Move secrets to flakes

[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix

diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix
index ac92ef48f33d5407bc58f6665f2d5634ef8e407d..ada62537fb04021ef6e5ac759bd7622e0fa00b43 100644 (file)
--- a/modules/private/websites/tools/tools/default.nix
+++ b/modules/private/websites/tools/tools/default.nix
@@ -12,8 +12,10 @@ let
     inherit (pkgs.webapps) ttrss ttrss-plugins;
     env = config.myEnv.tools.ttrss;
     php = pkgs.php72;
+    inherit config;
   };
   kanboard = pkgs.callPackage ./kanboard.nix  {
+    inherit config;
     env = config.myEnv.tools.kanboard;
   };
   wallabag = pkgs.callPackage ./wallabag.nix {
@@ -23,10 +25,12 @@ let
       };
     };
     env = config.myEnv.tools.wallabag;
+    inherit config;
   };
   yourls = pkgs.callPackage ./yourls.nix {
     inherit (pkgs.webapps) yourls yourls-plugins;
     env = config.myEnv.tools.yourls;
+    inherit config;
   };
   rompr = pkgs.callPackage ./rompr.nix {
     inherit (pkgs.webapps) rompr;
@@ -34,6 +38,7 @@ let
   };
   shaarli = pkgs.callPackage ./shaarli.nix {
     env = config.myEnv.tools.shaarli;
+    inherit config;
   };
   dokuwiki = pkgs.callPackage ./dokuwiki.nix {
     inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
@@ -41,6 +46,7 @@ let
   ldap = pkgs.callPackage ./ldap.nix {
     inherit (pkgs.webapps) phpldapadmin;
     env = config.myEnv.tools.phpldapadmin;
+    inherit config;
   };
   grocy = pkgs.callPackage ./grocy.nix {
     grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
@@ -56,6 +62,7 @@ let
   };
   dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
     env = config.myEnv.tools.dmarc_reports;
+    inherit config;
   };
   csp-reports = pkgs.callPackage ./csp_reports.nix {
     env = config.myEnv.tools.csp_reports;
@@ -188,8 +195,8 @@ in {
             Require all granted
           </Directory>
 
-          Alias /webhooks ${config.secrets.location}/webapps/webhooks
-          <Directory "${config.secrets.location}/webapps/webhooks">
+          Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
+          <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
             Options -Indexes
             Require all granted
             AllowOverride None
@@ -271,7 +278,7 @@ in {
         description = "Standalone MPD Web GUI written in C";
         wantedBy = [ "multi-user.target" ];
         script = ''
-          export MPD_PASSWORD=$(cat /var/secrets/mpd)
+          export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
           ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
           '';
       };
@@ -293,7 +300,7 @@ in {
 
     services.filesWatcher.ympd = {
       restart = true;
-      paths = [ "/var/secrets/mpd" ];
+      paths = [ config.secrets.fullPaths."mpd" ];
     };
 
     services.phpfpm.pools = {
@@ -313,9 +320,9 @@ in {
           "php_value[session.name]" = "ToolsPHPSESSID";
           "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
             "/run/wrappers/bin/sendmail" landing "/tmp"
-            "${config.secrets.location}/webapps/webhooks"
+            config.secrets.fullPaths."webapps/webhooks"
           ];
-          "include" = "${config.secrets.location}/webapps/tools-csp-reports.conf";
+          "include" = config.secrets.fullPaths."webapps/tools-csp-reports.conf";
         };
         phpEnv = {
           CONTACT_EMAIL = config.myEnv.tools.contact;
@@ -438,11 +445,11 @@ in {
     };
 
     services.websites.env.tools.watchPaths = [
-      "/var/secrets/webapps/tools-shaarli"
+      config.secrets.fullPaths."webapps/tools-shaarli"
     ];
     services.filesWatcher.phpfpm-wallabag = {
       restart = true;
-      paths = [ "/var/secrets/webapps/tools-wallabag" ];
+      paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
     };
 
   };