]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - nixops/modules/websites/tools/tools/roundcubemail.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix secret permissions
[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / tools / roundcubemail.nix
diff --git a/nixops/modules/websites/tools/tools/roundcubemail.nix b/nixops/modules/websites/tools/tools/roundcubemail.nix
index 1e1f95bb8c31b0d368bd63cd10af4d444b07189a..5fc34126e9fb4606aa19b6aa89e65d3ce6220f60 100644 (file)
--- a/nixops/modules/websites/tools/tools/roundcubemail.nix
+++ b/nixops/modules/websites/tools/tools/roundcubemail.nix
@@ -78,59 +78,65 @@ let
         install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
       '';
     };
-    config = writeText "config.php" ''
-      <?php
-        $config['db_dsnw'] = '${env.psql_url}';
-        $config['default_host'] = 'ssl://mail.immae.eu';
-        $config['imap_conn_options'] = array("ssl" => array("verify_peer" => false));
-        $config['smtp_server'] = 'tls://mail.immae.eu';
-        $config['smtp_port'] = '25';
-        $config['managesieve_host'] = 'mail.immae.eu';
-        $config['managesieve_port'] = '4190';
-        $config['managesieve_usetls'] = true;
-        $config['managesieve_conn_options'] = array("ssl" => array("verify_peer" => false));
+    keys.tools-roundcube = {
+      destDir = "/run/keys/webapps";
+      user = apache.user;
+      group = apache.group;
+      permissions = "0400";
+      text = ''
+        <?php
+          $config['db_dsnw'] = '${env.psql_url}';
+          $config['default_host'] = 'ssl://mail.immae.eu';
+          $config['imap_conn_options'] = array("ssl" => array("verify_peer" => false));
+          $config['smtp_server'] = 'tls://mail.immae.eu';
+          $config['smtp_port'] = '25';
+          $config['managesieve_host'] = 'mail.immae.eu';
+          $config['managesieve_port'] = '4190';
+          $config['managesieve_usetls'] = true;
+          $config['managesieve_conn_options'] = array("ssl" => array("verify_peer" => false));
 
-        $config['imap_cache'] = 'db';
-        $config['messages_cache'] = 'db';
+          $config['imap_cache'] = 'db';
+          $config['messages_cache'] = 'db';
 
-        $config['support_url'] = ''';
+          $config['support_url'] = ''';
 
-        $config['des_key'] = '${env.secret}';
+          $config['des_key'] = '${env.secret}';
 
-        $config['skin'] = 'elastic';
-        $config['plugins'] = array(
-          'attachment_reminder',
-          'emoticons',
-          'filesystem_attachments',
-          'hide_blockquote',
-          'identicon',
-          'identity_select',
-          'jqueryui',
-          'managesieve',
-          'newmail_notifier',
-          'vcard_attachments',
-          'zipdownload',
+          $config['skin'] = 'elastic';
+          $config['plugins'] = array(
+            'attachment_reminder',
+            'emoticons',
+            'filesystem_attachments',
+            'hide_blockquote',
+            'identicon',
+            'identity_select',
+            'jqueryui',
+            'managesieve',
+            'newmail_notifier',
+            'vcard_attachments',
+            'zipdownload',
 
-          'automatic_addressbook',
-          'message_highlight',
-          'carddav',
-          // Ne marche pas ?: 'ident_switch',
-          // Ne marche pas ?: 'thunderbird_labels',
-        );
+            'automatic_addressbook',
+            'message_highlight',
+            'carddav',
+            // Ne marche pas ?: 'ident_switch',
+            // Ne marche pas ?: 'thunderbird_labels',
+          );
 
-        $config['language'] = 'fr_FR';
+          $config['language'] = 'fr_FR';
 
-        $config['drafts_mbox'] = 'Mail/Drafts';
-        $config['junk_mbox'] = 'Mail/Spam';
-        $config['sent_mbox'] = 'Mail/sent';
-        $config['trash_mbox'] = ''';
-        $config['default_folders'] = array('INBOX', 'Mail/Drafts', 'Mail/sent', 'Mail/Spam', ''');
-        $config['draft_autosave'] = 60;
-        $config['enable_installer'] = false;
-        $config['log_driver'] = 'file';
-        $config['temp_dir'] = '${varDir}/cache';
-        $config['mime_types'] = '${apacheHttpd}/conf/mime.types';
+          $config['drafts_mbox'] = 'Mail/Drafts';
+          $config['junk_mbox'] = 'Mail/Spam';
+          $config['sent_mbox'] = 'Mail/sent';
+          $config['trash_mbox'] = ''';
+          $config['default_folders'] = array('INBOX', 'Mail/Drafts', 'Mail/sent', 'Mail/Spam', ''');
+          $config['draft_autosave'] = 60;
+          $config['enable_installer'] = false;
+          $config['log_driver'] = 'file';
+          $config['temp_dir'] = '${varDir}/cache';
+          $config['mime_types'] = '${apacheHttpd}/conf/mime.types';
       '';
+    };
     webRoot = stdenv.mkDerivation rec {
       version = "1.4-rc1";
       name = "roundcubemail-${version}";
@@ -148,7 +154,7 @@ let
       '';
       installPhase = ''
         cp -a . $out
-        ln -s ${config} $out/config/config.inc.php
+        ln -s /run/keys/webapps/tools-roundcube $out/config/config.inc.php
         ${builtins.concatStringsSep "\n" (
           lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/plugins/${name}") plugins
         )}
@@ -178,8 +184,9 @@ let
         '';
     };
     phpFpm = rec {
+      serviceDeps = [ "postgresql.service" "tools-roundcube-key.service" ];
       basedir = builtins.concatStringsSep ":" (
-        [ webRoot config varDir ]
+        [ webRoot "/run/keys/webapps/tools-roundcube" varDir ]
         ++ lib.attrsets.mapAttrsToList (name: value: value) plugins
         ++ lib.attrsets.mapAttrsToList (name: value: value) skins);
       phpConfig = ''
My infrastructure configuration