Use attrs for secrets instead of lists

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2021-10-16 17:40:07 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2021-10-16 20:20:45 +0200
commit: 4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0 (patch)
tree: 9a7ede9ac3f1899074e9ef568a447f883191d3b5 /modules/private/websites/chloe
parent: da30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2 (diff)
download: Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.tar.gz
Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.tar.zst
Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.zip
2 files changed, 40 insertions, 46 deletions
diff --git a/modules/private/websites/chloe/integration.nix b/modules/private/websites/chloe/integration.nix
index ffae6ec..c4b79f8 100644
--- a/modules/private/websites/chloe/integration.nix
+++ b/modules/private/websites/chloe/integration.nix
@@ -15,29 +15,26 @@ in {
  config = lib.mkIf cfg.enable {
    services.duplyBackup.profiles.chloe_integration.rootDir = app.varDir;
-    secrets.keys = [
+    secrets.keys."websites/chloe/integration" = {
-      {
+      user = apacheUser;
-        dest = "websites/chloe/integration";
+      group = apacheGroup;
-        user = apacheUser;
+      permissions = "0400";
-        group = apacheGroup;
+      text = ''
-        permissions = "0400";
+        SetEnv SPIP_CONFIG_DIR     "${./config}"
-        text = ''
+        SetEnv SPIP_VAR_DIR        "${app.varDir}"
-          SetEnv SPIP_CONFIG_DIR     "${./config}"
+        SetEnv SPIP_SITE           "chloe-${app.environment}"
-          SetEnv SPIP_VAR_DIR        "${app.varDir}"
+        SetEnv SPIP_LDAP_BASE      "dc=immae,dc=eu"
-          SetEnv SPIP_SITE           "chloe-${app.environment}"
+        SetEnv SPIP_LDAP_HOST      "ldaps://ldap.immae.eu"
-          SetEnv SPIP_LDAP_BASE      "dc=immae,dc=eu"
+        SetEnv SPIP_LDAP_SEARCH_DN "${ccfg.ldap.dn}"
-          SetEnv SPIP_LDAP_HOST      "ldaps://ldap.immae.eu"
+        SetEnv SPIP_LDAP_SEARCH_PW "${ccfg.ldap.password}"
-          SetEnv SPIP_LDAP_SEARCH_DN "${ccfg.ldap.dn}"
+        SetEnv SPIP_LDAP_SEARCH    "${ccfg.ldap.filter}"
-          SetEnv SPIP_LDAP_SEARCH_PW "${ccfg.ldap.password}"
+        SetEnv SPIP_MYSQL_HOST     "${ccfg.mysql.host}"
-          SetEnv SPIP_LDAP_SEARCH    "${ccfg.ldap.filter}"
+        SetEnv SPIP_MYSQL_PORT     "${ccfg.mysql.port}"
-          SetEnv SPIP_MYSQL_HOST     "${ccfg.mysql.host}"
+        SetEnv SPIP_MYSQL_DB       "${ccfg.mysql.database}"
-          SetEnv SPIP_MYSQL_PORT     "${ccfg.mysql.port}"
+        SetEnv SPIP_MYSQL_USER     "${ccfg.mysql.user}"
-          SetEnv SPIP_MYSQL_DB       "${ccfg.mysql.database}"
+        SetEnv SPIP_MYSQL_PASSWORD "${ccfg.mysql.password}"
-          SetEnv SPIP_MYSQL_USER     "${ccfg.mysql.user}"
+      '';
-          SetEnv SPIP_MYSQL_PASSWORD "${ccfg.mysql.password}"
+    };
-        '';
-      }
-    ];
    systemd.services.phpfpm-chloe_integration.after = lib.mkAfter [ "mysql.service" ];
    systemd.services.phpfpm-chloe_integration.wants = [ "mysql.service" ];
    services.phpfpm.pools.chloe_integration = {
diff --git a/modules/private/websites/chloe/production.nix b/modules/private/websites/chloe/production.nix
index 7f8f1de..92ae05b 100644
--- a/modules/private/websites/chloe/production.nix
+++ b/modules/private/websites/chloe/production.nix
@@ -16,29 +16,26 @@ in {
  config = lib.mkIf cfg.enable {
    services.duplyBackup.profiles.chloe_production.rootDir = app.varDir;
    services.duplyBackup.profiles.chloe_production.remotes = ["eriomem" "ovh"];
-    secrets.keys = [
+    secrets.keys."websites/chloe/production" = {
-      {
+      user = apacheUser;
-        dest = "websites/chloe/production";
+      group = apacheGroup;
-        user = apacheUser;
+      permissions = "0400";
-        group = apacheGroup;
+      text = ''
-        permissions = "0400";
+        SetEnv SPIP_CONFIG_DIR     "${./config}"
-        text = ''
+        SetEnv SPIP_VAR_DIR        "${app.varDir}"
-          SetEnv SPIP_CONFIG_DIR     "${./config}"
+        SetEnv SPIP_SITE           "chloe-${app.environment}"
-          SetEnv SPIP_VAR_DIR        "${app.varDir}"
+        SetEnv SPIP_LDAP_BASE      "dc=immae,dc=eu"
-          SetEnv SPIP_SITE           "chloe-${app.environment}"
+        SetEnv SPIP_LDAP_HOST      "ldaps://ldap.immae.eu"
-          SetEnv SPIP_LDAP_BASE      "dc=immae,dc=eu"
+        SetEnv SPIP_LDAP_SEARCH_DN "${ccfg.ldap.dn}"
-          SetEnv SPIP_LDAP_HOST      "ldaps://ldap.immae.eu"
+        SetEnv SPIP_LDAP_SEARCH_PW "${ccfg.ldap.password}"
-          SetEnv SPIP_LDAP_SEARCH_DN "${ccfg.ldap.dn}"
+        SetEnv SPIP_LDAP_SEARCH    "${ccfg.ldap.filter}"
-          SetEnv SPIP_LDAP_SEARCH_PW "${ccfg.ldap.password}"
+        SetEnv SPIP_MYSQL_HOST     "${ccfg.mysql.host}"
-          SetEnv SPIP_LDAP_SEARCH    "${ccfg.ldap.filter}"
+        SetEnv SPIP_MYSQL_PORT     "${ccfg.mysql.port}"
-          SetEnv SPIP_MYSQL_HOST     "${ccfg.mysql.host}"
+        SetEnv SPIP_MYSQL_DB       "${ccfg.mysql.database}"
-          SetEnv SPIP_MYSQL_PORT     "${ccfg.mysql.port}"
+        SetEnv SPIP_MYSQL_USER     "${ccfg.mysql.user}"
-          SetEnv SPIP_MYSQL_DB       "${ccfg.mysql.database}"
+        SetEnv SPIP_MYSQL_PASSWORD "${ccfg.mysql.password}"
-          SetEnv SPIP_MYSQL_USER     "${ccfg.mysql.user}"
+      '';
-          SetEnv SPIP_MYSQL_PASSWORD "${ccfg.mysql.password}"
+    };
-        '';
-      }
-    ];
    services.webstats.sites = [ { name = "osteopathe-cc.fr"; } ];
    systemd.services.phpfpm-chloe_production.after = lib.mkAfter [ "mysql.service" ];
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2021-10-16 17:40:07 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2021-10-16 20:20:45 +0200
commit	4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0 (patch)
tree	9a7ede9ac3f1899074e9ef568a447f883191d3b5 /modules/private/websites/chloe
parent	da30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2 (diff)
download	Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.tar.gz Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.tar.zst Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.zip

diff --git a/modules/private/websites/chloe/integration.nix b/modules/private/websites/chloe/integration.nix index ffae6ec..c4b79f8 100644 --- a/modules/private/websites/chloe/integration.nix +++ b/modules/private/websites/chloe/integration.nix
@@ -15,29 +15,26 @@ in {
15		15
16	config = lib.mkIf cfg.enable {	16	config = lib.mkIf cfg.enable {
17	services.duplyBackup.profiles.chloe_integration.rootDir = app.varDir;	17	services.duplyBackup.profiles.chloe_integration.rootDir = app.varDir;
18	secrets.keys = [	18	secrets.keys."websites/chloe/integration" = {
19	{	19	user = apacheUser;
20	dest = "websites/chloe/integration";	20	group = apacheGroup;
21	user = apacheUser;	21	permissions = "0400";
22	group = apacheGroup;	22	text = ''
23	permissions = "0400";	23	SetEnv SPIP_CONFIG_DIR "${./config}"
24	text = ''	24	SetEnv SPIP_VAR_DIR "${app.varDir}"
25	SetEnv SPIP_CONFIG_DIR "${./config}"	25	SetEnv SPIP_SITE "chloe-${app.environment}"
26	SetEnv SPIP_VAR_DIR "${app.varDir}"	26	SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu"
27	SetEnv SPIP_SITE "chloe-${app.environment}"	27	SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu"
28	SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu"	28	SetEnv SPIP_LDAP_SEARCH_DN "${ccfg.ldap.dn}"
29	SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu"	29	SetEnv SPIP_LDAP_SEARCH_PW "${ccfg.ldap.password}"
30	SetEnv SPIP_LDAP_SEARCH_DN "${ccfg.ldap.dn}"	30	SetEnv SPIP_LDAP_SEARCH "${ccfg.ldap.filter}"
31	SetEnv SPIP_LDAP_SEARCH_PW "${ccfg.ldap.password}"	31	SetEnv SPIP_MYSQL_HOST "${ccfg.mysql.host}"
32	SetEnv SPIP_LDAP_SEARCH "${ccfg.ldap.filter}"	32	SetEnv SPIP_MYSQL_PORT "${ccfg.mysql.port}"
33	SetEnv SPIP_MYSQL_HOST "${ccfg.mysql.host}"	33	SetEnv SPIP_MYSQL_DB "${ccfg.mysql.database}"
34	SetEnv SPIP_MYSQL_PORT "${ccfg.mysql.port}"	34	SetEnv SPIP_MYSQL_USER "${ccfg.mysql.user}"
35	SetEnv SPIP_MYSQL_DB "${ccfg.mysql.database}"	35	SetEnv SPIP_MYSQL_PASSWORD "${ccfg.mysql.password}"
36	SetEnv SPIP_MYSQL_USER "${ccfg.mysql.user}"	36	'';
37	SetEnv SPIP_MYSQL_PASSWORD "${ccfg.mysql.password}"	37	};
38	'';
39	}
40	];
41	systemd.services.phpfpm-chloe_integration.after = lib.mkAfter [ "mysql.service" ];	38	systemd.services.phpfpm-chloe_integration.after = lib.mkAfter [ "mysql.service" ];
42	systemd.services.phpfpm-chloe_integration.wants = [ "mysql.service" ];	39	systemd.services.phpfpm-chloe_integration.wants = [ "mysql.service" ];
43	services.phpfpm.pools.chloe_integration = {	40	services.phpfpm.pools.chloe_integration = {


diff --git a/modules/private/websites/chloe/production.nix b/modules/private/websites/chloe/production.nix index 7f8f1de..92ae05b 100644 --- a/modules/private/websites/chloe/production.nix +++ b/modules/private/websites/chloe/production.nix
@@ -16,29 +16,26 @@ in {
16	config = lib.mkIf cfg.enable {	16	config = lib.mkIf cfg.enable {
17	services.duplyBackup.profiles.chloe_production.rootDir = app.varDir;	17	services.duplyBackup.profiles.chloe_production.rootDir = app.varDir;
18	services.duplyBackup.profiles.chloe_production.remotes = ["eriomem" "ovh"];	18	services.duplyBackup.profiles.chloe_production.remotes = ["eriomem" "ovh"];
19	secrets.keys = [	19	secrets.keys."websites/chloe/production" = {
20	{	20	user = apacheUser;
21	dest = "websites/chloe/production";	21	group = apacheGroup;
22	user = apacheUser;	22	permissions = "0400";
23	group = apacheGroup;	23	text = ''
24	permissions = "0400";	24	SetEnv SPIP_CONFIG_DIR "${./config}"
25	text = ''	25	SetEnv SPIP_VAR_DIR "${app.varDir}"
26	SetEnv SPIP_CONFIG_DIR "${./config}"	26	SetEnv SPIP_SITE "chloe-${app.environment}"
27	SetEnv SPIP_VAR_DIR "${app.varDir}"	27	SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu"
28	SetEnv SPIP_SITE "chloe-${app.environment}"	28	SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu"
29	SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu"	29	SetEnv SPIP_LDAP_SEARCH_DN "${ccfg.ldap.dn}"
30	SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu"	30	SetEnv SPIP_LDAP_SEARCH_PW "${ccfg.ldap.password}"
31	SetEnv SPIP_LDAP_SEARCH_DN "${ccfg.ldap.dn}"	31	SetEnv SPIP_LDAP_SEARCH "${ccfg.ldap.filter}"
32	SetEnv SPIP_LDAP_SEARCH_PW "${ccfg.ldap.password}"	32	SetEnv SPIP_MYSQL_HOST "${ccfg.mysql.host}"
33	SetEnv SPIP_LDAP_SEARCH "${ccfg.ldap.filter}"	33	SetEnv SPIP_MYSQL_PORT "${ccfg.mysql.port}"
34	SetEnv SPIP_MYSQL_HOST "${ccfg.mysql.host}"	34	SetEnv SPIP_MYSQL_DB "${ccfg.mysql.database}"
35	SetEnv SPIP_MYSQL_PORT "${ccfg.mysql.port}"	35	SetEnv SPIP_MYSQL_USER "${ccfg.mysql.user}"
36	SetEnv SPIP_MYSQL_DB "${ccfg.mysql.database}"	36	SetEnv SPIP_MYSQL_PASSWORD "${ccfg.mysql.password}"
37	SetEnv SPIP_MYSQL_USER "${ccfg.mysql.user}"	37	'';
38	SetEnv SPIP_MYSQL_PASSWORD "${ccfg.mysql.password}"	38	};
39	'';
40	}
41	];
42	services.webstats.sites = [ { name = "osteopathe-cc.fr"; } ];	39	services.webstats.sites = [ { name = "osteopathe-cc.fr"; } ];
43		40
44	systemd.services.phpfpm-chloe_production.after = lib.mkAfter [ "mysql.service" ];	41	systemd.services.phpfpm-chloe_production.after = lib.mkAfter [ "mysql.service" ];