diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2021-10-16 17:40:07 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2021-10-16 20:20:45 +0200 |
commit | 4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0 (patch) | |
tree | 9a7ede9ac3f1899074e9ef568a447f883191d3b5 /modules/private/websites/tools | |
parent | da30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2 (diff) | |
download | Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.tar.gz Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.tar.zst Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.zip |
Use attrs for secrets instead of lists
Diffstat (limited to 'modules/private/websites/tools')
22 files changed, 79 insertions, 103 deletions
diff --git a/modules/private/websites/tools/cloud/default.nix b/modules/private/websites/tools/cloud/default.nix index 471858a..fc0aae6 100644 --- a/modules/private/websites/tools/cloud/default.nix +++ b/modules/private/websites/tools/cloud/default.nix | |||
@@ -73,8 +73,7 @@ in { | |||
73 | ]; | 73 | ]; |
74 | }; | 74 | }; |
75 | 75 | ||
76 | secrets.keys = [{ | 76 | secrets.keys."webapps/tools-nextcloud" = { |
77 | dest = "webapps/tools-nextcloud"; | ||
78 | user = "wwwrun"; | 77 | user = "wwwrun"; |
79 | group = "wwwrun"; | 78 | group = "wwwrun"; |
80 | permissions = "0600"; | 79 | permissions = "0600"; |
@@ -133,7 +132,7 @@ in { | |||
133 | 'has_rebuilt_cache' => true, | 132 | 'has_rebuilt_cache' => true, |
134 | ); | 133 | ); |
135 | ''; | 134 | ''; |
136 | }]; | 135 | }; |
137 | users.users.root.packages = let | 136 | users.users.root.packages = let |
138 | occ = pkgs.writeScriptBin "nextcloud-occ" '' | 137 | occ = pkgs.writeScriptBin "nextcloud-occ" '' |
139 | #! ${pkgs.stdenv.shell} | 138 | #! ${pkgs.stdenv.shell} |
diff --git a/modules/private/websites/tools/commento/default.nix b/modules/private/websites/tools/commento/default.nix index d0e7d24..c36255b 100644 --- a/modules/private/websites/tools/commento/default.nix +++ b/modules/private/websites/tools/commento/default.nix | |||
@@ -12,10 +12,9 @@ in | |||
12 | enable = lib.mkEnableOption "Enable commento website"; | 12 | enable = lib.mkEnableOption "Enable commento website"; |
13 | }; | 13 | }; |
14 | config = lib.mkIf cfg.enable { | 14 | config = lib.mkIf cfg.enable { |
15 | secrets.keys = [ | 15 | secrets.keys = { |
16 | { | 16 | "commento/env" = { |
17 | dest = "commento/env"; | 17 | permissions = "0400"; |
18 | permission = "0400"; | ||
19 | text = '' | 18 | text = '' |
20 | COMMENTO_ORIGIN=https://commento.immae.eu/ | 19 | COMMENTO_ORIGIN=https://commento.immae.eu/ |
21 | COMMENTO_PORT=${port} | 20 | COMMENTO_PORT=${port} |
@@ -29,8 +28,8 @@ in | |||
29 | COMMENTO_SMTP_PASSWORD=${env.smtp.password} | 28 | COMMENTO_SMTP_PASSWORD=${env.smtp.password} |
30 | COMMENTO_SMTP_FROM_ADDRESS=${env.smtp.email} | 29 | COMMENTO_SMTP_FROM_ADDRESS=${env.smtp.email} |
31 | ''; | 30 | ''; |
32 | } | 31 | }; |
33 | ]; | 32 | }; |
34 | 33 | ||
35 | services.websites.env.tools.vhostConfs.commento = { | 34 | services.websites.env.tools.vhostConfs.commento = { |
36 | certName = "eldiron"; | 35 | certName = "eldiron"; |
diff --git a/modules/private/websites/tools/dav/davical.nix b/modules/private/websites/tools/dav/davical.nix index eeac1b5..9e4056a 100644 --- a/modules/private/websites/tools/dav/davical.nix +++ b/modules/private/websites/tools/dav/davical.nix | |||
@@ -6,8 +6,7 @@ rec { | |||
6 | install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/davical | 6 | install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/davical |
7 | ''; | 7 | ''; |
8 | }; | 8 | }; |
9 | keys = [{ | 9 | keys."webapps/dav-davical" = { |
10 | dest = "webapps/dav-davical"; | ||
11 | user = apache.user; | 10 | user = apache.user; |
12 | group = apache.group; | 11 | group = apache.group; |
13 | permissions = "0400"; | 12 | permissions = "0400"; |
@@ -64,7 +63,7 @@ rec { | |||
64 | $c->do_not_sync_from_ldap = array('admin' => true); | 63 | $c->do_not_sync_from_ldap = array('admin' => true); |
65 | include('drivers_ldap.php'); | 64 | include('drivers_ldap.php'); |
66 | ''; | 65 | ''; |
67 | }]; | 66 | }; |
68 | webapp = davical.override { davical_config = config.secrets.fullPaths."webapps/dav-davical"; }; | 67 | webapp = davical.override { davical_config = config.secrets.fullPaths."webapps/dav-davical"; }; |
69 | webRoot = "${webapp}/htdocs"; | 68 | webRoot = "${webapp}/htdocs"; |
70 | apache = rec { | 69 | apache = rec { |
diff --git a/modules/private/websites/tools/diaspora/default.nix b/modules/private/websites/tools/diaspora/default.nix index 663fe88..9119ead 100644 --- a/modules/private/websites/tools/diaspora/default.nix +++ b/modules/private/websites/tools/diaspora/default.nix | |||
@@ -16,16 +16,14 @@ in { | |||
16 | }; | 16 | }; |
17 | users.users.diaspora.extraGroups = [ "keys" ]; | 17 | users.users.diaspora.extraGroups = [ "keys" ]; |
18 | 18 | ||
19 | secrets.keys = [ | 19 | secrets.keys = { |
20 | { | 20 | "webapps/diaspora" = { |
21 | dest = "webapps/diaspora"; | ||
22 | isDir = true; | 21 | isDir = true; |
23 | user = "diaspora"; | 22 | user = "diaspora"; |
24 | group = "diaspora"; | 23 | group = "diaspora"; |
25 | permissions = "0500"; | 24 | permissions = "0500"; |
26 | } | 25 | }; |
27 | { | 26 | "webapps/diaspora/diaspora.yml" = { |
28 | dest = "webapps/diaspora/diaspora.yml"; | ||
29 | user = "diaspora"; | 27 | user = "diaspora"; |
30 | group = "diaspora"; | 28 | group = "diaspora"; |
31 | permissions = "0400"; | 29 | permissions = "0400"; |
@@ -102,9 +100,8 @@ in { | |||
102 | development: | 100 | development: |
103 | environment: | 101 | environment: |
104 | ''; | 102 | ''; |
105 | } | 103 | }; |
106 | { | 104 | "webapps/diaspora/database.yml" = { |
107 | dest = "webapps/diaspora/database.yml"; | ||
108 | user = "diaspora"; | 105 | user = "diaspora"; |
109 | group = "diaspora"; | 106 | group = "diaspora"; |
110 | permissions = "0400"; | 107 | permissions = "0400"; |
@@ -136,17 +133,16 @@ in { | |||
136 | <<: *combined | 133 | <<: *combined |
137 | database: diaspora_integration2 | 134 | database: diaspora_integration2 |
138 | ''; | 135 | ''; |
139 | } | 136 | }; |
140 | { | 137 | "webapps/diaspora/secret_token.rb" = { |
141 | dest = "webapps/diaspora/secret_token.rb"; | ||
142 | user = "diaspora"; | 138 | user = "diaspora"; |
143 | group = "diaspora"; | 139 | group = "diaspora"; |
144 | permissions = "0400"; | 140 | permissions = "0400"; |
145 | text = '' | 141 | text = '' |
146 | Diaspora::Application.config.secret_key_base = '${env.secret_token}' | 142 | Diaspora::Application.config.secret_key_base = '${env.secret_token}' |
147 | ''; | 143 | ''; |
148 | } | 144 | }; |
149 | ]; | 145 | }; |
150 | 146 | ||
151 | services.diaspora = { | 147 | services.diaspora = { |
152 | enable = true; | 148 | enable = true; |
diff --git a/modules/private/websites/tools/ether/default.nix b/modules/private/websites/tools/ether/default.nix index 64e411d..d5c65a9 100644 --- a/modules/private/websites/tools/ether/default.nix +++ b/modules/private/websites/tools/ether/default.nix | |||
@@ -15,19 +15,16 @@ in { | |||
15 | services.duplyBackup.profiles.etherpad-lite = { | 15 | services.duplyBackup.profiles.etherpad-lite = { |
16 | rootDir = "/var/lib/private/etherpad-lite"; | 16 | rootDir = "/var/lib/private/etherpad-lite"; |
17 | }; | 17 | }; |
18 | secrets.keys = [ | 18 | secrets.keys = { |
19 | { | 19 | "webapps/tools-etherpad-apikey" = { |
20 | dest = "webapps/tools-etherpad-apikey"; | ||
21 | permissions = "0400"; | 20 | permissions = "0400"; |
22 | text = env.api_key; | 21 | text = env.api_key; |
23 | } | 22 | }; |
24 | { | 23 | "webapps/tools-etherpad-sessionkey" = { |
25 | dest = "webapps/tools-etherpad-sessionkey"; | ||
26 | permissions = "0400"; | 24 | permissions = "0400"; |
27 | text = env.session_key; | 25 | text = env.session_key; |
28 | } | 26 | }; |
29 | { | 27 | "webapps/tools-etherpad" = { |
30 | dest = "webapps/tools-etherpad"; | ||
31 | permissions = "0400"; | 28 | permissions = "0400"; |
32 | text = '' | 29 | text = '' |
33 | { | 30 | { |
@@ -152,8 +149,8 @@ in { | |||
152 | "logconfig" : { "appenders": [ { "type": "console" } ] } | 149 | "logconfig" : { "appenders": [ { "type": "console" } ] } |
153 | } | 150 | } |
154 | ''; | 151 | ''; |
155 | } | 152 | }; |
156 | ]; | 153 | }; |
157 | services.etherpad-lite = { | 154 | services.etherpad-lite = { |
158 | enable = true; | 155 | enable = true; |
159 | package = pkgs.webapps.etherpad-lite.withModules (p: [ | 156 | package = pkgs.webapps.etherpad-lite.withModules (p: [ |
diff --git a/modules/private/websites/tools/git/mantisbt.nix b/modules/private/websites/tools/git/mantisbt.nix index e6a8da7..033a651 100644 --- a/modules/private/websites/tools/git/mantisbt.nix +++ b/modules/private/websites/tools/git/mantisbt.nix | |||
@@ -6,8 +6,7 @@ rec { | |||
6 | install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/mantisbt | 6 | install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/mantisbt |
7 | ''; | 7 | ''; |
8 | }; | 8 | }; |
9 | keys = [{ | 9 | keys."webapps/tools-mantisbt" = { |
10 | dest = "webapps/tools-mantisbt"; | ||
11 | user = apache.user; | 10 | user = apache.user; |
12 | group = apache.group; | 11 | group = apache.group; |
13 | permissions = "0400"; | 12 | permissions = "0400"; |
@@ -45,7 +44,7 @@ rec { | |||
45 | $g_ldap_realname_field = 'cn'; | 44 | $g_ldap_realname_field = 'cn'; |
46 | $g_ldap_organization = '${env.ldap.filter}'; | 45 | $g_ldap_organization = '${env.ldap.filter}'; |
47 | ''; | 46 | ''; |
48 | }]; | 47 | }; |
49 | webRoot = (mantisbt_2.override { mantis_config = config.secrets.fullPaths."webapps/tools-mantisbt"; }).withPlugins (p: [p.slack p.source-integration]); | 48 | webRoot = (mantisbt_2.override { mantis_config = config.secrets.fullPaths."webapps/tools-mantisbt"; }).withPlugins (p: [p.slack p.source-integration]); |
50 | apache = rec { | 49 | apache = rec { |
51 | user = "wwwrun"; | 50 | user = "wwwrun"; |
diff --git a/modules/private/websites/tools/mail/roundcubemail.nix b/modules/private/websites/tools/mail/roundcubemail.nix index 7d8e733..92de28e 100644 --- a/modules/private/websites/tools/mail/roundcubemail.nix +++ b/modules/private/websites/tools/mail/roundcubemail.nix | |||
@@ -9,8 +9,7 @@ rec { | |||
9 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions | 9 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions |
10 | ''; | 10 | ''; |
11 | }; | 11 | }; |
12 | keys = [{ | 12 | keys."webapps/tools-roundcube" = { |
13 | dest = "webapps/tools-roundcube"; | ||
14 | user = apache.user; | 13 | user = apache.user; |
15 | group = apache.group; | 14 | group = apache.group; |
16 | permissions = "0400"; | 15 | permissions = "0400"; |
@@ -74,7 +73,7 @@ rec { | |||
74 | $config['temp_dir'] = '${varDir}/cache'; | 73 | $config['temp_dir'] = '${varDir}/cache'; |
75 | $config['mime_types'] = '${apacheHttpd}/conf/mime.types'; | 74 | $config['mime_types'] = '${apacheHttpd}/conf/mime.types'; |
76 | ''; | 75 | ''; |
77 | }]; | 76 | }; |
78 | webRoot = (roundcubemail.override { roundcube_config = config.secrets.fullPaths."webapps/tools-roundcube"; }).withPlugins (p: [ p.automatic_addressbook p.carddav p.contextmenu p.contextmenu_folder p.html5_notifier p.ident_switch p.message_highlight p.thunderbird_labels ]); | 77 | webRoot = (roundcubemail.override { roundcube_config = config.secrets.fullPaths."webapps/tools-roundcube"; }).withPlugins (p: [ p.automatic_addressbook p.carddav p.contextmenu p.contextmenu_folder p.html5_notifier p.ident_switch p.message_highlight p.thunderbird_labels ]); |
79 | apache = rec { | 78 | apache = rec { |
80 | user = "wwwrun"; | 79 | user = "wwwrun"; |
diff --git a/modules/private/websites/tools/mastodon/default.nix b/modules/private/websites/tools/mastodon/default.nix index cea8710..87e8d72 100644 --- a/modules/private/websites/tools/mastodon/default.nix +++ b/modules/private/websites/tools/mastodon/default.nix | |||
@@ -13,8 +13,7 @@ in { | |||
13 | services.duplyBackup.profiles.mastodon = { | 13 | services.duplyBackup.profiles.mastodon = { |
14 | rootDir = mcfg.dataDir; | 14 | rootDir = mcfg.dataDir; |
15 | }; | 15 | }; |
16 | secrets.keys = [{ | 16 | secrets.keys."webapps/tools-mastodon" = { |
17 | dest = "webapps/tools-mastodon"; | ||
18 | user = "mastodon"; | 17 | user = "mastodon"; |
19 | group = "mastodon"; | 18 | group = "mastodon"; |
20 | permissions = "0400"; | 19 | permissions = "0400"; |
@@ -59,7 +58,7 @@ in { | |||
59 | LDAP_UID="uid" | 58 | LDAP_UID="uid" |
60 | LDAP_SEARCH_FILTER="${env.ldap.filter}" | 59 | LDAP_SEARCH_FILTER="${env.ldap.filter}" |
61 | ''; | 60 | ''; |
62 | }]; | 61 | }; |
63 | services.mastodon = { | 62 | services.mastodon = { |
64 | enable = true; | 63 | enable = true; |
65 | configFile = config.secrets.fullPaths."webapps/tools-mastodon"; | 64 | configFile = config.secrets.fullPaths."webapps/tools-mastodon"; |
diff --git a/modules/private/websites/tools/mgoblin/default.nix b/modules/private/websites/tools/mgoblin/default.nix index 6d6a5a4..f6cba4a 100644 --- a/modules/private/websites/tools/mgoblin/default.nix +++ b/modules/private/websites/tools/mgoblin/default.nix | |||
@@ -12,8 +12,7 @@ in { | |||
12 | services.duplyBackup.profiles.mgoblin = { | 12 | services.duplyBackup.profiles.mgoblin = { |
13 | rootDir = mcfg.dataDir; | 13 | rootDir = mcfg.dataDir; |
14 | }; | 14 | }; |
15 | secrets.keys = [{ | 15 | secrets.keys."webapps/tools-mediagoblin" = { |
16 | dest = "webapps/tools-mediagoblin"; | ||
17 | user = "mediagoblin"; | 16 | user = "mediagoblin"; |
18 | group = "mediagoblin"; | 17 | group = "mediagoblin"; |
19 | permissions = "0400"; | 18 | permissions = "0400"; |
@@ -77,7 +76,7 @@ in { | |||
77 | [[mediagoblin.media_types.image]] | 76 | [[mediagoblin.media_types.image]] |
78 | [[mediagoblin.media_types.video]] | 77 | [[mediagoblin.media_types.video]] |
79 | ''; | 78 | ''; |
80 | }]; | 79 | }; |
81 | 80 | ||
82 | users.users.mediagoblin.extraGroups = [ "keys" ]; | 81 | users.users.mediagoblin.extraGroups = [ "keys" ]; |
83 | 82 | ||
diff --git a/modules/private/websites/tools/peertube/default.nix b/modules/private/websites/tools/peertube/default.nix index 7dcc998..daeeb1f 100644 --- a/modules/private/websites/tools/peertube/default.nix +++ b/modules/private/websites/tools/peertube/default.nix | |||
@@ -18,8 +18,7 @@ in { | |||
18 | }; | 18 | }; |
19 | users.users.peertube.extraGroups = [ "keys" ]; | 19 | users.users.peertube.extraGroups = [ "keys" ]; |
20 | 20 | ||
21 | secrets.keys = [{ | 21 | secrets.keys."webapps/tools-peertube" = { |
22 | dest = "webapps/tools-peertube"; | ||
23 | user = "peertube"; | 22 | user = "peertube"; |
24 | group = "peertube"; | 23 | group = "peertube"; |
25 | permissions = "0640"; | 24 | permissions = "0640"; |
@@ -62,7 +61,7 @@ in { | |||
62 | plugins: '${pcfg.dataDir}/storage/plugins/' | 61 | plugins: '${pcfg.dataDir}/storage/plugins/' |
63 | client_overrides: '${pcfg.dataDir}/storage/client-overrides/' | 62 | client_overrides: '${pcfg.dataDir}/storage/client-overrides/' |
64 | ''; | 63 | ''; |
65 | }]; | 64 | }; |
66 | 65 | ||
67 | services.websites.env.tools.modules = [ | 66 | services.websites.env.tools.modules = [ |
68 | "headers" "proxy" "proxy_http" "proxy_wstunnel" | 67 | "headers" "proxy" "proxy_http" "proxy_wstunnel" |
diff --git a/modules/private/websites/tools/performance/default.nix b/modules/private/websites/tools/performance/default.nix index 5afd639..5715ff0 100644 --- a/modules/private/websites/tools/performance/default.nix +++ b/modules/private/websites/tools/performance/default.nix | |||
@@ -11,9 +11,8 @@ in | |||
11 | }; | 11 | }; |
12 | 12 | ||
13 | config = lib.mkIf cfg.enable { | 13 | config = lib.mkIf cfg.enable { |
14 | secrets.keys = [ | 14 | secrets.keys = { |
15 | { | 15 | status_engine_ui = { |
16 | dest = "status_engine_ui"; | ||
17 | permissions = "0400"; | 16 | permissions = "0400"; |
18 | user = "wwwrun"; | 17 | user = "wwwrun"; |
19 | group = "wwwrun"; | 18 | group = "wwwrun"; |
@@ -44,8 +43,8 @@ in | |||
44 | display_perfdata: 1 | 43 | display_perfdata: 1 |
45 | perfdata_backend: mysql | 44 | perfdata_backend: mysql |
46 | ''; | 45 | ''; |
47 | } | 46 | }; |
48 | ]; | 47 | }; |
49 | 48 | ||
50 | services.websites.env.tools.modules = [ "proxy_fcgi" ]; | 49 | services.websites.env.tools.modules = [ "proxy_fcgi" ]; |
51 | 50 | ||
diff --git a/modules/private/websites/tools/stats/default.nix b/modules/private/websites/tools/stats/default.nix index 5f184bc..71e31a3 100644 --- a/modules/private/websites/tools/stats/default.nix +++ b/modules/private/websites/tools/stats/default.nix | |||
@@ -6,9 +6,8 @@ in | |||
6 | { | 6 | { |
7 | options.myServices.websites.tools.stats.enable = lib.mkEnableOption "Enable stats site"; | 7 | options.myServices.websites.tools.stats.enable = lib.mkEnableOption "Enable stats site"; |
8 | config = lib.mkIf cfg.enable { | 8 | config = lib.mkIf cfg.enable { |
9 | secrets.keys = [ | 9 | secrets.keys = { |
10 | { | 10 | "uami/env" = { |
11 | dest = "umami/env"; | ||
12 | permission = "0400"; | 11 | permission = "0400"; |
13 | text = '' | 12 | text = '' |
14 | PORT=${toString myCfg.listenPort} | 13 | PORT=${toString myCfg.listenPort} |
@@ -16,8 +15,8 @@ in | |||
16 | DATABASE_URL=postgresql://${myCfg.postgresql.user}:${myCfg.postgresql.password}@localhost:${myCfg.postgresql.port}/${myCfg.postgresql.database}?sslmode=disable&host=${myCfg.postgresql.socket} | 15 | DATABASE_URL=postgresql://${myCfg.postgresql.user}:${myCfg.postgresql.password}@localhost:${myCfg.postgresql.port}/${myCfg.postgresql.database}?sslmode=disable&host=${myCfg.postgresql.socket} |
17 | HASH_SALT=${myCfg.hashSalt} | 16 | HASH_SALT=${myCfg.hashSalt} |
18 | ''; | 17 | ''; |
19 | } | 18 | }; |
20 | ]; | 19 | }; |
21 | 20 | ||
22 | services.websites.env.tools.vhostConfs.stats = { | 21 | services.websites.env.tools.vhostConfs.stats = { |
23 | certName = "eldiron"; | 22 | certName = "eldiron"; |
diff --git a/modules/private/websites/tools/tools/csp_reports.nix b/modules/private/websites/tools/tools/csp_reports.nix index 4660251..9b3f0cf 100644 --- a/modules/private/websites/tools/tools/csp_reports.nix +++ b/modules/private/websites/tools/tools/csp_reports.nix | |||
@@ -1,12 +1,11 @@ | |||
1 | { env }: | 1 | { env }: |
2 | rec { | 2 | rec { |
3 | keys = [{ | 3 | keys."webapps/tools-csp-reports.conf" = { |
4 | dest = "webapps/tools-csp-reports.conf"; | ||
5 | user = "wwwrun"; | 4 | user = "wwwrun"; |
6 | group = "wwwrun"; | 5 | group = "wwwrun"; |
7 | permissions = "0400"; | 6 | permissions = "0400"; |
8 | text = with env.postgresql; '' | 7 | text = with env.postgresql; '' |
9 | env[CSP_REPORT_URI] = "host=${socket} dbname=${database} user=${user} password=${password}" | 8 | env[CSP_REPORT_URI] = "host=${socket} dbname=${database} user=${user} password=${password}" |
10 | ''; | 9 | ''; |
11 | }]; | 10 | }; |
12 | } | 11 | } |
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix index ada6253..1f499fb 100644 --- a/modules/private/websites/tools/tools/default.nix +++ b/modules/private/websites/tools/tools/default.nix | |||
@@ -83,14 +83,14 @@ in { | |||
83 | config = lib.mkIf cfg.enable { | 83 | config = lib.mkIf cfg.enable { |
84 | secrets.keys = | 84 | secrets.keys = |
85 | kanboard.keys | 85 | kanboard.keys |
86 | ++ ldap.keys | 86 | // ldap.keys |
87 | ++ shaarli.keys | 87 | // shaarli.keys |
88 | ++ ttrss.keys | 88 | // ttrss.keys |
89 | ++ wallabag.keys | 89 | // wallabag.keys |
90 | ++ yourls.keys | 90 | // yourls.keys |
91 | ++ dmarc-reports.keys | 91 | // dmarc-reports.keys |
92 | ++ csp-reports.keys | 92 | // csp-reports.keys |
93 | ++ webhooks.keys; | 93 | // webhooks.keys; |
94 | 94 | ||
95 | services.duplyBackup.profiles = { | 95 | services.duplyBackup.profiles = { |
96 | dokuwiki = dokuwiki.backups; | 96 | dokuwiki = dokuwiki.backups; |
diff --git a/modules/private/websites/tools/tools/dmarc_reports.nix b/modules/private/websites/tools/tools/dmarc_reports.nix index 5fdf0b6..89da246 100644 --- a/modules/private/websites/tools/tools/dmarc_reports.nix +++ b/modules/private/websites/tools/tools/dmarc_reports.nix | |||
@@ -1,7 +1,6 @@ | |||
1 | { env, config }: | 1 | { env, config }: |
2 | rec { | 2 | rec { |
3 | keys = [{ | 3 | keys."webapps/tools-dmarc-reports.php" = { |
4 | dest = "webapps/tools-dmarc-reports.php"; | ||
5 | user = "wwwrun"; | 4 | user = "wwwrun"; |
6 | group = "wwwrun"; | 5 | group = "wwwrun"; |
7 | permissions = "0400"; | 6 | permissions = "0400"; |
@@ -15,7 +14,7 @@ rec { | |||
15 | $anonymous_key = "${env.anonymous_key}"; | 14 | $anonymous_key = "${env.anonymous_key}"; |
16 | ?> | 15 | ?> |
17 | ''; | 16 | ''; |
18 | }]; | 17 | }; |
19 | webRoot = ./dmarc_reports; | 18 | webRoot = ./dmarc_reports; |
20 | apache = rec { | 19 | apache = rec { |
21 | user = "wwwrun"; | 20 | user = "wwwrun"; |
diff --git a/modules/private/websites/tools/tools/kanboard.nix b/modules/private/websites/tools/tools/kanboard.nix index 1a70499..b2e7b65 100644 --- a/modules/private/websites/tools/tools/kanboard.nix +++ b/modules/private/websites/tools/tools/kanboard.nix | |||
@@ -13,8 +13,7 @@ rec { | |||
13 | install -TDm644 ${webRoot}/dataold/web.config ${varDir}/data/web.config | 13 | install -TDm644 ${webRoot}/dataold/web.config ${varDir}/data/web.config |
14 | ''; | 14 | ''; |
15 | }; | 15 | }; |
16 | keys = [{ | 16 | keys."webapps/tools-kanboard" = { |
17 | dest = "webapps/tools-kanboard"; | ||
18 | user = apache.user; | 17 | user = apache.user; |
19 | group = apache.group; | 18 | group = apache.group; |
20 | permissions = "0400"; | 19 | permissions = "0400"; |
@@ -41,7 +40,7 @@ rec { | |||
41 | define('LDAP_GROUP_ADMIN_DN', '${env.ldap.admin_dn}'); | 40 | define('LDAP_GROUP_ADMIN_DN', '${env.ldap.admin_dn}'); |
42 | ?> | 41 | ?> |
43 | ''; | 42 | ''; |
44 | }]; | 43 | }; |
45 | webRoot = kanboard { kanboard_config = config.secrets.fullPaths."webapps/tools-kanboard"; }; | 44 | webRoot = kanboard { kanboard_config = config.secrets.fullPaths."webapps/tools-kanboard"; }; |
46 | apache = rec { | 45 | apache = rec { |
47 | user = "wwwrun"; | 46 | user = "wwwrun"; |
diff --git a/modules/private/websites/tools/tools/ldap.nix b/modules/private/websites/tools/tools/ldap.nix index cb90edc..14920f4 100644 --- a/modules/private/websites/tools/tools/ldap.nix +++ b/modules/private/websites/tools/tools/ldap.nix | |||
@@ -6,8 +6,7 @@ rec { | |||
6 | install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/phpldapadmin | 6 | install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/phpldapadmin |
7 | ''; | 7 | ''; |
8 | }; | 8 | }; |
9 | keys = [{ | 9 | keys."webapps/tools-ldap" = { |
10 | dest = "webapps/tools-ldap"; | ||
11 | user = apache.user; | 10 | user = apache.user; |
12 | group = apache.group; | 11 | group = apache.group; |
13 | permissions = "0400"; | 12 | permissions = "0400"; |
@@ -31,7 +30,7 @@ rec { | |||
31 | $servers->setValue('login','attr','uid'); | 30 | $servers->setValue('login','attr','uid'); |
32 | $servers->setValue('login','fallback_dn',true); | 31 | $servers->setValue('login','fallback_dn',true); |
33 | ''; | 32 | ''; |
34 | }]; | 33 | }; |
35 | webRoot = phpldapadmin.override { config = config.secrets.fullPaths."webapps/tools-ldap"; }; | 34 | webRoot = phpldapadmin.override { config = config.secrets.fullPaths."webapps/tools-ldap"; }; |
36 | apache = rec { | 35 | apache = rec { |
37 | user = "wwwrun"; | 36 | user = "wwwrun"; |
diff --git a/modules/private/websites/tools/tools/shaarli.nix b/modules/private/websites/tools/tools/shaarli.nix index 80c6a89..b7126cc 100644 --- a/modules/private/websites/tools/tools/shaarli.nix +++ b/modules/private/websites/tools/tools/shaarli.nix | |||
@@ -38,8 +38,7 @@ in rec { | |||
38 | </Directory> | 38 | </Directory> |
39 | ''; | 39 | ''; |
40 | }; | 40 | }; |
41 | keys = [{ | 41 | keys."webapps/tools-shaarli" = { |
42 | dest = "webapps/tools-shaarli"; | ||
43 | user = apache.user; | 42 | user = apache.user; |
44 | group = apache.group; | 43 | group = apache.group; |
45 | permissions = "0400"; | 44 | permissions = "0400"; |
@@ -50,7 +49,7 @@ in rec { | |||
50 | SetEnv SHAARLI_LDAP_BASE "${env.ldap.base}" | 49 | SetEnv SHAARLI_LDAP_BASE "${env.ldap.base}" |
51 | SetEnv SHAARLI_LDAP_FILTER "${env.ldap.filter}" | 50 | SetEnv SHAARLI_LDAP_FILTER "${env.ldap.filter}" |
52 | ''; | 51 | ''; |
53 | }]; | 52 | }; |
54 | phpFpm = rec { | 53 | phpFpm = rec { |
55 | serviceDeps = [ "openldap.service" ]; | 54 | serviceDeps = [ "openldap.service" ]; |
56 | basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; | 55 | basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; |
diff --git a/modules/private/websites/tools/tools/ttrss.nix b/modules/private/websites/tools/tools/ttrss.nix index eb1d415..f6abae9 100644 --- a/modules/private/websites/tools/tools/ttrss.nix +++ b/modules/private/websites/tools/tools/ttrss.nix | |||
@@ -19,8 +19,7 @@ rec { | |||
19 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions | 19 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions |
20 | ''; | 20 | ''; |
21 | }; | 21 | }; |
22 | keys = [{ | 22 | keys."webapps/tools-ttrss" = { |
23 | dest = "webapps/tools-ttrss"; | ||
24 | user = apache.user; | 23 | user = apache.user; |
25 | group = apache.group; | 24 | group = apache.group; |
26 | permissions = "0400"; | 25 | permissions = "0400"; |
@@ -87,7 +86,7 @@ rec { | |||
87 | define('LDAP_AUTH_LOG_ATTEMPTS', FALSE); | 86 | define('LDAP_AUTH_LOG_ATTEMPTS', FALSE); |
88 | define('LDAP_AUTH_DEBUG', FALSE); | 87 | define('LDAP_AUTH_DEBUG', FALSE); |
89 | ''; | 88 | ''; |
90 | }]; | 89 | }; |
91 | webRoot = (ttrss.override { ttrss_config = config.secrets.fullPaths."webapps/tools-ttrss"; }).withPlugins (p: [ | 90 | webRoot = (ttrss.override { ttrss_config = config.secrets.fullPaths."webapps/tools-ttrss"; }).withPlugins (p: [ |
92 | p.auth_ldap p.ff_instagram p.tumblr_gdpr_ua | 91 | p.auth_ldap p.ff_instagram p.tumblr_gdpr_ua |
93 | (p.af_feedmod.override { patched = true; }) | 92 | (p.af_feedmod.override { patched = true; }) |
diff --git a/modules/private/websites/tools/tools/wallabag.nix b/modules/private/websites/tools/tools/wallabag.nix index 1a604c7..b6ad151 100644 --- a/modules/private/websites/tools/tools/wallabag.nix +++ b/modules/private/websites/tools/tools/wallabag.nix | |||
@@ -5,8 +5,7 @@ rec { | |||
5 | remotes = [ "eriomem" "ovh" ]; | 5 | remotes = [ "eriomem" "ovh" ]; |
6 | }; | 6 | }; |
7 | varDir = "/var/lib/wallabag"; | 7 | varDir = "/var/lib/wallabag"; |
8 | keys = [{ | 8 | keys."webapps/tools-wallabag" = { |
9 | dest = "webapps/tools-wallabag"; | ||
10 | user = apache.user; | 9 | user = apache.user; |
11 | group = apache.group; | 10 | group = apache.group; |
12 | permissions = "0400"; | 11 | permissions = "0400"; |
@@ -68,7 +67,7 @@ rec { | |||
68 | class: Swift_SendmailTransport | 67 | class: Swift_SendmailTransport |
69 | arguments: ['/run/wrappers/bin/sendmail -bs'] | 68 | arguments: ['/run/wrappers/bin/sendmail -bs'] |
70 | ''; | 69 | ''; |
71 | }]; | 70 | }; |
72 | webappDir = wallabag.override { ldap = true; wallabag_config = config.secrets.fullPaths."webapps/tools-wallabag"; }; | 71 | webappDir = wallabag.override { ldap = true; wallabag_config = config.secrets.fullPaths."webapps/tools-wallabag"; }; |
73 | activationScript = '' | 72 | activationScript = '' |
74 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ | 73 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ |
diff --git a/modules/private/websites/tools/tools/webhooks.nix b/modules/private/websites/tools/tools/webhooks.nix index 8ffb81b..785e22b 100644 --- a/modules/private/websites/tools/tools/webhooks.nix +++ b/modules/private/websites/tools/tools/webhooks.nix | |||
@@ -1,16 +1,17 @@ | |||
1 | { lib, env }: | 1 | { lib, env }: |
2 | { | 2 | { |
3 | keys = lib.attrsets.mapAttrsToList (k: v: { | 3 | keys = lib.attrsets.mapAttrs' (k: v: |
4 | dest = "webapps/webhooks/${k}.php"; | 4 | lib.nameValuePair "webapps/webhooks/${k}.php" { |
5 | user = "wwwrun"; | 5 | user = "wwwrun"; |
6 | group = "wwwrun"; | 6 | group = "wwwrun"; |
7 | permissions = "0400"; | 7 | permissions = "0400"; |
8 | text = v; | 8 | text = v; |
9 | }) env ++ [{ | 9 | }) env // { |
10 | dest = "webapps/webhooks"; | 10 | "webapps/webhooks" = { |
11 | isDir = true; | 11 | isDir = true; |
12 | user = "wwwrun"; | 12 | user = "wwwrun"; |
13 | group = "wwwrun"; | 13 | group = "wwwrun"; |
14 | permissions = "0500"; | 14 | permissions = "0500"; |
15 | }]; | 15 | }; |
16 | }; | ||
16 | } | 17 | } |
diff --git a/modules/private/websites/tools/tools/yourls.nix b/modules/private/websites/tools/tools/yourls.nix index 0f977f2..01ef548 100644 --- a/modules/private/websites/tools/tools/yourls.nix +++ b/modules/private/websites/tools/tools/yourls.nix | |||
@@ -6,8 +6,7 @@ rec { | |||
6 | install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/yourls | 6 | install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/yourls |
7 | ''; | 7 | ''; |
8 | }; | 8 | }; |
9 | keys = [{ | 9 | keys."webapps/tools-yourls" = { |
10 | dest = "webapps/tools-yourls"; | ||
11 | user = apache.user; | 10 | user = apache.user; |
12 | group = apache.group; | 11 | group = apache.group; |
13 | permissions = "0400"; | 12 | permissions = "0400"; |
@@ -39,7 +38,7 @@ rec { | |||
39 | 38 | ||
40 | define( 'LDAPAUTH_USERCACHE_TYPE', 0); | 39 | define( 'LDAPAUTH_USERCACHE_TYPE', 0); |
41 | ''; | 40 | ''; |
42 | }]; | 41 | }; |
43 | webRoot = (yourls.override { yourls_config = config.secrets.fullPaths."webapps/tools-yourls"; }).withPlugins (p: [p.ldap]); | 42 | webRoot = (yourls.override { yourls_config = config.secrets.fullPaths."webapps/tools-yourls"; }).withPlugins (p: [p.ldap]); |
44 | apache = rec { | 43 | apache = rec { |
45 | user = "wwwrun"; | 44 | user = "wwwrun"; |