Move websites to new secrets

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-04-25 01:37:42 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-04-25 01:37:42 +0200
commit: 1b3154e40a568a296c74759d68827366b5f26da9 (patch)
tree: 77fb426f72c73c806c95ced7eeb2cc62ece48287 /nixops/modules/websites/connexionswing
parent: ca330baa14da56456ec538b232a91e1c443241bb (diff)
download: Nix-1b3154e40a568a296c74759d68827366b5f26da9.tar.gz
Nix-1b3154e40a568a296c74759d68827366b5f26da9.tar.zst
Nix-1b3154e40a568a296c74759d68827366b5f26da9.zip
2 files changed, 9 insertions, 9 deletions
diff --git a/nixops/modules/websites/connexionswing/connexionswing.nix b/nixops/modules/websites/connexionswing/connexionswing.nix
index 13d4fba..60ddb63 100644
--- a/nixops/modules/websites/connexionswing/connexionswing.nix
+++ b/nixops/modules/websites/connexionswing/connexionswing.nix
@@ -3,8 +3,8 @@ let
  connexionswing = { config }: rec {
    environment = config.environment;
    varDir = "/var/lib/connexionswing_${environment}";
-    keys."${environment}-connexionswing" = {
+    keys = [{
-      destDir = "/run/keys/webapps";
+      dest = "webapps/${environment}-connexionswing";
      user = apache.user;
      group = apache.group;
      permissions = "0400";
@@ -31,7 +31,7 @@ let
              arguments: ['/run/wrappers/bin/sendmail -bs']
        '' else ""}
      '';
-    };
+    }];
    phpFpm = rec {
      preStart = ''
        if [ ! -f "${varDir}/currentWebappDir" -o \
@@ -42,10 +42,10 @@ let
          /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
          popd > /dev/null
          echo -n "${webappDir}" > ${varDir}/currentWebappDir
-          sha512sum /run/keys/webapps/${environment}-connexionswing > ${varDir}/currentKey
+          sha512sum /var/secrets/webapps/${environment}-connexionswing > ${varDir}/currentKey
        fi
        '';
-      serviceDeps = [ "mysql.service" "${environment}-connexionswing-key.service" ];
+      serviceDeps = [ "mysql.service" ];
      socket = "/var/run/phpfpm/connexionswing-${environment}.sock";
      phpConfig = ''
        extension=${phpPackages.imagick}/lib/php/extensions/imagick.so
@@ -59,7 +59,7 @@ let
        php_admin_value[upload_max_filesize] = 20M
        php_admin_value[post_max_size] = 20M
        ;php_admin_flag[log_errors] = on
-        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/run/keys/webapps/${environment}-connexionswing:${webappDir}:${varDir}:/tmp"
+        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/secrets/webapps/${environment}-connexionswing:${webappDir}:${varDir}:/tmp"
        php_admin_value[session.save_path] = "${varDir}/phpSessions"
        ${if environment == "dev" then ''
        pm = ondemand
@@ -177,7 +177,7 @@ let
          cd $out
          ${if environment == "prod" then "php ./bin/console assetic:dump --env=prod --no-debug" else ""}
          rm app/config/parameters.yml
-          ln -sf /run/keys/webapps/${environment}-connexionswing app/config/parameters.yml
+          ln -sf /var/secrets/webapps/${environment}-connexionswing app/config/parameters.yml
          rm -rf var/{logs,cache}
          ln -sf ${varDir}/var/{logs,cache} var/
          ln -sf ${varDir}/{medias,uploads} web/images/
diff --git a/nixops/modules/websites/connexionswing/default.nix b/nixops/modules/websites/connexionswing/default.nix
index ccbaa02..c0036d8 100644
--- a/nixops/modules/websites/connexionswing/default.nix
+++ b/nixops/modules/websites/connexionswing/default.nix
@@ -25,7 +25,7 @@ in {
  config = lib.mkMerge [
    (lib.mkIf cfg.production.enable {
-      deployment.keys = connexionswing_prod.keys;
+      mySecrets.keys = connexionswing_prod.keys;
      services.myWebsites.commons.stats.enable = true;
      services.myWebsites.commons.stats.sites = [
        {
@@ -61,7 +61,7 @@ in {
      };
    })
    (lib.mkIf cfg.integration.enable {
-      deployment.keys = connexionswing_dev.keys;
+      mySecrets.keys = connexionswing_dev.keys;
      security.acme.certs."eldiron".extraDomains."sandetludo.immae.eu" = null;
      security.acme.certs."eldiron".extraDomains."connexionswing.immae.eu" = null;
      services.myPhpfpm.preStart.connexionswing_dev = connexionswing_dev.phpFpm.preStart;
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-04-25 01:37:42 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-04-25 01:37:42 +0200
commit	1b3154e40a568a296c74759d68827366b5f26da9 (patch)
tree	77fb426f72c73c806c95ced7eeb2cc62ece48287 /nixops/modules/websites/connexionswing
parent	ca330baa14da56456ec538b232a91e1c443241bb (diff)
download	Nix-1b3154e40a568a296c74759d68827366b5f26da9.tar.gz Nix-1b3154e40a568a296c74759d68827366b5f26da9.tar.zst Nix-1b3154e40a568a296c74759d68827366b5f26da9.zip

diff --git a/nixops/modules/websites/connexionswing/connexionswing.nix b/nixops/modules/websites/connexionswing/connexionswing.nix index 13d4fba..60ddb63 100644 --- a/nixops/modules/websites/connexionswing/connexionswing.nix +++ b/nixops/modules/websites/connexionswing/connexionswing.nix
@@ -3,8 +3,8 @@ let
3	connexionswing = { config }: rec {	3	connexionswing = { config }: rec {
4	environment = config.environment;	4	environment = config.environment;
5	varDir = "/var/lib/connexionswing_${environment}";	5	varDir = "/var/lib/connexionswing_${environment}";
6	keys."${environment}-connexionswing" = {	6	keys = [{
7	destDir = "/run/keys/webapps";	7	dest = "webapps/${environment}-connexionswing";
8	user = apache.user;	8	user = apache.user;
9	group = apache.group;	9	group = apache.group;
10	permissions = "0400";	10	permissions = "0400";
@@ -31,7 +31,7 @@ let
31	arguments: ['/run/wrappers/bin/sendmail -bs']	31	arguments: ['/run/wrappers/bin/sendmail -bs']
32	'' else ""}	32	'' else ""}
33	'';	33	'';
34	};	34	}];
35	phpFpm = rec {	35	phpFpm = rec {
36	preStart = ''	36	preStart = ''
37	if [ ! -f "${varDir}/currentWebappDir" -o \	37	if [ ! -f "${varDir}/currentWebappDir" -o \
@@ -42,10 +42,10 @@ let
42	/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup	42	/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
43	popd > /dev/null	43	popd > /dev/null
44	echo -n "${webappDir}" > ${varDir}/currentWebappDir	44	echo -n "${webappDir}" > ${varDir}/currentWebappDir
45	sha512sum /run/keys/webapps/${environment}-connexionswing > ${varDir}/currentKey	45	sha512sum /var/secrets/webapps/${environment}-connexionswing > ${varDir}/currentKey
46	fi	46	fi
47	'';	47	'';
48	serviceDeps = [ "mysql.service" "${environment}-connexionswing-key.service" ];	48	serviceDeps = [ "mysql.service" ];
49	socket = "/var/run/phpfpm/connexionswing-${environment}.sock";	49	socket = "/var/run/phpfpm/connexionswing-${environment}.sock";
50	phpConfig = ''	50	phpConfig = ''
51	extension=${phpPackages.imagick}/lib/php/extensions/imagick.so	51	extension=${phpPackages.imagick}/lib/php/extensions/imagick.so
@@ -59,7 +59,7 @@ let
59	php_admin_value[upload_max_filesize] = 20M	59	php_admin_value[upload_max_filesize] = 20M
60	php_admin_value[post_max_size] = 20M	60	php_admin_value[post_max_size] = 20M
61	;php_admin_flag[log_errors] = on	61	;php_admin_flag[log_errors] = on
62	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/run/keys/webapps/${environment}-connexionswing:${webappDir}:${varDir}:/tmp"	62	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/secrets/webapps/${environment}-connexionswing:${webappDir}:${varDir}:/tmp"
63	php_admin_value[session.save_path] = "${varDir}/phpSessions"	63	php_admin_value[session.save_path] = "${varDir}/phpSessions"
64	${if environment == "dev" then ''	64	${if environment == "dev" then ''
65	pm = ondemand	65	pm = ondemand
@@ -177,7 +177,7 @@ let
177	cd $out	177	cd $out
178	${if environment == "prod" then "php ./bin/console assetic:dump --env=prod --no-debug" else ""}	178	${if environment == "prod" then "php ./bin/console assetic:dump --env=prod --no-debug" else ""}
179	rm app/config/parameters.yml	179	rm app/config/parameters.yml
180	ln -sf /run/keys/webapps/${environment}-connexionswing app/config/parameters.yml	180	ln -sf /var/secrets/webapps/${environment}-connexionswing app/config/parameters.yml
181	rm -rf var/{logs,cache}	181	rm -rf var/{logs,cache}
182	ln -sf ${varDir}/var/{logs,cache} var/	182	ln -sf ${varDir}/var/{logs,cache} var/
183	ln -sf ${varDir}/{medias,uploads} web/images/	183	ln -sf ${varDir}/{medias,uploads} web/images/


diff --git a/nixops/modules/websites/connexionswing/default.nix b/nixops/modules/websites/connexionswing/default.nix index ccbaa02..c0036d8 100644 --- a/nixops/modules/websites/connexionswing/default.nix +++ b/nixops/modules/websites/connexionswing/default.nix
@@ -25,7 +25,7 @@ in {
25		25
26	config = lib.mkMerge [	26	config = lib.mkMerge [
27	(lib.mkIf cfg.production.enable {	27	(lib.mkIf cfg.production.enable {
28	deployment.keys = connexionswing_prod.keys;	28	mySecrets.keys = connexionswing_prod.keys;
29	services.myWebsites.commons.stats.enable = true;	29	services.myWebsites.commons.stats.enable = true;
30	services.myWebsites.commons.stats.sites = [	30	services.myWebsites.commons.stats.sites = [
31	{	31	{
@@ -61,7 +61,7 @@ in {
61	};	61	};
62	})	62	})
63	(lib.mkIf cfg.integration.enable {	63	(lib.mkIf cfg.integration.enable {
64	deployment.keys = connexionswing_dev.keys;	64	mySecrets.keys = connexionswing_dev.keys;
65	security.acme.certs."eldiron".extraDomains."sandetludo.immae.eu" = null;	65	security.acme.certs."eldiron".extraDomains."sandetludo.immae.eu" = null;
66	security.acme.certs."eldiron".extraDomains."connexionswing.immae.eu" = null;	66	security.acme.certs."eldiron".extraDomains."connexionswing.immae.eu" = null;
67	services.myPhpfpm.preStart.connexionswing_dev = connexionswing_dev.phpFpm.preStart;	67	services.myPhpfpm.preStart.connexionswing_dev = connexionswing_dev.phpFpm.preStart;