diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-16 01:08:15 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-16 01:08:15 +0200 |
commit | 60dbbd12253f2f7b6994fea1c56fdf3818d0a025 (patch) | |
tree | e58fd97aa9734ea7c7e830aa343f807a5a95cb1b /nixops/modules/websites/tools/dav | |
parent | 6e23a06b9d5e0bdb21c737285e36dbe76b2d3ac1 (diff) | |
download | Nix-60dbbd12253f2f7b6994fea1c56fdf3818d0a025.tar.gz Nix-60dbbd12253f2f7b6994fea1c56fdf3818d0a025.tar.zst Nix-60dbbd12253f2f7b6994fea1c56fdf3818d0a025.zip |
Move davical and Jerome's website passwords to secure location
Related issue: https://git.immae.eu/mantisbt/view.php?id=122
Diffstat (limited to 'nixops/modules/websites/tools/dav')
-rw-r--r-- | nixops/modules/websites/tools/dav/davical.nix | 13 | ||||
-rw-r--r-- | nixops/modules/websites/tools/dav/default.nix | 1 |
2 files changed, 11 insertions, 3 deletions
diff --git a/nixops/modules/websites/tools/dav/davical.nix b/nixops/modules/websites/tools/dav/davical.nix index f6cb5bb..4e464eb 100644 --- a/nixops/modules/websites/tools/dav/davical.nix +++ b/nixops/modules/websites/tools/dav/davical.nix | |||
@@ -16,7 +16,12 @@ let | |||
16 | ''; | 16 | ''; |
17 | }; | 17 | }; |
18 | davical = rec { | 18 | davical = rec { |
19 | config = writeText "davical_config.php" '' | 19 | keys."dav-davical" = { |
20 | destDir = "/run/keys/webapps"; | ||
21 | user = apache.user; | ||
22 | group = apache.group; | ||
23 | permissions = "0700"; | ||
24 | text = '' | ||
20 | <?php | 25 | <?php |
21 | $c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}"; | 26 | $c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}"; |
22 | 27 | ||
@@ -69,6 +74,7 @@ let | |||
69 | $c->do_not_sync_from_ldap = array('admin' => true); | 74 | $c->do_not_sync_from_ldap = array('admin' => true); |
70 | include('drivers_ldap.php'); | 75 | include('drivers_ldap.php'); |
71 | ''; | 76 | ''; |
77 | }; | ||
72 | webapp = stdenv.mkDerivation rec { | 78 | webapp = stdenv.mkDerivation rec { |
73 | version = "1.1.7"; | 79 | version = "1.1.7"; |
74 | name = "davical-${version}"; | 80 | name = "davical-${version}"; |
@@ -84,7 +90,7 @@ let | |||
84 | installPhase = '' | 90 | installPhase = '' |
85 | mkdir -p $out | 91 | mkdir -p $out |
86 | cp -ra config dba docs htdocs inc locale po scripts testing zonedb $out | 92 | cp -ra config dba docs htdocs inc locale po scripts testing zonedb $out |
87 | ln -s ${config} $out/config/config.php | 93 | ln -s /run/keys/webapps/dav-davical $out/config/config.php |
88 | ''; | 94 | ''; |
89 | buildInputs = [ gettext ]; | 95 | buildInputs = [ gettext ]; |
90 | }; | 96 | }; |
@@ -131,7 +137,8 @@ let | |||
131 | ''; | 137 | ''; |
132 | }; | 138 | }; |
133 | phpFpm = rec { | 139 | phpFpm = rec { |
134 | basedir = builtins.concatStringsSep ":" [ webapp config awl ]; | 140 | serviceDeps = [ "postgresql.service" "openldap.service" "dav-davical-key.service" ]; |
141 | basedir = builtins.concatStringsSep ":" [ webapp "/run/keys/webapps/dav-davical" awl ]; | ||
135 | socket = "/var/run/phpfpm/davical.sock"; | 142 | socket = "/var/run/phpfpm/davical.sock"; |
136 | pool = '' | 143 | pool = '' |
137 | listen = ${socket} | 144 | listen = ${socket} |
diff --git a/nixops/modules/websites/tools/dav/default.nix b/nixops/modules/websites/tools/dav/default.nix index 5b5d21e..56b3006 100644 --- a/nixops/modules/websites/tools/dav/default.nix +++ b/nixops/modules/websites/tools/dav/default.nix | |||
@@ -14,6 +14,7 @@ in { | |||
14 | config = lib.mkIf cfg.enable { | 14 | config = lib.mkIf cfg.enable { |
15 | security.acme.certs."eldiron".extraDomains."dav.immae.eu" = null; | 15 | security.acme.certs."eldiron".extraDomains."dav.immae.eu" = null; |
16 | 16 | ||
17 | deployment.keys = davical.keys; | ||
17 | services.myWebsites.tools.modules = davical.apache.modules; | 18 | services.myWebsites.tools.modules = davical.apache.modules; |
18 | 19 | ||
19 | services.myWebsites.tools.vhostConfs.dav = { | 20 | services.myWebsites.tools.vhostConfs.dav = { |