From 0962f4e8bdfc1ede00c4d8de7e9a1a383283f47a Mon Sep 17 00:00:00 2001
From: =?utf8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Mon, 15 Apr 2019 12:29:50 +0200
Subject: [PATCH] Improve shaarli keys handling

Related issue: https://git.immae.eu/mantisbt/view.php?id=122
---
 nixops/modules/websites/tools/tools/default.nix |  4 ----
 nixops/modules/websites/tools/tools/shaarli.nix | 15 +++++++--------
 2 files changed, 7 insertions(+), 12 deletions(-)

diff --git a/nixops/modules/websites/tools/tools/default.nix b/nixops/modules/websites/tools/tools/default.nix
index 31ed035..f51510f 100644
--- a/nixops/modules/websites/tools/tools/default.nix
+++ b/nixops/modules/websites/tools/tools/default.nix
@@ -138,10 +138,6 @@ in {
       ];
     };
 
-    services.myPhpfpm.envFile = {
-      shaarli = shaarli.phpFpm.envFile;
-    };
-
     services.myPhpfpm.serviceDependencies = {
       dokuwiki = dokuwiki.phpFpm.serviceDeps;
       kanboard = kanboard.phpFpm.serviceDeps;
diff --git a/nixops/modules/websites/tools/tools/shaarli.nix b/nixops/modules/websites/tools/tools/shaarli.nix
index 157c4de..5435181 100644
--- a/nixops/modules/websites/tools/tools/shaarli.nix
+++ b/nixops/modules/websites/tools/tools/shaarli.nix
@@ -49,6 +49,7 @@ in rec {
     vhostConf = ''
       Alias /Shaarli "${root}"
 
+      Include /run/keys/webapps/tools-shaarli
       <Directory "${root}">
         DirectoryIndex index.php index.htm index.html
         Options Indexes FollowSymLinks MultiViews Includes
@@ -66,16 +67,15 @@ in rec {
     group = apache.group;
     permissions = "0700";
     text = ''
-      SHAARLI_LDAP_PASSWORD="${env.ldap.password}"
-      SHAARLI_LDAP_DN="${env.ldap.dn}"
-      SHAARLI_LDAP_HOST="ldaps://${env.ldap.host}"
-      SHAARLI_LDAP_BASE="${env.ldap.base}"
-      SHAARLI_LDAP_FILTER="${env.ldap.search}"
+      SetEnv SHAARLI_LDAP_PASSWORD "${env.ldap.password}"
+      SetEnv SHAARLI_LDAP_DN       "${env.ldap.dn}"
+      SetEnv SHAARLI_LDAP_HOST     "ldaps://${env.ldap.host}"
+      SetEnv SHAARLI_LDAP_BASE     "${env.ldap.base}"
+      SetEnv SHAARLI_LDAP_FILTER   "${env.ldap.search}"
       '';
   };
   phpFpm = rec {
-    serviceDeps = [ "openldap.service" "tools-shaarli-key.service" ];
-    envFile = "/run/keys/webapps/tools-shaarli";
+    serviceDeps = [ "openldap.service" ];
     basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
     socket = "/var/run/phpfpm/shaarli.sock";
     pool = ''
@@ -87,7 +87,6 @@ in rec {
         pm = ondemand
         pm.max_children = 60
         pm.process_idle_timeout = 60
-        clear_env = no
 
         ; Needed to avoid clashes in browser cookies (same domain)
         php_value[session.name] = ShaarliPHPSESSID
-- 
2.41.0