Add a filesWatcher service to restart them when secrets change

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-06-01 00:01:46 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-06-01 00:01:46 +0200
commit: 17f6eae9907a122d4472da727ae8b1ac1c40c027 (patch)
tree: 133ab8877a47ec707cb8c96e561a29e45395fce6 /modules/private/websites/tools
parent: f33aade75160a345a721fd60451b9edaa4d10e44 (diff)
download: Nix-17f6eae9907a122d4472da727ae8b1ac1c40c027.tar.gz
Nix-17f6eae9907a122d4472da727ae8b1ac1c40c027.tar.zst
Nix-17f6eae9907a122d4472da727ae8b1ac1c40c027.zip
6 files changed, 48 insertions, 0 deletions
diff --git a/modules/private/websites/tools/diaspora/default.nix b/modules/private/websites/tools/diaspora/default.nix
index efa1fab..6742a81 100644
--- a/modules/private/websites/tools/diaspora/default.nix
+++ b/modules/private/websites/tools/diaspora/default.nix
@@ -145,6 +145,11 @@ in {
      configDir = "/var/secrets/webapps/diaspora";
    };
+    services.filesWatcher.diaspora = {
+      restart = true;
+      paths = [ dcfg.configDir ];
+    };
    services.websites.tools.modules = [
      "headers" "proxy" "proxy_http"
    ];
diff --git a/modules/private/websites/tools/ether/default.nix b/modules/private/websites/tools/ether/default.nix
index ebcbf61..3e68d54 100644
--- a/modules/private/websites/tools/ether/default.nix
+++ b/modules/private/websites/tools/ether/default.nix
@@ -133,6 +133,11 @@ in {
    systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
+    services.filesWatcher.etherpad-lite = {
+      restart = true;
+      paths = [ ecfg.sessionKeyFile ecfg.apiKeyFile ecfg.configFile ];
+    };
    services.websites.tools.modules = [
      "headers" "proxy" "proxy_http" "proxy_wstunnel"
    ];
diff --git a/modules/private/websites/tools/mastodon/default.nix b/modules/private/websites/tools/mastodon/default.nix
index d742a33..1a4b387 100644
--- a/modules/private/websites/tools/mastodon/default.nix
+++ b/modules/private/websites/tools/mastodon/default.nix
@@ -63,6 +63,19 @@ in {
      socketsPrefix = "live_immae";
      dataDir = "/var/lib/mastodon_immae";
    };
+    services.filesWatcher.mastodon-streaming = {
+      restart = true;
+      paths = [ mcfg.configFile ];
+    };
+    services.filesWatcher.mastodon-web = {
+      restart = true;
+      paths = [ mcfg.configFile ];
+    };
+    services.filesWatcher.mastodon-sidekiq = {
+      restart = true;
+      paths = [ mcfg.configFile ];
+    };
    services.websites.tools.modules = [
      "headers" "proxy" "proxy_wstunnel" "proxy_http"
diff --git a/modules/private/websites/tools/mgoblin/default.nix b/modules/private/websites/tools/mgoblin/default.nix
index 5da81f6..1d398db 100644
--- a/modules/private/websites/tools/mgoblin/default.nix
+++ b/modules/private/websites/tools/mgoblin/default.nix
@@ -78,6 +78,14 @@ in {
      plugins    = builtins.attrValues pkgs.webapps.mediagoblin-plugins;
      configFile = "/var/secrets/webapps/tools-mediagoblin";
    };
+    services.filesWatcher.mediagoblin-web = {
+      restart = true;
+      paths = [ mcfg.configFile ];
+    };
+    services.filesWatcher.mediagoblin-celeryd = {
+      restart = true;
+      paths = [ mcfg.configFile ];
+    };
    services.websites.tools.modules = [
      "proxy" "proxy_http"
diff --git a/modules/private/websites/tools/peertube/default.nix b/modules/private/websites/tools/peertube/default.nix
index dee1b81..dd28530 100644
--- a/modules/private/websites/tools/peertube/default.nix
+++ b/modules/private/websites/tools/peertube/default.nix
@@ -153,6 +153,11 @@ in {
    services.websites.tools.modules = [
      "headers" "proxy" "proxy_http" "proxy_wstunnel"
    ];
+    services.filesWatcher.peertube = {
+      restart = true;
+      paths = [ pcfg.configFile ];
+    };
    services.websites.tools.vhostConfs.peertube = {
      certName    = "eldiron";
      addToCerts  = true;
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix
index 94a2be1..d75def4 100644
--- a/modules/private/websites/tools/tools/default.nix
+++ b/modules/private/websites/tools/tools/default.nix
@@ -212,6 +212,11 @@ in {
      };
    };
+    services.filesWatcher.ympd = {
+      restart = true;
+      paths = [ "/var/secrets/mpd" ];
+    };
    services.phpfpm.pools.roundcubemail = {
      listen = roundcubemail.phpFpm.socket;
      extraConfig = roundcubemail.phpFpm.pool;
@@ -297,6 +302,13 @@ in {
      "${kanboard.apache.webappName}" = kanboard.webRoot;
    };
+    services.websites.tools.watchPaths = [
+      "/var/secrets/webapps/tools-wallabag"
+    ];
+    services.filesWatcher.phpfpm-wallabag = {
+      restart = true;
+      paths = [ "/var/secrets/webapps/tools-wallabag" ];
+    };
  };
 }
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-06-01 00:01:46 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-06-01 00:01:46 +0200
commit	17f6eae9907a122d4472da727ae8b1ac1c40c027 (patch)
tree	133ab8877a47ec707cb8c96e561a29e45395fce6 /modules/private/websites/tools
parent	f33aade75160a345a721fd60451b9edaa4d10e44 (diff)
download	Nix-17f6eae9907a122d4472da727ae8b1ac1c40c027.tar.gz Nix-17f6eae9907a122d4472da727ae8b1ac1c40c027.tar.zst Nix-17f6eae9907a122d4472da727ae8b1ac1c40c027.zip

diff --git a/modules/private/websites/tools/diaspora/default.nix b/modules/private/websites/tools/diaspora/default.nix index efa1fab..6742a81 100644 --- a/modules/private/websites/tools/diaspora/default.nix +++ b/modules/private/websites/tools/diaspora/default.nix
@@ -145,6 +145,11 @@ in {
145	configDir = "/var/secrets/webapps/diaspora";	145	configDir = "/var/secrets/webapps/diaspora";
146	};	146	};
147		147
		148	services.filesWatcher.diaspora = {
		149	restart = true;
		150	paths = [ dcfg.configDir ];
		151	};
		152
148	services.websites.tools.modules = [	153	services.websites.tools.modules = [
149	"headers" "proxy" "proxy_http"	154	"headers" "proxy" "proxy_http"
150	];	155	];


diff --git a/modules/private/websites/tools/ether/default.nix b/modules/private/websites/tools/ether/default.nix index ebcbf61..3e68d54 100644 --- a/modules/private/websites/tools/ether/default.nix +++ b/modules/private/websites/tools/ether/default.nix
@@ -133,6 +133,11 @@ in {
133		133
134	systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";	134	systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
135		135
		136	services.filesWatcher.etherpad-lite = {
		137	restart = true;
		138	paths = [ ecfg.sessionKeyFile ecfg.apiKeyFile ecfg.configFile ];
		139	};
		140
136	services.websites.tools.modules = [	141	services.websites.tools.modules = [
137	"headers" "proxy" "proxy_http" "proxy_wstunnel"	142	"headers" "proxy" "proxy_http" "proxy_wstunnel"
138	];	143	];


diff --git a/modules/private/websites/tools/mastodon/default.nix b/modules/private/websites/tools/mastodon/default.nix index d742a33..1a4b387 100644 --- a/modules/private/websites/tools/mastodon/default.nix +++ b/modules/private/websites/tools/mastodon/default.nix
@@ -63,6 +63,19 @@ in {
63	socketsPrefix = "live_immae";	63	socketsPrefix = "live_immae";
64	dataDir = "/var/lib/mastodon_immae";	64	dataDir = "/var/lib/mastodon_immae";
65	};	65	};
		66	services.filesWatcher.mastodon-streaming = {
		67	restart = true;
		68	paths = [ mcfg.configFile ];
		69	};
		70	services.filesWatcher.mastodon-web = {
		71	restart = true;
		72	paths = [ mcfg.configFile ];
		73	};
		74	services.filesWatcher.mastodon-sidekiq = {
		75	restart = true;
		76	paths = [ mcfg.configFile ];
		77	};
		78
66		79
67	services.websites.tools.modules = [	80	services.websites.tools.modules = [
68	"headers" "proxy" "proxy_wstunnel" "proxy_http"	81	"headers" "proxy" "proxy_wstunnel" "proxy_http"


diff --git a/modules/private/websites/tools/mgoblin/default.nix b/modules/private/websites/tools/mgoblin/default.nix index 5da81f6..1d398db 100644 --- a/modules/private/websites/tools/mgoblin/default.nix +++ b/modules/private/websites/tools/mgoblin/default.nix
@@ -78,6 +78,14 @@ in {
78	plugins = builtins.attrValues pkgs.webapps.mediagoblin-plugins;	78	plugins = builtins.attrValues pkgs.webapps.mediagoblin-plugins;
79	configFile = "/var/secrets/webapps/tools-mediagoblin";	79	configFile = "/var/secrets/webapps/tools-mediagoblin";
80	};	80	};
		81	services.filesWatcher.mediagoblin-web = {
		82	restart = true;
		83	paths = [ mcfg.configFile ];
		84	};
		85	services.filesWatcher.mediagoblin-celeryd = {
		86	restart = true;
		87	paths = [ mcfg.configFile ];
		88	};
81		89
82	services.websites.tools.modules = [	90	services.websites.tools.modules = [
83	"proxy" "proxy_http"	91	"proxy" "proxy_http"


diff --git a/modules/private/websites/tools/peertube/default.nix b/modules/private/websites/tools/peertube/default.nix index dee1b81..dd28530 100644 --- a/modules/private/websites/tools/peertube/default.nix +++ b/modules/private/websites/tools/peertube/default.nix
@@ -153,6 +153,11 @@ in {
153	services.websites.tools.modules = [	153	services.websites.tools.modules = [
154	"headers" "proxy" "proxy_http" "proxy_wstunnel"	154	"headers" "proxy" "proxy_http" "proxy_wstunnel"
155	];	155	];
		156	services.filesWatcher.peertube = {
		157	restart = true;
		158	paths = [ pcfg.configFile ];
		159	};
		160
156	services.websites.tools.vhostConfs.peertube = {	161	services.websites.tools.vhostConfs.peertube = {
157	certName = "eldiron";	162	certName = "eldiron";
158	addToCerts = true;	163	addToCerts = true;


diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix index 94a2be1..d75def4 100644 --- a/modules/private/websites/tools/tools/default.nix +++ b/modules/private/websites/tools/tools/default.nix
@@ -212,6 +212,11 @@ in {
212	};	212	};
213	};	213	};
214		214
		215	services.filesWatcher.ympd = {
		216	restart = true;
		217	paths = [ "/var/secrets/mpd" ];
		218	};
		219
215	services.phpfpm.pools.roundcubemail = {	220	services.phpfpm.pools.roundcubemail = {
216	listen = roundcubemail.phpFpm.socket;	221	listen = roundcubemail.phpFpm.socket;
217	extraConfig = roundcubemail.phpFpm.pool;	222	extraConfig = roundcubemail.phpFpm.pool;
@@ -297,6 +302,13 @@ in {
297	"${kanboard.apache.webappName}" = kanboard.webRoot;	302	"${kanboard.apache.webappName}" = kanboard.webRoot;
298	};	303	};
299		304
		305	services.websites.tools.watchPaths = [
		306	"/var/secrets/webapps/tools-wallabag"
		307	];
		308	services.filesWatcher.phpfpm-wallabag = {
		309	restart = true;
		310	paths = [ "/var/secrets/webapps/tools-wallabag" ];
		311	};
300	};	312	};
301	}	313	}
302		314