aboutsummaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2021-01-30 00:41:57 +0100
committerIsmaël Bouya <ismael.bouya@normalesup.org>2021-01-30 00:41:57 +0100
commit0966f95c6968963988d7ebc846eb0e6087091acc (patch)
tree6438b3328b369aa76d2525a6d88f4204647579d1 /modules
parent31d99b750fca57c660f98e23e12053eaf42d4929 (diff)
downloadNix-0966f95c6968963988d7ebc846eb0e6087091acc.tar.gz
Nix-0966f95c6968963988d7ebc846eb0e6087091acc.tar.zst
Nix-0966f95c6968963988d7ebc846eb0e6087091acc.zip
Move csp report credentials out of the store
Diffstat (limited to 'modules')
-rw-r--r--modules/private/websites/tools/tools/csp_reports.nix12
-rw-r--r--modules/private/websites/tools/tools/default.nix7
2 files changed, 17 insertions, 2 deletions
diff --git a/modules/private/websites/tools/tools/csp_reports.nix b/modules/private/websites/tools/tools/csp_reports.nix
new file mode 100644
index 0000000..4660251
--- /dev/null
+++ b/modules/private/websites/tools/tools/csp_reports.nix
@@ -0,0 +1,12 @@
1{ env }:
2rec {
3 keys = [{
4 dest = "webapps/tools-csp-reports.conf";
5 user = "wwwrun";
6 group = "wwwrun";
7 permissions = "0400";
8 text = with env.postgresql; ''
9 env[CSP_REPORT_URI] = "host=${socket} dbname=${database} user=${user} password=${password}"
10 '';
11 }];
12}
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix
index 1e30eed..7903ca5 100644
--- a/modules/private/websites/tools/tools/default.nix
+++ b/modules/private/websites/tools/tools/default.nix
@@ -55,6 +55,9 @@ let
55 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix { 55 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
56 env = config.myEnv.tools.dmarc_reports; 56 env = config.myEnv.tools.dmarc_reports;
57 }; 57 };
58 csp-reports = pkgs.callPackage ./csp_reports.nix {
59 env = config.myEnv.tools.csp_reports;
60 };
58 61
59 landing = pkgs.callPackage ./landing.nix {}; 62 landing = pkgs.callPackage ./landing.nix {};
60 63
@@ -74,6 +77,7 @@ in {
74 ++ wallabag.keys 77 ++ wallabag.keys
75 ++ yourls.keys 78 ++ yourls.keys
76 ++ dmarc-reports.keys 79 ++ dmarc-reports.keys
80 ++ csp-reports.keys
77 ++ webhooks.keys; 81 ++ webhooks.keys;
78 82
79 services.duplyBackup.profiles = { 83 services.duplyBackup.profiles = {
@@ -302,11 +306,10 @@ in {
302 "/run/wrappers/bin/sendmail" landing "/tmp" 306 "/run/wrappers/bin/sendmail" landing "/tmp"
303 "${config.secrets.location}/webapps/webhooks" 307 "${config.secrets.location}/webapps/webhooks"
304 ]; 308 ];
309 "include" = "${config.secrets.location}/webapps/tools-csp-reports.conf";
305 }; 310 };
306 phpEnv = { 311 phpEnv = {
307 CONTACT_EMAIL = config.myEnv.tools.contact; 312 CONTACT_EMAIL = config.myEnv.tools.contact;
308 CSP_REPORT_URI = with config.myEnv.tools.csp_reports.postgresql;
309 "\"host=${socket} dbname=${database} user=${user} password=${password}\"";
310 }; 313 };
311 phpPackage = pkgs.php72; 314 phpPackage = pkgs.php72;
312 }; 315 };