X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Ftools%2Fether%2Fdefault.nix;h=6d845ac464275c80b10b3183d3b8f947372e0117;hp=c4a9932556bbc3b51c19682d0e237e0a1d038ed8;hb=51900e3488284b0711083819a5ecb1b0f280a913;hpb=3b45d5f2afc3a48809d0353a3133025525247331

diff --git a/nixops/modules/websites/tools/ether/default.nix b/nixops/modules/websites/tools/ether/default.nix
index c4a9932..6d845ac 100644
--- a/nixops/modules/websites/tools/ether/default.nix
+++ b/nixops/modules/websites/tools/ether/default.nix
@@ -12,11 +12,12 @@ in {
   };
 
   config = lib.mkIf cfg.enable {
+    deployment.keys = etherpad.keys;
     systemd.services.etherpad-lite = {
       description = "Etherpad-lite";
       wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" "postgresql.service" ];
-      wants = [ "postgresql.service" ];
+      after = [ "network.target" "postgresql.service" "tools-etherpad-key.service" ];
+      wants = [ "postgresql.service" "tools-etherpad-key.service" ];
 
       environment.NODE_ENV = "production";
       environment.HOME = etherpad.webappDir;
@@ -25,13 +26,14 @@ in {
 
       script = ''
         exec ${pkgs.nodejs}/bin/node ${etherpad.webappDir}/src/node/server.js \
-          --settings ${etherpad.config}
+          --settings /run/keys/webapps/tools-etherpad
       '';
 
       serviceConfig = {
         DynamicUser = true;
         User = "etherpad-lite";
         Group = "etherpad-lite";
+        SupplementaryGroups = "keys";
         WorkingDirectory = etherpad.webappDir;
         PrivateTmp = true;
         NoNewPrivileges = true;
@@ -42,6 +44,7 @@ in {
         Restart = "always";
         Type = "simple";
         TimeoutSec = 60;
+        ExecStartPre = "+${pkgs.coreutils}/bin/chown etherpad-lite:etherpad-lite /run/keys/webapps/tools-etherpad";
       };
     };