aboutsummaryrefslogtreecommitdiff
path: root/modules/private/tasks
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2021-01-29 16:16:08 +0100
committerIsmaël Bouya <ismael.bouya@normalesup.org>2021-01-29 16:16:08 +0100
commitafde6c32d3c9600a8a34336c9c1ca95e8ceb3cb2 (patch)
tree14f8aa2bf2153a3b9e1b7c9975e005ba18930f05 /modules/private/tasks
parentdcb8ad4c0358735ba97fe83071f79b294bed8967 (diff)
downloadNix-afde6c32d3c9600a8a34336c9c1ca95e8ceb3cb2.tar.gz
Nix-afde6c32d3c9600a8a34336c9c1ca95e8ceb3cb2.tar.zst
Nix-afde6c32d3c9600a8a34336c9c1ca95e8ceb3cb2.zip
Remove taskwarrior keys from the store for taskwarrior
Diffstat (limited to 'modules/private/tasks')
-rw-r--r--modules/private/tasks/default.nix111
1 files changed, 60 insertions, 51 deletions
diff --git a/modules/private/tasks/default.nix b/modules/private/tasks/default.nix
index b523995..aeedda0 100644
--- a/modules/private/tasks/default.nix
+++ b/modules/private/tasks/default.nix
@@ -95,21 +95,61 @@ in {
95 ''; 95 '';
96 }; 96 };
97 97
98 secrets.keys = [{ 98 secrets.keys = [
99 dest = "webapps/tools-taskwarrior-web"; 99 {
100 user = "wwwrun"; 100 dest = "webapps/tools-taskwarrior-web";
101 group = "wwwrun"; 101 user = "wwwrun";
102 group = "wwwrun";
103 permissions = "0400";
104 text = ''
105 SetEnv TASKD_HOST "${fqdn}:${toString config.services.taskserver.listenPort}"
106 SetEnv TASKD_VARDIR "${server_vardir}"
107 SetEnv TASKD_LDAP_HOST "ldaps://${env.ldap.host}"
108 SetEnv TASKD_LDAP_DN "${env.ldap.dn}"
109 SetEnv TASKD_LDAP_PASSWORD "${env.ldap.password}"
110 SetEnv TASKD_LDAP_BASE "${env.ldap.base}"
111 SetEnv TASKD_LDAP_FILTER "${env.ldap.filter}"
112 '';
113 }
114 ] ++ (lib.mapAttrsToList (name: userConfig: {
115 dest = "webapps/tools-taskwarrior/${name}-taskrc";
116 inherit user group;
102 permissions = "0400"; 117 permissions = "0400";
103 text = '' 118 text = let
104 SetEnv TASKD_HOST "${fqdn}:${toString config.services.taskserver.listenPort}" 119 credentials = "${userConfig.org}/${name}/${userConfig.key}";
105 SetEnv TASKD_VARDIR "${server_vardir}" 120 dateFormat = userConfig.date;
106 SetEnv TASKD_LDAP_HOST "ldaps://${env.ldap.host}" 121 in ''
107 SetEnv TASKD_LDAP_DN "${env.ldap.dn}" 122 data.location=${varDir}/${name}
108 SetEnv TASKD_LDAP_PASSWORD "${env.ldap.password}" 123 taskd.certificate=${server_vardir}/userkeys/taskwarrior-web.cert.pem
109 SetEnv TASKD_LDAP_BASE "${env.ldap.base}" 124 taskd.key=${server_vardir}/userkeys/taskwarrior-web.key.pem
110 SetEnv TASKD_LDAP_FILTER "${env.ldap.filter}" 125 # IdenTrust DST Root CA X3
111 ''; 126 # obtained here: https://letsencrypt.org/fr/certificates/
112 }]; 127 taskd.ca=${pkgs.writeText "ca.cert" ''
128 -----BEGIN CERTIFICATE-----
129 MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
130 MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
131 DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
132 PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
133 Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
134 AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
135 rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
136 OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
137 xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
138 7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
139 aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
140 HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
141 SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
142 ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
143 AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
144 R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
145 JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
146 Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
147 -----END CERTIFICATE-----''}
148 taskd.server=${fqdn}:${toString config.services.taskserver.listenPort}
149 taskd.credentials=${credentials}
150 dateformat=${dateFormat}
151 '';
152 }) env.taskwarrior-web);
113 services.websites.env.tools.watchPaths = [ "/var/secrets/webapps/tools-taskwarrior-web" ]; 153 services.websites.env.tools.watchPaths = [ "/var/secrets/webapps/tools-taskwarrior-web" ];
114 services.websites.env.tools.modules = [ "proxy_fcgi" "sed" ]; 154 services.websites.env.tools.modules = [ "proxy_fcgi" "sed" ];
115 services.websites.env.tools.vhostConfs.task = { 155 services.websites.env.tools.vhostConfs.task = {
@@ -204,7 +244,10 @@ in {
204 ''; 244 '';
205 }; 245 };
206 246
207 users.users.${user}.packages = [ taskserver-user-certs ]; 247 users.users.${user} = {
248 extraGroups = [ "keys" ];
249 packages = [ taskserver-user-certs ];
250 };
208 251
209 system.activationScripts.taskserver = { 252 system.activationScripts.taskserver = {
210 deps = [ "users" ]; 253 deps = [ "users" ];
@@ -268,47 +311,13 @@ in {
268 }; 311 };
269 312
270 systemd.services = (lib.attrsets.mapAttrs' (name: userConfig: 313 systemd.services = (lib.attrsets.mapAttrs' (name: userConfig:
271 let 314 lib.attrsets.nameValuePair "taskwarrior-web-${name}" {
272 credentials = "${userConfig.org}/${name}/${userConfig.key}";
273 dateFormat = userConfig.date;
274 taskrc = pkgs.writeText "taskrc" ''
275 data.location=${varDir}/${name}
276 taskd.certificate=${server_vardir}/userkeys/taskwarrior-web.cert.pem
277 taskd.key=${server_vardir}/userkeys/taskwarrior-web.key.pem
278 # IdenTrust DST Root CA X3
279 # obtained here: https://letsencrypt.org/fr/certificates/
280 taskd.ca=${pkgs.writeText "ca.cert" ''
281 -----BEGIN CERTIFICATE-----
282 MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
283 MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
284 DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
285 PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
286 Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
287 AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
288 rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
289 OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
290 xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
291 7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
292 aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
293 HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
294 SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
295 ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
296 AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
297 R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
298 JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
299 Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
300 -----END CERTIFICATE-----''}
301 taskd.server=${fqdn}:${toString config.services.taskserver.listenPort}
302 taskd.credentials=${credentials}
303 dateformat=${dateFormat}
304 '';
305 in lib.attrsets.nameValuePair "taskwarrior-web-${name}" {
306 description = "Taskwarrior webapp for ${name}"; 315 description = "Taskwarrior webapp for ${name}";
307 wantedBy = [ "multi-user.target" ]; 316 wantedBy = [ "multi-user.target" ];
308 after = [ "network.target" ]; 317 after = [ "network.target" ];
309 path = [ pkgs.taskwarrior ]; 318 path = [ pkgs.taskwarrior ];
310 319
311 environment.TASKRC = taskrc; 320 environment.TASKRC = "/var/secrets/webapps/tools-taskwarrior/${name}-taskrc";
312 environment.BUNDLE_PATH = "${taskwarrior-web.gems}/${taskwarrior-web.gems.ruby.gemPath}"; 321 environment.BUNDLE_PATH = "${taskwarrior-web.gems}/${taskwarrior-web.gems.ruby.gemPath}";
313 environment.BUNDLE_GEMFILE = "${taskwarrior-web.gems.confFiles}/Gemfile"; 322 environment.BUNDLE_GEMFILE = "${taskwarrior-web.gems.confFiles}/Gemfile";
314 environment.LC_ALL = "fr_FR.UTF-8"; 323 environment.LC_ALL = "fr_FR.UTF-8";