aboutsummaryrefslogtreecommitdiff
path: root/nixops/modules/task
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2019-04-20 19:49:33 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2019-04-20 19:49:33 +0200
commitcd85801d01ddadbe00f26f4f257621ee1cd81e4b (patch)
treee188096e6fab004908a70582253e280cd3829a2f /nixops/modules/task
parentea7bf00c5af841b6f3980cb8d957daec5e609422 (diff)
downloadNix-cd85801d01ddadbe00f26f4f257621ee1cd81e4b.tar.gz
Nix-cd85801d01ddadbe00f26f4f257621ee1cd81e4b.tar.zst
Nix-cd85801d01ddadbe00f26f4f257621ee1cd81e4b.zip
Move taskwarrior keys to secure location
Related issue: https://git.immae.eu/mantisbt/view.php?id=122
Diffstat (limited to 'nixops/modules/task')
-rw-r--r--nixops/modules/task/default.nix23
1 files changed, 16 insertions, 7 deletions
diff --git a/nixops/modules/task/default.nix b/nixops/modules/task/default.nix
index cda2302..2001eaa 100644
--- a/nixops/modules/task/default.nix
+++ b/nixops/modules/task/default.nix
@@ -87,6 +87,21 @@ in {
87 }; 87 };
88 88
89 config = lib.mkIf cfg.enable { 89 config = lib.mkIf cfg.enable {
90 deployment.keys.tools-taskwarrior-web = {
91 destDir = "/run/keys/webapps";
92 user = "wwwrun";
93 group = "wwwrun";
94 permissions = "0400";
95 text = ''
96 SetEnv TASKD_HOST "${fqdn}:${toString config.services.taskserver.listenPort}"
97 SetEnv TASKD_VARDIR "${vardir}"
98 SetEnv TASKD_LDAP_HOST "ldaps://${env.ldap.host}"
99 SetEnv TASKD_LDAP_DN "${env.ldap.dn}"
100 SetEnv TASKD_LDAP_PASSWORD "${env.ldap.password}"
101 SetEnv TASKD_LDAP_BASE "${env.ldap.base}"
102 SetEnv TASKD_LDAP_FILTER "${env.ldap.search}"
103 '';
104 };
90 security.acme.certs."eldiron".extraDomains.${fqdn} = null; 105 security.acme.certs."eldiron".extraDomains.${fqdn} = null;
91 services.myWebsites.tools.modules = [ "proxy_fcgi" "sed" ]; 106 services.myWebsites.tools.modules = [ "proxy_fcgi" "sed" ];
92 services.myWebsites.tools.vhostConfs.task = { 107 services.myWebsites.tools.vhostConfs.task = {
@@ -101,13 +116,7 @@ in {
101 <FilesMatch "\.php$"> 116 <FilesMatch "\.php$">
102 SetHandler "proxy:unix:/var/run/phpfpm/task.sock|fcgi://localhost" 117 SetHandler "proxy:unix:/var/run/phpfpm/task.sock|fcgi://localhost"
103 </FilesMatch> 118 </FilesMatch>
104 SetEnv TASKD_HOST "${fqdn}:${toString config.services.taskserver.listenPort}" 119 Include /run/keys/webapps/tools-taskwarrior-web
105 SetEnv TASKD_VARDIR "${vardir}"
106 SetEnv TASKD_LDAP_HOST "ldaps://${env.ldap.host}"
107 SetEnv TASKD_LDAP_DN "${env.ldap.dn}"
108 SetEnv TASKD_LDAP_PASSWORD "${env.ldap.password}"
109 SetEnv TASKD_LDAP_BASE "${env.ldap.base}"
110 SetEnv TASKD_LDAP_FILTER "${env.ldap.search}"
111 </Directory> 120 </Directory>
112 '' 121 ''
113 '' 122 ''