diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-25 01:37:42 +0200 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-25 01:37:42 +0200 |
| commit | 1b3154e40a568a296c74759d68827366b5f26da9 (patch) | |
| tree | 77fb426f72c73c806c95ced7eeb2cc62ece48287 /nixops/modules/websites/ludivine | |
| parent | ca330baa14da56456ec538b232a91e1c443241bb (diff) | |
| download | Nix-1b3154e40a568a296c74759d68827366b5f26da9.tar.gz Nix-1b3154e40a568a296c74759d68827366b5f26da9.tar.zst Nix-1b3154e40a568a296c74759d68827366b5f26da9.zip | |
Move websites to new secrets
Diffstat (limited to 'nixops/modules/websites/ludivine')
| -rw-r--r-- | nixops/modules/websites/ludivine/default.nix | 4 | ||||
| -rw-r--r-- | nixops/modules/websites/ludivine/ludivinecassal.nix | 14 |
2 files changed, 9 insertions, 9 deletions
diff --git a/nixops/modules/websites/ludivine/default.nix b/nixops/modules/websites/ludivine/default.nix index 814764f..a3d3922 100644 --- a/nixops/modules/websites/ludivine/default.nix +++ b/nixops/modules/websites/ludivine/default.nix | |||
| @@ -21,7 +21,7 @@ in { | |||
| 21 | 21 | ||
| 22 | config = lib.mkMerge [ | 22 | config = lib.mkMerge [ |
| 23 | (lib.mkIf cfg.production.enable { | 23 | (lib.mkIf cfg.production.enable { |
| 24 | deployment.keys = ludivinecassal_prod.keys; | 24 | mySecrets.keys = ludivinecassal_prod.keys; |
| 25 | services.myWebsites.commons.stats.enable = true; | 25 | services.myWebsites.commons.stats.enable = true; |
| 26 | services.myWebsites.commons.stats.sites = [ | 26 | services.myWebsites.commons.stats.sites = [ |
| 27 | { | 27 | { |
| @@ -54,7 +54,7 @@ in { | |||
| 54 | }; | 54 | }; |
| 55 | }) | 55 | }) |
| 56 | (lib.mkIf cfg.integration.enable { | 56 | (lib.mkIf cfg.integration.enable { |
| 57 | deployment.keys = ludivinecassal_dev.keys; | 57 | mySecrets.keys = ludivinecassal_dev.keys; |
| 58 | security.acme.certs."eldiron".extraDomains."ludivine.immae.eu" = null; | 58 | security.acme.certs."eldiron".extraDomains."ludivine.immae.eu" = null; |
| 59 | 59 | ||
| 60 | services.myPhpfpm.preStart.ludivinecassal_dev = ludivinecassal_dev.phpFpm.preStart; | 60 | services.myPhpfpm.preStart.ludivinecassal_dev = ludivinecassal_dev.phpFpm.preStart; |
diff --git a/nixops/modules/websites/ludivine/ludivinecassal.nix b/nixops/modules/websites/ludivine/ludivinecassal.nix index 439d3c9..c12d89c 100644 --- a/nixops/modules/websites/ludivine/ludivinecassal.nix +++ b/nixops/modules/websites/ludivine/ludivinecassal.nix | |||
| @@ -3,8 +3,8 @@ let | |||
| 3 | ludivinecassal = { config }: rec { | 3 | ludivinecassal = { config }: rec { |
| 4 | environment = config.environment; | 4 | environment = config.environment; |
| 5 | varDir = "/var/lib/ludivinecassal_${environment}"; | 5 | varDir = "/var/lib/ludivinecassal_${environment}"; |
| 6 | keys."${environment}-ludivinecassal" = { | 6 | keys = [{ |
| 7 | destDir = "/run/keys/webapps"; | 7 | dest = "webapps/${environment}-ludivinecassal"; |
| 8 | user = apache.user; | 8 | user = apache.user; |
| 9 | group = apache.group; | 9 | group = apache.group; |
| 10 | permissions = "0400"; | 10 | permissions = "0400"; |
| @@ -38,7 +38,7 @@ let | |||
| 38 | sass: ${sass}/bin/sass | 38 | sass: ${sass}/bin/sass |
| 39 | ruby: ${ruby}/bin/ruby | 39 | ruby: ${ruby}/bin/ruby |
| 40 | ''; | 40 | ''; |
| 41 | }; | 41 | }]; |
| 42 | phpFpm = rec { | 42 | phpFpm = rec { |
| 43 | preStart = '' | 43 | preStart = '' |
| 44 | if [ ! -f "${varDir}/currentWebappDir" -o \ | 44 | if [ ! -f "${varDir}/currentWebappDir" -o \ |
| @@ -49,10 +49,10 @@ let | |||
| 49 | /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup | 49 | /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup |
| 50 | popd > /dev/null | 50 | popd > /dev/null |
| 51 | echo -n "${webappDir}" > ${varDir}/currentWebappDir | 51 | echo -n "${webappDir}" > ${varDir}/currentWebappDir |
| 52 | sha512sum /run/keys/webapps/${environment}-ludivinecassal > ${varDir}/currentKey | 52 | sha512sum /var/secrets/webapps/${environment}-ludivinecassal > ${varDir}/currentKey |
| 53 | fi | 53 | fi |
| 54 | ''; | 54 | ''; |
| 55 | serviceDeps = [ "mysql.service" "${environment}-ludivinecassal-key.service" ]; | 55 | serviceDeps = [ "mysql.service" ]; |
| 56 | socket = "/var/run/phpfpm/ludivinecassal-${environment}.sock"; | 56 | socket = "/var/run/phpfpm/ludivinecassal-${environment}.sock"; |
| 57 | pool = '' | 57 | pool = '' |
| 58 | listen = ${socket} | 58 | listen = ${socket} |
| @@ -63,7 +63,7 @@ let | |||
| 63 | php_admin_value[upload_max_filesize] = 20M | 63 | php_admin_value[upload_max_filesize] = 20M |
| 64 | php_admin_value[post_max_size] = 20M | 64 | php_admin_value[post_max_size] = 20M |
| 65 | ;php_admin_flag[log_errors] = on | 65 | ;php_admin_flag[log_errors] = on |
| 66 | php_admin_value[open_basedir] = "/run/keys/webapps/${environment}-ludivinecassal:${webappDir}:${varDir}:/tmp" | 66 | php_admin_value[open_basedir] = "/var/secrets/webapps/${environment}-ludivinecassal:${webappDir}:${varDir}:/tmp" |
| 67 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | 67 | php_admin_value[session.save_path] = "${varDir}/phpSessions" |
| 68 | ${if environment == "dev" then '' | 68 | ${if environment == "dev" then '' |
| 69 | pm = ondemand | 69 | pm = ondemand |
| @@ -177,7 +177,7 @@ let | |||
| 177 | postInstall = '' | 177 | postInstall = '' |
| 178 | rm -rf var/{logs,cache,data,miniatures,tmp} | 178 | rm -rf var/{logs,cache,data,miniatures,tmp} |
| 179 | ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/ | 179 | ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/ |
| 180 | ln -sf /run/keys/webapps/${environment}-ludivinecassal app/config/parameters.yml | 180 | ln -sf /var/secrets/webapps/${environment}-ludivinecassal app/config/parameters.yml |
| 181 | ''; | 181 | ''; |
| 182 | buildInputs = [ sass ]; | 182 | buildInputs = [ sass ]; |
| 183 | }); | 183 | }); |