{ lib, pkgs, config, myconfig, mylibs, ... }:
let
etherpad = pkgs.callPackage ./etherpad_lite.nix {
- inherit (mylibs) fetchedGithub;
+ inherit (pkgs.webapps) etherpad-lite etherpad-lite-modules;
env = myconfig.env.tools.etherpad-lite;
};
+ varDir = etherpad.webappDir.varDir;
cfg = config.services.myWebsites.tools.etherpad-lite;
in {
options.services.myWebsites.tools.etherpad-lite = {
};
config = lib.mkIf cfg.enable {
- deployment.keys = etherpad.keys;
+ mySecrets.keys = etherpad.keys;
systemd.services.etherpad-lite = {
description = "Etherpad-lite";
wantedBy = [ "multi-user.target" ];
- after = [ "network.target" "postgresql.service" "tools-etherpad-key.service" ];
- wants = [ "postgresql.service" "tools-etherpad-key.service" ];
+ after = [ "network.target" "postgresql.service" ];
+ wants = [ "postgresql.service" ];
environment.NODE_ENV = "production";
environment.HOME = etherpad.webappDir;
script = ''
exec ${pkgs.nodejs}/bin/node ${etherpad.webappDir}/src/node/server.js \
- --settings /run/keys/webapps/tools-etherpad
+ --sessionkey /var/secrets/webapps/tools-etherpad-sessionkey \
+ --apikey /var/secrets/webapps/tools-etherpad-apikey \
+ --settings /var/secrets/webapps/tools-etherpad
'';
serviceConfig = {
Restart = "always";
Type = "simple";
TimeoutSec = 60;
- ExecStartPre = "+${pkgs.coreutils}/bin/chown etherpad-lite:etherpad-lite /run/keys/webapps/tools-etherpad";
+ # Use ReadWritePaths= instead if varDir is outside of /var/lib
+ StateDirectory="etherpad-lite";
+ ExecStartPre = [
+ "+${pkgs.coreutils}/bin/install -d -m 0755 -o etherpad-lite -g etherpad-lite ${varDir}/ep_initialized"
+ "+${pkgs.coreutils}/bin/chown -R etherpad-lite:etherpad-lite ${varDir} /var/secrets/webapps/tools-etherpad /var/secrets/webapps/tools-etherpad-sessionkey /var/secrets/webapps/tools-etherpad-apikey"
+ ];
};
};
projects / perso / Immae / Config / Nix.git / blobdiff