Move diaspora and mantisbt passwords to a secure location

[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / diaspora / default.nix

diff --git a/nixops/modules/websites/tools/diaspora/default.nix b/nixops/modules/websites/tools/diaspora/default.nix
index 7a2af975e2179d5659ce437b079da8cf0ebf2696..5d36ce7490a3891d9d35efac444481e8954e7da1 100644 (file)
--- a/nixops/modules/websites/tools/diaspora/default.nix
+++ b/nixops/modules/websites/tools/diaspora/default.nix
@@ -1,6 +1,6 @@
-{ lib, pkgs, pkgsPrevious, config, myconfig, mylibs, ... }:
+{ lib, pkgs, config, myconfig, mylibs, ... }:
 let
-  diaspora = pkgsPrevious.callPackage ./diaspora.nix {
+  diaspora = pkgs.callPackage ./diaspora.nix {
     inherit (mylibs) fetchedGithub;
     env = myconfig.env.tools.diaspora;
   };
@@ -24,15 +24,27 @@ in {
       home = diaspora.varDir;
       useDefaultShell = true;
       packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ];
+      extraGroups = [ "keys" ];
     };
 
     users.groups.diaspora.gid = config.ids.gids.diaspora;
 
+    deployment.keys = diaspora.keys;
     systemd.services.diaspora = {
       description = "Diaspora";
       wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" "redis.service" "postgresql.service" ];
-      wants = [ "redis.service" "postgresql.service" ];
+      after = [
+        "network.target" "redis.service" "postgresql.service"
+        "tools-diaspora-secret_token.service"
+        "tools-diaspora-config.service"
+        "tools-diaspora-database_config.service"
+      ];
+      wants = [
+        "redis.service" "postgresql.service"
+        "tools-diaspora-secret_token.service"
+        "tools-diaspora-config.service"
+        "tools-diaspora-database_config.service"
+      ];
 
       environment.RAILS_ENV = "production";
       environment.BUNDLE_PATH = "${diaspora.gems}/${diaspora.gems.ruby.gemPath}";