Move etherpad-lite module outside of nixops

[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / ether.nix

diff --git a/nixops/modules/websites/tools/ether.nix b/nixops/modules/websites/tools/ether.nix
index 80472f0d1431c27ac1bab570263a5a9d40f303a3..3efa363a969a61610903d98953019fc93cbd747d 100644 (file)
--- a/nixops/modules/websites/tools/ether.nix
+++ b/nixops/modules/websites/tools/ether.nix
@@ -1,9 +1,6 @@
 { lib, pkgs, config, myconfig, mylibs, ... }:
 let
-  etherpad = pkgs.webapps.etherpad-lite.withModules
-    (builtins.attrValues pkgs.webapps.etherpad-lite-modules);
   env = myconfig.env.tools.etherpad-lite;
-  varDir = etherpad.varDir;
   cfg = config.services.myWebsites.tools.etherpad-lite;
   # Make sure we’re not rebuilding whole libreoffice just because of a
   # dependency
@@ -125,48 +122,16 @@ in {
         '';
       }
     ];
-    systemd.services.etherpad-lite = {
-      description = "Etherpad-lite";
-      wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" "postgresql.service" ];
-      wants = [ "postgresql.service" ];
-
-      environment.NODE_ENV = "production";
-      environment.HOME = etherpad;
-
-      path = [ pkgs.nodejs ];
-
-      script = ''
-        exec ${pkgs.nodejs}/bin/node ${etherpad}/src/node/server.js \
-          --sessionkey /var/secrets/webapps/tools-etherpad-sessionkey \
-          --apikey /var/secrets/webapps/tools-etherpad-apikey \
-          --settings /var/secrets/webapps/tools-etherpad
-      '';
-
-      serviceConfig = {
-        DynamicUser = true;
-        User = "etherpad-lite";
-        Group = "etherpad-lite";
-        SupplementaryGroups = "keys";
-        WorkingDirectory = etherpad;
-        PrivateTmp = true;
-        NoNewPrivileges = true;
-        PrivateDevices = true;
-        ProtectHome = true;
-        ProtectControlGroups = true;
-        ProtectKernelModules = true;
-        Restart = "always";
-        Type = "simple";
-        TimeoutSec = 60;
-        # Use ReadWritePaths= instead if varDir is outside of /var/lib
-        StateDirectory="etherpad-lite";
-        ExecStartPre = [
-          "+${pkgs.coreutils}/bin/install -d -m 0755 -o etherpad-lite -g etherpad-lite ${varDir}/ep_initialized"
-          "+${pkgs.coreutils}/bin/chown -R etherpad-lite:etherpad-lite ${varDir} /var/secrets/webapps/tools-etherpad /var/secrets/webapps/tools-etherpad-sessionkey /var/secrets/webapps/tools-etherpad-apikey"
-        ];
-      };
+    services.etherpad-lite = {
+      enable = true;
+      modules = builtins.attrValues pkgs.webapps.etherpad-lite-modules;
+      sessionKeyFile = "/var/secrets/webapps/tools-etherpad-sessionkey";
+      apiKeyFile = "/var/secrets/webapps/tools-etherpad-apikey";
+      configFile = "/var/secrets/webapps/tools-etherpad";
     };
 
+    systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
+
     services.myWebsites.tools.modules = [
       "headers" "proxy" "proxy_http" "proxy_wstunnel"
     ];