diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-16 00:35:59 +0200 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-16 00:35:59 +0200 |
| commit | 6e23a06b9d5e0bdb21c737285e36dbe76b2d3ac1 (patch) | |
| tree | d253f7271d6e28bb119e4399059b55d42eccf0cc /nixops/modules/websites/ludivine | |
| parent | a754e9dbf5d6c35398f3c4ec52c3daf5f8ed2dd3 (diff) | |
| download | Nix-6e23a06b9d5e0bdb21c737285e36dbe76b2d3ac1.tar.gz Nix-6e23a06b9d5e0bdb21c737285e36dbe76b2d3ac1.tar.zst Nix-6e23a06b9d5e0bdb21c737285e36dbe76b2d3ac1.zip | |
Move Ludivine Piedsjaloux and Florian's websites passwords to a secure location
Related issue: https://git.immae.eu/mantisbt/view.php?id=122
Diffstat (limited to 'nixops/modules/websites/ludivine')
| -rw-r--r-- | nixops/modules/websites/ludivine/default.nix | 2 | ||||
| -rw-r--r-- | nixops/modules/websites/ludivine/ludivinecassal.nix | 21 |
2 files changed, 19 insertions, 4 deletions
diff --git a/nixops/modules/websites/ludivine/default.nix b/nixops/modules/websites/ludivine/default.nix index 3dd0ee7..220f5c2 100644 --- a/nixops/modules/websites/ludivine/default.nix +++ b/nixops/modules/websites/ludivine/default.nix | |||
| @@ -21,6 +21,7 @@ in { | |||
| 21 | 21 | ||
| 22 | config = lib.mkMerge [ | 22 | config = lib.mkMerge [ |
| 23 | (lib.mkIf cfg.production.enable { | 23 | (lib.mkIf cfg.production.enable { |
| 24 | deployment.keys = ludivinecassal_prod.keys; | ||
| 24 | services.myWebsites.commons.stats.enable = true; | 25 | services.myWebsites.commons.stats.enable = true; |
| 25 | services.myWebsites.commons.stats.sites = [ | 26 | services.myWebsites.commons.stats.sites = [ |
| 26 | { | 27 | { |
| @@ -51,6 +52,7 @@ in { | |||
| 51 | }; | 52 | }; |
| 52 | }) | 53 | }) |
| 53 | (lib.mkIf cfg.integration.enable { | 54 | (lib.mkIf cfg.integration.enable { |
| 55 | deployment.keys = ludivinecassal_dev.keys; | ||
| 54 | security.acme.certs."eldiron".extraDomains."ludivine.immae.eu" = null; | 56 | security.acme.certs."eldiron".extraDomains."ludivine.immae.eu" = null; |
| 55 | 57 | ||
| 56 | services.myPhpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal_dev.phpFpm.pool; | 58 | services.myPhpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal_dev.phpFpm.pool; |
diff --git a/nixops/modules/websites/ludivine/ludivinecassal.nix b/nixops/modules/websites/ludivine/ludivinecassal.nix index 114c4ac..244b05e 100644 --- a/nixops/modules/websites/ludivine/ludivinecassal.nix +++ b/nixops/modules/websites/ludivine/ludivinecassal.nix | |||
| @@ -3,8 +3,12 @@ let | |||
| 3 | ludivinecassal = { config }: rec { | 3 | ludivinecassal = { config }: rec { |
| 4 | environment = config.environment; | 4 | environment = config.environment; |
| 5 | varDir = "/var/lib/ludivinecassal_${environment}"; | 5 | varDir = "/var/lib/ludivinecassal_${environment}"; |
| 6 | configRoot = | 6 | keys."${environment}-ludivinecassal" = { |
| 7 | writeText "parameters.yml" '' | 7 | destDir = "/run/keys/webapps"; |
| 8 | user = apache.user; | ||
| 9 | group = apache.group; | ||
| 10 | permissions = "0700"; | ||
| 11 | text = '' | ||
| 8 | # This file is auto-generated during the composer install | 12 | # This file is auto-generated during the composer install |
| 9 | parameters: | 13 | parameters: |
| 10 | database_host: ${config.mysql.host} | 14 | database_host: ${config.mysql.host} |
| @@ -34,6 +38,7 @@ let | |||
| 34 | sass: ${sass}/bin/sass | 38 | sass: ${sass}/bin/sass |
| 35 | ruby: ${ruby}/bin/ruby | 39 | ruby: ${ruby}/bin/ruby |
| 36 | ''; | 40 | ''; |
| 41 | }; | ||
| 37 | phpFpm = rec { | 42 | phpFpm = rec { |
| 38 | socket = "/var/run/phpfpm/ludivinecassal-${environment}.sock"; | 43 | socket = "/var/run/phpfpm/ludivinecassal-${environment}.sock"; |
| 39 | pool = '' | 44 | pool = '' |
| @@ -45,7 +50,7 @@ let | |||
| 45 | php_admin_value[upload_max_filesize] = 20M | 50 | php_admin_value[upload_max_filesize] = 20M |
| 46 | php_admin_value[post_max_size] = 20M | 51 | php_admin_value[post_max_size] = 20M |
| 47 | ;php_admin_flag[log_errors] = on | 52 | ;php_admin_flag[log_errors] = on |
| 48 | php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp" | 53 | php_admin_value[open_basedir] = "/run/keys/webapps/${environment}-ludivinecassal:${webappDir}:${varDir}:/tmp" |
| 49 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | 54 | php_admin_value[session.save_path] = "${varDir}/phpSessions" |
| 50 | ${if environment == "dev" then '' | 55 | ${if environment == "dev" then '' |
| 51 | pm = ondemand | 56 | pm = ondemand |
| @@ -151,7 +156,14 @@ let | |||
| 151 | noDev = (environment == "prod"); | 156 | noDev = (environment == "prod"); |
| 152 | preInstall = '' | 157 | preInstall = '' |
| 153 | export SYMFONY_ENV="${environment}" | 158 | export SYMFONY_ENV="${environment}" |
| 154 | ln -sf ${configRoot} app/config/parameters.yml | 159 | cp app/config/parameters.yml.dist app/config/parameters.yml |
| 160 | cat >> app/config/parameters.yml <<EOF | ||
| 161 | leapt_im: | ||
| 162 | binary_path: ${imagemagick}/bin | ||
| 163 | assetic: | ||
| 164 | sass: ${sass}/bin/sass | ||
| 165 | ruby: ${ruby}/bin/ruby | ||
| 166 | EOF | ||
| 155 | sed -i -e "/Incenteev..ParameterHandler..ScriptHandler::buildParameters/d" composer.json | 167 | sed -i -e "/Incenteev..ParameterHandler..ScriptHandler::buildParameters/d" composer.json |
| 156 | ''; | 168 | ''; |
| 157 | # /!\ miniatures and data need to be in the same physical dir due to a | 169 | # /!\ miniatures and data need to be in the same physical dir due to a |
| @@ -159,6 +171,7 @@ let | |||
| 159 | postInstall = '' | 171 | postInstall = '' |
| 160 | rm -rf var/{logs,cache,data,miniatures,tmp} | 172 | rm -rf var/{logs,cache,data,miniatures,tmp} |
| 161 | ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/ | 173 | ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/ |
| 174 | ln -sf /run/keys/webapps/${environment}-ludivinecassal app/config/parameters.yml | ||
| 162 | ''; | 175 | ''; |
| 163 | buildInputs = [ sass ]; | 176 | buildInputs = [ sass ]; |
| 164 | }); | 177 | }); |