diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-16 00:35:59 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-16 00:35:59 +0200 |
commit | 6e23a06b9d5e0bdb21c737285e36dbe76b2d3ac1 (patch) | |
tree | d253f7271d6e28bb119e4399059b55d42eccf0cc /nixops/modules/websites/ludivine | |
parent | a754e9dbf5d6c35398f3c4ec52c3daf5f8ed2dd3 (diff) | |
download | Nix-6e23a06b9d5e0bdb21c737285e36dbe76b2d3ac1.tar.gz Nix-6e23a06b9d5e0bdb21c737285e36dbe76b2d3ac1.tar.zst Nix-6e23a06b9d5e0bdb21c737285e36dbe76b2d3ac1.zip |
Move Ludivine Piedsjaloux and Florian's websites passwords to a secure location
Related issue: https://git.immae.eu/mantisbt/view.php?id=122
Diffstat (limited to 'nixops/modules/websites/ludivine')
-rw-r--r-- | nixops/modules/websites/ludivine/default.nix | 2 | ||||
-rw-r--r-- | nixops/modules/websites/ludivine/ludivinecassal.nix | 21 |
2 files changed, 19 insertions, 4 deletions
diff --git a/nixops/modules/websites/ludivine/default.nix b/nixops/modules/websites/ludivine/default.nix index 3dd0ee7..220f5c2 100644 --- a/nixops/modules/websites/ludivine/default.nix +++ b/nixops/modules/websites/ludivine/default.nix | |||
@@ -21,6 +21,7 @@ in { | |||
21 | 21 | ||
22 | config = lib.mkMerge [ | 22 | config = lib.mkMerge [ |
23 | (lib.mkIf cfg.production.enable { | 23 | (lib.mkIf cfg.production.enable { |
24 | deployment.keys = ludivinecassal_prod.keys; | ||
24 | services.myWebsites.commons.stats.enable = true; | 25 | services.myWebsites.commons.stats.enable = true; |
25 | services.myWebsites.commons.stats.sites = [ | 26 | services.myWebsites.commons.stats.sites = [ |
26 | { | 27 | { |
@@ -51,6 +52,7 @@ in { | |||
51 | }; | 52 | }; |
52 | }) | 53 | }) |
53 | (lib.mkIf cfg.integration.enable { | 54 | (lib.mkIf cfg.integration.enable { |
55 | deployment.keys = ludivinecassal_dev.keys; | ||
54 | security.acme.certs."eldiron".extraDomains."ludivine.immae.eu" = null; | 56 | security.acme.certs."eldiron".extraDomains."ludivine.immae.eu" = null; |
55 | 57 | ||
56 | services.myPhpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal_dev.phpFpm.pool; | 58 | services.myPhpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal_dev.phpFpm.pool; |
diff --git a/nixops/modules/websites/ludivine/ludivinecassal.nix b/nixops/modules/websites/ludivine/ludivinecassal.nix index 114c4ac..244b05e 100644 --- a/nixops/modules/websites/ludivine/ludivinecassal.nix +++ b/nixops/modules/websites/ludivine/ludivinecassal.nix | |||
@@ -3,8 +3,12 @@ let | |||
3 | ludivinecassal = { config }: rec { | 3 | ludivinecassal = { config }: rec { |
4 | environment = config.environment; | 4 | environment = config.environment; |
5 | varDir = "/var/lib/ludivinecassal_${environment}"; | 5 | varDir = "/var/lib/ludivinecassal_${environment}"; |
6 | configRoot = | 6 | keys."${environment}-ludivinecassal" = { |
7 | writeText "parameters.yml" '' | 7 | destDir = "/run/keys/webapps"; |
8 | user = apache.user; | ||
9 | group = apache.group; | ||
10 | permissions = "0700"; | ||
11 | text = '' | ||
8 | # This file is auto-generated during the composer install | 12 | # This file is auto-generated during the composer install |
9 | parameters: | 13 | parameters: |
10 | database_host: ${config.mysql.host} | 14 | database_host: ${config.mysql.host} |
@@ -34,6 +38,7 @@ let | |||
34 | sass: ${sass}/bin/sass | 38 | sass: ${sass}/bin/sass |
35 | ruby: ${ruby}/bin/ruby | 39 | ruby: ${ruby}/bin/ruby |
36 | ''; | 40 | ''; |
41 | }; | ||
37 | phpFpm = rec { | 42 | phpFpm = rec { |
38 | socket = "/var/run/phpfpm/ludivinecassal-${environment}.sock"; | 43 | socket = "/var/run/phpfpm/ludivinecassal-${environment}.sock"; |
39 | pool = '' | 44 | pool = '' |
@@ -45,7 +50,7 @@ let | |||
45 | php_admin_value[upload_max_filesize] = 20M | 50 | php_admin_value[upload_max_filesize] = 20M |
46 | php_admin_value[post_max_size] = 20M | 51 | php_admin_value[post_max_size] = 20M |
47 | ;php_admin_flag[log_errors] = on | 52 | ;php_admin_flag[log_errors] = on |
48 | php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp" | 53 | php_admin_value[open_basedir] = "/run/keys/webapps/${environment}-ludivinecassal:${webappDir}:${varDir}:/tmp" |
49 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | 54 | php_admin_value[session.save_path] = "${varDir}/phpSessions" |
50 | ${if environment == "dev" then '' | 55 | ${if environment == "dev" then '' |
51 | pm = ondemand | 56 | pm = ondemand |
@@ -151,7 +156,14 @@ let | |||
151 | noDev = (environment == "prod"); | 156 | noDev = (environment == "prod"); |
152 | preInstall = '' | 157 | preInstall = '' |
153 | export SYMFONY_ENV="${environment}" | 158 | export SYMFONY_ENV="${environment}" |
154 | ln -sf ${configRoot} app/config/parameters.yml | 159 | cp app/config/parameters.yml.dist app/config/parameters.yml |
160 | cat >> app/config/parameters.yml <<EOF | ||
161 | leapt_im: | ||
162 | binary_path: ${imagemagick}/bin | ||
163 | assetic: | ||
164 | sass: ${sass}/bin/sass | ||
165 | ruby: ${ruby}/bin/ruby | ||
166 | EOF | ||
155 | sed -i -e "/Incenteev..ParameterHandler..ScriptHandler::buildParameters/d" composer.json | 167 | sed -i -e "/Incenteev..ParameterHandler..ScriptHandler::buildParameters/d" composer.json |
156 | ''; | 168 | ''; |
157 | # /!\ miniatures and data need to be in the same physical dir due to a | 169 | # /!\ miniatures and data need to be in the same physical dir due to a |
@@ -159,6 +171,7 @@ let | |||
159 | postInstall = '' | 171 | postInstall = '' |
160 | rm -rf var/{logs,cache,data,miniatures,tmp} | 172 | rm -rf var/{logs,cache,data,miniatures,tmp} |
161 | ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/ | 173 | ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/ |
174 | ln -sf /run/keys/webapps/${environment}-ludivinecassal app/config/parameters.yml | ||
162 | ''; | 175 | ''; |
163 | buildInputs = [ sass ]; | 176 | buildInputs = [ sass ]; |
164 | }); | 177 | }); |