aboutsummaryrefslogtreecommitdiff
path: root/nixops/modules/websites/tools/dav
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2019-04-16 01:08:15 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2019-04-16 01:08:15 +0200
commit60dbbd12253f2f7b6994fea1c56fdf3818d0a025 (patch)
treee58fd97aa9734ea7c7e830aa343f807a5a95cb1b /nixops/modules/websites/tools/dav
parent6e23a06b9d5e0bdb21c737285e36dbe76b2d3ac1 (diff)
downloadNix-60dbbd12253f2f7b6994fea1c56fdf3818d0a025.tar.gz
Nix-60dbbd12253f2f7b6994fea1c56fdf3818d0a025.tar.zst
Nix-60dbbd12253f2f7b6994fea1c56fdf3818d0a025.zip
Move davical and Jerome's website passwords to secure location
Related issue: https://git.immae.eu/mantisbt/view.php?id=122
Diffstat (limited to 'nixops/modules/websites/tools/dav')
-rw-r--r--nixops/modules/websites/tools/dav/davical.nix13
-rw-r--r--nixops/modules/websites/tools/dav/default.nix1
2 files changed, 11 insertions, 3 deletions
diff --git a/nixops/modules/websites/tools/dav/davical.nix b/nixops/modules/websites/tools/dav/davical.nix
index f6cb5bb..4e464eb 100644
--- a/nixops/modules/websites/tools/dav/davical.nix
+++ b/nixops/modules/websites/tools/dav/davical.nix
@@ -16,7 +16,12 @@ let
16 ''; 16 '';
17 }; 17 };
18 davical = rec { 18 davical = rec {
19 config = writeText "davical_config.php" '' 19 keys."dav-davical" = {
20 destDir = "/run/keys/webapps";
21 user = apache.user;
22 group = apache.group;
23 permissions = "0700";
24 text = ''
20 <?php 25 <?php
21 $c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}"; 26 $c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}";
22 27
@@ -69,6 +74,7 @@ let
69 $c->do_not_sync_from_ldap = array('admin' => true); 74 $c->do_not_sync_from_ldap = array('admin' => true);
70 include('drivers_ldap.php'); 75 include('drivers_ldap.php');
71 ''; 76 '';
77 };
72 webapp = stdenv.mkDerivation rec { 78 webapp = stdenv.mkDerivation rec {
73 version = "1.1.7"; 79 version = "1.1.7";
74 name = "davical-${version}"; 80 name = "davical-${version}";
@@ -84,7 +90,7 @@ let
84 installPhase = '' 90 installPhase = ''
85 mkdir -p $out 91 mkdir -p $out
86 cp -ra config dba docs htdocs inc locale po scripts testing zonedb $out 92 cp -ra config dba docs htdocs inc locale po scripts testing zonedb $out
87 ln -s ${config} $out/config/config.php 93 ln -s /run/keys/webapps/dav-davical $out/config/config.php
88 ''; 94 '';
89 buildInputs = [ gettext ]; 95 buildInputs = [ gettext ];
90 }; 96 };
@@ -131,7 +137,8 @@ let
131 ''; 137 '';
132 }; 138 };
133 phpFpm = rec { 139 phpFpm = rec {
134 basedir = builtins.concatStringsSep ":" [ webapp config awl ]; 140 serviceDeps = [ "postgresql.service" "openldap.service" "dav-davical-key.service" ];
141 basedir = builtins.concatStringsSep ":" [ webapp "/run/keys/webapps/dav-davical" awl ];
135 socket = "/var/run/phpfpm/davical.sock"; 142 socket = "/var/run/phpfpm/davical.sock";
136 pool = '' 143 pool = ''
137 listen = ${socket} 144 listen = ${socket}
diff --git a/nixops/modules/websites/tools/dav/default.nix b/nixops/modules/websites/tools/dav/default.nix
index 5b5d21e..56b3006 100644
--- a/nixops/modules/websites/tools/dav/default.nix
+++ b/nixops/modules/websites/tools/dav/default.nix
@@ -14,6 +14,7 @@ in {
14 config = lib.mkIf cfg.enable { 14 config = lib.mkIf cfg.enable {
15 security.acme.certs."eldiron".extraDomains."dav.immae.eu" = null; 15 security.acme.certs."eldiron".extraDomains."dav.immae.eu" = null;
16 16
17 deployment.keys = davical.keys;
17 services.myWebsites.tools.modules = davical.apache.modules; 18 services.myWebsites.tools.modules = davical.apache.modules;
18 19
19 services.myWebsites.tools.vhostConfs.dav = { 20 services.myWebsites.tools.vhostConfs.dav = {