diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-16 00:35:59 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-16 00:35:59 +0200 |
commit | 6e23a06b9d5e0bdb21c737285e36dbe76b2d3ac1 (patch) | |
tree | d253f7271d6e28bb119e4399059b55d42eccf0cc /nixops/modules/websites/piedsjaloux/piedsjaloux.nix | |
parent | a754e9dbf5d6c35398f3c4ec52c3daf5f8ed2dd3 (diff) | |
download | Nix-6e23a06b9d5e0bdb21c737285e36dbe76b2d3ac1.tar.gz Nix-6e23a06b9d5e0bdb21c737285e36dbe76b2d3ac1.tar.zst Nix-6e23a06b9d5e0bdb21c737285e36dbe76b2d3ac1.zip |
Move Ludivine Piedsjaloux and Florian's websites passwords to a secure location
Related issue: https://git.immae.eu/mantisbt/view.php?id=122
Diffstat (limited to 'nixops/modules/websites/piedsjaloux/piedsjaloux.nix')
-rw-r--r-- | nixops/modules/websites/piedsjaloux/piedsjaloux.nix | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix index bb17262..688b9fd 100644 --- a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix +++ b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix | |||
@@ -3,8 +3,12 @@ let | |||
3 | piedsjaloux = { config }: rec { | 3 | piedsjaloux = { config }: rec { |
4 | environment = config.environment; | 4 | environment = config.environment; |
5 | varDir = "/var/lib/piedsjaloux_${environment}"; | 5 | varDir = "/var/lib/piedsjaloux_${environment}"; |
6 | configRoot = | 6 | keys."${environment}-piedsjaloux" = { |
7 | writeText "parameters.yml" '' | 7 | destDir = "/run/keys/webapps"; |
8 | user = apache.user; | ||
9 | group = apache.group; | ||
10 | permissions = "0700"; | ||
11 | text = '' | ||
8 | # This file is auto-generated during the composer install | 12 | # This file is auto-generated during the composer install |
9 | parameters: | 13 | parameters: |
10 | database_host: ${config.mysql.host} | 14 | database_host: ${config.mysql.host} |
@@ -22,6 +26,7 @@ let | |||
22 | leapt_im: | 26 | leapt_im: |
23 | binary_path: ${imagemagick}/bin | 27 | binary_path: ${imagemagick}/bin |
24 | ''; | 28 | ''; |
29 | }; | ||
25 | phpFpm = rec { | 30 | phpFpm = rec { |
26 | socket = "/var/run/phpfpm/piedsjaloux-${environment}.sock"; | 31 | socket = "/var/run/phpfpm/piedsjaloux-${environment}.sock"; |
27 | pool = '' | 32 | pool = '' |
@@ -33,7 +38,7 @@ let | |||
33 | php_admin_value[upload_max_filesize] = 20M | 38 | php_admin_value[upload_max_filesize] = 20M |
34 | php_admin_value[post_max_size] = 20M | 39 | php_admin_value[post_max_size] = 20M |
35 | ;php_admin_flag[log_errors] = on | 40 | ;php_admin_flag[log_errors] = on |
36 | php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp" | 41 | php_admin_value[open_basedir] = "/run/keys/webapps/${environment}-piedsjaloux:${webappDir}:${varDir}:/tmp" |
37 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | 42 | php_admin_value[session.save_path] = "${varDir}/phpSessions" |
38 | env[PATH] = ${lib.makeBinPath [ pkgs.apg pkgs.unzip ]} | 43 | env[PATH] = ${lib.makeBinPath [ pkgs.apg pkgs.unzip ]} |
39 | ${if environment == "dev" then '' | 44 | ${if environment == "dev" then '' |
@@ -146,7 +151,7 @@ let | |||
146 | postInstall = '' | 151 | postInstall = '' |
147 | cd $out | 152 | cd $out |
148 | rm app/config/parameters.yml | 153 | rm app/config/parameters.yml |
149 | ln -sf ${configRoot} app/config/parameters.yml | 154 | ln -sf /run/keys/webapps/${environment}-piedsjaloux app/config/parameters.yml |
150 | rm -rf var/{logs,cache,data,miniatures,tmp} | 155 | rm -rf var/{logs,cache,data,miniatures,tmp} |
151 | ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/ | 156 | ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/ |
152 | ''; | 157 | ''; |