diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2021-10-16 17:40:07 +0200 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2021-10-16 20:20:45 +0200 |
| commit | 4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0 (patch) | |
| tree | 9a7ede9ac3f1899074e9ef568a447f883191d3b5 /modules/private/websites/tools | |
| parent | da30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2 (diff) | |
| download | Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.tar.gz Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.tar.zst Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.zip | |
Use attrs for secrets instead of lists
Diffstat (limited to 'modules/private/websites/tools')
22 files changed, 79 insertions, 103 deletions
diff --git a/modules/private/websites/tools/cloud/default.nix b/modules/private/websites/tools/cloud/default.nix index 471858a..fc0aae6 100644 --- a/modules/private/websites/tools/cloud/default.nix +++ b/modules/private/websites/tools/cloud/default.nix | |||
| @@ -73,8 +73,7 @@ in { | |||
| 73 | ]; | 73 | ]; |
| 74 | }; | 74 | }; |
| 75 | 75 | ||
| 76 | secrets.keys = [{ | 76 | secrets.keys."webapps/tools-nextcloud" = { |
| 77 | dest = "webapps/tools-nextcloud"; | ||
| 78 | user = "wwwrun"; | 77 | user = "wwwrun"; |
| 79 | group = "wwwrun"; | 78 | group = "wwwrun"; |
| 80 | permissions = "0600"; | 79 | permissions = "0600"; |
| @@ -133,7 +132,7 @@ in { | |||
| 133 | 'has_rebuilt_cache' => true, | 132 | 'has_rebuilt_cache' => true, |
| 134 | ); | 133 | ); |
| 135 | ''; | 134 | ''; |
| 136 | }]; | 135 | }; |
| 137 | users.users.root.packages = let | 136 | users.users.root.packages = let |
| 138 | occ = pkgs.writeScriptBin "nextcloud-occ" '' | 137 | occ = pkgs.writeScriptBin "nextcloud-occ" '' |
| 139 | #! ${pkgs.stdenv.shell} | 138 | #! ${pkgs.stdenv.shell} |
diff --git a/modules/private/websites/tools/commento/default.nix b/modules/private/websites/tools/commento/default.nix index d0e7d24..c36255b 100644 --- a/modules/private/websites/tools/commento/default.nix +++ b/modules/private/websites/tools/commento/default.nix | |||
| @@ -12,10 +12,9 @@ in | |||
| 12 | enable = lib.mkEnableOption "Enable commento website"; | 12 | enable = lib.mkEnableOption "Enable commento website"; |
| 13 | }; | 13 | }; |
| 14 | config = lib.mkIf cfg.enable { | 14 | config = lib.mkIf cfg.enable { |
| 15 | secrets.keys = [ | 15 | secrets.keys = { |
| 16 | { | 16 | "commento/env" = { |
| 17 | dest = "commento/env"; | 17 | permissions = "0400"; |
| 18 | permission = "0400"; | ||
| 19 | text = '' | 18 | text = '' |
| 20 | COMMENTO_ORIGIN=https://commento.immae.eu/ | 19 | COMMENTO_ORIGIN=https://commento.immae.eu/ |
| 21 | COMMENTO_PORT=${port} | 20 | COMMENTO_PORT=${port} |
| @@ -29,8 +28,8 @@ in | |||
| 29 | COMMENTO_SMTP_PASSWORD=${env.smtp.password} | 28 | COMMENTO_SMTP_PASSWORD=${env.smtp.password} |
| 30 | COMMENTO_SMTP_FROM_ADDRESS=${env.smtp.email} | 29 | COMMENTO_SMTP_FROM_ADDRESS=${env.smtp.email} |
| 31 | ''; | 30 | ''; |
| 32 | } | 31 | }; |
| 33 | ]; | 32 | }; |
| 34 | 33 | ||
| 35 | services.websites.env.tools.vhostConfs.commento = { | 34 | services.websites.env.tools.vhostConfs.commento = { |
| 36 | certName = "eldiron"; | 35 | certName = "eldiron"; |
diff --git a/modules/private/websites/tools/dav/davical.nix b/modules/private/websites/tools/dav/davical.nix index eeac1b5..9e4056a 100644 --- a/modules/private/websites/tools/dav/davical.nix +++ b/modules/private/websites/tools/dav/davical.nix | |||
| @@ -6,8 +6,7 @@ rec { | |||
| 6 | install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/davical | 6 | install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/davical |
| 7 | ''; | 7 | ''; |
| 8 | }; | 8 | }; |
| 9 | keys = [{ | 9 | keys."webapps/dav-davical" = { |
| 10 | dest = "webapps/dav-davical"; | ||
| 11 | user = apache.user; | 10 | user = apache.user; |
| 12 | group = apache.group; | 11 | group = apache.group; |
| 13 | permissions = "0400"; | 12 | permissions = "0400"; |
| @@ -64,7 +63,7 @@ rec { | |||
| 64 | $c->do_not_sync_from_ldap = array('admin' => true); | 63 | $c->do_not_sync_from_ldap = array('admin' => true); |
| 65 | include('drivers_ldap.php'); | 64 | include('drivers_ldap.php'); |
| 66 | ''; | 65 | ''; |
| 67 | }]; | 66 | }; |
| 68 | webapp = davical.override { davical_config = config.secrets.fullPaths."webapps/dav-davical"; }; | 67 | webapp = davical.override { davical_config = config.secrets.fullPaths."webapps/dav-davical"; }; |
| 69 | webRoot = "${webapp}/htdocs"; | 68 | webRoot = "${webapp}/htdocs"; |
| 70 | apache = rec { | 69 | apache = rec { |
diff --git a/modules/private/websites/tools/diaspora/default.nix b/modules/private/websites/tools/diaspora/default.nix index 663fe88..9119ead 100644 --- a/modules/private/websites/tools/diaspora/default.nix +++ b/modules/private/websites/tools/diaspora/default.nix | |||
| @@ -16,16 +16,14 @@ in { | |||
| 16 | }; | 16 | }; |
| 17 | users.users.diaspora.extraGroups = [ "keys" ]; | 17 | users.users.diaspora.extraGroups = [ "keys" ]; |
| 18 | 18 | ||
| 19 | secrets.keys = [ | 19 | secrets.keys = { |
| 20 | { | 20 | "webapps/diaspora" = { |
| 21 | dest = "webapps/diaspora"; | ||
| 22 | isDir = true; | 21 | isDir = true; |
| 23 | user = "diaspora"; | 22 | user = "diaspora"; |
| 24 | group = "diaspora"; | 23 | group = "diaspora"; |
| 25 | permissions = "0500"; | 24 | permissions = "0500"; |
| 26 | } | 25 | }; |
| 27 | { | 26 | "webapps/diaspora/diaspora.yml" = { |
| 28 | dest = "webapps/diaspora/diaspora.yml"; | ||
| 29 | user = "diaspora"; | 27 | user = "diaspora"; |
| 30 | group = "diaspora"; | 28 | group = "diaspora"; |
| 31 | permissions = "0400"; | 29 | permissions = "0400"; |
| @@ -102,9 +100,8 @@ in { | |||
| 102 | development: | 100 | development: |
| 103 | environment: | 101 | environment: |
| 104 | ''; | 102 | ''; |
| 105 | } | 103 | }; |
| 106 | { | 104 | "webapps/diaspora/database.yml" = { |
| 107 | dest = "webapps/diaspora/database.yml"; | ||
| 108 | user = "diaspora"; | 105 | user = "diaspora"; |
| 109 | group = "diaspora"; | 106 | group = "diaspora"; |
| 110 | permissions = "0400"; | 107 | permissions = "0400"; |
| @@ -136,17 +133,16 @@ in { | |||
| 136 | <<: *combined | 133 | <<: *combined |
| 137 | database: diaspora_integration2 | 134 | database: diaspora_integration2 |
| 138 | ''; | 135 | ''; |
| 139 | } | 136 | }; |
| 140 | { | 137 | "webapps/diaspora/secret_token.rb" = { |
| 141 | dest = "webapps/diaspora/secret_token.rb"; | ||
| 142 | user = "diaspora"; | 138 | user = "diaspora"; |
| 143 | group = "diaspora"; | 139 | group = "diaspora"; |
| 144 | permissions = "0400"; | 140 | permissions = "0400"; |
| 145 | text = '' | 141 | text = '' |
| 146 | Diaspora::Application.config.secret_key_base = '${env.secret_token}' | 142 | Diaspora::Application.config.secret_key_base = '${env.secret_token}' |
| 147 | ''; | 143 | ''; |
| 148 | } | 144 | }; |
| 149 | ]; | 145 | }; |
| 150 | 146 | ||
| 151 | services.diaspora = { | 147 | services.diaspora = { |
| 152 | enable = true; | 148 | enable = true; |
diff --git a/modules/private/websites/tools/ether/default.nix b/modules/private/websites/tools/ether/default.nix index 64e411d..d5c65a9 100644 --- a/modules/private/websites/tools/ether/default.nix +++ b/modules/private/websites/tools/ether/default.nix | |||
| @@ -15,19 +15,16 @@ in { | |||
| 15 | services.duplyBackup.profiles.etherpad-lite = { | 15 | services.duplyBackup.profiles.etherpad-lite = { |
| 16 | rootDir = "/var/lib/private/etherpad-lite"; | 16 | rootDir = "/var/lib/private/etherpad-lite"; |
| 17 | }; | 17 | }; |
| 18 | secrets.keys = [ | 18 | secrets.keys = { |
| 19 | { | 19 | "webapps/tools-etherpad-apikey" = { |
| 20 | dest = "webapps/tools-etherpad-apikey"; | ||
| 21 | permissions = "0400"; | 20 | permissions = "0400"; |
| 22 | text = env.api_key; | 21 | text = env.api_key; |
| 23 | } | 22 | }; |
| 24 | { | 23 | "webapps/tools-etherpad-sessionkey" = { |
| 25 | dest = "webapps/tools-etherpad-sessionkey"; | ||
| 26 | permissions = "0400"; | 24 | permissions = "0400"; |
| 27 | text = env.session_key; | 25 | text = env.session_key; |
| 28 | } | 26 | }; |
| 29 | { | 27 | "webapps/tools-etherpad" = { |
| 30 | dest = "webapps/tools-etherpad"; | ||
| 31 | permissions = "0400"; | 28 | permissions = "0400"; |
| 32 | text = '' | 29 | text = '' |
| 33 | { | 30 | { |
| @@ -152,8 +149,8 @@ in { | |||
| 152 | "logconfig" : { "appenders": [ { "type": "console" } ] } | 149 | "logconfig" : { "appenders": [ { "type": "console" } ] } |
| 153 | } | 150 | } |
| 154 | ''; | 151 | ''; |
| 155 | } | 152 | }; |
| 156 | ]; | 153 | }; |
| 157 | services.etherpad-lite = { | 154 | services.etherpad-lite = { |
| 158 | enable = true; | 155 | enable = true; |
| 159 | package = pkgs.webapps.etherpad-lite.withModules (p: [ | 156 | package = pkgs.webapps.etherpad-lite.withModules (p: [ |
diff --git a/modules/private/websites/tools/git/mantisbt.nix b/modules/private/websites/tools/git/mantisbt.nix index e6a8da7..033a651 100644 --- a/modules/private/websites/tools/git/mantisbt.nix +++ b/modules/private/websites/tools/git/mantisbt.nix | |||
| @@ -6,8 +6,7 @@ rec { | |||
| 6 | install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/mantisbt | 6 | install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/mantisbt |
| 7 | ''; | 7 | ''; |
| 8 | }; | 8 | }; |
| 9 | keys = [{ | 9 | keys."webapps/tools-mantisbt" = { |
| 10 | dest = "webapps/tools-mantisbt"; | ||
| 11 | user = apache.user; | 10 | user = apache.user; |
| 12 | group = apache.group; | 11 | group = apache.group; |
| 13 | permissions = "0400"; | 12 | permissions = "0400"; |
| @@ -45,7 +44,7 @@ rec { | |||
| 45 | $g_ldap_realname_field = 'cn'; | 44 | $g_ldap_realname_field = 'cn'; |
| 46 | $g_ldap_organization = '${env.ldap.filter}'; | 45 | $g_ldap_organization = '${env.ldap.filter}'; |
| 47 | ''; | 46 | ''; |
| 48 | }]; | 47 | }; |
| 49 | webRoot = (mantisbt_2.override { mantis_config = config.secrets.fullPaths."webapps/tools-mantisbt"; }).withPlugins (p: [p.slack p.source-integration]); | 48 | webRoot = (mantisbt_2.override { mantis_config = config.secrets.fullPaths."webapps/tools-mantisbt"; }).withPlugins (p: [p.slack p.source-integration]); |
| 50 | apache = rec { | 49 | apache = rec { |
| 51 | user = "wwwrun"; | 50 | user = "wwwrun"; |
diff --git a/modules/private/websites/tools/mail/roundcubemail.nix b/modules/private/websites/tools/mail/roundcubemail.nix index 7d8e733..92de28e 100644 --- a/modules/private/websites/tools/mail/roundcubemail.nix +++ b/modules/private/websites/tools/mail/roundcubemail.nix | |||
| @@ -9,8 +9,7 @@ rec { | |||
| 9 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions | 9 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions |
| 10 | ''; | 10 | ''; |
| 11 | }; | 11 | }; |
| 12 | keys = [{ | 12 | keys."webapps/tools-roundcube" = { |
| 13 | dest = "webapps/tools-roundcube"; | ||
| 14 | user = apache.user; | 13 | user = apache.user; |
| 15 | group = apache.group; | 14 | group = apache.group; |
| 16 | permissions = "0400"; | 15 | permissions = "0400"; |
| @@ -74,7 +73,7 @@ rec { | |||
| 74 | $config['temp_dir'] = '${varDir}/cache'; | 73 | $config['temp_dir'] = '${varDir}/cache'; |
| 75 | $config['mime_types'] = '${apacheHttpd}/conf/mime.types'; | 74 | $config['mime_types'] = '${apacheHttpd}/conf/mime.types'; |
| 76 | ''; | 75 | ''; |
| 77 | }]; | 76 | }; |
| 78 | webRoot = (roundcubemail.override { roundcube_config = config.secrets.fullPaths."webapps/tools-roundcube"; }).withPlugins (p: [ p.automatic_addressbook p.carddav p.contextmenu p.contextmenu_folder p.html5_notifier p.ident_switch p.message_highlight p.thunderbird_labels ]); | 77 | webRoot = (roundcubemail.override { roundcube_config = config.secrets.fullPaths."webapps/tools-roundcube"; }).withPlugins (p: [ p.automatic_addressbook p.carddav p.contextmenu p.contextmenu_folder p.html5_notifier p.ident_switch p.message_highlight p.thunderbird_labels ]); |
| 79 | apache = rec { | 78 | apache = rec { |
| 80 | user = "wwwrun"; | 79 | user = "wwwrun"; |
diff --git a/modules/private/websites/tools/mastodon/default.nix b/modules/private/websites/tools/mastodon/default.nix index cea8710..87e8d72 100644 --- a/modules/private/websites/tools/mastodon/default.nix +++ b/modules/private/websites/tools/mastodon/default.nix | |||
| @@ -13,8 +13,7 @@ in { | |||
| 13 | services.duplyBackup.profiles.mastodon = { | 13 | services.duplyBackup.profiles.mastodon = { |
| 14 | rootDir = mcfg.dataDir; | 14 | rootDir = mcfg.dataDir; |
| 15 | }; | 15 | }; |
| 16 | secrets.keys = [{ | 16 | secrets.keys."webapps/tools-mastodon" = { |
| 17 | dest = "webapps/tools-mastodon"; | ||
| 18 | user = "mastodon"; | 17 | user = "mastodon"; |
| 19 | group = "mastodon"; | 18 | group = "mastodon"; |
| 20 | permissions = "0400"; | 19 | permissions = "0400"; |
| @@ -59,7 +58,7 @@ in { | |||
| 59 | LDAP_UID="uid" | 58 | LDAP_UID="uid" |
| 60 | LDAP_SEARCH_FILTER="${env.ldap.filter}" | 59 | LDAP_SEARCH_FILTER="${env.ldap.filter}" |
| 61 | ''; | 60 | ''; |
| 62 | }]; | 61 | }; |
| 63 | services.mastodon = { | 62 | services.mastodon = { |
| 64 | enable = true; | 63 | enable = true; |
| 65 | configFile = config.secrets.fullPaths."webapps/tools-mastodon"; | 64 | configFile = config.secrets.fullPaths."webapps/tools-mastodon"; |
diff --git a/modules/private/websites/tools/mgoblin/default.nix b/modules/private/websites/tools/mgoblin/default.nix index 6d6a5a4..f6cba4a 100644 --- a/modules/private/websites/tools/mgoblin/default.nix +++ b/modules/private/websites/tools/mgoblin/default.nix | |||
| @@ -12,8 +12,7 @@ in { | |||
| 12 | services.duplyBackup.profiles.mgoblin = { | 12 | services.duplyBackup.profiles.mgoblin = { |
| 13 | rootDir = mcfg.dataDir; | 13 | rootDir = mcfg.dataDir; |
| 14 | }; | 14 | }; |
| 15 | secrets.keys = [{ | 15 | secrets.keys."webapps/tools-mediagoblin" = { |
| 16 | dest = "webapps/tools-mediagoblin"; | ||
| 17 | user = "mediagoblin"; | 16 | user = "mediagoblin"; |
| 18 | group = "mediagoblin"; | 17 | group = "mediagoblin"; |
| 19 | permissions = "0400"; | 18 | permissions = "0400"; |
| @@ -77,7 +76,7 @@ in { | |||
| 77 | [[mediagoblin.media_types.image]] | 76 | [[mediagoblin.media_types.image]] |
| 78 | [[mediagoblin.media_types.video]] | 77 | [[mediagoblin.media_types.video]] |
| 79 | ''; | 78 | ''; |
| 80 | }]; | 79 | }; |
| 81 | 80 | ||
| 82 | users.users.mediagoblin.extraGroups = [ "keys" ]; | 81 | users.users.mediagoblin.extraGroups = [ "keys" ]; |
| 83 | 82 | ||
diff --git a/modules/private/websites/tools/peertube/default.nix b/modules/private/websites/tools/peertube/default.nix index 7dcc998..daeeb1f 100644 --- a/modules/private/websites/tools/peertube/default.nix +++ b/modules/private/websites/tools/peertube/default.nix | |||
| @@ -18,8 +18,7 @@ in { | |||
| 18 | }; | 18 | }; |
| 19 | users.users.peertube.extraGroups = [ "keys" ]; | 19 | users.users.peertube.extraGroups = [ "keys" ]; |
| 20 | 20 | ||
| 21 | secrets.keys = [{ | 21 | secrets.keys."webapps/tools-peertube" = { |
| 22 | dest = "webapps/tools-peertube"; | ||
| 23 | user = "peertube"; | 22 | user = "peertube"; |
| 24 | group = "peertube"; | 23 | group = "peertube"; |
| 25 | permissions = "0640"; | 24 | permissions = "0640"; |
| @@ -62,7 +61,7 @@ in { | |||
| 62 | plugins: '${pcfg.dataDir}/storage/plugins/' | 61 | plugins: '${pcfg.dataDir}/storage/plugins/' |
| 63 | client_overrides: '${pcfg.dataDir}/storage/client-overrides/' | 62 | client_overrides: '${pcfg.dataDir}/storage/client-overrides/' |
| 64 | ''; | 63 | ''; |
| 65 | }]; | 64 | }; |
| 66 | 65 | ||
| 67 | services.websites.env.tools.modules = [ | 66 | services.websites.env.tools.modules = [ |
| 68 | "headers" "proxy" "proxy_http" "proxy_wstunnel" | 67 | "headers" "proxy" "proxy_http" "proxy_wstunnel" |
diff --git a/modules/private/websites/tools/performance/default.nix b/modules/private/websites/tools/performance/default.nix index 5afd639..5715ff0 100644 --- a/modules/private/websites/tools/performance/default.nix +++ b/modules/private/websites/tools/performance/default.nix | |||
| @@ -11,9 +11,8 @@ in | |||
| 11 | }; | 11 | }; |
| 12 | 12 | ||
| 13 | config = lib.mkIf cfg.enable { | 13 | config = lib.mkIf cfg.enable { |
| 14 | secrets.keys = [ | 14 | secrets.keys = { |
| 15 | { | 15 | status_engine_ui = { |
| 16 | dest = "status_engine_ui"; | ||
| 17 | permissions = "0400"; | 16 | permissions = "0400"; |
| 18 | user = "wwwrun"; | 17 | user = "wwwrun"; |
| 19 | group = "wwwrun"; | 18 | group = "wwwrun"; |
| @@ -44,8 +43,8 @@ in | |||
| 44 | display_perfdata: 1 | 43 | display_perfdata: 1 |
| 45 | perfdata_backend: mysql | 44 | perfdata_backend: mysql |
| 46 | ''; | 45 | ''; |
| 47 | } | 46 | }; |
| 48 | ]; | 47 | }; |
| 49 | 48 | ||
| 50 | services.websites.env.tools.modules = [ "proxy_fcgi" ]; | 49 | services.websites.env.tools.modules = [ "proxy_fcgi" ]; |
| 51 | 50 | ||
diff --git a/modules/private/websites/tools/stats/default.nix b/modules/private/websites/tools/stats/default.nix index 5f184bc..71e31a3 100644 --- a/modules/private/websites/tools/stats/default.nix +++ b/modules/private/websites/tools/stats/default.nix | |||
| @@ -6,9 +6,8 @@ in | |||
| 6 | { | 6 | { |
| 7 | options.myServices.websites.tools.stats.enable = lib.mkEnableOption "Enable stats site"; | 7 | options.myServices.websites.tools.stats.enable = lib.mkEnableOption "Enable stats site"; |
| 8 | config = lib.mkIf cfg.enable { | 8 | config = lib.mkIf cfg.enable { |
| 9 | secrets.keys = [ | 9 | secrets.keys = { |
| 10 | { | 10 | "uami/env" = { |
| 11 | dest = "umami/env"; | ||
| 12 | permission = "0400"; | 11 | permission = "0400"; |
| 13 | text = '' | 12 | text = '' |
| 14 | PORT=${toString myCfg.listenPort} | 13 | PORT=${toString myCfg.listenPort} |
| @@ -16,8 +15,8 @@ in | |||
| 16 | DATABASE_URL=postgresql://${myCfg.postgresql.user}:${myCfg.postgresql.password}@localhost:${myCfg.postgresql.port}/${myCfg.postgresql.database}?sslmode=disable&host=${myCfg.postgresql.socket} | 15 | DATABASE_URL=postgresql://${myCfg.postgresql.user}:${myCfg.postgresql.password}@localhost:${myCfg.postgresql.port}/${myCfg.postgresql.database}?sslmode=disable&host=${myCfg.postgresql.socket} |
| 17 | HASH_SALT=${myCfg.hashSalt} | 16 | HASH_SALT=${myCfg.hashSalt} |
| 18 | ''; | 17 | ''; |
| 19 | } | 18 | }; |
| 20 | ]; | 19 | }; |
| 21 | 20 | ||
| 22 | services.websites.env.tools.vhostConfs.stats = { | 21 | services.websites.env.tools.vhostConfs.stats = { |
| 23 | certName = "eldiron"; | 22 | certName = "eldiron"; |
diff --git a/modules/private/websites/tools/tools/csp_reports.nix b/modules/private/websites/tools/tools/csp_reports.nix index 4660251..9b3f0cf 100644 --- a/modules/private/websites/tools/tools/csp_reports.nix +++ b/modules/private/websites/tools/tools/csp_reports.nix | |||
| @@ -1,12 +1,11 @@ | |||
| 1 | { env }: | 1 | { env }: |
| 2 | rec { | 2 | rec { |
| 3 | keys = [{ | 3 | keys."webapps/tools-csp-reports.conf" = { |
| 4 | dest = "webapps/tools-csp-reports.conf"; | ||
| 5 | user = "wwwrun"; | 4 | user = "wwwrun"; |
| 6 | group = "wwwrun"; | 5 | group = "wwwrun"; |
| 7 | permissions = "0400"; | 6 | permissions = "0400"; |
| 8 | text = with env.postgresql; '' | 7 | text = with env.postgresql; '' |
| 9 | env[CSP_REPORT_URI] = "host=${socket} dbname=${database} user=${user} password=${password}" | 8 | env[CSP_REPORT_URI] = "host=${socket} dbname=${database} user=${user} password=${password}" |
| 10 | ''; | 9 | ''; |
| 11 | }]; | 10 | }; |
| 12 | } | 11 | } |
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix index ada6253..1f499fb 100644 --- a/modules/private/websites/tools/tools/default.nix +++ b/modules/private/websites/tools/tools/default.nix | |||
| @@ -83,14 +83,14 @@ in { | |||
| 83 | config = lib.mkIf cfg.enable { | 83 | config = lib.mkIf cfg.enable { |
| 84 | secrets.keys = | 84 | secrets.keys = |
| 85 | kanboard.keys | 85 | kanboard.keys |
| 86 | ++ ldap.keys | 86 | // ldap.keys |
| 87 | ++ shaarli.keys | 87 | // shaarli.keys |
| 88 | ++ ttrss.keys | 88 | // ttrss.keys |
| 89 | ++ wallabag.keys | 89 | // wallabag.keys |
| 90 | ++ yourls.keys | 90 | // yourls.keys |
| 91 | ++ dmarc-reports.keys | 91 | // dmarc-reports.keys |
| 92 | ++ csp-reports.keys | 92 | // csp-reports.keys |
| 93 | ++ webhooks.keys; | 93 | // webhooks.keys; |
| 94 | 94 | ||
| 95 | services.duplyBackup.profiles = { | 95 | services.duplyBackup.profiles = { |
| 96 | dokuwiki = dokuwiki.backups; | 96 | dokuwiki = dokuwiki.backups; |
diff --git a/modules/private/websites/tools/tools/dmarc_reports.nix b/modules/private/websites/tools/tools/dmarc_reports.nix index 5fdf0b6..89da246 100644 --- a/modules/private/websites/tools/tools/dmarc_reports.nix +++ b/modules/private/websites/tools/tools/dmarc_reports.nix | |||
| @@ -1,7 +1,6 @@ | |||
| 1 | { env, config }: | 1 | { env, config }: |
| 2 | rec { | 2 | rec { |
| 3 | keys = [{ | 3 | keys."webapps/tools-dmarc-reports.php" = { |
| 4 | dest = "webapps/tools-dmarc-reports.php"; | ||
| 5 | user = "wwwrun"; | 4 | user = "wwwrun"; |
| 6 | group = "wwwrun"; | 5 | group = "wwwrun"; |
| 7 | permissions = "0400"; | 6 | permissions = "0400"; |
| @@ -15,7 +14,7 @@ rec { | |||
| 15 | $anonymous_key = "${env.anonymous_key}"; | 14 | $anonymous_key = "${env.anonymous_key}"; |
| 16 | ?> | 15 | ?> |
| 17 | ''; | 16 | ''; |
| 18 | }]; | 17 | }; |
| 19 | webRoot = ./dmarc_reports; | 18 | webRoot = ./dmarc_reports; |
| 20 | apache = rec { | 19 | apache = rec { |
| 21 | user = "wwwrun"; | 20 | user = "wwwrun"; |
diff --git a/modules/private/websites/tools/tools/kanboard.nix b/modules/private/websites/tools/tools/kanboard.nix index 1a70499..b2e7b65 100644 --- a/modules/private/websites/tools/tools/kanboard.nix +++ b/modules/private/websites/tools/tools/kanboard.nix | |||
| @@ -13,8 +13,7 @@ rec { | |||
| 13 | install -TDm644 ${webRoot}/dataold/web.config ${varDir}/data/web.config | 13 | install -TDm644 ${webRoot}/dataold/web.config ${varDir}/data/web.config |
| 14 | ''; | 14 | ''; |
| 15 | }; | 15 | }; |
| 16 | keys = [{ | 16 | keys."webapps/tools-kanboard" = { |
| 17 | dest = "webapps/tools-kanboard"; | ||
| 18 | user = apache.user; | 17 | user = apache.user; |
| 19 | group = apache.group; | 18 | group = apache.group; |
| 20 | permissions = "0400"; | 19 | permissions = "0400"; |
| @@ -41,7 +40,7 @@ rec { | |||
| 41 | define('LDAP_GROUP_ADMIN_DN', '${env.ldap.admin_dn}'); | 40 | define('LDAP_GROUP_ADMIN_DN', '${env.ldap.admin_dn}'); |
| 42 | ?> | 41 | ?> |
| 43 | ''; | 42 | ''; |
| 44 | }]; | 43 | }; |
| 45 | webRoot = kanboard { kanboard_config = config.secrets.fullPaths."webapps/tools-kanboard"; }; | 44 | webRoot = kanboard { kanboard_config = config.secrets.fullPaths."webapps/tools-kanboard"; }; |
| 46 | apache = rec { | 45 | apache = rec { |
| 47 | user = "wwwrun"; | 46 | user = "wwwrun"; |
diff --git a/modules/private/websites/tools/tools/ldap.nix b/modules/private/websites/tools/tools/ldap.nix index cb90edc..14920f4 100644 --- a/modules/private/websites/tools/tools/ldap.nix +++ b/modules/private/websites/tools/tools/ldap.nix | |||
| @@ -6,8 +6,7 @@ rec { | |||
| 6 | install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/phpldapadmin | 6 | install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/phpldapadmin |
| 7 | ''; | 7 | ''; |
| 8 | }; | 8 | }; |
| 9 | keys = [{ | 9 | keys."webapps/tools-ldap" = { |
| 10 | dest = "webapps/tools-ldap"; | ||
| 11 | user = apache.user; | 10 | user = apache.user; |
| 12 | group = apache.group; | 11 | group = apache.group; |
| 13 | permissions = "0400"; | 12 | permissions = "0400"; |
| @@ -31,7 +30,7 @@ rec { | |||
| 31 | $servers->setValue('login','attr','uid'); | 30 | $servers->setValue('login','attr','uid'); |
| 32 | $servers->setValue('login','fallback_dn',true); | 31 | $servers->setValue('login','fallback_dn',true); |
| 33 | ''; | 32 | ''; |
| 34 | }]; | 33 | }; |
| 35 | webRoot = phpldapadmin.override { config = config.secrets.fullPaths."webapps/tools-ldap"; }; | 34 | webRoot = phpldapadmin.override { config = config.secrets.fullPaths."webapps/tools-ldap"; }; |
| 36 | apache = rec { | 35 | apache = rec { |
| 37 | user = "wwwrun"; | 36 | user = "wwwrun"; |
diff --git a/modules/private/websites/tools/tools/shaarli.nix b/modules/private/websites/tools/tools/shaarli.nix index 80c6a89..b7126cc 100644 --- a/modules/private/websites/tools/tools/shaarli.nix +++ b/modules/private/websites/tools/tools/shaarli.nix | |||
| @@ -38,8 +38,7 @@ in rec { | |||
| 38 | </Directory> | 38 | </Directory> |
| 39 | ''; | 39 | ''; |
| 40 | }; | 40 | }; |
| 41 | keys = [{ | 41 | keys."webapps/tools-shaarli" = { |
| 42 | dest = "webapps/tools-shaarli"; | ||
| 43 | user = apache.user; | 42 | user = apache.user; |
| 44 | group = apache.group; | 43 | group = apache.group; |
| 45 | permissions = "0400"; | 44 | permissions = "0400"; |
| @@ -50,7 +49,7 @@ in rec { | |||
| 50 | SetEnv SHAARLI_LDAP_BASE "${env.ldap.base}" | 49 | SetEnv SHAARLI_LDAP_BASE "${env.ldap.base}" |
| 51 | SetEnv SHAARLI_LDAP_FILTER "${env.ldap.filter}" | 50 | SetEnv SHAARLI_LDAP_FILTER "${env.ldap.filter}" |
| 52 | ''; | 51 | ''; |
| 53 | }]; | 52 | }; |
| 54 | phpFpm = rec { | 53 | phpFpm = rec { |
| 55 | serviceDeps = [ "openldap.service" ]; | 54 | serviceDeps = [ "openldap.service" ]; |
| 56 | basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; | 55 | basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; |
diff --git a/modules/private/websites/tools/tools/ttrss.nix b/modules/private/websites/tools/tools/ttrss.nix index eb1d415..f6abae9 100644 --- a/modules/private/websites/tools/tools/ttrss.nix +++ b/modules/private/websites/tools/tools/ttrss.nix | |||
| @@ -19,8 +19,7 @@ rec { | |||
| 19 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions | 19 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions |
| 20 | ''; | 20 | ''; |
| 21 | }; | 21 | }; |
| 22 | keys = [{ | 22 | keys."webapps/tools-ttrss" = { |
| 23 | dest = "webapps/tools-ttrss"; | ||
| 24 | user = apache.user; | 23 | user = apache.user; |
| 25 | group = apache.group; | 24 | group = apache.group; |
| 26 | permissions = "0400"; | 25 | permissions = "0400"; |
| @@ -87,7 +86,7 @@ rec { | |||
| 87 | define('LDAP_AUTH_LOG_ATTEMPTS', FALSE); | 86 | define('LDAP_AUTH_LOG_ATTEMPTS', FALSE); |
| 88 | define('LDAP_AUTH_DEBUG', FALSE); | 87 | define('LDAP_AUTH_DEBUG', FALSE); |
| 89 | ''; | 88 | ''; |
| 90 | }]; | 89 | }; |
| 91 | webRoot = (ttrss.override { ttrss_config = config.secrets.fullPaths."webapps/tools-ttrss"; }).withPlugins (p: [ | 90 | webRoot = (ttrss.override { ttrss_config = config.secrets.fullPaths."webapps/tools-ttrss"; }).withPlugins (p: [ |
| 92 | p.auth_ldap p.ff_instagram p.tumblr_gdpr_ua | 91 | p.auth_ldap p.ff_instagram p.tumblr_gdpr_ua |
| 93 | (p.af_feedmod.override { patched = true; }) | 92 | (p.af_feedmod.override { patched = true; }) |
diff --git a/modules/private/websites/tools/tools/wallabag.nix b/modules/private/websites/tools/tools/wallabag.nix index 1a604c7..b6ad151 100644 --- a/modules/private/websites/tools/tools/wallabag.nix +++ b/modules/private/websites/tools/tools/wallabag.nix | |||
| @@ -5,8 +5,7 @@ rec { | |||
| 5 | remotes = [ "eriomem" "ovh" ]; | 5 | remotes = [ "eriomem" "ovh" ]; |
| 6 | }; | 6 | }; |
| 7 | varDir = "/var/lib/wallabag"; | 7 | varDir = "/var/lib/wallabag"; |
| 8 | keys = [{ | 8 | keys."webapps/tools-wallabag" = { |
| 9 | dest = "webapps/tools-wallabag"; | ||
| 10 | user = apache.user; | 9 | user = apache.user; |
| 11 | group = apache.group; | 10 | group = apache.group; |
| 12 | permissions = "0400"; | 11 | permissions = "0400"; |
| @@ -68,7 +67,7 @@ rec { | |||
| 68 | class: Swift_SendmailTransport | 67 | class: Swift_SendmailTransport |
| 69 | arguments: ['/run/wrappers/bin/sendmail -bs'] | 68 | arguments: ['/run/wrappers/bin/sendmail -bs'] |
| 70 | ''; | 69 | ''; |
| 71 | }]; | 70 | }; |
| 72 | webappDir = wallabag.override { ldap = true; wallabag_config = config.secrets.fullPaths."webapps/tools-wallabag"; }; | 71 | webappDir = wallabag.override { ldap = true; wallabag_config = config.secrets.fullPaths."webapps/tools-wallabag"; }; |
| 73 | activationScript = '' | 72 | activationScript = '' |
| 74 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ | 73 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ |
diff --git a/modules/private/websites/tools/tools/webhooks.nix b/modules/private/websites/tools/tools/webhooks.nix index 8ffb81b..785e22b 100644 --- a/modules/private/websites/tools/tools/webhooks.nix +++ b/modules/private/websites/tools/tools/webhooks.nix | |||
| @@ -1,16 +1,17 @@ | |||
| 1 | { lib, env }: | 1 | { lib, env }: |
| 2 | { | 2 | { |
| 3 | keys = lib.attrsets.mapAttrsToList (k: v: { | 3 | keys = lib.attrsets.mapAttrs' (k: v: |
| 4 | dest = "webapps/webhooks/${k}.php"; | 4 | lib.nameValuePair "webapps/webhooks/${k}.php" { |
| 5 | user = "wwwrun"; | 5 | user = "wwwrun"; |
| 6 | group = "wwwrun"; | 6 | group = "wwwrun"; |
| 7 | permissions = "0400"; | 7 | permissions = "0400"; |
| 8 | text = v; | 8 | text = v; |
| 9 | }) env ++ [{ | 9 | }) env // { |
| 10 | dest = "webapps/webhooks"; | 10 | "webapps/webhooks" = { |
| 11 | isDir = true; | 11 | isDir = true; |
| 12 | user = "wwwrun"; | 12 | user = "wwwrun"; |
| 13 | group = "wwwrun"; | 13 | group = "wwwrun"; |
| 14 | permissions = "0500"; | 14 | permissions = "0500"; |
| 15 | }]; | 15 | }; |
| 16 | }; | ||
| 16 | } | 17 | } |
diff --git a/modules/private/websites/tools/tools/yourls.nix b/modules/private/websites/tools/tools/yourls.nix index 0f977f2..01ef548 100644 --- a/modules/private/websites/tools/tools/yourls.nix +++ b/modules/private/websites/tools/tools/yourls.nix | |||
| @@ -6,8 +6,7 @@ rec { | |||
| 6 | install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/yourls | 6 | install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/yourls |
| 7 | ''; | 7 | ''; |
| 8 | }; | 8 | }; |
| 9 | keys = [{ | 9 | keys."webapps/tools-yourls" = { |
| 10 | dest = "webapps/tools-yourls"; | ||
| 11 | user = apache.user; | 10 | user = apache.user; |
| 12 | group = apache.group; | 11 | group = apache.group; |
| 13 | permissions = "0400"; | 12 | permissions = "0400"; |
| @@ -39,7 +38,7 @@ rec { | |||
| 39 | 38 | ||
| 40 | define( 'LDAPAUTH_USERCACHE_TYPE', 0); | 39 | define( 'LDAPAUTH_USERCACHE_TYPE', 0); |
| 41 | ''; | 40 | ''; |
| 42 | }]; | 41 | }; |
| 43 | webRoot = (yourls.override { yourls_config = config.secrets.fullPaths."webapps/tools-yourls"; }).withPlugins (p: [p.ldap]); | 42 | webRoot = (yourls.override { yourls_config = config.secrets.fullPaths."webapps/tools-yourls"; }).withPlugins (p: [p.ldap]); |
| 44 | apache = rec { | 43 | apache = rec { |
| 45 | user = "wwwrun"; | 44 | user = "wwwrun"; |