diaspora" = {
+        isDir = true;
+        user = "diaspora";
+        group = "diaspora";
+        permissions = "0500";
+      };
+      "webapps/diaspora/diaspora.yml" = {
         user = "diaspora";
         group = "diaspora";
         permissions = "0400";
@@ -95,9 +100,8 @@ in {
         development:
           environment:
         '';
-      }
-      {
-        dest = "webapps/diaspora/database.yml";
+      };
+      "webapps/diaspora/database.yml" = {
         user = "diaspora";
         group = "diaspora";
         permissions = "0400";
@@ -129,24 +133,23 @@ in {
           <<: *combined
           database: diaspora_integration2
         '';
-      }
-      {
-        dest = "webapps/diaspora/secret_token.rb";
+      };
+      "webapps/diaspora/secret_token.rb" = {
         user = "diaspora";
         group = "diaspora";
         permissions = "0400";
         text = ''
           Diaspora::Application.config.secret_key_base = '${env.secret_token}'
         '';
-      }
-    ];
+      };
+    };
 
     services.diaspora = {
       enable = true;
       package = pkgs.webapps.diaspora.override { ldap = true; };
       dataDir = "/var/lib/diaspora_immae";
       adminEmail = "diaspora@tools.immae.eu";
-      configDir = "/var/secrets/webapps/diaspora";
+      configDir = config.secrets.fullPaths."webapps/diaspora";
     };
 
     services.filesWatcher.diaspora = {
My infrastructure configuration