Move websites to new secrets

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-04-25 01:37:42 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-04-25 01:37:42 +0200
commit: 1b3154e40a568a296c74759d68827366b5f26da9 (patch)
tree: 77fb426f72c73c806c95ced7eeb2cc62ece48287 /nixops/modules/websites/piedsjaloux
parent: ca330baa14da56456ec538b232a91e1c443241bb (diff)
download: Nix-1b3154e40a568a296c74759d68827366b5f26da9.tar.gz
Nix-1b3154e40a568a296c74759d68827366b5f26da9.tar.zst
Nix-1b3154e40a568a296c74759d68827366b5f26da9.zip
2 files changed, 9 insertions, 9 deletions
diff --git a/nixops/modules/websites/piedsjaloux/default.nix b/nixops/modules/websites/piedsjaloux/default.nix
index 57849a3..b2bd2fd 100644
--- a/nixops/modules/websites/piedsjaloux/default.nix
+++ b/nixops/modules/websites/piedsjaloux/default.nix
@@ -25,7 +25,7 @@ in {
  config = lib.mkMerge [
    (lib.mkIf cfg.production.enable {
-      deployment.keys = piedsjaloux_prod.keys;
+      mySecrets.keys = piedsjaloux_prod.keys;
      services.myWebsites.commons.stats.enable = true;
      services.myWebsites.commons.stats.sites = [
        {
@@ -58,7 +58,7 @@ in {
      };
    })
    (lib.mkIf cfg.integration.enable {
-      deployment.keys = piedsjaloux_dev.keys;
+      mySecrets.keys = piedsjaloux_dev.keys;
      security.acme.certs."eldiron".extraDomains."piedsjaloux.immae.eu" = null;
      services.myPhpfpm.preStart.piedsjaloux_dev = piedsjaloux_dev.phpFpm.preStart;
      services.myPhpfpm.serviceDependencies.piedsjaloux_dev = piedsjaloux_dev.phpFpm.serviceDeps;
diff --git a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix
index 87699db..5461e5d 100644
--- a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix
+++ b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix
@@ -3,8 +3,8 @@ let
  piedsjaloux = { config }: rec {
    environment = config.environment;
    varDir = "/var/lib/piedsjaloux_${environment}";
-    keys."${environment}-piedsjaloux" = {
+    keys = [{
-      destDir = "/run/keys/webapps";
+      dest = "webapps/${environment}-piedsjaloux";
      user = apache.user;
      group = apache.group;
      permissions = "0400";
@@ -26,7 +26,7 @@ let
        leapt_im:
            binary_path: ${imagemagick}/bin
      '';
-    };
+    }];
    phpFpm = rec {
      preStart = ''
        if [ ! -f "${varDir}/currentWebappDir" -o \
@@ -37,10 +37,10 @@ let
          /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
          popd > /dev/null
          echo -n "${webappDir}" > ${varDir}/currentWebappDir
-          sha512sum /run/keys/webapps/${environment}-piedsjaloux > ${varDir}/currentKey
+          sha512sum /var/secrets/webapps/${environment}-piedsjaloux > ${varDir}/currentKey
        fi
        '';
-      serviceDeps = [ "mysql.service" "${environment}-piedsjaloux-key.service" ];
+      serviceDeps = [ "mysql.service" ];
      socket = "/var/run/phpfpm/piedsjaloux-${environment}.sock";
      pool = ''
        listen = ${socket}
@@ -51,7 +51,7 @@ let
        php_admin_value[upload_max_filesize] = 20M
        php_admin_value[post_max_size] = 20M
        ;php_admin_flag[log_errors] = on
-        php_admin_value[open_basedir] = "/run/keys/webapps/${environment}-piedsjaloux:${webappDir}:${varDir}:/tmp"
+        php_admin_value[open_basedir] = "/var/secrets/webapps/${environment}-piedsjaloux:${webappDir}:${varDir}:/tmp"
        php_admin_value[session.save_path] = "${varDir}/phpSessions"
        env[PATH] = ${lib.makeBinPath [ pkgs.apg pkgs.unzip ]}
        ${if environment == "dev" then ''
@@ -157,7 +157,7 @@ let
        postInstall = ''
          cd $out
          rm app/config/parameters.yml
-          ln -sf /run/keys/webapps/${environment}-piedsjaloux app/config/parameters.yml
+          ln -sf /var/secrets/webapps/${environment}-piedsjaloux app/config/parameters.yml
          rm -rf var/{logs,cache,data,miniatures,tmp}
          ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/
          '';
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-04-25 01:37:42 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-04-25 01:37:42 +0200
commit	1b3154e40a568a296c74759d68827366b5f26da9 (patch)
tree	77fb426f72c73c806c95ced7eeb2cc62ece48287 /nixops/modules/websites/piedsjaloux
parent	ca330baa14da56456ec538b232a91e1c443241bb (diff)
download	Nix-1b3154e40a568a296c74759d68827366b5f26da9.tar.gz Nix-1b3154e40a568a296c74759d68827366b5f26da9.tar.zst Nix-1b3154e40a568a296c74759d68827366b5f26da9.zip

diff --git a/nixops/modules/websites/piedsjaloux/default.nix b/nixops/modules/websites/piedsjaloux/default.nix index 57849a3..b2bd2fd 100644 --- a/nixops/modules/websites/piedsjaloux/default.nix +++ b/nixops/modules/websites/piedsjaloux/default.nix
@@ -25,7 +25,7 @@ in {
25		25
26	config = lib.mkMerge [	26	config = lib.mkMerge [
27	(lib.mkIf cfg.production.enable {	27	(lib.mkIf cfg.production.enable {
28	deployment.keys = piedsjaloux_prod.keys;	28	mySecrets.keys = piedsjaloux_prod.keys;
29	services.myWebsites.commons.stats.enable = true;	29	services.myWebsites.commons.stats.enable = true;
30	services.myWebsites.commons.stats.sites = [	30	services.myWebsites.commons.stats.sites = [
31	{	31	{
@@ -58,7 +58,7 @@ in {
58	};	58	};
59	})	59	})
60	(lib.mkIf cfg.integration.enable {	60	(lib.mkIf cfg.integration.enable {
61	deployment.keys = piedsjaloux_dev.keys;	61	mySecrets.keys = piedsjaloux_dev.keys;
62	security.acme.certs."eldiron".extraDomains."piedsjaloux.immae.eu" = null;	62	security.acme.certs."eldiron".extraDomains."piedsjaloux.immae.eu" = null;
63	services.myPhpfpm.preStart.piedsjaloux_dev = piedsjaloux_dev.phpFpm.preStart;	63	services.myPhpfpm.preStart.piedsjaloux_dev = piedsjaloux_dev.phpFpm.preStart;
64	services.myPhpfpm.serviceDependencies.piedsjaloux_dev = piedsjaloux_dev.phpFpm.serviceDeps;	64	services.myPhpfpm.serviceDependencies.piedsjaloux_dev = piedsjaloux_dev.phpFpm.serviceDeps;


diff --git a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix index 87699db..5461e5d 100644 --- a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix +++ b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix
@@ -3,8 +3,8 @@ let
3	piedsjaloux = { config }: rec {	3	piedsjaloux = { config }: rec {
4	environment = config.environment;	4	environment = config.environment;
5	varDir = "/var/lib/piedsjaloux_${environment}";	5	varDir = "/var/lib/piedsjaloux_${environment}";
6	keys."${environment}-piedsjaloux" = {	6	keys = [{
7	destDir = "/run/keys/webapps";	7	dest = "webapps/${environment}-piedsjaloux";
8	user = apache.user;	8	user = apache.user;
9	group = apache.group;	9	group = apache.group;
10	permissions = "0400";	10	permissions = "0400";
@@ -26,7 +26,7 @@ let
26	leapt_im:	26	leapt_im:
27	binary_path: ${imagemagick}/bin	27	binary_path: ${imagemagick}/bin
28	'';	28	'';
29	};	29	}];
30	phpFpm = rec {	30	phpFpm = rec {
31	preStart = ''	31	preStart = ''
32	if [ ! -f "${varDir}/currentWebappDir" -o \	32	if [ ! -f "${varDir}/currentWebappDir" -o \
@@ -37,10 +37,10 @@ let
37	/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup	37	/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
38	popd > /dev/null	38	popd > /dev/null
39	echo -n "${webappDir}" > ${varDir}/currentWebappDir	39	echo -n "${webappDir}" > ${varDir}/currentWebappDir
40	sha512sum /run/keys/webapps/${environment}-piedsjaloux > ${varDir}/currentKey	40	sha512sum /var/secrets/webapps/${environment}-piedsjaloux > ${varDir}/currentKey
41	fi	41	fi
42	'';	42	'';
43	serviceDeps = [ "mysql.service" "${environment}-piedsjaloux-key.service" ];	43	serviceDeps = [ "mysql.service" ];
44	socket = "/var/run/phpfpm/piedsjaloux-${environment}.sock";	44	socket = "/var/run/phpfpm/piedsjaloux-${environment}.sock";
45	pool = ''	45	pool = ''
46	listen = ${socket}	46	listen = ${socket}
@@ -51,7 +51,7 @@ let
51	php_admin_value[upload_max_filesize] = 20M	51	php_admin_value[upload_max_filesize] = 20M
52	php_admin_value[post_max_size] = 20M	52	php_admin_value[post_max_size] = 20M
53	;php_admin_flag[log_errors] = on	53	;php_admin_flag[log_errors] = on
54	php_admin_value[open_basedir] = "/run/keys/webapps/${environment}-piedsjaloux:${webappDir}:${varDir}:/tmp"	54	php_admin_value[open_basedir] = "/var/secrets/webapps/${environment}-piedsjaloux:${webappDir}:${varDir}:/tmp"
55	php_admin_value[session.save_path] = "${varDir}/phpSessions"	55	php_admin_value[session.save_path] = "${varDir}/phpSessions"
56	env[PATH] = ${lib.makeBinPath [ pkgs.apg pkgs.unzip ]}	56	env[PATH] = ${lib.makeBinPath [ pkgs.apg pkgs.unzip ]}
57	${if environment == "dev" then ''	57	${if environment == "dev" then ''
@@ -157,7 +157,7 @@ let
157	postInstall = ''	157	postInstall = ''
158	cd $out	158	cd $out
159	rm app/config/parameters.yml	159	rm app/config/parameters.yml
160	ln -sf /run/keys/webapps/${environment}-piedsjaloux app/config/parameters.yml	160	ln -sf /var/secrets/webapps/${environment}-piedsjaloux app/config/parameters.yml
161	rm -rf var/{logs,cache,data,miniatures,tmp}	161	rm -rf var/{logs,cache,data,miniatures,tmp}
162	ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/	162	ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/
163	'';	163	'';