Cleanup etherpad-lite module

[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / peertube / default.nix

diff --git a/nixops/modules/websites/tools/peertube/default.nix b/nixops/modules/websites/tools/peertube/default.nix
index 38c2608e55c1f484dbea9eb402adec3dc33d675b..1ad79d7acd2c19a42300a1e39da0d28fa95f8be3 100644 (file)
--- a/nixops/modules/websites/tools/peertube/default.nix
+++ b/nixops/modules/websites/tools/peertube/default.nix
@@ -20,8 +20,9 @@ in {
       uid = config.ids.uids.peertube;
       group = "peertube";
       description = "Peertube user";
-      home = peertube.webappDir;
+      home = peertube.varDir;
       useDefaultShell = true;
+      extraGroups = [ "keys" ];
     };
 
     users.groups.peertube.gid = config.ids.gids.peertube;
@@ -57,12 +58,20 @@ in {
       unitConfig.RequiresMountsFor = peertube.varDir;
     };
 
+    mySecrets.keys = [{
+      dest = "webapps/tools-peertube";
+      user = "peertube";
+      group = "peertube";
+      permissions = "0640";
+      text = peertube.config;
+    }];
+
     system.activationScripts.peertube = {
       deps = [ "users" ];
       text = ''
-        install -m 0755 -o peertube -g peertube -d ${peertube.varDir}
-        install -m 0755 -o peertube -g peertube -d ${peertube.varDir}/config
-        install -m 0644 -o peertube -g peertube -T ${peertube.config} ${peertube.varDir}/config/production.yaml
+        install -m 0750 -o peertube -g peertube -d ${peertube.varDir}
+        install -m 0750 -o peertube -g peertube -d ${peertube.varDir}/config
+        ln -sf /var/secrets/webapps/tools-peertube ${peertube.varDir}/config/production.yaml
         '';
     };