diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-16 00:04:34 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-16 00:04:34 +0200 |
commit | a754e9dbf5d6c35398f3c4ec52c3daf5f8ed2dd3 (patch) | |
tree | 16164779d0ced7480a0f45d896e9d7d78b531fda /nixops/modules/websites/aten/aten.nix | |
parent | dfb0e6df5ca2e045b45f2dce0a254b7444fb277f (diff) | |
download | Nix-a754e9dbf5d6c35398f3c4ec52c3daf5f8ed2dd3.tar.gz Nix-a754e9dbf5d6c35398f3c4ec52c3daf5f8ed2dd3.tar.zst Nix-a754e9dbf5d6c35398f3c4ec52c3daf5f8ed2dd3.zip |
Move Aten and Connexionswing secrets to secure location
Related issue: https://git.immae.eu/mantisbt/view.php?id=122
Diffstat (limited to 'nixops/modules/websites/aten/aten.nix')
-rw-r--r-- | nixops/modules/websites/aten/aten.nix | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/nixops/modules/websites/aten/aten.nix b/nixops/modules/websites/aten/aten.nix index d9286c3..897b3ba 100644 --- a/nixops/modules/websites/aten/aten.nix +++ b/nixops/modules/websites/aten/aten.nix | |||
@@ -29,6 +29,17 @@ let | |||
29 | pm.max_spare_servers = 3 | 29 | pm.max_spare_servers = 3 |
30 | ''}''; | 30 | ''}''; |
31 | }; | 31 | }; |
32 | keys."${environment}-aten" = { | ||
33 | destDir = "/run/keys/webapps"; | ||
34 | user = apache.user; | ||
35 | group = apache.group; | ||
36 | permissions = "0700"; | ||
37 | text = '' | ||
38 | SetEnv APP_ENV "${environment}" | ||
39 | SetEnv APP_SECRET "${config.secret}" | ||
40 | SetEnv DATABASE_URL "${config.psql_url}" | ||
41 | ''; | ||
42 | }; | ||
32 | apache = rec { | 43 | apache = rec { |
33 | user = "wwwrun"; | 44 | user = "wwwrun"; |
34 | group = "wwwrun"; | 45 | group = "wwwrun"; |
@@ -40,9 +51,7 @@ let | |||
40 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 51 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" |
41 | </FilesMatch> | 52 | </FilesMatch> |
42 | 53 | ||
43 | SetEnv APP_ENV "${environment}" | 54 | Include /run/keys/webapps/${environment}-aten |
44 | SetEnv APP_SECRET "${config.secret}" | ||
45 | SetEnv DATABASE_URL "${config.psql_url}" | ||
46 | 55 | ||
47 | ${if environment == "dev" then '' | 56 | ${if environment == "dev" then '' |
48 | <Location /> | 57 | <Location /> |
@@ -124,8 +133,6 @@ let | |||
124 | preInstall = '' | 133 | preInstall = '' |
125 | export SYMFONY_ENV="${environment}" | 134 | export SYMFONY_ENV="${environment}" |
126 | export APP_ENV="${environment}" | 135 | export APP_ENV="${environment}" |
127 | export DATABASE_URL="${config.psql_url}" | ||
128 | export APP_SECRET="${config.secret}" | ||
129 | ''; | 136 | ''; |
130 | postInstall = '' | 137 | postInstall = '' |
131 | ln -sf ${yarnModules}/node_modules . | 138 | ln -sf ${yarnModules}/node_modules . |