diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2021-10-13 02:26:54 +0200 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2021-10-16 01:39:24 +0200 |
| commit | da30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2 (patch) | |
| tree | bd45012713b065829c1991e55d52081a8baef58a /modules/private/websites | |
| parent | bd5c5d4e23ebd3863a960976767ed4a83dfd07fe (diff) | |
| download | Nix-da30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2.tar.gz Nix-da30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2.tar.zst Nix-da30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2.zip | |
Move secrets to flakes
Diffstat (limited to 'modules/private/websites')
28 files changed, 80 insertions, 65 deletions
diff --git a/modules/private/websites/connexionswing/app/default.nix b/modules/private/websites/connexionswing/app/default.nix index 31e88db..b14b03b 100644 --- a/modules/private/websites/connexionswing/app/default.nix +++ b/modules/private/websites/connexionswing/app/default.nix | |||
| @@ -1,6 +1,4 @@ | |||
| 1 | { environment ? "prod" | 1 | { environment, varDir, secretsPath |
| 2 | , varDir ? "/var/lib/connexionswing_${environment}" | ||
| 3 | , secretsPath ? "/var/secrets/webapps/${environment}-connexionswing" | ||
| 4 | , composerEnv, fetchurl, fetchgit, sources }: | 2 | , composerEnv, fetchurl, fetchgit, sources }: |
| 5 | let | 3 | let |
| 6 | app = composerEnv.buildPackage ( | 4 | app = composerEnv.buildPackage ( |
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix index 809f615..8fb6a4d 100644 --- a/modules/private/websites/default.nix +++ b/modules/private/websites/default.nix | |||
| @@ -52,7 +52,7 @@ let | |||
| 52 | LDAPOpCacheTTL 600 | 52 | LDAPOpCacheTTL 600 |
| 53 | </IfModule> | 53 | </IfModule> |
| 54 | 54 | ||
| 55 | Include /var/secrets/apache-ldap | 55 | Include ${config.secrets.fullPaths."apache-ldap"} |
| 56 | ''; | 56 | ''; |
| 57 | }; | 57 | }; |
| 58 | global = { | 58 | global = { |
| @@ -149,9 +149,9 @@ in | |||
| 149 | }; | 149 | }; |
| 150 | }; | 150 | }; |
| 151 | 151 | ||
| 152 | services.filesWatcher.httpdProd.paths = [ "/var/secrets/apache-ldap" ]; | 152 | services.filesWatcher.httpdProd.paths = [ config.secrets.fullPaths."apache-ldap" ]; |
| 153 | services.filesWatcher.httpdInte.paths = [ "/var/secrets/apache-ldap" ]; | 153 | services.filesWatcher.httpdInte.paths = [ config.secrets.fullPaths."apache-ldap" ]; |
| 154 | services.filesWatcher.httpdTools.paths = [ "/var/secrets/apache-ldap" ]; | 154 | services.filesWatcher.httpdTools.paths = [ config.secrets.fullPaths."apache-ldap" ]; |
| 155 | 155 | ||
| 156 | services.websites.env.production = { | 156 | services.websites.env.production = { |
| 157 | enable = true; | 157 | enable = true; |
diff --git a/modules/private/websites/florian/app/default.nix b/modules/private/websites/florian/app/default.nix index 2ef0e86..28a7ec1 100644 --- a/modules/private/websites/florian/app/default.nix +++ b/modules/private/websites/florian/app/default.nix | |||
| @@ -1,6 +1,4 @@ | |||
| 1 | { environment ? "prod" | 1 | { environment, varDir, secretsPath |
| 2 | , varDir ? "/var/lib/tellesflorian_${environment}" | ||
| 3 | , secretsPath ? "/var/secrets/webapps/${environment}-tellesflorian" | ||
| 4 | , composerEnv, fetchurl, sources }: | 2 | , composerEnv, fetchurl, sources }: |
| 5 | let | 3 | let |
| 6 | app = composerEnv.buildPackage ( | 4 | app = composerEnv.buildPackage ( |
diff --git a/modules/private/websites/immae/temp.nix b/modules/private/websites/immae/temp.nix index fd54f5e..8518283 100644 --- a/modules/private/websites/immae/temp.nix +++ b/modules/private/websites/immae/temp.nix | |||
| @@ -56,7 +56,7 @@ in { | |||
| 56 | exec ${pkgs.webapps.surfer}/bin/surfer-server ${varDir} | 56 | exec ${pkgs.webapps.surfer}/bin/surfer-server ${varDir} |
| 57 | ''; | 57 | ''; |
| 58 | serviceConfig = { | 58 | serviceConfig = { |
| 59 | EnvironmentFile = "/var/secrets/webapps/surfer"; | 59 | EnvironmentFile = config.secrets.fullPaths."webapps/surfer"; |
| 60 | User = "wwwrun"; | 60 | User = "wwwrun"; |
| 61 | Group = "wwwrun"; | 61 | Group = "wwwrun"; |
| 62 | StateDirectory = "surfer"; | 62 | StateDirectory = "surfer"; |
diff --git a/modules/private/websites/ludivine/app/default.nix b/modules/private/websites/ludivine/app/default.nix index 6e751b0..323b6e0 100644 --- a/modules/private/websites/ludivine/app/default.nix +++ b/modules/private/websites/ludivine/app/default.nix | |||
| @@ -1,6 +1,4 @@ | |||
| 1 | { environment ? "prod" | 1 | { environment, varDir, secretsPath |
| 2 | , varDir ? "/var/lib/ludivinecassal_${environment}" | ||
| 3 | , secretsPath ? "/var/secrets/webapps/${environment}-ludivinecassal" | ||
| 4 | , composerEnv, fetchurl, fetchgit, imagemagick, sass, ruby, sources }: | 2 | , composerEnv, fetchurl, fetchgit, imagemagick, sass, ruby, sources }: |
| 5 | let | 3 | let |
| 6 | app = composerEnv.buildPackage ( | 4 | app = composerEnv.buildPackage ( |
diff --git a/modules/private/websites/piedsjaloux/app/default.nix b/modules/private/websites/piedsjaloux/app/default.nix index a3d48bd..4525a18 100644 --- a/modules/private/websites/piedsjaloux/app/default.nix +++ b/modules/private/websites/piedsjaloux/app/default.nix | |||
| @@ -1,6 +1,4 @@ | |||
| 1 | { environment ? "prod" | 1 | { environment, varDir, secretsPath |
| 2 | , varDir ? "/var/lib/piedsjaloux_${environment}" | ||
| 3 | , secretsPath ? "/var/secrets/webapps/${environment}-piedsjaloux" | ||
| 4 | , composerEnv, fetchurl, fetchgit, sources }: | 2 | , composerEnv, fetchurl, fetchgit, sources }: |
| 5 | let | 3 | let |
| 6 | app = composerEnv.buildPackage ( | 4 | app = composerEnv.buildPackage ( |
diff --git a/modules/private/websites/tools/cloud/default.nix b/modules/private/websites/tools/cloud/default.nix index c374940..471858a 100644 --- a/modules/private/websites/tools/cloud/default.nix +++ b/modules/private/websites/tools/cloud/default.nix | |||
| @@ -157,7 +157,7 @@ in { | |||
| 157 | ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: | 157 | ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: |
| 158 | "install -D -m 0644 -o wwwrun -g wwwrun -T ${v} ${varDir}/config/${n}.json" | 158 | "install -D -m 0644 -o wwwrun -g wwwrun -T ${v} ${varDir}/config/${n}.json" |
| 159 | ) confs)} | 159 | ) confs)} |
| 160 | #install -D -m 0600 -o wwwrun -g wwwrun -T /var/secrets/webapps/tools-nextcloud ${varDir}/config/config.php | 160 | #install -D -m 0600 -o wwwrun -g wwwrun -T ${config.secrets.fullPaths."webapps/tools-nextcloud"} ${varDir}/config/config.php |
| 161 | ''; | 161 | ''; |
| 162 | }; | 162 | }; |
| 163 | # FIXME: add a warning when config.php changes | 163 | # FIXME: add a warning when config.php changes |
diff --git a/modules/private/websites/tools/dav/davical.nix b/modules/private/websites/tools/dav/davical.nix index 9d6cd21..eeac1b5 100644 --- a/modules/private/websites/tools/dav/davical.nix +++ b/modules/private/websites/tools/dav/davical.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { stdenv, fetchurl, gettext, writeText, env, awl, davical }: | 1 | { stdenv, fetchurl, gettext, writeText, env, awl, davical, config }: |
| 2 | rec { | 2 | rec { |
| 3 | activationScript = { | 3 | activationScript = { |
| 4 | deps = [ "httpd" ]; | 4 | deps = [ "httpd" ]; |
| @@ -65,7 +65,7 @@ rec { | |||
| 65 | include('drivers_ldap.php'); | 65 | include('drivers_ldap.php'); |
| 66 | ''; | 66 | ''; |
| 67 | }]; | 67 | }]; |
| 68 | webapp = davical.override { davical_config = "/var/secrets/webapps/dav-davical"; }; | 68 | webapp = davical.override { davical_config = config.secrets.fullPaths."webapps/dav-davical"; }; |
| 69 | webRoot = "${webapp}/htdocs"; | 69 | webRoot = "${webapp}/htdocs"; |
| 70 | apache = rec { | 70 | apache = rec { |
| 71 | user = "wwwrun"; | 71 | user = "wwwrun"; |
| @@ -110,7 +110,7 @@ rec { | |||
| 110 | }; | 110 | }; |
| 111 | phpFpm = rec { | 111 | phpFpm = rec { |
| 112 | serviceDeps = [ "postgresql.service" "openldap.service" ]; | 112 | serviceDeps = [ "postgresql.service" "openldap.service" ]; |
| 113 | basedir = builtins.concatStringsSep ":" [ webapp "/var/secrets/webapps/dav-davical" awl ]; | 113 | basedir = builtins.concatStringsSep ":" [ webapp config.secrets.fullPaths."webapps/dav-davical" awl ]; |
| 114 | pool = { | 114 | pool = { |
| 115 | "listen.owner" = apache.user; | 115 | "listen.owner" = apache.user; |
| 116 | "listen.group" = apache.group; | 116 | "listen.group" = apache.group; |
diff --git a/modules/private/websites/tools/dav/default.nix b/modules/private/websites/tools/dav/default.nix index f53cf58..c54e152 100644 --- a/modules/private/websites/tools/dav/default.nix +++ b/modules/private/websites/tools/dav/default.nix | |||
| @@ -18,6 +18,7 @@ let | |||
| 18 | davical = pkgs.callPackage ./davical.nix { | 18 | davical = pkgs.callPackage ./davical.nix { |
| 19 | env = config.myEnv.tools.davical; | 19 | env = config.myEnv.tools.davical; |
| 20 | inherit (pkgs.webapps) davical awl; | 20 | inherit (pkgs.webapps) davical awl; |
| 21 | inherit config; | ||
| 21 | }; | 22 | }; |
| 22 | 23 | ||
| 23 | cfg = config.myServices.websites.tools.dav; | 24 | cfg = config.myServices.websites.tools.dav; |
diff --git a/modules/private/websites/tools/diaspora/default.nix b/modules/private/websites/tools/diaspora/default.nix index 5d2b19f..663fe88 100644 --- a/modules/private/websites/tools/diaspora/default.nix +++ b/modules/private/websites/tools/diaspora/default.nix | |||
| @@ -18,6 +18,13 @@ in { | |||
| 18 | 18 | ||
| 19 | secrets.keys = [ | 19 | secrets.keys = [ |
| 20 | { | 20 | { |
| 21 | dest = "webapps/diaspora"; | ||
| 22 | isDir = true; | ||
| 23 | user = "diaspora"; | ||
| 24 | group = "diaspora"; | ||
| 25 | permissions = "0500"; | ||
| 26 | } | ||
| 27 | { | ||
| 21 | dest = "webapps/diaspora/diaspora.yml"; | 28 | dest = "webapps/diaspora/diaspora.yml"; |
| 22 | user = "diaspora"; | 29 | user = "diaspora"; |
| 23 | group = "diaspora"; | 30 | group = "diaspora"; |
| @@ -146,7 +153,7 @@ in { | |||
| 146 | package = pkgs.webapps.diaspora.override { ldap = true; }; | 153 | package = pkgs.webapps.diaspora.override { ldap = true; }; |
| 147 | dataDir = "/var/lib/diaspora_immae"; | 154 | dataDir = "/var/lib/diaspora_immae"; |
| 148 | adminEmail = "diaspora@tools.immae.eu"; | 155 | adminEmail = "diaspora@tools.immae.eu"; |
| 149 | configDir = "/var/secrets/webapps/diaspora"; | 156 | configDir = config.secrets.fullPaths."webapps/diaspora"; |
| 150 | }; | 157 | }; |
| 151 | 158 | ||
| 152 | services.filesWatcher.diaspora = { | 159 | services.filesWatcher.diaspora = { |
diff --git a/modules/private/websites/tools/ether/default.nix b/modules/private/websites/tools/ether/default.nix index 3350a4a..64e411d 100644 --- a/modules/private/websites/tools/ether/default.nix +++ b/modules/private/websites/tools/ether/default.nix | |||
| @@ -166,9 +166,9 @@ in { | |||
| 166 | p.ep_timesliderdiff | 166 | p.ep_timesliderdiff |
| 167 | ]); | 167 | ]); |
| 168 | modules = []; | 168 | modules = []; |
| 169 | sessionKeyFile = "/var/secrets/webapps/tools-etherpad-sessionkey"; | 169 | sessionKeyFile = config.secrets.fullPaths."webapps/tools-etherpad-sessionkey"; |
| 170 | apiKeyFile = "/var/secrets/webapps/tools-etherpad-apikey"; | 170 | apiKeyFile = config.secrets.fullPaths."webapps/tools-etherpad-apikey"; |
| 171 | configFile = "/var/secrets/webapps/tools-etherpad"; | 171 | configFile = config.secrets.fullPaths."webapps/tools-etherpad"; |
| 172 | }; | 172 | }; |
| 173 | 173 | ||
| 174 | systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys"; | 174 | systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys"; |
diff --git a/modules/private/websites/tools/git/default.nix b/modules/private/websites/tools/git/default.nix index 8b1afa8..755bab0 100644 --- a/modules/private/websites/tools/git/default.nix +++ b/modules/private/websites/tools/git/default.nix | |||
| @@ -3,6 +3,7 @@ let | |||
| 3 | mantisbt = pkgs.callPackage ./mantisbt.nix { | 3 | mantisbt = pkgs.callPackage ./mantisbt.nix { |
| 4 | inherit (pkgs.webapps) mantisbt_2 mantisbt_2-plugins; | 4 | inherit (pkgs.webapps) mantisbt_2 mantisbt_2-plugins; |
| 5 | env = config.myEnv.tools.mantisbt; | 5 | env = config.myEnv.tools.mantisbt; |
| 6 | inherit config; | ||
| 6 | }; | 7 | }; |
| 7 | gitweb = pkgs.callPackage ./gitweb.nix { | 8 | gitweb = pkgs.callPackage ./gitweb.nix { |
| 8 | gitoliteDir = config.myServices.gitolite.gitoliteDir; | 9 | gitoliteDir = config.myServices.gitolite.gitoliteDir; |
diff --git a/modules/private/websites/tools/git/mantisbt.nix b/modules/private/websites/tools/git/mantisbt.nix index 9996d23..e6a8da7 100644 --- a/modules/private/websites/tools/git/mantisbt.nix +++ b/modules/private/websites/tools/git/mantisbt.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { env, mantisbt_2, mantisbt_2-plugins }: | 1 | { env, mantisbt_2, mantisbt_2-plugins, config }: |
| 2 | rec { | 2 | rec { |
| 3 | activationScript = { | 3 | activationScript = { |
| 4 | deps = [ "httpd" ]; | 4 | deps = [ "httpd" ]; |
| @@ -46,7 +46,7 @@ rec { | |||
| 46 | $g_ldap_organization = '${env.ldap.filter}'; | 46 | $g_ldap_organization = '${env.ldap.filter}'; |
| 47 | ''; | 47 | ''; |
| 48 | }]; | 48 | }]; |
| 49 | webRoot = (mantisbt_2.override { mantis_config = "/var/secrets/webapps/tools-mantisbt"; }).withPlugins (p: [p.slack p.source-integration]); | 49 | webRoot = (mantisbt_2.override { mantis_config = config.secrets.fullPaths."webapps/tools-mantisbt"; }).withPlugins (p: [p.slack p.source-integration]); |
| 50 | apache = rec { | 50 | apache = rec { |
| 51 | user = "wwwrun"; | 51 | user = "wwwrun"; |
| 52 | group = "wwwrun"; | 52 | group = "wwwrun"; |
| @@ -75,7 +75,7 @@ rec { | |||
| 75 | phpFpm = rec { | 75 | phpFpm = rec { |
| 76 | serviceDeps = [ "postgresql.service" "openldap.service" ]; | 76 | serviceDeps = [ "postgresql.service" "openldap.service" ]; |
| 77 | basedir = builtins.concatStringsSep ":" ( | 77 | basedir = builtins.concatStringsSep ":" ( |
| 78 | [ webRoot "/var/secrets/webapps/tools-mantisbt" ] | 78 | [ webRoot config.secrets.fullPaths."webapps/tools-mantisbt" ] |
| 79 | ++ webRoot.plugins); | 79 | ++ webRoot.plugins); |
| 80 | pool = { | 80 | pool = { |
| 81 | "listen.owner" = apache.user; | 81 | "listen.owner" = apache.user; |
diff --git a/modules/private/websites/tools/mail/default.nix b/modules/private/websites/tools/mail/default.nix index 4636a6c..033a587 100644 --- a/modules/private/websites/tools/mail/default.nix +++ b/modules/private/websites/tools/mail/default.nix | |||
| @@ -3,6 +3,7 @@ let | |||
| 3 | roundcubemail = pkgs.callPackage ./roundcubemail.nix { | 3 | roundcubemail = pkgs.callPackage ./roundcubemail.nix { |
| 4 | inherit (pkgs.webapps) roundcubemail; | 4 | inherit (pkgs.webapps) roundcubemail; |
| 5 | env = config.myEnv.tools.roundcubemail; | 5 | env = config.myEnv.tools.roundcubemail; |
| 6 | inherit config; | ||
| 6 | }; | 7 | }; |
| 7 | rainloop = pkgs.callPackage ./rainloop.nix { | 8 | rainloop = pkgs.callPackage ./rainloop.nix { |
| 8 | rainloop = pkgs.rainloop-community; | 9 | rainloop = pkgs.rainloop-community; |
diff --git a/modules/private/websites/tools/mail/roundcubemail.nix b/modules/private/websites/tools/mail/roundcubemail.nix index bb7dee9..7d8e733 100644 --- a/modules/private/websites/tools/mail/roundcubemail.nix +++ b/modules/private/websites/tools/mail/roundcubemail.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { env, roundcubemail, apacheHttpd }: | 1 | { env, roundcubemail, apacheHttpd, config }: |
| 2 | rec { | 2 | rec { |
| 3 | varDir = "/var/lib/roundcubemail"; | 3 | varDir = "/var/lib/roundcubemail"; |
| 4 | activationScript = { | 4 | activationScript = { |
| @@ -75,7 +75,7 @@ rec { | |||
| 75 | $config['mime_types'] = '${apacheHttpd}/conf/mime.types'; | 75 | $config['mime_types'] = '${apacheHttpd}/conf/mime.types'; |
| 76 | ''; | 76 | ''; |
| 77 | }]; | 77 | }]; |
| 78 | webRoot = (roundcubemail.override { roundcube_config = "/var/secrets/webapps/tools-roundcube"; }).withPlugins (p: [ p.automatic_addressbook p.carddav p.contextmenu p.contextmenu_folder p.html5_notifier p.ident_switch p.message_highlight p.thunderbird_labels ]); | 78 | webRoot = (roundcubemail.override { roundcube_config = config.secrets.fullPaths."webapps/tools-roundcube"; }).withPlugins (p: [ p.automatic_addressbook p.carddav p.contextmenu p.contextmenu_folder p.html5_notifier p.ident_switch p.message_highlight p.thunderbird_labels ]); |
| 79 | apache = rec { | 79 | apache = rec { |
| 80 | user = "wwwrun"; | 80 | user = "wwwrun"; |
| 81 | group = "wwwrun"; | 81 | group = "wwwrun"; |
| @@ -99,7 +99,7 @@ rec { | |||
| 99 | phpFpm = rec { | 99 | phpFpm = rec { |
| 100 | serviceDeps = [ "postgresql.service" ]; | 100 | serviceDeps = [ "postgresql.service" ]; |
| 101 | basedir = builtins.concatStringsSep ":" ( | 101 | basedir = builtins.concatStringsSep ":" ( |
| 102 | [ webRoot "/var/secrets/webapps/tools-roundcube" varDir ] | 102 | [ webRoot config.secrets.fullPaths."webapps/tools-roundcube" varDir ] |
| 103 | ++ webRoot.plugins | 103 | ++ webRoot.plugins |
| 104 | ++ webRoot.skins); | 104 | ++ webRoot.skins); |
| 105 | pool = { | 105 | pool = { |
diff --git a/modules/private/websites/tools/mastodon/default.nix b/modules/private/websites/tools/mastodon/default.nix index 80d7431..cea8710 100644 --- a/modules/private/websites/tools/mastodon/default.nix +++ b/modules/private/websites/tools/mastodon/default.nix | |||
| @@ -62,7 +62,7 @@ in { | |||
| 62 | }]; | 62 | }]; |
| 63 | services.mastodon = { | 63 | services.mastodon = { |
| 64 | enable = true; | 64 | enable = true; |
| 65 | configFile = "/var/secrets/webapps/tools-mastodon"; | 65 | configFile = config.secrets.fullPaths."webapps/tools-mastodon"; |
| 66 | socketsPrefix = "live_immae"; | 66 | socketsPrefix = "live_immae"; |
| 67 | dataDir = "/var/lib/mastodon_immae"; | 67 | dataDir = "/var/lib/mastodon_immae"; |
| 68 | }; | 68 | }; |
diff --git a/modules/private/websites/tools/mgoblin/default.nix b/modules/private/websites/tools/mgoblin/default.nix index 719d3d3..6d6a5a4 100644 --- a/modules/private/websites/tools/mgoblin/default.nix +++ b/modules/private/websites/tools/mgoblin/default.nix | |||
| @@ -84,7 +84,7 @@ in { | |||
| 84 | services.mediagoblin = { | 84 | services.mediagoblin = { |
| 85 | enable = true; | 85 | enable = true; |
| 86 | package = pkgs.webapps.mediagoblin.withPlugins (p: [p.basicsearch]); | 86 | package = pkgs.webapps.mediagoblin.withPlugins (p: [p.basicsearch]); |
| 87 | configFile = "/var/secrets/webapps/tools-mediagoblin"; | 87 | configFile = config.secrets.fullPaths."webapps/tools-mediagoblin"; |
| 88 | }; | 88 | }; |
| 89 | services.filesWatcher.mediagoblin-web = { | 89 | services.filesWatcher.mediagoblin-web = { |
| 90 | restart = true; | 90 | restart = true; |
diff --git a/modules/private/websites/tools/peertube/default.nix b/modules/private/websites/tools/peertube/default.nix index d2cbe40..7dcc998 100644 --- a/modules/private/websites/tools/peertube/default.nix +++ b/modules/private/websites/tools/peertube/default.nix | |||
| @@ -14,7 +14,7 @@ in { | |||
| 14 | }; | 14 | }; |
| 15 | services.peertube = { | 15 | services.peertube = { |
| 16 | enable = true; | 16 | enable = true; |
| 17 | configFile = "/var/secrets/webapps/tools-peertube"; | 17 | configFile = config.secrets.fullPaths."webapps/tools-peertube"; |
| 18 | }; | 18 | }; |
| 19 | users.users.peertube.extraGroups = [ "keys" ]; | 19 | users.users.peertube.extraGroups = [ "keys" ]; |
| 20 | 20 | ||
diff --git a/modules/private/websites/tools/performance/default.nix b/modules/private/websites/tools/performance/default.nix index df2b58d..5afd639 100644 --- a/modules/private/websites/tools/performance/default.nix +++ b/modules/private/websites/tools/performance/default.nix | |||
| @@ -80,7 +80,7 @@ in | |||
| 80 | "pm.min_spare_servers" = "1"; | 80 | "pm.min_spare_servers" = "1"; |
| 81 | "pm.max_spare_servers" = "10"; | 81 | "pm.max_spare_servers" = "10"; |
| 82 | 82 | ||
| 83 | "php_admin_value[open_basedir]" = "${package}:/tmp:/var/secrets/status_engine_ui"; | 83 | "php_admin_value[open_basedir]" = "${package}:/tmp:${config.secrets.fullPaths."status_engine_ui"}"; |
| 84 | }; | 84 | }; |
| 85 | phpPackage = pkgs.php74; | 85 | phpPackage = pkgs.php74; |
| 86 | }; | 86 | }; |
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix index ac92ef4..ada6253 100644 --- a/modules/private/websites/tools/tools/default.nix +++ b/modules/private/websites/tools/tools/default.nix | |||
| @@ -12,8 +12,10 @@ let | |||
| 12 | inherit (pkgs.webapps) ttrss ttrss-plugins; | 12 | inherit (pkgs.webapps) ttrss ttrss-plugins; |
| 13 | env = config.myEnv.tools.ttrss; | 13 | env = config.myEnv.tools.ttrss; |
| 14 | php = pkgs.php72; | 14 | php = pkgs.php72; |
| 15 | inherit config; | ||
| 15 | }; | 16 | }; |
| 16 | kanboard = pkgs.callPackage ./kanboard.nix { | 17 | kanboard = pkgs.callPackage ./kanboard.nix { |
| 18 | inherit config; | ||
| 17 | env = config.myEnv.tools.kanboard; | 19 | env = config.myEnv.tools.kanboard; |
| 18 | }; | 20 | }; |
| 19 | wallabag = pkgs.callPackage ./wallabag.nix { | 21 | wallabag = pkgs.callPackage ./wallabag.nix { |
| @@ -23,10 +25,12 @@ let | |||
| 23 | }; | 25 | }; |
| 24 | }; | 26 | }; |
| 25 | env = config.myEnv.tools.wallabag; | 27 | env = config.myEnv.tools.wallabag; |
| 28 | inherit config; | ||
| 26 | }; | 29 | }; |
| 27 | yourls = pkgs.callPackage ./yourls.nix { | 30 | yourls = pkgs.callPackage ./yourls.nix { |
| 28 | inherit (pkgs.webapps) yourls yourls-plugins; | 31 | inherit (pkgs.webapps) yourls yourls-plugins; |
| 29 | env = config.myEnv.tools.yourls; | 32 | env = config.myEnv.tools.yourls; |
| 33 | inherit config; | ||
| 30 | }; | 34 | }; |
| 31 | rompr = pkgs.callPackage ./rompr.nix { | 35 | rompr = pkgs.callPackage ./rompr.nix { |
| 32 | inherit (pkgs.webapps) rompr; | 36 | inherit (pkgs.webapps) rompr; |
| @@ -34,6 +38,7 @@ let | |||
| 34 | }; | 38 | }; |
| 35 | shaarli = pkgs.callPackage ./shaarli.nix { | 39 | shaarli = pkgs.callPackage ./shaarli.nix { |
| 36 | env = config.myEnv.tools.shaarli; | 40 | env = config.myEnv.tools.shaarli; |
| 41 | inherit config; | ||
| 37 | }; | 42 | }; |
| 38 | dokuwiki = pkgs.callPackage ./dokuwiki.nix { | 43 | dokuwiki = pkgs.callPackage ./dokuwiki.nix { |
| 39 | inherit (pkgs.webapps) dokuwiki dokuwiki-plugins; | 44 | inherit (pkgs.webapps) dokuwiki dokuwiki-plugins; |
| @@ -41,6 +46,7 @@ let | |||
| 41 | ldap = pkgs.callPackage ./ldap.nix { | 46 | ldap = pkgs.callPackage ./ldap.nix { |
| 42 | inherit (pkgs.webapps) phpldapadmin; | 47 | inherit (pkgs.webapps) phpldapadmin; |
| 43 | env = config.myEnv.tools.phpldapadmin; | 48 | env = config.myEnv.tools.phpldapadmin; |
| 49 | inherit config; | ||
| 44 | }; | 50 | }; |
| 45 | grocy = pkgs.callPackage ./grocy.nix { | 51 | grocy = pkgs.callPackage ./grocy.nix { |
| 46 | grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; }; | 52 | grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; }; |
| @@ -56,6 +62,7 @@ let | |||
| 56 | }; | 62 | }; |
| 57 | dmarc-reports = pkgs.callPackage ./dmarc_reports.nix { | 63 | dmarc-reports = pkgs.callPackage ./dmarc_reports.nix { |
| 58 | env = config.myEnv.tools.dmarc_reports; | 64 | env = config.myEnv.tools.dmarc_reports; |
| 65 | inherit config; | ||
| 59 | }; | 66 | }; |
| 60 | csp-reports = pkgs.callPackage ./csp_reports.nix { | 67 | csp-reports = pkgs.callPackage ./csp_reports.nix { |
| 61 | env = config.myEnv.tools.csp_reports; | 68 | env = config.myEnv.tools.csp_reports; |
| @@ -188,8 +195,8 @@ in { | |||
| 188 | Require all granted | 195 | Require all granted |
| 189 | </Directory> | 196 | </Directory> |
| 190 | 197 | ||
| 191 | Alias /webhooks ${config.secrets.location}/webapps/webhooks | 198 | Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"} |
| 192 | <Directory "${config.secrets.location}/webapps/webhooks"> | 199 | <Directory "${config.secrets.fullPaths."webapps/webhooks"}"> |
| 193 | Options -Indexes | 200 | Options -Indexes |
| 194 | Require all granted | 201 | Require all granted |
| 195 | AllowOverride None | 202 | AllowOverride None |
| @@ -271,7 +278,7 @@ in { | |||
| 271 | description = "Standalone MPD Web GUI written in C"; | 278 | description = "Standalone MPD Web GUI written in C"; |
| 272 | wantedBy = [ "multi-user.target" ]; | 279 | wantedBy = [ "multi-user.target" ]; |
| 273 | script = '' | 280 | script = '' |
| 274 | export MPD_PASSWORD=$(cat /var/secrets/mpd) | 281 | export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"}) |
| 275 | ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody | 282 | ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody |
| 276 | ''; | 283 | ''; |
| 277 | }; | 284 | }; |
| @@ -293,7 +300,7 @@ in { | |||
| 293 | 300 | ||
| 294 | services.filesWatcher.ympd = { | 301 | services.filesWatcher.ympd = { |
| 295 | restart = true; | 302 | restart = true; |
| 296 | paths = [ "/var/secrets/mpd" ]; | 303 | paths = [ config.secrets.fullPaths."mpd" ]; |
| 297 | }; | 304 | }; |
| 298 | 305 | ||
| 299 | services.phpfpm.pools = { | 306 | services.phpfpm.pools = { |
| @@ -313,9 +320,9 @@ in { | |||
| 313 | "php_value[session.name]" = "ToolsPHPSESSID"; | 320 | "php_value[session.name]" = "ToolsPHPSESSID"; |
| 314 | "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [ | 321 | "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [ |
| 315 | "/run/wrappers/bin/sendmail" landing "/tmp" | 322 | "/run/wrappers/bin/sendmail" landing "/tmp" |
| 316 | "${config.secrets.location}/webapps/webhooks" | 323 | config.secrets.fullPaths."webapps/webhooks" |
| 317 | ]; | 324 | ]; |
| 318 | "include" = "${config.secrets.location}/webapps/tools-csp-reports.conf"; | 325 | "include" = config.secrets.fullPaths."webapps/tools-csp-reports.conf"; |
| 319 | }; | 326 | }; |
| 320 | phpEnv = { | 327 | phpEnv = { |
| 321 | CONTACT_EMAIL = config.myEnv.tools.contact; | 328 | CONTACT_EMAIL = config.myEnv.tools.contact; |
| @@ -438,11 +445,11 @@ in { | |||
| 438 | }; | 445 | }; |
| 439 | 446 | ||
| 440 | services.websites.env.tools.watchPaths = [ | 447 | services.websites.env.tools.watchPaths = [ |
| 441 | "/var/secrets/webapps/tools-shaarli" | 448 | config.secrets.fullPaths."webapps/tools-shaarli" |
| 442 | ]; | 449 | ]; |
| 443 | services.filesWatcher.phpfpm-wallabag = { | 450 | services.filesWatcher.phpfpm-wallabag = { |
| 444 | restart = true; | 451 | restart = true; |
| 445 | paths = [ "/var/secrets/webapps/tools-wallabag" ]; | 452 | paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ]; |
| 446 | }; | 453 | }; |
| 447 | 454 | ||
| 448 | }; | 455 | }; |
diff --git a/modules/private/websites/tools/tools/dmarc_reports.nix b/modules/private/websites/tools/tools/dmarc_reports.nix index e264e80..5fdf0b6 100644 --- a/modules/private/websites/tools/tools/dmarc_reports.nix +++ b/modules/private/websites/tools/tools/dmarc_reports.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { env }: | 1 | { env, config }: |
| 2 | rec { | 2 | rec { |
| 3 | keys = [{ | 3 | keys = [{ |
| 4 | dest = "webapps/tools-dmarc-reports.php"; | 4 | dest = "webapps/tools-dmarc-reports.php"; |
| @@ -43,7 +43,7 @@ rec { | |||
| 43 | }; | 43 | }; |
| 44 | phpFpm = rec { | 44 | phpFpm = rec { |
| 45 | basedir = builtins.concatStringsSep ":" | 45 | basedir = builtins.concatStringsSep ":" |
| 46 | [ webRoot "/var/secrets/webapps/tools-dmarc-reports.php" ]; | 46 | [ webRoot config.secrets.fullPaths."webapps/tools-dmarc-reports.php" ]; |
| 47 | pool = { | 47 | pool = { |
| 48 | "listen.owner" = apache.user; | 48 | "listen.owner" = apache.user; |
| 49 | "listen.group" = apache.group; | 49 | "listen.group" = apache.group; |
| @@ -55,7 +55,7 @@ rec { | |||
| 55 | "php_admin_value[open_basedir]" = "${basedir}:/tmp"; | 55 | "php_admin_value[open_basedir]" = "${basedir}:/tmp"; |
| 56 | }; | 56 | }; |
| 57 | phpEnv = { | 57 | phpEnv = { |
| 58 | SECRETS_FILE = "/var/secrets/webapps/tools-dmarc-reports.php"; | 58 | SECRETS_FILE = config.secrets.fullPaths."webapps/tools-dmarc-reports.php"; |
| 59 | }; | 59 | }; |
| 60 | }; | 60 | }; |
| 61 | } | 61 | } |
diff --git a/modules/private/websites/tools/tools/kanboard.nix b/modules/private/websites/tools/tools/kanboard.nix index 0f6fefc..1a70499 100644 --- a/modules/private/websites/tools/tools/kanboard.nix +++ b/modules/private/websites/tools/tools/kanboard.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { env, kanboard }: | 1 | { env, kanboard, config }: |
| 2 | rec { | 2 | rec { |
| 3 | backups = { | 3 | backups = { |
| 4 | rootDir = varDir; | 4 | rootDir = varDir; |
| @@ -42,7 +42,7 @@ rec { | |||
| 42 | ?> | 42 | ?> |
| 43 | ''; | 43 | ''; |
| 44 | }]; | 44 | }]; |
| 45 | webRoot = kanboard { kanboard_config = "/var/secrets/webapps/tools-kanboard"; }; | 45 | webRoot = kanboard { kanboard_config = config.secrets.fullPaths."webapps/tools-kanboard"; }; |
| 46 | apache = rec { | 46 | apache = rec { |
| 47 | user = "wwwrun"; | 47 | user = "wwwrun"; |
| 48 | group = "wwwrun"; | 48 | group = "wwwrun"; |
| @@ -68,7 +68,7 @@ rec { | |||
| 68 | }; | 68 | }; |
| 69 | phpFpm = rec { | 69 | phpFpm = rec { |
| 70 | serviceDeps = [ "postgresql.service" "openldap.service" ]; | 70 | serviceDeps = [ "postgresql.service" "openldap.service" ]; |
| 71 | basedir = builtins.concatStringsSep ":" [ webRoot varDir "/var/secrets/webapps/tools-kanboard" ]; | 71 | basedir = builtins.concatStringsSep ":" [ webRoot varDir config.secrets.fullPaths."webapps/tools-kanboard" ]; |
| 72 | pool = { | 72 | pool = { |
| 73 | "listen.owner" = apache.user; | 73 | "listen.owner" = apache.user; |
| 74 | "listen.group" = apache.group; | 74 | "listen.group" = apache.group; |
diff --git a/modules/private/websites/tools/tools/ldap.nix b/modules/private/websites/tools/tools/ldap.nix index 0c1a21f..cb90edc 100644 --- a/modules/private/websites/tools/tools/ldap.nix +++ b/modules/private/websites/tools/tools/ldap.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { lib, php, env, writeText, phpldapadmin }: | 1 | { lib, php, env, writeText, phpldapadmin, config }: |
| 2 | rec { | 2 | rec { |
| 3 | activationScript = { | 3 | activationScript = { |
| 4 | deps = [ "httpd" ]; | 4 | deps = [ "httpd" ]; |
| @@ -32,7 +32,7 @@ rec { | |||
| 32 | $servers->setValue('login','fallback_dn',true); | 32 | $servers->setValue('login','fallback_dn',true); |
| 33 | ''; | 33 | ''; |
| 34 | }]; | 34 | }]; |
| 35 | webRoot = phpldapadmin.override { config = "/var/secrets/webapps/tools-ldap"; }; | 35 | webRoot = phpldapadmin.override { config = config.secrets.fullPaths."webapps/tools-ldap"; }; |
| 36 | apache = rec { | 36 | apache = rec { |
| 37 | user = "wwwrun"; | 37 | user = "wwwrun"; |
| 38 | group = "wwwrun"; | 38 | group = "wwwrun"; |
| @@ -54,7 +54,7 @@ rec { | |||
| 54 | }; | 54 | }; |
| 55 | phpFpm = rec { | 55 | phpFpm = rec { |
| 56 | serviceDeps = [ "openldap.service" ]; | 56 | serviceDeps = [ "openldap.service" ]; |
| 57 | basedir = builtins.concatStringsSep ":" [ webRoot "/var/secrets/webapps/tools-ldap" ]; | 57 | basedir = builtins.concatStringsSep ":" [ webRoot config.secrets.fullPaths."webapps/tools-ldap" ]; |
| 58 | pool = { | 58 | pool = { |
| 59 | "listen.owner" = apache.user; | 59 | "listen.owner" = apache.user; |
| 60 | "listen.group" = apache.group; | 60 | "listen.group" = apache.group; |
diff --git a/modules/private/websites/tools/tools/shaarli.nix b/modules/private/websites/tools/tools/shaarli.nix index d11f525..80c6a89 100644 --- a/modules/private/websites/tools/tools/shaarli.nix +++ b/modules/private/websites/tools/tools/shaarli.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { lib, env, stdenv, fetchurl, shaarli }: | 1 | { lib, env, stdenv, fetchurl, shaarli, config }: |
| 2 | let | 2 | let |
| 3 | varDir = "/var/lib/shaarli"; | 3 | varDir = "/var/lib/shaarli"; |
| 4 | in rec { | 4 | in rec { |
| @@ -21,7 +21,7 @@ in rec { | |||
| 21 | vhostConf = socket: '' | 21 | vhostConf = socket: '' |
| 22 | Alias /Shaarli "${root}" | 22 | Alias /Shaarli "${root}" |
| 23 | 23 | ||
| 24 | Include /var/secrets/webapps/tools-shaarli | 24 | Include ${config.secrets.fullPaths."webapps/tools-shaarli"} |
| 25 | <Location /Shaarli> | 25 | <Location /Shaarli> |
| 26 | Header set Access-Control-Allow-Origin "*" | 26 | Header set Access-Control-Allow-Origin "*" |
| 27 | Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" | 27 | Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" |
diff --git a/modules/private/websites/tools/tools/ttrss.nix b/modules/private/websites/tools/tools/ttrss.nix index ce1ab8e..eb1d415 100644 --- a/modules/private/websites/tools/tools/ttrss.nix +++ b/modules/private/websites/tools/tools/ttrss.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { php, env, ttrss, ttrss-plugins }: | 1 | { php, env, ttrss, ttrss-plugins, config }: |
| 2 | rec { | 2 | rec { |
| 3 | backups = { | 3 | backups = { |
| 4 | rootDir = varDir; | 4 | rootDir = varDir; |
| @@ -88,7 +88,7 @@ rec { | |||
| 88 | define('LDAP_AUTH_DEBUG', FALSE); | 88 | define('LDAP_AUTH_DEBUG', FALSE); |
| 89 | ''; | 89 | ''; |
| 90 | }]; | 90 | }]; |
| 91 | webRoot = (ttrss.override { ttrss_config = "/var/secrets/webapps/tools-ttrss"; }).withPlugins (p: [ | 91 | webRoot = (ttrss.override { ttrss_config = config.secrets.fullPaths."webapps/tools-ttrss"; }).withPlugins (p: [ |
| 92 | p.auth_ldap p.ff_instagram p.tumblr_gdpr_ua | 92 | p.auth_ldap p.ff_instagram p.tumblr_gdpr_ua |
| 93 | (p.af_feedmod.override { patched = true; }) | 93 | (p.af_feedmod.override { patched = true; }) |
| 94 | (p.feediron.override { patched = true; }) | 94 | (p.feediron.override { patched = true; }) |
| @@ -116,7 +116,7 @@ rec { | |||
| 116 | phpFpm = rec { | 116 | phpFpm = rec { |
| 117 | serviceDeps = [ "postgresql.service" "openldap.service" ]; | 117 | serviceDeps = [ "postgresql.service" "openldap.service" ]; |
| 118 | basedir = builtins.concatStringsSep ":" ( | 118 | basedir = builtins.concatStringsSep ":" ( |
| 119 | [ webRoot "/var/secrets/webapps/tools-ttrss" varDir ] | 119 | [ webRoot config.secrets.fullPaths."webapps/tools-ttrss" varDir ] |
| 120 | ++ webRoot.plugins); | 120 | ++ webRoot.plugins); |
| 121 | pool = { | 121 | pool = { |
| 122 | "listen.owner" = apache.user; | 122 | "listen.owner" = apache.user; |
diff --git a/modules/private/websites/tools/tools/wallabag.nix b/modules/private/websites/tools/tools/wallabag.nix index 1cb0645..1a604c7 100644 --- a/modules/private/websites/tools/tools/wallabag.nix +++ b/modules/private/websites/tools/tools/wallabag.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { env, wallabag, mylibs }: | 1 | { env, wallabag, mylibs, config }: |
| 2 | rec { | 2 | rec { |
| 3 | backups = { | 3 | backups = { |
| 4 | rootDir = varDir; | 4 | rootDir = varDir; |
| @@ -69,7 +69,7 @@ rec { | |||
| 69 | arguments: ['/run/wrappers/bin/sendmail -bs'] | 69 | arguments: ['/run/wrappers/bin/sendmail -bs'] |
| 70 | ''; | 70 | ''; |
| 71 | }]; | 71 | }]; |
| 72 | webappDir = wallabag.override { ldap = true; wallabag_config = "/var/secrets/webapps/tools-wallabag"; }; | 72 | webappDir = wallabag.override { ldap = true; wallabag_config = config.secrets.fullPaths."webapps/tools-wallabag"; }; |
| 73 | activationScript = '' | 73 | activationScript = '' |
| 74 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ | 74 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ |
| 75 | ${varDir}/var ${varDir}/data/db ${varDir}/assets/images | 75 | ${varDir}/var ${varDir}/data/db ${varDir}/assets/images |
| @@ -125,11 +125,11 @@ rec { | |||
| 125 | /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction | 125 | /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction |
| 126 | popd > /dev/null | 126 | popd > /dev/null |
| 127 | echo -n "${webappDir}" > ${varDir}/currentWebappDir | 127 | echo -n "${webappDir}" > ${varDir}/currentWebappDir |
| 128 | sha512sum /var/secrets/webapps/tools-wallabag > ${varDir}/currentKey | 128 | sha512sum ${config.secrets.fullPaths."webapps/tools-wallabag"} > ${varDir}/currentKey |
| 129 | fi | 129 | fi |
| 130 | ''; | 130 | ''; |
| 131 | serviceDeps = [ "postgresql.service" "openldap.service" ]; | 131 | serviceDeps = [ "postgresql.service" "openldap.service" ]; |
| 132 | basedir = builtins.concatStringsSep ":" [ webappDir "/var/secrets/webapps/tools-wallabag" varDir ]; | 132 | basedir = builtins.concatStringsSep ":" [ webappDir config.secrets.fullPaths."webapps/tools-wallabag" varDir ]; |
| 133 | pool = { | 133 | pool = { |
| 134 | "listen.owner" = apache.user; | 134 | "listen.owner" = apache.user; |
| 135 | "listen.group" = apache.group; | 135 | "listen.group" = apache.group; |
diff --git a/modules/private/websites/tools/tools/webhooks.nix b/modules/private/websites/tools/tools/webhooks.nix index 885b68b..8ffb81b 100644 --- a/modules/private/websites/tools/tools/webhooks.nix +++ b/modules/private/websites/tools/tools/webhooks.nix | |||
| @@ -6,5 +6,11 @@ | |||
| 6 | group = "wwwrun"; | 6 | group = "wwwrun"; |
| 7 | permissions = "0400"; | 7 | permissions = "0400"; |
| 8 | text = v; | 8 | text = v; |
| 9 | }) env; | 9 | }) env ++ [{ |
| 10 | dest = "webapps/webhooks"; | ||
| 11 | isDir = true; | ||
| 12 | user = "wwwrun"; | ||
| 13 | group = "wwwrun"; | ||
| 14 | permissions = "0500"; | ||
| 15 | }]; | ||
| 10 | } | 16 | } |
diff --git a/modules/private/websites/tools/tools/yourls.nix b/modules/private/websites/tools/tools/yourls.nix index 77ac0a3..0f977f2 100644 --- a/modules/private/websites/tools/tools/yourls.nix +++ b/modules/private/websites/tools/tools/yourls.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { env, yourls, yourls-plugins }: | 1 | { env, yourls, yourls-plugins, config }: |
| 2 | rec { | 2 | rec { |
| 3 | activationScript = { | 3 | activationScript = { |
| 4 | deps = [ "httpd" ]; | 4 | deps = [ "httpd" ]; |
| @@ -40,7 +40,7 @@ rec { | |||
| 40 | define( 'LDAPAUTH_USERCACHE_TYPE', 0); | 40 | define( 'LDAPAUTH_USERCACHE_TYPE', 0); |
| 41 | ''; | 41 | ''; |
| 42 | }]; | 42 | }]; |
| 43 | webRoot = (yourls.override { yourls_config = "/var/secrets/webapps/tools-yourls"; }).withPlugins (p: [p.ldap]); | 43 | webRoot = (yourls.override { yourls_config = config.secrets.fullPaths."webapps/tools-yourls"; }).withPlugins (p: [p.ldap]); |
| 44 | apache = rec { | 44 | apache = rec { |
| 45 | user = "wwwrun"; | 45 | user = "wwwrun"; |
| 46 | group = "wwwrun"; | 46 | group = "wwwrun"; |
| @@ -70,7 +70,7 @@ rec { | |||
| 70 | phpFpm = rec { | 70 | phpFpm = rec { |
| 71 | serviceDeps = [ "mysql.service" "openldap.service" ]; | 71 | serviceDeps = [ "mysql.service" "openldap.service" ]; |
| 72 | basedir = builtins.concatStringsSep ":" ( | 72 | basedir = builtins.concatStringsSep ":" ( |
| 73 | [ webRoot "/var/secrets/webapps/tools-yourls" ] | 73 | [ webRoot config.secrets.fullPaths."webapps/tools-yourls" ] |
| 74 | ++ webRoot.plugins); | 74 | ++ webRoot.plugins); |
| 75 | pool = { | 75 | pool = { |
| 76 | "listen.owner" = apache.user; | 76 | "listen.owner" = apache.user; |