X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Ftools%2Fether.nix;h=3efa363a969a61610903d98953019fc93cbd747d;hp=80472f0d1431c27ac1bab570263a5a9d40f303a3;hb=742c28ad92467859fb7f54c4b8b4d09d9864a75e;hpb=7009832ab635a664e26c73cdc0ca0f8689a57774 diff --git a/nixops/modules/websites/tools/ether.nix b/nixops/modules/websites/tools/ether.nix index 80472f0..3efa363 100644 --- a/nixops/modules/websites/tools/ether.nix +++ b/nixops/modules/websites/tools/ether.nix @@ -1,9 +1,6 @@ { lib, pkgs, config, myconfig, mylibs, ... }: let - etherpad = pkgs.webapps.etherpad-lite.withModules - (builtins.attrValues pkgs.webapps.etherpad-lite-modules); env = myconfig.env.tools.etherpad-lite; - varDir = etherpad.varDir; cfg = config.services.myWebsites.tools.etherpad-lite; # Make sure we’re not rebuilding whole libreoffice just because of a # dependency @@ -125,48 +122,16 @@ in { ''; } ]; - systemd.services.etherpad-lite = { - description = "Etherpad-lite"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "postgresql.service" ]; - wants = [ "postgresql.service" ]; - - environment.NODE_ENV = "production"; - environment.HOME = etherpad; - - path = [ pkgs.nodejs ]; - - script = '' - exec ${pkgs.nodejs}/bin/node ${etherpad}/src/node/server.js \ - --sessionkey /var/secrets/webapps/tools-etherpad-sessionkey \ - --apikey /var/secrets/webapps/tools-etherpad-apikey \ - --settings /var/secrets/webapps/tools-etherpad - ''; - - serviceConfig = { - DynamicUser = true; - User = "etherpad-lite"; - Group = "etherpad-lite"; - SupplementaryGroups = "keys"; - WorkingDirectory = etherpad; - PrivateTmp = true; - NoNewPrivileges = true; - PrivateDevices = true; - ProtectHome = true; - ProtectControlGroups = true; - ProtectKernelModules = true; - Restart = "always"; - Type = "simple"; - TimeoutSec = 60; - # Use ReadWritePaths= instead if varDir is outside of /var/lib - StateDirectory="etherpad-lite"; - ExecStartPre = [ - "+${pkgs.coreutils}/bin/install -d -m 0755 -o etherpad-lite -g etherpad-lite ${varDir}/ep_initialized" - "+${pkgs.coreutils}/bin/chown -R etherpad-lite:etherpad-lite ${varDir} /var/secrets/webapps/tools-etherpad /var/secrets/webapps/tools-etherpad-sessionkey /var/secrets/webapps/tools-etherpad-apikey" - ]; - }; + services.etherpad-lite = { + enable = true; + modules = builtins.attrValues pkgs.webapps.etherpad-lite-modules; + sessionKeyFile = "/var/secrets/webapps/tools-etherpad-sessionkey"; + apiKeyFile = "/var/secrets/webapps/tools-etherpad-apikey"; + configFile = "/var/secrets/webapps/tools-etherpad"; }; + systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys"; + services.myWebsites.tools.modules = [ "headers" "proxy" "proxy_http" "proxy_wstunnel" ];