diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-16 00:04:34 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-16 00:04:34 +0200 |
commit | a754e9dbf5d6c35398f3c4ec52c3daf5f8ed2dd3 (patch) | |
tree | 16164779d0ced7480a0f45d896e9d7d78b531fda /nixops/modules/websites/connexionswing/connexionswing.nix | |
parent | dfb0e6df5ca2e045b45f2dce0a254b7444fb277f (diff) | |
download | Nix-a754e9dbf5d6c35398f3c4ec52c3daf5f8ed2dd3.tar.gz Nix-a754e9dbf5d6c35398f3c4ec52c3daf5f8ed2dd3.tar.zst Nix-a754e9dbf5d6c35398f3c4ec52c3daf5f8ed2dd3.zip |
Move Aten and Connexionswing secrets to secure location
Related issue: https://git.immae.eu/mantisbt/view.php?id=122
Diffstat (limited to 'nixops/modules/websites/connexionswing/connexionswing.nix')
-rw-r--r-- | nixops/modules/websites/connexionswing/connexionswing.nix | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/nixops/modules/websites/connexionswing/connexionswing.nix b/nixops/modules/websites/connexionswing/connexionswing.nix index 8fbca2d..c178184 100644 --- a/nixops/modules/websites/connexionswing/connexionswing.nix +++ b/nixops/modules/websites/connexionswing/connexionswing.nix | |||
@@ -3,8 +3,12 @@ let | |||
3 | connexionswing = { config }: rec { | 3 | connexionswing = { config }: rec { |
4 | environment = config.environment; | 4 | environment = config.environment; |
5 | varDir = "/var/lib/connexionswing_${environment}"; | 5 | varDir = "/var/lib/connexionswing_${environment}"; |
6 | configRoot = | 6 | keys."${environment}-connexionswing" = { |
7 | writeText "parameters.yml" '' | 7 | destDir = "/run/keys/webapps"; |
8 | user = apache.user; | ||
9 | group = apache.group; | ||
10 | permissions = "0700"; | ||
11 | text = '' | ||
8 | # This file is auto-generated during the composer install | 12 | # This file is auto-generated during the composer install |
9 | parameters: | 13 | parameters: |
10 | database_host: ${config.mysql.host} | 14 | database_host: ${config.mysql.host} |
@@ -27,6 +31,7 @@ let | |||
27 | arguments: ['/run/wrappers/bin/sendmail -bs'] | 31 | arguments: ['/run/wrappers/bin/sendmail -bs'] |
28 | '' else ""} | 32 | '' else ""} |
29 | ''; | 33 | ''; |
34 | }; | ||
30 | phpFpm = rec { | 35 | phpFpm = rec { |
31 | socket = "/var/run/phpfpm/connexionswing-${environment}.sock"; | 36 | socket = "/var/run/phpfpm/connexionswing-${environment}.sock"; |
32 | phpConfig = '' | 37 | phpConfig = '' |
@@ -41,7 +46,7 @@ let | |||
41 | php_admin_value[upload_max_filesize] = 20M | 46 | php_admin_value[upload_max_filesize] = 20M |
42 | php_admin_value[post_max_size] = 20M | 47 | php_admin_value[post_max_size] = 20M |
43 | ;php_admin_flag[log_errors] = on | 48 | ;php_admin_flag[log_errors] = on |
44 | php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:${configRoot}:${webappDir}:${varDir}:/tmp" | 49 | php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/run/keys/webapps/${environment}-connexionswing:${webappDir}:${varDir}:/tmp" |
45 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | 50 | php_admin_value[session.save_path] = "${varDir}/phpSessions" |
46 | ${if environment == "dev" then '' | 51 | ${if environment == "dev" then '' |
47 | pm = ondemand | 52 | pm = ondemand |
@@ -166,7 +171,7 @@ let | |||
166 | cd $out | 171 | cd $out |
167 | ${if environment == "prod" then "php ./bin/console assetic:dump --env=prod --no-debug" else ""} | 172 | ${if environment == "prod" then "php ./bin/console assetic:dump --env=prod --no-debug" else ""} |
168 | rm app/config/parameters.yml | 173 | rm app/config/parameters.yml |
169 | ln -sf ${configRoot} app/config/parameters.yml | 174 | ln -sf /run/keys/webapps/${environment}-connexionswing app/config/parameters.yml |
170 | rm -rf var/{logs,cache} | 175 | rm -rf var/{logs,cache} |
171 | ln -sf ${varDir}/var/{logs,cache} var/ | 176 | ln -sf ${varDir}/var/{logs,cache} var/ |
172 | ln -sf ${varDir}/{medias,uploads} web/images/ | 177 | ln -sf ${varDir}/{medias,uploads} web/images/ |