From: Ismaƫl Bouya Date: Sat, 20 Apr 2019 17:49:33 +0000 (+0200) Subject: Move taskwarrior keys to secure location X-Git-Tag: nur_publish~124 X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=commitdiff_plain;h=cd85801d01ddadbe00f26f4f257621ee1cd81e4b Move taskwarrior keys to secure location Related issue: https://git.immae.eu/mantisbt/view.php?id=122 --- diff --git a/nixops/modules/task/default.nix b/nixops/modules/task/default.nix index cda2302..2001eaa 100644 --- a/nixops/modules/task/default.nix +++ b/nixops/modules/task/default.nix @@ -87,6 +87,21 @@ in { }; config = lib.mkIf cfg.enable { + deployment.keys.tools-taskwarrior-web = { + destDir = "/run/keys/webapps"; + user = "wwwrun"; + group = "wwwrun"; + permissions = "0400"; + text = '' + SetEnv TASKD_HOST "${fqdn}:${toString config.services.taskserver.listenPort}" + SetEnv TASKD_VARDIR "${vardir}" + SetEnv TASKD_LDAP_HOST "ldaps://${env.ldap.host}" + SetEnv TASKD_LDAP_DN "${env.ldap.dn}" + SetEnv TASKD_LDAP_PASSWORD "${env.ldap.password}" + SetEnv TASKD_LDAP_BASE "${env.ldap.base}" + SetEnv TASKD_LDAP_FILTER "${env.ldap.search}" + ''; + }; security.acme.certs."eldiron".extraDomains.${fqdn} = null; services.myWebsites.tools.modules = [ "proxy_fcgi" "sed" ]; services.myWebsites.tools.vhostConfs.task = { @@ -101,13 +116,7 @@ in { SetHandler "proxy:unix:/var/run/phpfpm/task.sock|fcgi://localhost" - SetEnv TASKD_HOST "${fqdn}:${toString config.services.taskserver.listenPort}" - SetEnv TASKD_VARDIR "${vardir}" - SetEnv TASKD_LDAP_HOST "ldaps://${env.ldap.host}" - SetEnv TASKD_LDAP_DN "${env.ldap.dn}" - SetEnv TASKD_LDAP_PASSWORD "${env.ldap.password}" - SetEnv TASKD_LDAP_BASE "${env.ldap.base}" - SetEnv TASKD_LDAP_FILTER "${env.ldap.search}" + Include /run/keys/webapps/tools-taskwarrior-web '' ''