diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-25 02:18:32 +0200 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-25 02:18:32 +0200 |
| commit | ccdd91a78b1a6ae757db20d757ba8674dd25e0cc (patch) | |
| tree | ee420eec92991e6bcb53d18a8beeaa328c3041a2 | |
| parent | 7178c2b1009694c8a750dcd376a36c3d4bf90cf4 (diff) | |
| download | Nix-ccdd91a78b1a6ae757db20d757ba8674dd25e0cc.tar.gz Nix-ccdd91a78b1a6ae757db20d757ba8674dd25e0cc.tar.zst Nix-ccdd91a78b1a6ae757db20d757ba8674dd25e0cc.zip | |
Move diaspora to new secrets
| -rw-r--r-- | nixops/modules/websites/tools/diaspora/default.nix | 8 | ||||
| -rw-r--r-- | nixops/modules/websites/tools/diaspora/diaspora.nix | 65 |
2 files changed, 35 insertions, 38 deletions
diff --git a/nixops/modules/websites/tools/diaspora/default.nix b/nixops/modules/websites/tools/diaspora/default.nix index 5d36ce7..0a05daf 100644 --- a/nixops/modules/websites/tools/diaspora/default.nix +++ b/nixops/modules/websites/tools/diaspora/default.nix | |||
| @@ -29,21 +29,15 @@ in { | |||
| 29 | 29 | ||
| 30 | users.groups.diaspora.gid = config.ids.gids.diaspora; | 30 | users.groups.diaspora.gid = config.ids.gids.diaspora; |
| 31 | 31 | ||
| 32 | deployment.keys = diaspora.keys; | 32 | mySecrets.keys = diaspora.keys; |
| 33 | systemd.services.diaspora = { | 33 | systemd.services.diaspora = { |
| 34 | description = "Diaspora"; | 34 | description = "Diaspora"; |
| 35 | wantedBy = [ "multi-user.target" ]; | 35 | wantedBy = [ "multi-user.target" ]; |
| 36 | after = [ | 36 | after = [ |
| 37 | "network.target" "redis.service" "postgresql.service" | 37 | "network.target" "redis.service" "postgresql.service" |
| 38 | "tools-diaspora-secret_token.service" | ||
| 39 | "tools-diaspora-config.service" | ||
| 40 | "tools-diaspora-database_config.service" | ||
| 41 | ]; | 38 | ]; |
| 42 | wants = [ | 39 | wants = [ |
| 43 | "redis.service" "postgresql.service" | 40 | "redis.service" "postgresql.service" |
| 44 | "tools-diaspora-secret_token.service" | ||
| 45 | "tools-diaspora-config.service" | ||
| 46 | "tools-diaspora-database_config.service" | ||
| 47 | ]; | 41 | ]; |
| 48 | 42 | ||
| 49 | environment.RAILS_ENV = "production"; | 43 | environment.RAILS_ENV = "production"; |
diff --git a/nixops/modules/websites/tools/diaspora/diaspora.nix b/nixops/modules/websites/tools/diaspora/diaspora.nix index c7af9da..01aac89 100644 --- a/nixops/modules/websites/tools/diaspora/diaspora.nix +++ b/nixops/modules/websites/tools/diaspora/diaspora.nix | |||
| @@ -29,21 +29,22 @@ let | |||
| 29 | }; | 29 | }; |
| 30 | }; | 30 | }; |
| 31 | }; | 31 | }; |
| 32 | keys.tools-diaspora-secret_token = { | 32 | keys = { |
| 33 | destDir = "/run/keys/webapps"; | 33 | secret_token = { |
| 34 | user = "diaspora"; | 34 | dest = "webapps/tools-diaspora-secret_token"; |
| 35 | group = "diaspora"; | 35 | user = "diaspora"; |
| 36 | permissions = "0400"; | 36 | group = "diaspora"; |
| 37 | text = '' | 37 | permissions = "0400"; |
| 38 | Diaspora::Application.config.secret_key_base = '${env.secret_token}' | 38 | text = '' |
| 39 | ''; | 39 | Diaspora::Application.config.secret_key_base = '${env.secret_token}' |
| 40 | }; | 40 | ''; |
| 41 | keys.tools-diaspora-config = { | 41 | }; |
| 42 | destDir = "/run/keys/webapps"; | 42 | config = { |
| 43 | user = "diaspora"; | 43 | dest = "webapps/tools-diaspora-config"; |
| 44 | group = "diaspora"; | 44 | user = "diaspora"; |
| 45 | permissions = "0400"; | 45 | group = "diaspora"; |
| 46 | text = '' | 46 | permissions = "0400"; |
| 47 | text = '' | ||
| 47 | configuration: | 48 | configuration: |
| 48 | environment: | 49 | environment: |
| 49 | url: "https://diaspora.immae.eu/" | 50 | url: "https://diaspora.immae.eu/" |
| @@ -115,14 +116,14 @@ let | |||
| 115 | environment: | 116 | environment: |
| 116 | development: | 117 | development: |
| 117 | environment: | 118 | environment: |
| 118 | ''; | 119 | ''; |
| 119 | }; | 120 | }; |
| 120 | keys.tools-diaspora-database_config = { | 121 | database = { |
| 121 | destDir = "/run/keys/webapps"; | 122 | dest = "webapps/tools-diaspora-database_config"; |
| 122 | user = "diaspora"; | 123 | user = "diaspora"; |
| 123 | group = "diaspora"; | 124 | group = "diaspora"; |
| 124 | permissions = "0400"; | 125 | permissions = "0400"; |
| 125 | text = '' | 126 | text = '' |
| 126 | postgresql: &postgresql | 127 | postgresql: &postgresql |
| 127 | adapter: postgresql | 128 | adapter: postgresql |
| 128 | host: "${env.postgresql.socket}" | 129 | host: "${env.postgresql.socket}" |
| @@ -149,7 +150,8 @@ let | |||
| 149 | integration2: | 150 | integration2: |
| 150 | <<: *combined | 151 | <<: *combined |
| 151 | database: diaspora_integration2 | 152 | database: diaspora_integration2 |
| 152 | ''; | 153 | ''; |
| 154 | }; | ||
| 153 | }; | 155 | }; |
| 154 | railsRoot = stdenv.mkDerivation { | 156 | railsRoot = stdenv.mkDerivation { |
| 155 | name = "diaspora_immae"; | 157 | name = "diaspora_immae"; |
| @@ -161,16 +163,16 @@ let | |||
| 161 | cd $out | 163 | cd $out |
| 162 | chmod -R u+rwX . | 164 | chmod -R u+rwX . |
| 163 | tar -czf public/source.tar.gz ./{app,db,lib,script,Gemfile,Gemfile.lock,Rakefile,config.ru} | 165 | tar -czf public/source.tar.gz ./{app,db,lib,script,Gemfile,Gemfile.lock,Rakefile,config.ru} |
| 164 | ln -s ${writeText "database.yml" keys.tools-diaspora-database_config.text} config/database.yml | 166 | ln -s ${writeText "database.yml" keys.database.text} config/database.yml |
| 165 | ln -s ${writeText "diaspora.yml" keys.tools-diaspora-config.text} config/diaspora.yml | 167 | ln -s ${writeText "diaspora.yml" keys.config.text} config/diaspora.yml |
| 166 | ln -s ${writeText "secret_token.rb" keys.tools-diaspora-secret_token.text} config/initializers/secret_token.rb | 168 | ln -s ${writeText "secret_token.rb" keys.secret_token.text} config/initializers/secret_token.rb |
| 167 | ln -sf ${varDir}/schedule.yml config/schedule.yml | 169 | ln -sf ${varDir}/schedule.yml config/schedule.yml |
| 168 | ln -sf ${varDir}/oidc_key.pem config/oidc_key.pem | 170 | ln -sf ${varDir}/oidc_key.pem config/oidc_key.pem |
| 169 | ln -sf ${varDir}/uploads public/uploads | 171 | ln -sf ${varDir}/uploads public/uploads |
| 170 | RAILS_ENV=production ${gems}/bin/rake assets:precompile | 172 | RAILS_ENV=production ${gems}/bin/rake assets:precompile |
| 171 | ln -sf /run/keys/webapps/tools-diaspora-database_config config/database.yml | 173 | ln -sf /var/secrets/webapps/tools-diaspora-database_config config/database.yml |
| 172 | ln -sf /run/keys/webapps/tools-diaspora-config config/diaspora.yml | 174 | ln -sf /var/secrets/webapps/tools-diaspora-config config/diaspora.yml |
| 173 | ln -sf /run/keys/webapps/tools-diaspora-secret_token config/initializers/secret_token.rb | 175 | ln -sf /var/secrets/webapps/tools-diaspora-secret_token config/initializers/secret_token.rb |
| 174 | rm -rf tmp log | 176 | rm -rf tmp log |
| 175 | ln -sf ${varDir}/tmp tmp | 177 | ln -sf ${varDir}/tmp tmp |
| 176 | ln -sf ${varDir}/log log | 178 | ln -sf ${varDir}/log log |
| @@ -179,6 +181,7 @@ let | |||
| 179 | }; | 181 | }; |
| 180 | in | 182 | in |
| 181 | { | 183 | { |
| 182 | inherit railsRoot varDir socketsDir gems keys; | 184 | inherit railsRoot varDir socketsDir gems; |
| 185 | keys = builtins.attrValues keys; | ||
| 183 | railsSocket = "${socketsDir}/diaspora.sock"; | 186 | railsSocket = "${socketsDir}/diaspora.sock"; |
| 184 | } | 187 | } |