Add surveillance for papa

[perso/Immae/Config/Nix.git] / nixops / modules / websites / default.nix

diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix
index f820c83ceb04c5a301ae7fd0522d6a13d998309e..6a0a19fe32f8ebcacee0032b9ead1c0442c00ad2 100644 (file)
--- a/nixops/modules/websites/default.nix
+++ b/nixops/modules/websites/default.nix
@@ -8,7 +8,7 @@ let
       enableSSL = true;
       sslServerCert = "/var/lib/acme/${vhostConf.certName}/cert.pem";
       sslServerKey = "/var/lib/acme/${vhostConf.certName}/key.pem";
-      sslServerChain = "/var/lib/acme/${vhostConf.certName}/fullchain.pem";
+      sslServerChain = "/var/lib/acme/${vhostConf.certName}/chain.pem";
       logFormat = "combinedVhost";
       listen = map (ip: { inherit ip; port = 443; }) cfg.ips;
       hostName = builtins.head vhostConf.hosts;
@@ -117,6 +117,7 @@ in
     ./ftp/florian.nix
     ./ftp/denisejerome.nix
     ./ftp/leila.nix
+    ./ftp/papa.nix
     ./ftp/immae.nix
     ./ftp/release.nix
     ./ftp/temp.nix
@@ -214,6 +215,7 @@ in
     services.myWebsites.Nassime.production.enable = cfg.production.enable;
     services.myWebsites.Florian.production.enable = cfg.production.enable;
     services.myWebsites.Leila.production.enable = cfg.production.enable;
+    services.myWebsites.Papa.production.enable = cfg.production.enable;
     services.myWebsites.DeniseJerome.production.enable = cfg.production.enable;
     services.myWebsites.Emilia.production.enable = cfg.production.enable;
     services.myWebsites.Capitaines.production.enable = cfg.production.enable;
@@ -229,10 +231,11 @@ in
     services.myWebsites.TellesFlorian.integration.enable = true;
     services.myWebsites.Florian.integration.enable = true;
 
-    deployment.keys.apache-ldap = {
+    mySecrets.keys = [{
+      dest = "apache-ldap";
       user = "wwwrun";
       group = "wwwrun";
-      permissions = "0700";
+      permissions = "0400";
       text = ''
         <Macro LDAPConnect>
           <IfModule authnz_ldap_module>
@@ -245,7 +248,7 @@ in
           </IfModule>
         </Macro>
         '';
-    };
+    }];
 
     services.myWebsites.apacheConfig = {
       gzip = {
@@ -284,7 +287,7 @@ in
             LDAPOpCacheTTL 600
           </IfModule>
 
-          Include /run/keys/apache-ldap
+          Include /var/secrets/apache-ldap
         '';
       };
       global = {
@@ -406,8 +409,10 @@ in
         install -d -m 0755 /var/lib/acme/acme-challenge
         install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions
         install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/adminer
+        install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/tmp/adminer
         install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/mantisbt
         install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/davical
+        install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/phpldapadmin
         '';
     };