]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - nixops/modules/websites/aten/aten.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add yarn2nix as dependency where needed to avoid garbage collection
[perso/Immae/Config/Nix.git] / nixops / modules / websites / aten / aten.nix
diff --git a/nixops/modules/websites/aten/aten.nix b/nixops/modules/websites/aten/aten.nix
index ac102c9d5d26e59b7bf7f7c6f7628d8a88319d04..c35af6f098ee3dc1ea936ee397c7f8549486a1ee 100644 (file)
--- a/nixops/modules/websites/aten/aten.nix
+++ b/nixops/modules/websites/aten/aten.nix
@@ -4,7 +4,19 @@ let
     environment = config.environment;
     varDir = "/var/lib/aten_${environment}";
     phpFpm = rec {
-      serviceDeps = [ "postgresql.service" "${environment}-aten-key.service" ];
+      preStart = ''
+        if [ ! -f "${varDir}/currentWebappDir" -o \
+            ! -f "${varDir}/currentKey" -o \
+            "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] \
+            || ! sha512sum -c --status ${varDir}/currentKey; then
+          pushd ${webappDir} > /dev/null
+          /run/wrappers/bin/sudo -u wwwrun APP_ENV=${environment} ./bin/console --env=${environment} cache:clear --no-warmup
+          popd > /dev/null
+          echo -n "${webappDir}" > ${varDir}/currentWebappDir
+          sha512sum /var/secrets/webapps/${environment}-aten > ${varDir}/currentKey
+        fi
+        '';
+      serviceDeps = [ "postgresql.service" ];
       socket = "/var/run/phpfpm/aten-${environment}.sock";
       pool = ''
         listen = ${socket}
@@ -30,17 +42,17 @@ let
         pm.max_spare_servers = 3
         ''}'';
     };
-    keys."${environment}-aten" = {
-      destDir = "/run/keys/webapps";
+    keys = [{
+      dest = "webapps/${environment}-aten";
       user = apache.user;
       group = apache.group;
-      permissions = "0700";
+      permissions = "0400";
       text = ''
         SetEnv APP_ENV      "${environment}"
         SetEnv APP_SECRET   "${config.secret}"
         SetEnv DATABASE_URL "${config.psql_url}"
         '';
-    };
+    }];
     apache = rec {
       user = "wwwrun";
       group = "wwwrun";
@@ -52,7 +64,7 @@ let
         SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
       </FilesMatch>
 
-      Include /run/keys/webapps/${environment}-aten
+      Include /var/secrets/webapps/${environment}-aten
 
       ${if environment == "dev" then ''
       <Location />
@@ -90,13 +102,6 @@ let
       text = ''
       install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
       install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
-      if [ ! -f "${varDir}/currentWebappDir" -o \
-          "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then
-        pushd ${webappDir} > /dev/null
-        $wrapperDir/sudo -u wwwrun APP_ENV=${environment} ./bin/console --env=${environment} cache:clear --no-warmup
-        popd > /dev/null
-        echo -n "${webappDir}" > ${varDir}/currentWebappDir
-      fi
       '';
     };
     yarnModules = let
@@ -112,6 +117,9 @@ let
           packageJSON = packagejson;
           yarnLock = "${info.src}/yarn.lock";
           pkgConfig = {
+            all = {
+              buildInputs = [ yarn2nixPackage.src ];
+            };
             node-sass = {
               buildInputs = [ libsass python ];
               postInstall = let
My infrastructure configuration