diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-06-13 23:14:49 +0200 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-06-13 23:14:49 +0200 |
| commit | ce7d09efb55888501b73f9e763811deac762aed2 (patch) | |
| tree | edca5e7370603e4032932d063bdcab7e085ec71c /modules/private/gitolite/default.nix | |
| parent | 46c99b575ab45c79e195bc9e9ed75759e814aad1 (diff) | |
| download | Nix-ce7d09efb55888501b73f9e763811deac762aed2.tar.gz Nix-ce7d09efb55888501b73f9e763811deac762aed2.tar.zst Nix-ce7d09efb55888501b73f9e763811deac762aed2.zip | |
Remove gitolite password from nix store
Diffstat (limited to 'modules/private/gitolite/default.nix')
| -rw-r--r-- | modules/private/gitolite/default.nix | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/modules/private/gitolite/default.nix b/modules/private/gitolite/default.nix index 1549c94..e8ccc7d 100644 --- a/modules/private/gitolite/default.nix +++ b/modules/private/gitolite/default.nix | |||
| @@ -20,6 +20,14 @@ in { | |||
| 20 | }; | 20 | }; |
| 21 | networking.firewall.allowedTCPPorts = [ 9418 ]; | 21 | networking.firewall.allowedTCPPorts = [ 9418 ]; |
| 22 | 22 | ||
| 23 | secrets.keys = [{ | ||
| 24 | dest = "gitolite/ldap_password"; | ||
| 25 | user = "gitolite"; | ||
| 26 | group = "gitolite"; | ||
| 27 | permissions = "0400"; | ||
| 28 | text = config.myEnv.tools.gitolite.ldap.password; | ||
| 29 | }]; | ||
| 30 | |||
| 23 | services.gitDaemon = { | 31 | services.gitDaemon = { |
| 24 | enable = true; | 32 | enable = true; |
| 25 | user = "gitolite"; | 33 | user = "gitolite"; |
| @@ -34,7 +42,7 @@ in { | |||
| 34 | } '' | 42 | } '' |
| 35 | makeWrapper "${./gitolite_ldap_groups.sh}" "$out" \ | 43 | makeWrapper "${./gitolite_ldap_groups.sh}" "$out" \ |
| 36 | --prefix PATH : ${lib.makeBinPath deps} \ | 44 | --prefix PATH : ${lib.makeBinPath deps} \ |
| 37 | --set LDAP_PASS ${pkgs.lib.escapeShellArg config.myEnv.tools.gitolite.ldap.password} | 45 | --set LDAP_PASS_PATH ${config.secrets.fullPaths."gitolite/ldap_password"} |
| 38 | ''; | 46 | ''; |
| 39 | in { | 47 | in { |
| 40 | deps = [ "users" ]; | 48 | deps = [ "users" ]; |
| @@ -50,6 +58,7 @@ in { | |||
| 50 | }; | 58 | }; |
| 51 | 59 | ||
| 52 | users.users.wwwrun.extraGroups = [ "gitolite" ]; | 60 | users.users.wwwrun.extraGroups = [ "gitolite" ]; |
| 61 | users.users.gitolite.extraGroups = [ "keys" ]; | ||
| 53 | 62 | ||
| 54 | users.users.gitolite.packages = let | 63 | users.users.gitolite.packages = let |
| 55 | python-packages = python-packages: with python-packages; [ | 64 | python-packages = python-packages: with python-packages; [ |