Remove mastodon build dependency on environment variables

[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / mastodon / mastodon.nix

diff --git a/nixops/modules/websites/tools/mastodon/mastodon.nix b/nixops/modules/websites/tools/mastodon/mastodon.nix
index 944b2dbaa9599b0d0cec0f6f09c8ef821e41d4f5..67d4d48b01230351ce5b21f599b4f5c0789b44dc 100644 (file)
--- a/nixops/modules/websites/tools/mastodon/mastodon.nix
+++ b/nixops/modules/websites/tools/mastodon/mastodon.nix
@@ -44,6 +44,9 @@ let
         yarnLock = "${info.src}/yarn.lock";
         yarnNix = ./yarn-packages.nix;
         pkgConfig = {
+          all = {
+            buildInputs = [ yarn2nixPackage.src ];
+          };
           uws = {
             postInstall = ''
               npx node-gyp rebuild > build_log.txt 2>&1 || true
@@ -58,8 +61,8 @@ let
     '';
     buildInputs = [ yarnModules ];
   });
-  keys.tools-mastodon = {
-    destDir = "/run/keys/webapps";
+  keys.mastodon = {
+    dest = "webapps/tools-mastodon";
     user = "mastodon";
     group = "mastodon";
     permissions = "0400";
@@ -106,14 +109,14 @@ let
     '';
   };
 
-    # FIXME: build machine will contain some passwords in the nix store
     railsRoot = stdenv.mkDerivation {
       name = "mastodon_immae";
       inherit mastodon;
       builder = writeText "build_mastodon_immae" ''
         source $stdenv/setup
         set -a
-        ${keys.tools-mastodon.text}
+        SECRET_KEY_BASE=Dummy
+        OTP_SECRET=Dummy
         set +a
         cp -a $mastodon $out
         cd $out
@@ -128,7 +131,8 @@ let
     };
 in
   {
-    inherit railsRoot keys varDir socketsDir gems;
+    inherit railsRoot varDir socketsDir gems;
+    keys = builtins.attrValues keys;
     nodeSocket = "${socketsDir}/live_immae_node.sock";
     railsSocket = "${socketsDir}/live_immae_puma.sock";
   }