Use attrs for secrets instead of lists

[perso/Immae/Config/Nix.git] / modules / private / websites / tools / git / mantisbt.nix

diff --git a/modules/private/websites/tools/git/mantisbt.nix b/modules/private/websites/tools/git/mantisbt.nix
index a74d76e8b5e8e08c83e07b0b0a3fa52d740573bd..033a651b205264c12ce61f198a6ebdd533c853e0 100644 (file)
--- a/modules/private/websites/tools/git/mantisbt.nix
+++ b/modules/private/websites/tools/git/mantisbt.nix
@@ -1,4 +1,4 @@
-{ env, mantisbt_2, mantisbt_2-plugins }:
+{ env, mantisbt_2, mantisbt_2-plugins, config }:
 rec {
   activationScript = {
     deps = [ "httpd" ];
@@ -6,8 +6,7 @@ rec {
       install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/mantisbt
     '';
   };
-  keys = [{
-    dest = "webapps/tools-mantisbt";
+  keys."webapps/tools-mantisbt" = {
     user = apache.user;
     group = apache.group;
     permissions = "0400";
@@ -45,8 +44,8 @@ rec {
       $g_ldap_realname_field = 'cn';
       $g_ldap_organization = '${env.ldap.filter}';
     '';
-  }];
-  webRoot = (mantisbt_2.override { mantis_config = "/var/secrets/webapps/tools-mantisbt"; }).withPlugins (p: [p.slack p.source-integration]);
+  };
+  webRoot = (mantisbt_2.override { mantis_config = config.secrets.fullPaths."webapps/tools-mantisbt"; }).withPlugins (p: [p.slack p.source-integration]);
   apache = rec {
     user = "wwwrun";
     group = "wwwrun";
@@ -62,6 +61,7 @@ rec {
         </FilesMatch>
 
         AllowOverride All
+        SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
         Options FollowSymlinks
         Require all granted
       </Directory>
@@ -74,7 +74,7 @@ rec {
   phpFpm = rec {
     serviceDeps = [ "postgresql.service" "openldap.service" ];
     basedir = builtins.concatStringsSep ":" (
-      [ webRoot "/var/secrets/webapps/tools-mantisbt" ]
+      [ webRoot config.secrets.fullPaths."webapps/tools-mantisbt" ]
       ++ webRoot.plugins);
     pool = {
       "listen.owner" = apache.user;