Make etherpad derivation pure

[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / ether / default.nix

diff --git a/nixops/modules/websites/tools/ether/default.nix b/nixops/modules/websites/tools/ether/default.nix
index 09e5c9daffdf08b0cd1272e65de8b641158f0a04..c4685a443b7db8102388ffc74ce989164e072220 100644 (file)
--- a/nixops/modules/websites/tools/ether/default.nix
+++ b/nixops/modules/websites/tools/ether/default.nix
@@ -5,6 +5,7 @@ let
     env = myconfig.env.tools.etherpad-lite;
   };
 
+  varDir = etherpad.webappDir.varDir;
   cfg = config.services.myWebsites.tools.etherpad-lite;
 in {
   options.services.myWebsites.tools.etherpad-lite = {
@@ -26,6 +27,8 @@ in {
 
       script = ''
         exec ${pkgs.nodejs}/bin/node ${etherpad.webappDir}/src/node/server.js \
+          --sessionkey /var/secrets/webapps/tools-etherpad-sessionkey \
+          --apikey /var/secrets/webapps/tools-etherpad-apikey \
           --settings /var/secrets/webapps/tools-etherpad
       '';
 
@@ -44,7 +47,12 @@ in {
         Restart = "always";
         Type = "simple";
         TimeoutSec = 60;
-        ExecStartPre = "+${pkgs.coreutils}/bin/chown -R etherpad-lite:etherpad-lite /var/secrets/webapps/tools-etherpad /var/secrets/webapps/tools-etherpad-sessionkey /var/secrets/webapps/tools-etherpad-apikey";
+        # Use ReadWritePaths= instead if varDir is outside of /var/lib
+        StateDirectory="etherpad-lite";
+        ExecStartPre = [
+          "+${pkgs.coreutils}/bin/install -d -m 0755 -o etherpad-lite -g etherpad-lite ${varDir}/ep_initialized"
+          "+${pkgs.coreutils}/bin/chown -R etherpad-lite:etherpad-lite ${varDir} /var/secrets/webapps/tools-etherpad /var/secrets/webapps/tools-etherpad-sessionkey /var/secrets/webapps/tools-etherpad-apikey"
+        ];
       };
     };