Move websites to new secrets

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-04-25 01:37:42 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-04-25 01:37:42 +0200
commit: 1b3154e40a568a296c74759d68827366b5f26da9 (patch)
tree: 77fb426f72c73c806c95ced7eeb2cc62ece48287 /nixops/modules/websites/chloe
parent: ca330baa14da56456ec538b232a91e1c443241bb (diff)
download: Nix-1b3154e40a568a296c74759d68827366b5f26da9.tar.gz
Nix-1b3154e40a568a296c74759d68827366b5f26da9.tar.zst
Nix-1b3154e40a568a296c74759d68827366b5f26da9.zip
2 files changed, 7 insertions, 7 deletions
diff --git a/nixops/modules/websites/chloe/chloe.nix b/nixops/modules/websites/chloe/chloe.nix
index 0861cdf..e2381d8 100644
--- a/nixops/modules/websites/chloe/chloe.nix
+++ b/nixops/modules/websites/chloe/chloe.nix
@@ -3,7 +3,7 @@ let
  chloe = { config }: rec {
    environment = config.environment;
    phpFpm = rec {
-      serviceDeps = [ "mysql.service" "${environment}-chloe-key.service" ];
+      serviceDeps = [ "mysql.service" ];
      socket = "/var/run/phpfpm/chloe-${environment}.sock";
      pool = ''
        listen = ${socket}
@@ -28,8 +28,8 @@ let
        pm.max_spare_servers = 3
        ''}'';
    };
-    keys."${environment}-chloe" = {
+    keys = [{
-      destDir = "/run/keys/webapps";
+      dest = "webapps/${environment}-chloe";
      user = apache.user;
      group = apache.group;
      permissions = "0400";
@@ -48,7 +48,7 @@ let
        SetEnv SPIP_MYSQL_USER     "${config.mysql.user}"
        SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}"
      '';
-    };
+    }];
    apache = rec {
      user = "wwwrun";
      group = "wwwrun";
@@ -56,7 +56,7 @@ let
      webappName = "chloe_${environment}";
      root = "/run/current-system/webapps/${webappName}";
      vhostConf = ''
-        Include /run/keys/webapps/${environment}-chloe
+        Include /var/secrets/webapps/${environment}-chloe
        RewriteEngine On
        ${if environment == "prod" then ''
diff --git a/nixops/modules/websites/chloe/default.nix b/nixops/modules/websites/chloe/default.nix
index 451a248..33ced2e 100644
--- a/nixops/modules/websites/chloe/default.nix
+++ b/nixops/modules/websites/chloe/default.nix
@@ -25,7 +25,7 @@ in {
  config = lib.mkMerge [
    (lib.mkIf cfg.production.enable {
-      deployment.keys = chloe_prod.keys;
+      mySecrets.keys = chloe_prod.keys;
      services.myWebsites.commons.stats.enable = true;
      services.myWebsites.commons.stats.sites = [
        {
@@ -60,7 +60,7 @@ in {
      };
    })
    (lib.mkIf cfg.integration.enable {
-      deployment.keys = chloe_dev.keys;
+      mySecrets.keys = chloe_dev.keys;
      security.acme.certs."eldiron".extraDomains."chloe.immae.eu" = null;
      services.myPhpfpm.serviceDependencies.chloe_dev = chloe_dev.phpFpm.serviceDeps;
      services.myPhpfpm.poolConfigs.chloe_dev = chloe_dev.phpFpm.pool;
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-04-25 01:37:42 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-04-25 01:37:42 +0200
commit	1b3154e40a568a296c74759d68827366b5f26da9 (patch)
tree	77fb426f72c73c806c95ced7eeb2cc62ece48287 /nixops/modules/websites/chloe
parent	ca330baa14da56456ec538b232a91e1c443241bb (diff)
download	Nix-1b3154e40a568a296c74759d68827366b5f26da9.tar.gz Nix-1b3154e40a568a296c74759d68827366b5f26da9.tar.zst Nix-1b3154e40a568a296c74759d68827366b5f26da9.zip

diff --git a/nixops/modules/websites/chloe/chloe.nix b/nixops/modules/websites/chloe/chloe.nix index 0861cdf..e2381d8 100644 --- a/nixops/modules/websites/chloe/chloe.nix +++ b/nixops/modules/websites/chloe/chloe.nix
@@ -3,7 +3,7 @@ let
3	chloe = { config }: rec {	3	chloe = { config }: rec {
4	environment = config.environment;	4	environment = config.environment;
5	phpFpm = rec {	5	phpFpm = rec {
6	serviceDeps = [ "mysql.service" "${environment}-chloe-key.service" ];	6	serviceDeps = [ "mysql.service" ];
7	socket = "/var/run/phpfpm/chloe-${environment}.sock";	7	socket = "/var/run/phpfpm/chloe-${environment}.sock";
8	pool = ''	8	pool = ''
9	listen = ${socket}	9	listen = ${socket}
@@ -28,8 +28,8 @@ let
28	pm.max_spare_servers = 3	28	pm.max_spare_servers = 3
29	''}'';	29	''}'';
30	};	30	};
31	keys."${environment}-chloe" = {	31	keys = [{
32	destDir = "/run/keys/webapps";	32	dest = "webapps/${environment}-chloe";
33	user = apache.user;	33	user = apache.user;
34	group = apache.group;	34	group = apache.group;
35	permissions = "0400";	35	permissions = "0400";
@@ -48,7 +48,7 @@ let
48	SetEnv SPIP_MYSQL_USER "${config.mysql.user}"	48	SetEnv SPIP_MYSQL_USER "${config.mysql.user}"
49	SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}"	49	SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}"
50	'';	50	'';
51	};	51	}];
52	apache = rec {	52	apache = rec {
53	user = "wwwrun";	53	user = "wwwrun";
54	group = "wwwrun";	54	group = "wwwrun";
@@ -56,7 +56,7 @@ let
56	webappName = "chloe_${environment}";	56	webappName = "chloe_${environment}";
57	root = "/run/current-system/webapps/${webappName}";	57	root = "/run/current-system/webapps/${webappName}";
58	vhostConf = ''	58	vhostConf = ''
59	Include /run/keys/webapps/${environment}-chloe	59	Include /var/secrets/webapps/${environment}-chloe
60		60
61	RewriteEngine On	61	RewriteEngine On
62	${if environment == "prod" then ''	62	${if environment == "prod" then ''


diff --git a/nixops/modules/websites/chloe/default.nix b/nixops/modules/websites/chloe/default.nix index 451a248..33ced2e 100644 --- a/nixops/modules/websites/chloe/default.nix +++ b/nixops/modules/websites/chloe/default.nix
@@ -25,7 +25,7 @@ in {
25		25
26	config = lib.mkMerge [	26	config = lib.mkMerge [
27	(lib.mkIf cfg.production.enable {	27	(lib.mkIf cfg.production.enable {
28	deployment.keys = chloe_prod.keys;	28	mySecrets.keys = chloe_prod.keys;
29	services.myWebsites.commons.stats.enable = true;	29	services.myWebsites.commons.stats.enable = true;
30	services.myWebsites.commons.stats.sites = [	30	services.myWebsites.commons.stats.sites = [
31	{	31	{
@@ -60,7 +60,7 @@ in {
60	};	60	};
61	})	61	})
62	(lib.mkIf cfg.integration.enable {	62	(lib.mkIf cfg.integration.enable {
63	deployment.keys = chloe_dev.keys;	63	mySecrets.keys = chloe_dev.keys;
64	security.acme.certs."eldiron".extraDomains."chloe.immae.eu" = null;	64	security.acme.certs."eldiron".extraDomains."chloe.immae.eu" = null;
65	services.myPhpfpm.serviceDependencies.chloe_dev = chloe_dev.phpFpm.serviceDeps;	65	services.myPhpfpm.serviceDependencies.chloe_dev = chloe_dev.phpFpm.serviceDeps;
66	services.myPhpfpm.poolConfigs.chloe_dev = chloe_dev.phpFpm.pool;	66	services.myPhpfpm.poolConfigs.chloe_dev = chloe_dev.phpFpm.pool;