Move websites to new secrets

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-04-25 01:37:42 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-04-25 01:37:42 +0200
commit: 1b3154e40a568a296c74759d68827366b5f26da9 (patch)
tree: 77fb426f72c73c806c95ced7eeb2cc62ece48287 /nixops/modules/websites/aten/aten.nix
parent: ca330baa14da56456ec538b232a91e1c443241bb (diff)
download: Nix-1b3154e40a568a296c74759d68827366b5f26da9.tar.gz
Nix-1b3154e40a568a296c74759d68827366b5f26da9.tar.zst
Nix-1b3154e40a568a296c74759d68827366b5f26da9.zip
1 files changed, 6 insertions, 6 deletions
diff --git a/nixops/modules/websites/aten/aten.nix b/nixops/modules/websites/aten/aten.nix
index 567dcd1..46a7361 100644
--- a/nixops/modules/websites/aten/aten.nix
+++ b/nixops/modules/websites/aten/aten.nix
@@ -13,10 +13,10 @@ let
          /run/wrappers/bin/sudo -u wwwrun APP_ENV=${environment} ./bin/console --env=${environment} cache:clear --no-warmup
          popd > /dev/null
          echo -n "${webappDir}" > ${varDir}/currentWebappDir
-          sha512sum /run/keys/webapps/${environment}-aten > ${varDir}/currentKey
+          sha512sum /var/secrets/webapps/${environment}-aten > ${varDir}/currentKey
        fi
        '';
-      serviceDeps = [ "postgresql.service" "${environment}-aten-key.service" ];
+      serviceDeps = [ "postgresql.service" ];
      socket = "/var/run/phpfpm/aten-${environment}.sock";
      pool = ''
        listen = ${socket}
@@ -42,8 +42,8 @@ let
        pm.max_spare_servers = 3
        ''}'';
    };
-    keys."${environment}-aten" = {
+    keys = [{
-      destDir = "/run/keys/webapps";
+      dest = "webapps/${environment}-aten";
      user = apache.user;
      group = apache.group;
      permissions = "0400";
@@ -52,7 +52,7 @@ let
        SetEnv APP_SECRET   "${config.secret}"
        SetEnv DATABASE_URL "${config.psql_url}"
        '';
-    };
+    }];
    apache = rec {
      user = "wwwrun";
      group = "wwwrun";
@@ -64,7 +64,7 @@ let
        SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
      </FilesMatch>
-      Include /run/keys/webapps/${environment}-aten
+      Include /var/secrets/webapps/${environment}-aten
      ${if environment == "dev" then ''
      <Location />
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-04-25 01:37:42 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-04-25 01:37:42 +0200
commit	1b3154e40a568a296c74759d68827366b5f26da9 (patch)
tree	77fb426f72c73c806c95ced7eeb2cc62ece48287 /nixops/modules/websites/aten/aten.nix
parent	ca330baa14da56456ec538b232a91e1c443241bb (diff)
download	Nix-1b3154e40a568a296c74759d68827366b5f26da9.tar.gz Nix-1b3154e40a568a296c74759d68827366b5f26da9.tar.zst Nix-1b3154e40a568a296c74759d68827366b5f26da9.zip

diff --git a/nixops/modules/websites/aten/aten.nix b/nixops/modules/websites/aten/aten.nix index 567dcd1..46a7361 100644 --- a/nixops/modules/websites/aten/aten.nix +++ b/nixops/modules/websites/aten/aten.nix
@@ -13,10 +13,10 @@ let
13	/run/wrappers/bin/sudo -u wwwrun APP_ENV=${environment} ./bin/console --env=${environment} cache:clear --no-warmup	13	/run/wrappers/bin/sudo -u wwwrun APP_ENV=${environment} ./bin/console --env=${environment} cache:clear --no-warmup
14	popd > /dev/null	14	popd > /dev/null
15	echo -n "${webappDir}" > ${varDir}/currentWebappDir	15	echo -n "${webappDir}" > ${varDir}/currentWebappDir
16	sha512sum /run/keys/webapps/${environment}-aten > ${varDir}/currentKey	16	sha512sum /var/secrets/webapps/${environment}-aten > ${varDir}/currentKey
17	fi	17	fi
18	'';	18	'';
19	serviceDeps = [ "postgresql.service" "${environment}-aten-key.service" ];	19	serviceDeps = [ "postgresql.service" ];
20	socket = "/var/run/phpfpm/aten-${environment}.sock";	20	socket = "/var/run/phpfpm/aten-${environment}.sock";
21	pool = ''	21	pool = ''
22	listen = ${socket}	22	listen = ${socket}
@@ -42,8 +42,8 @@ let
42	pm.max_spare_servers = 3	42	pm.max_spare_servers = 3
43	''}'';	43	''}'';
44	};	44	};
45	keys."${environment}-aten" = {	45	keys = [{
46	destDir = "/run/keys/webapps";	46	dest = "webapps/${environment}-aten";
47	user = apache.user;	47	user = apache.user;
48	group = apache.group;	48	group = apache.group;
49	permissions = "0400";	49	permissions = "0400";
@@ -52,7 +52,7 @@ let
52	SetEnv APP_SECRET "${config.secret}"	52	SetEnv APP_SECRET "${config.secret}"
53	SetEnv DATABASE_URL "${config.psql_url}"	53	SetEnv DATABASE_URL "${config.psql_url}"
54	'';	54	'';
55	};	55	}];
56	apache = rec {	56	apache = rec {
57	user = "wwwrun";	57	user = "wwwrun";
58	group = "wwwrun";	58	group = "wwwrun";
@@ -64,7 +64,7 @@ let
64	SetHandler "proxy:unix:${phpFpm.socket}\|fcgi://localhost"	64	SetHandler "proxy:unix:${phpFpm.socket}\|fcgi://localhost"
65	</FilesMatch>	65	</FilesMatch>
66		66
67	Include /run/keys/webapps/${environment}-aten	67	Include /var/secrets/webapps/${environment}-aten
68		68
69	${if environment == "dev" then ''	69	${if environment == "dev" then ''
70	<Location />	70	<Location />