Use attrs for secrets instead of lists

[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / dmarc_reports.nix

diff --git a/modules/private/websites/tools/tools/dmarc_reports.nix b/modules/private/websites/tools/tools/dmarc_reports.nix
index 2e445264e39366183a185cbdaaf51ea1f137e3fc..89da246167944a5cc842380bbc8935fdbdac7e33 100644 (file)
--- a/modules/private/websites/tools/tools/dmarc_reports.nix
+++ b/modules/private/websites/tools/tools/dmarc_reports.nix
@@ -1,7 +1,6 @@
-{ env }:
+{ env, config }:
 rec {
-  keys = [{
-    dest = "webapps/tools-dmarc-reports.php";
+  keys."webapps/tools-dmarc-reports.php" = {
     user = "wwwrun";
     group = "wwwrun";
     permissions = "0400";
@@ -12,9 +11,10 @@ rec {
       $dbuser = "${env.mysql.user}";
       $dbpass = "${env.mysql.password}";
       $dbport = "${env.mysql.port}";
+      $anonymous_key = "${env.anonymous_key}";
       ?>
     '';
-  }];
+  };
   webRoot = ./dmarc_reports;
   apache = rec {
     user = "wwwrun";
@@ -32,13 +32,17 @@ rec {
 
         AllowOverride None
         Options +FollowSymlinks
+
+        SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
+        Use LDAPConnect
         Require all granted
+        Require ldap-attribute uid=immae
       </Directory>
       '';
   };
   phpFpm = rec {
     basedir = builtins.concatStringsSep ":"
-      [ webRoot "/var/secrets/webapps/tools-dmarc-reports.php" ];
+      [ webRoot config.secrets.fullPaths."webapps/tools-dmarc-reports.php" ];
     pool = {
       "listen.owner" = apache.user;
       "listen.group" = apache.group;
@@ -50,7 +54,7 @@ rec {
       "php_admin_value[open_basedir]" = "${basedir}:/tmp";
     };
     phpEnv = {
-      SECRETS_FILE = "/var/secrets/webapps/tools-dmarc-reports.php";
+      SECRETS_FILE = config.secrets.fullPaths."webapps/tools-dmarc-reports.php";
     };
   };
 }