diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-25 01:37:42 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-25 01:37:42 +0200 |
commit | 1b3154e40a568a296c74759d68827366b5f26da9 (patch) | |
tree | 77fb426f72c73c806c95ced7eeb2cc62ece48287 /nixops/modules/websites/tellesflorian/tellesflorian.nix | |
parent | ca330baa14da56456ec538b232a91e1c443241bb (diff) | |
download | Nix-1b3154e40a568a296c74759d68827366b5f26da9.tar.gz Nix-1b3154e40a568a296c74759d68827366b5f26da9.tar.zst Nix-1b3154e40a568a296c74759d68827366b5f26da9.zip |
Move websites to new secrets
Diffstat (limited to 'nixops/modules/websites/tellesflorian/tellesflorian.nix')
-rw-r--r-- | nixops/modules/websites/tellesflorian/tellesflorian.nix | 54 |
1 files changed, 26 insertions, 28 deletions
diff --git a/nixops/modules/websites/tellesflorian/tellesflorian.nix b/nixops/modules/websites/tellesflorian/tellesflorian.nix index ba46c0c..afd723c 100644 --- a/nixops/modules/websites/tellesflorian/tellesflorian.nix +++ b/nixops/modules/websites/tellesflorian/tellesflorian.nix | |||
@@ -3,14 +3,24 @@ let | |||
3 | tellesflorian = { config }: rec { | 3 | tellesflorian = { config }: rec { |
4 | environment = config.environment; | 4 | environment = config.environment; |
5 | varDir = "/var/lib/tellesflorian_${environment}"; | 5 | varDir = "/var/lib/tellesflorian_${environment}"; |
6 | keys."${environment}-tellesflorian" = { | 6 | keys = [ |
7 | destDir = "/run/keys/webapps"; | 7 | { |
8 | user = apache.user; | 8 | dest = "webapps/${environment}-tellesflorian-passwords"; |
9 | group = apache.group; | 9 | user = apache.user; |
10 | permissions = "0400"; | 10 | group = apache.group; |
11 | text = '' | 11 | permissions = "0400"; |
12 | # This file is auto-generated during the composer install | 12 | text = '' |
13 | parameters: | 13 | invite:${config.invite_passwords} |
14 | ''; | ||
15 | } | ||
16 | { | ||
17 | dest = "webapps/${environment}-tellesflorian"; | ||
18 | user = apache.user; | ||
19 | group = apache.group; | ||
20 | permissions = "0400"; | ||
21 | text = '' | ||
22 | # This file is auto-generated during the composer install | ||
23 | parameters: | ||
14 | database_host: ${config.mysql.host} | 24 | database_host: ${config.mysql.host} |
15 | database_port: ${config.mysql.port} | 25 | database_port: ${config.mysql.port} |
16 | database_name: ${config.mysql.name} | 26 | database_name: ${config.mysql.name} |
@@ -21,8 +31,9 @@ let | |||
21 | mailer_user: null | 31 | mailer_user: null |
22 | mailer_password: null | 32 | mailer_password: null |
23 | secret: ${config.secret} | 33 | secret: ${config.secret} |
24 | ''; | 34 | ''; |
25 | }; | 35 | } |
36 | ]; | ||
26 | phpFpm = rec { | 37 | phpFpm = rec { |
27 | preStart = '' | 38 | preStart = '' |
28 | if [ ! -f "${varDir}/currentWebappDir" -o \ | 39 | if [ ! -f "${varDir}/currentWebappDir" -o \ |
@@ -33,14 +44,10 @@ let | |||
33 | /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup | 44 | /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup |
34 | popd > /dev/null | 45 | popd > /dev/null |
35 | echo -n "${webappDir}" > ${varDir}/currentWebappDir | 46 | echo -n "${webappDir}" > ${varDir}/currentWebappDir |
36 | sha512sum /run/keys/webapps/${environment}-tellesflorian > ${varDir}/currentKey | 47 | sha512sum /var/secrets/webapps/${environment}-tellesflorian > ${varDir}/currentKey |
37 | fi | 48 | fi |
38 | ''; | 49 | ''; |
39 | serviceDeps = [ | 50 | serviceDeps = [ "mysql.service" ]; |
40 | "mysql.service" | ||
41 | "${environment}-tellesflorian-passwords-key.service" | ||
42 | "${environment}-tellesflorian-key.service" | ||
43 | ]; | ||
44 | socket = "/var/run/phpfpm/floriantelles-${environment}.sock"; | 51 | socket = "/var/run/phpfpm/floriantelles-${environment}.sock"; |
45 | pool = '' | 52 | pool = '' |
46 | listen = ${socket} | 53 | listen = ${socket} |
@@ -51,7 +58,7 @@ let | |||
51 | php_admin_value[upload_max_filesize] = 20M | 58 | php_admin_value[upload_max_filesize] = 20M |
52 | php_admin_value[post_max_size] = 20M | 59 | php_admin_value[post_max_size] = 20M |
53 | ;php_admin_flag[log_errors] = on | 60 | ;php_admin_flag[log_errors] = on |
54 | php_admin_value[open_basedir] = "/run/keys/webapps/${environment}-tellesflorian:${webappDir}:${varDir}:/tmp" | 61 | php_admin_value[open_basedir] = "/var/secrets/webapps/${environment}-tellesflorian:${webappDir}:${varDir}:/tmp" |
55 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | 62 | php_admin_value[session.save_path] = "${varDir}/phpSessions" |
56 | ${if environment == "dev" then '' | 63 | ${if environment == "dev" then '' |
57 | pm = ondemand | 64 | pm = ondemand |
@@ -66,15 +73,6 @@ let | |||
66 | pm.max_spare_servers = 3 | 73 | pm.max_spare_servers = 3 |
67 | ''}''; | 74 | ''}''; |
68 | }; | 75 | }; |
69 | keys."${environment}-tellesflorian-passwords" = { | ||
70 | destDir = "/run/keys/webapps"; | ||
71 | user = apache.user; | ||
72 | group = apache.group; | ||
73 | permissions = "0400"; | ||
74 | text = '' | ||
75 | invite:${config.invite_passwords} | ||
76 | ''; | ||
77 | }; | ||
78 | apache = rec { | 76 | apache = rec { |
79 | user = "wwwrun"; | 77 | user = "wwwrun"; |
80 | group = "wwwrun"; | 78 | group = "wwwrun"; |
@@ -92,7 +90,7 @@ let | |||
92 | Use LDAPConnect | 90 | Use LDAPConnect |
93 | Require ldap-group cn=app.tellesflorian.com,cn=httpd,ou=services,dc=immae,dc=eu | 91 | Require ldap-group cn=app.tellesflorian.com,cn=httpd,ou=services,dc=immae,dc=eu |
94 | 92 | ||
95 | AuthUserFile "/run/keys/webapps/${environment}-tellesflorian-passwords" | 93 | AuthUserFile "/var/secrets/webapps/${environment}-tellesflorian-passwords" |
96 | Require user "invite" | 94 | Require user "invite" |
97 | 95 | ||
98 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>" | 96 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>" |
@@ -166,7 +164,7 @@ let | |||
166 | postInstall = '' | 164 | postInstall = '' |
167 | cd $out | 165 | cd $out |
168 | rm app/config/parameters.yml | 166 | rm app/config/parameters.yml |
169 | ln -sf /run/keys/webapps/${environment}-tellesflorian app/config/parameters.yml | 167 | ln -sf /var/secrets/webapps/${environment}-tellesflorian app/config/parameters.yml |
170 | rm -rf var/{logs,cache} | 168 | rm -rf var/{logs,cache} |
171 | ln -sf ${varDir}/var/{logs,cache,sessions} var/ | 169 | ln -sf ${varDir}/var/{logs,cache,sessions} var/ |
172 | ''; | 170 | ''; |