Use attrs for secrets instead of lists

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2021-10-16 17:40:07 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2021-10-16 20:20:45 +0200
commit: 4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0 (patch)
tree: 9a7ede9ac3f1899074e9ef568a447f883191d3b5 /modules/private/websites/ludivine
parent: da30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2 (diff)
download: Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.tar.gz
Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.tar.zst
Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.zip
2 files changed, 70 insertions, 76 deletions
diff --git a/modules/private/websites/ludivine/integration.nix b/modules/private/websites/ludivine/integration.nix
index 4357b93..cfef385 100644
--- a/modules/private/websites/ludivine/integration.nix
+++ b/modules/private/websites/ludivine/integration.nix
@@ -50,44 +50,41 @@ in {
      phpPackage = pkgs.php72;
    };
-    secrets.keys = [
+    secrets.keys."websites/ludivine/integration" = {
-      {
+      user = config.services.httpd.Inte.user;
-        dest = "websites/ludivine/integration";
+      group = config.services.httpd.Inte.group;
-        user = config.services.httpd.Inte.user;
+      permissions = "0400";
-        group = config.services.httpd.Inte.group;
+      text = ''
-        permissions = "0400";
+        # This file is auto-generated during the composer install
-        text = ''
+        parameters:
-          # This file is auto-generated during the composer install
+            database_host: ${secrets.mysql.host}
-          parameters:
+            database_port: ${secrets.mysql.port}
-              database_host: ${secrets.mysql.host}
+            database_name: ${secrets.mysql.database}
-              database_port: ${secrets.mysql.port}
+            database_user: ${secrets.mysql.user}
-              database_name: ${secrets.mysql.database}
+            database_password: ${secrets.mysql.password}
-              database_user: ${secrets.mysql.user}
+            database_server_version: ${pkgs.mariadb.mysqlVersion}
-              database_password: ${secrets.mysql.password}
+            mailer_transport: smtp
-              database_server_version: ${pkgs.mariadb.mysqlVersion}
+            mailer_host: 127.0.0.1
-              mailer_transport: smtp
+            mailer_user: null
-              mailer_host: 127.0.0.1
+            mailer_password: null
-              mailer_user: null
+            secret: ${secrets.secret}
-              mailer_password: null
+            ldap_host: ldap.immae.eu
-              secret: ${secrets.secret}
+            ldap_port: 636
-              ldap_host: ldap.immae.eu
+            ldap_version: 3
-              ldap_port: 636
+            ldap_ssl: true
-              ldap_version: 3
+            ldap_tls: false
-              ldap_ssl: true
+            ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu'
-              ldap_tls: false
+            ldap_base_dn: 'dc=immae,dc=eu'
-              ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu'
+            ldap_search_dn: '${secrets.ldap.dn}'
-              ldap_base_dn: 'dc=immae,dc=eu'
+            ldap_search_password: '${secrets.ldap.password}'
-              ldap_search_dn: '${secrets.ldap.dn}'
+            ldap_search_filter: '${secrets.ldap.filter}'
-              ldap_search_password: '${secrets.ldap.password}'
+        leapt_im:
-              ldap_search_filter: '${secrets.ldap.filter}'
+            binary_path: ${pkgs.imagemagick}/bin
-          leapt_im:
+        assetic:
-              binary_path: ${pkgs.imagemagick}/bin
+            sass: ${pkgs.sass}/bin/sass
-          assetic:
+            ruby: ${pkgs.ruby}/bin/ruby
-              sass: ${pkgs.sass}/bin/sass
+      '';
-              ruby: ${pkgs.ruby}/bin/ruby
+    };
-        '';
-      }
-    ];
    services.websites.env.integration.vhostConfs.ludivine_integration = {
      certName    = "integration";
diff --git a/modules/private/websites/ludivine/production.nix b/modules/private/websites/ludivine/production.nix
index 3a9895d..73b63a2 100644
--- a/modules/private/websites/ludivine/production.nix
+++ b/modules/private/websites/ludivine/production.nix
@@ -53,44 +53,41 @@ in {
      phpPackage = pkgs.php72;
    };
-    secrets.keys = [
+    secrets.keys."websites/ludivine/production" = {
-      {
+      user = config.services.httpd.Prod.user;
-        dest = "websites/ludivine/production";
+      group = config.services.httpd.Prod.group;
-        user = config.services.httpd.Prod.user;
+      permissions = "0400";
-        group = config.services.httpd.Prod.group;
+      text = ''
-        permissions = "0400";
+        # This file is auto-generated during the composer install
-        text = ''
+        parameters:
-          # This file is auto-generated during the composer install
+            database_host: ${secrets.mysql.host}
-          parameters:
+            database_port: ${secrets.mysql.port}
-              database_host: ${secrets.mysql.host}
+            database_name: ${secrets.mysql.database}
-              database_port: ${secrets.mysql.port}
+            database_user: ${secrets.mysql.user}
-              database_name: ${secrets.mysql.database}
+            database_password: ${secrets.mysql.password}
-              database_user: ${secrets.mysql.user}
+            database_server_version: ${pkgs.mariadb.mysqlVersion}
-              database_password: ${secrets.mysql.password}
+            mailer_transport: smtp
-              database_server_version: ${pkgs.mariadb.mysqlVersion}
+            mailer_host: 127.0.0.1
-              mailer_transport: smtp
+            mailer_user: null
-              mailer_host: 127.0.0.1
+            mailer_password: null
-              mailer_user: null
+            secret: ${secrets.secret}
-              mailer_password: null
+            ldap_host: ldap.immae.eu
-              secret: ${secrets.secret}
+            ldap_port: 636
-              ldap_host: ldap.immae.eu
+            ldap_version: 3
-              ldap_port: 636
+            ldap_ssl: true
-              ldap_version: 3
+            ldap_tls: false
-              ldap_ssl: true
+            ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu'
-              ldap_tls: false
+            ldap_base_dn: 'dc=immae,dc=eu'
-              ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu'
+            ldap_search_dn: '${secrets.ldap.dn}'
-              ldap_base_dn: 'dc=immae,dc=eu'
+            ldap_search_password: '${secrets.ldap.password}'
-              ldap_search_dn: '${secrets.ldap.dn}'
+            ldap_search_filter: '${secrets.ldap.filter}'
-              ldap_search_password: '${secrets.ldap.password}'
+        leapt_im:
-              ldap_search_filter: '${secrets.ldap.filter}'
+            binary_path: ${pkgs.imagemagick}/bin
-          leapt_im:
+        assetic:
-              binary_path: ${pkgs.imagemagick}/bin
+            sass: ${pkgs.sass}/bin/sass
-          assetic:
+            ruby: ${pkgs.ruby}/bin/ruby
-              sass: ${pkgs.sass}/bin/sass
+      '';
-              ruby: ${pkgs.ruby}/bin/ruby
+    };
-        '';
-      }
-    ];
    services.websites.env.production.vhostConfs.ludivine_production = {
      certName     = "ludivine";
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2021-10-16 17:40:07 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2021-10-16 20:20:45 +0200
commit	4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0 (patch)
tree	9a7ede9ac3f1899074e9ef568a447f883191d3b5 /modules/private/websites/ludivine
parent	da30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2 (diff)
download	Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.tar.gz Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.tar.zst Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.zip

diff --git a/modules/private/websites/ludivine/integration.nix b/modules/private/websites/ludivine/integration.nix index 4357b93..cfef385 100644 --- a/modules/private/websites/ludivine/integration.nix +++ b/modules/private/websites/ludivine/integration.nix
@@ -50,44 +50,41 @@ in {
50	phpPackage = pkgs.php72;	50	phpPackage = pkgs.php72;
51	};	51	};
52		52
53	secrets.keys = [	53	secrets.keys."websites/ludivine/integration" = {
54	{	54	user = config.services.httpd.Inte.user;
55	dest = "websites/ludivine/integration";	55	group = config.services.httpd.Inte.group;
56	user = config.services.httpd.Inte.user;	56	permissions = "0400";
57	group = config.services.httpd.Inte.group;	57	text = ''
58	permissions = "0400";	58	# This file is auto-generated during the composer install
59	text = ''	59	parameters:
60	# This file is auto-generated during the composer install	60	database_host: ${secrets.mysql.host}
61	parameters:	61	database_port: ${secrets.mysql.port}
62	database_host: ${secrets.mysql.host}	62	database_name: ${secrets.mysql.database}
63	database_port: ${secrets.mysql.port}	63	database_user: ${secrets.mysql.user}
64	database_name: ${secrets.mysql.database}	64	database_password: ${secrets.mysql.password}
65	database_user: ${secrets.mysql.user}	65	database_server_version: ${pkgs.mariadb.mysqlVersion}
66	database_password: ${secrets.mysql.password}	66	mailer_transport: smtp
67	database_server_version: ${pkgs.mariadb.mysqlVersion}	67	mailer_host: 127.0.0.1
68	mailer_transport: smtp	68	mailer_user: null
69	mailer_host: 127.0.0.1	69	mailer_password: null
70	mailer_user: null	70	secret: ${secrets.secret}
71	mailer_password: null	71	ldap_host: ldap.immae.eu
72	secret: ${secrets.secret}	72	ldap_port: 636
73	ldap_host: ldap.immae.eu	73	ldap_version: 3
74	ldap_port: 636	74	ldap_ssl: true
75	ldap_version: 3	75	ldap_tls: false
76	ldap_ssl: true	76	ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu'
77	ldap_tls: false	77	ldap_base_dn: 'dc=immae,dc=eu'
78	ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu'	78	ldap_search_dn: '${secrets.ldap.dn}'
79	ldap_base_dn: 'dc=immae,dc=eu'	79	ldap_search_password: '${secrets.ldap.password}'
80	ldap_search_dn: '${secrets.ldap.dn}'	80	ldap_search_filter: '${secrets.ldap.filter}'
81	ldap_search_password: '${secrets.ldap.password}'	81	leapt_im:
82	ldap_search_filter: '${secrets.ldap.filter}'	82	binary_path: ${pkgs.imagemagick}/bin
83	leapt_im:	83	assetic:
84	binary_path: ${pkgs.imagemagick}/bin	84	sass: ${pkgs.sass}/bin/sass
85	assetic:	85	ruby: ${pkgs.ruby}/bin/ruby
86	sass: ${pkgs.sass}/bin/sass	86	'';
87	ruby: ${pkgs.ruby}/bin/ruby	87	};
88	'';
89	}
90	];
91		88
92	services.websites.env.integration.vhostConfs.ludivine_integration = {	89	services.websites.env.integration.vhostConfs.ludivine_integration = {
93	certName = "integration";	90	certName = "integration";


diff --git a/modules/private/websites/ludivine/production.nix b/modules/private/websites/ludivine/production.nix index 3a9895d..73b63a2 100644 --- a/modules/private/websites/ludivine/production.nix +++ b/modules/private/websites/ludivine/production.nix
@@ -53,44 +53,41 @@ in {
53	phpPackage = pkgs.php72;	53	phpPackage = pkgs.php72;
54	};	54	};
55		55
56	secrets.keys = [	56	secrets.keys."websites/ludivine/production" = {
57	{	57	user = config.services.httpd.Prod.user;
58	dest = "websites/ludivine/production";	58	group = config.services.httpd.Prod.group;
59	user = config.services.httpd.Prod.user;	59	permissions = "0400";
60	group = config.services.httpd.Prod.group;	60	text = ''
61	permissions = "0400";	61	# This file is auto-generated during the composer install
62	text = ''	62	parameters:
63	# This file is auto-generated during the composer install	63	database_host: ${secrets.mysql.host}
64	parameters:	64	database_port: ${secrets.mysql.port}
65	database_host: ${secrets.mysql.host}	65	database_name: ${secrets.mysql.database}
66	database_port: ${secrets.mysql.port}	66	database_user: ${secrets.mysql.user}
67	database_name: ${secrets.mysql.database}	67	database_password: ${secrets.mysql.password}
68	database_user: ${secrets.mysql.user}	68	database_server_version: ${pkgs.mariadb.mysqlVersion}
69	database_password: ${secrets.mysql.password}	69	mailer_transport: smtp
70	database_server_version: ${pkgs.mariadb.mysqlVersion}	70	mailer_host: 127.0.0.1
71	mailer_transport: smtp	71	mailer_user: null
72	mailer_host: 127.0.0.1	72	mailer_password: null
73	mailer_user: null	73	secret: ${secrets.secret}
74	mailer_password: null	74	ldap_host: ldap.immae.eu
75	secret: ${secrets.secret}	75	ldap_port: 636
76	ldap_host: ldap.immae.eu	76	ldap_version: 3
77	ldap_port: 636	77	ldap_ssl: true
78	ldap_version: 3	78	ldap_tls: false
79	ldap_ssl: true	79	ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu'
80	ldap_tls: false	80	ldap_base_dn: 'dc=immae,dc=eu'
81	ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu'	81	ldap_search_dn: '${secrets.ldap.dn}'
82	ldap_base_dn: 'dc=immae,dc=eu'	82	ldap_search_password: '${secrets.ldap.password}'
83	ldap_search_dn: '${secrets.ldap.dn}'	83	ldap_search_filter: '${secrets.ldap.filter}'
84	ldap_search_password: '${secrets.ldap.password}'	84	leapt_im:
85	ldap_search_filter: '${secrets.ldap.filter}'	85	binary_path: ${pkgs.imagemagick}/bin
86	leapt_im:	86	assetic:
87	binary_path: ${pkgs.imagemagick}/bin	87	sass: ${pkgs.sass}/bin/sass
88	assetic:	88	ruby: ${pkgs.ruby}/bin/ruby
89	sass: ${pkgs.sass}/bin/sass	89	'';
90	ruby: ${pkgs.ruby}/bin/ruby	90	};
91	'';
92	}
93	];
94		91
95	services.websites.env.production.vhostConfs.ludivine_production = {	92	services.websites.env.production.vhostConfs.ludivine_production = {
96	certName = "ludivine";	93	certName = "ludivine";