Move websites to new secrets

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-04-25 01:37:42 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-04-25 01:37:42 +0200
commit: 1b3154e40a568a296c74759d68827366b5f26da9 (patch)
tree: 77fb426f72c73c806c95ced7eeb2cc62ece48287 /nixops/modules/websites/aten
parent: ca330baa14da56456ec538b232a91e1c443241bb (diff)
download: Nix-1b3154e40a568a296c74759d68827366b5f26da9.tar.gz
Nix-1b3154e40a568a296c74759d68827366b5f26da9.tar.zst
Nix-1b3154e40a568a296c74759d68827366b5f26da9.zip
2 files changed, 8 insertions, 8 deletions
diff --git a/nixops/modules/websites/aten/aten.nix b/nixops/modules/websites/aten/aten.nix
index 567dcd1..46a7361 100644
--- a/nixops/modules/websites/aten/aten.nix
+++ b/nixops/modules/websites/aten/aten.nix
@@ -13,10 +13,10 @@ let
          /run/wrappers/bin/sudo -u wwwrun APP_ENV=${environment} ./bin/console --env=${environment} cache:clear --no-warmup
          popd > /dev/null
          echo -n "${webappDir}" > ${varDir}/currentWebappDir
-          sha512sum /run/keys/webapps/${environment}-aten > ${varDir}/currentKey
+          sha512sum /var/secrets/webapps/${environment}-aten > ${varDir}/currentKey
        fi
        '';
-      serviceDeps = [ "postgresql.service" "${environment}-aten-key.service" ];
+      serviceDeps = [ "postgresql.service" ];
      socket = "/var/run/phpfpm/aten-${environment}.sock";
      pool = ''
        listen = ${socket}
@@ -42,8 +42,8 @@ let
        pm.max_spare_servers = 3
        ''}'';
    };
-    keys."${environment}-aten" = {
+    keys = [{
-      destDir = "/run/keys/webapps";
+      dest = "webapps/${environment}-aten";
      user = apache.user;
      group = apache.group;
      permissions = "0400";
@@ -52,7 +52,7 @@ let
        SetEnv APP_SECRET   "${config.secret}"
        SetEnv DATABASE_URL "${config.psql_url}"
        '';
-    };
+    }];
    apache = rec {
      user = "wwwrun";
      group = "wwwrun";
@@ -64,7 +64,7 @@ let
        SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
      </FilesMatch>
-      Include /run/keys/webapps/${environment}-aten
+      Include /var/secrets/webapps/${environment}-aten
      ${if environment == "dev" then ''
      <Location />
diff --git a/nixops/modules/websites/aten/default.nix b/nixops/modules/websites/aten/default.nix
index b0f7fdb..6f58d3c 100644
--- a/nixops/modules/websites/aten/default.nix
+++ b/nixops/modules/websites/aten/default.nix
@@ -25,7 +25,7 @@ in {
  config = lib.mkMerge [
    (lib.mkIf cfg.production.enable {
-      deployment.keys = aten_prod.keys;
+      mySecrets.keys = aten_prod.keys;
      services.myWebsites.commons.stats.enable = true;
      services.myWebsites.commons.stats.sites = [
        {
@@ -59,7 +59,7 @@ in {
      };
    })
    (lib.mkIf cfg.integration.enable {
-      deployment.keys = aten_dev.keys;
+      mySecrets.keys = aten_dev.keys;
      security.acme.certs."eldiron".extraDomains."dev.aten.pro" = null;
      services.myPhpfpm.preStart.aten_dev = aten_dev.phpFpm.preStart;
      services.myPhpfpm.serviceDependencies.aten_dev = aten_dev.phpFpm.serviceDeps;
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-04-25 01:37:42 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-04-25 01:37:42 +0200
commit	1b3154e40a568a296c74759d68827366b5f26da9 (patch)
tree	77fb426f72c73c806c95ced7eeb2cc62ece48287 /nixops/modules/websites/aten
parent	ca330baa14da56456ec538b232a91e1c443241bb (diff)
download	Nix-1b3154e40a568a296c74759d68827366b5f26da9.tar.gz Nix-1b3154e40a568a296c74759d68827366b5f26da9.tar.zst Nix-1b3154e40a568a296c74759d68827366b5f26da9.zip

diff --git a/nixops/modules/websites/aten/aten.nix b/nixops/modules/websites/aten/aten.nix index 567dcd1..46a7361 100644 --- a/nixops/modules/websites/aten/aten.nix +++ b/nixops/modules/websites/aten/aten.nix
@@ -13,10 +13,10 @@ let
13	/run/wrappers/bin/sudo -u wwwrun APP_ENV=${environment} ./bin/console --env=${environment} cache:clear --no-warmup	13	/run/wrappers/bin/sudo -u wwwrun APP_ENV=${environment} ./bin/console --env=${environment} cache:clear --no-warmup
14	popd > /dev/null	14	popd > /dev/null
15	echo -n "${webappDir}" > ${varDir}/currentWebappDir	15	echo -n "${webappDir}" > ${varDir}/currentWebappDir
16	sha512sum /run/keys/webapps/${environment}-aten > ${varDir}/currentKey	16	sha512sum /var/secrets/webapps/${environment}-aten > ${varDir}/currentKey
17	fi	17	fi
18	'';	18	'';
19	serviceDeps = [ "postgresql.service" "${environment}-aten-key.service" ];	19	serviceDeps = [ "postgresql.service" ];
20	socket = "/var/run/phpfpm/aten-${environment}.sock";	20	socket = "/var/run/phpfpm/aten-${environment}.sock";
21	pool = ''	21	pool = ''
22	listen = ${socket}	22	listen = ${socket}
@@ -42,8 +42,8 @@ let
42	pm.max_spare_servers = 3	42	pm.max_spare_servers = 3
43	''}'';	43	''}'';
44	};	44	};
45	keys."${environment}-aten" = {	45	keys = [{
46	destDir = "/run/keys/webapps";	46	dest = "webapps/${environment}-aten";
47	user = apache.user;	47	user = apache.user;
48	group = apache.group;	48	group = apache.group;
49	permissions = "0400";	49	permissions = "0400";
@@ -52,7 +52,7 @@ let
52	SetEnv APP_SECRET "${config.secret}"	52	SetEnv APP_SECRET "${config.secret}"
53	SetEnv DATABASE_URL "${config.psql_url}"	53	SetEnv DATABASE_URL "${config.psql_url}"
54	'';	54	'';
55	};	55	}];
56	apache = rec {	56	apache = rec {
57	user = "wwwrun";	57	user = "wwwrun";
58	group = "wwwrun";	58	group = "wwwrun";
@@ -64,7 +64,7 @@ let
64	SetHandler "proxy:unix:${phpFpm.socket}\|fcgi://localhost"	64	SetHandler "proxy:unix:${phpFpm.socket}\|fcgi://localhost"
65	</FilesMatch>	65	</FilesMatch>
66		66
67	Include /run/keys/webapps/${environment}-aten	67	Include /var/secrets/webapps/${environment}-aten
68		68
69	${if environment == "dev" then ''	69	${if environment == "dev" then ''
70	<Location />	70	<Location />


diff --git a/nixops/modules/websites/aten/default.nix b/nixops/modules/websites/aten/default.nix index b0f7fdb..6f58d3c 100644 --- a/nixops/modules/websites/aten/default.nix +++ b/nixops/modules/websites/aten/default.nix
@@ -25,7 +25,7 @@ in {
25		25
26	config = lib.mkMerge [	26	config = lib.mkMerge [
27	(lib.mkIf cfg.production.enable {	27	(lib.mkIf cfg.production.enable {
28	deployment.keys = aten_prod.keys;	28	mySecrets.keys = aten_prod.keys;
29	services.myWebsites.commons.stats.enable = true;	29	services.myWebsites.commons.stats.enable = true;
30	services.myWebsites.commons.stats.sites = [	30	services.myWebsites.commons.stats.sites = [
31	{	31	{
@@ -59,7 +59,7 @@ in {
59	};	59	};
60	})	60	})
61	(lib.mkIf cfg.integration.enable {	61	(lib.mkIf cfg.integration.enable {
62	deployment.keys = aten_dev.keys;	62	mySecrets.keys = aten_dev.keys;
63	security.acme.certs."eldiron".extraDomains."dev.aten.pro" = null;	63	security.acme.certs."eldiron".extraDomains."dev.aten.pro" = null;
64	services.myPhpfpm.preStart.aten_dev = aten_dev.phpFpm.preStart;	64	services.myPhpfpm.preStart.aten_dev = aten_dev.phpFpm.preStart;
65	services.myPhpfpm.serviceDependencies.aten_dev = aten_dev.phpFpm.serviceDeps;	65	services.myPhpfpm.serviceDependencies.aten_dev = aten_dev.phpFpm.serviceDeps;