Move etherpad mastodon mediagoblin task and peertube to new secrets

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-04-25 09:05:46 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-04-25 09:05:46 +0200
commit: 32c84ff89c2b8931f58cea63961a178a9b1d0efe (patch)
tree: 7a90c28e1db3d8c704b2371737f2f2fae471db67 /nixops/modules/websites/tools/ether
parent: 742697c95318d3625298437995e948ee00a00ba5 (diff)
download: Nix-32c84ff89c2b8931f58cea63961a178a9b1d0efe.tar.gz
Nix-32c84ff89c2b8931f58cea63961a178a9b1d0efe.tar.zst
Nix-32c84ff89c2b8931f58cea63961a178a9b1d0efe.zip
2 files changed, 18 insertions, 18 deletions
diff --git a/nixops/modules/websites/tools/ether/default.nix b/nixops/modules/websites/tools/ether/default.nix
index 7fdcb57..0d04c36 100644
--- a/nixops/modules/websites/tools/ether/default.nix
+++ b/nixops/modules/websites/tools/ether/default.nix
@@ -12,12 +12,12 @@ in {
  };
  config = lib.mkIf cfg.enable {
-    deployment.keys = etherpad.keys;
+    mySecrets.keys = etherpad.keys;
    systemd.services.etherpad-lite = {
      description = "Etherpad-lite";
      wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" "postgresql.service" "tools-etherpad-key.service" "tools-etherpad-apikey-key.service" "tools-etherpad-sessionkey-key.service" ];
+      after = [ "network.target" "postgresql.service" ];
-      wants = [ "postgresql.service" "tools-etherpad-key.service" "tools-etherpad-apikey-key.service" "tools-etherpad-sessionkey-key.service" ];
+      wants = [ "postgresql.service" ];
      environment.NODE_ENV = "production";
      environment.HOME = etherpad.webappDir;
@@ -26,7 +26,7 @@ in {
      script = ''
        exec ${pkgs.nodejs}/bin/node ${etherpad.webappDir}/src/node/server.js \
-          --settings /run/keys/webapps/tools-etherpad
+          --settings /var/secrets/webapps/tools-etherpad
      '';
      serviceConfig = {
@@ -44,7 +44,7 @@ in {
        Restart = "always";
        Type = "simple";
        TimeoutSec = 60;
-        ExecStartPre = "+${pkgs.coreutils}/bin/chown etherpad-lite:etherpad-lite /run/keys/webapps/tools-etherpad /run/keys/webapps/tools-etherpad-sessionkey /run/keys/webapps/tools-etherpad-apikey";
+        ExecStartPre = "+${pkgs.coreutils}/bin/chown etherpad-lite:etherpad-lite /var/secrets/webapps/tools-etherpad /var/secrets/webapps/tools-etherpad-sessionkey /var/secrets/webapps/tools-etherpad-apikey";
      };
    };
diff --git a/nixops/modules/websites/tools/ether/etherpad_lite.nix b/nixops/modules/websites/tools/ether/etherpad_lite.nix
index 689156e..14ad565 100644
--- a/nixops/modules/websites/tools/ether/etherpad_lite.nix
+++ b/nixops/modules/websites/tools/ether/etherpad_lite.nix
@@ -30,19 +30,19 @@ let
    "ep_subscript_and_superscript"
    "ep_timesliderdiff"
    ];
-  keys = {
+  keys = [
-    tools-etherpad-apikey = {
+    {
-      destDir = "/run/keys/webapps";
+      dest = "webapps/tools-etherpad-apikey";
      permissions = "0400";
      text = env.api_key;
-    };
+    }
-    tools-etherpad-sessionkey = {
+    {
-      destDir = "/run/keys/webapps";
+      dest = "webapps/tools-etherpad-sessionkey";
      permissions = "0400";
      text = env.session_key;
-    };
+    }
-    tools-etherpad = {
+    {
-      destDir = "/run/keys/webapps";
+      dest = "webapps/tools-etherpad";
      permissions = "0400";
      text =
        # Make sure we’re not rebuilding whole libreoffice just because of a
@@ -144,8 +144,8 @@ let
            "logconfig" : { "appenders": [ { "type": "console" } ] }
          }
        '';
-    };
+    }
-  };
+  ];
  webappDir = stdenv.mkDerivation (fetchedGithub ./etherpad-lite.json // rec {
    __noChroot = true;
    patches = [ ./libreoffice_patch.diff ];
@@ -182,8 +182,8 @@ let
      install -t $out/src/ -vDm 644 src/.ep_initialized
      cp -a node_modules $out/
      cp -a src/* $out/src/
-      ln -sf /run/keys/webapps/tools-etherpad-sessionkey $out/SESSIONKEY.txt
+      ln -sf /var/secrets/webapps/tools-etherpad-sessionkey $out/SESSIONKEY.txt
-      ln -sf /run/keys/webapps/tools-etherpad-apikey $out/APIKEY.txt
+      ln -sf /var/secrets/webapps/tools-etherpad-apikey $out/APIKEY.txt
      cp ${jquery} $out/src/static/js/jquery.js
      mkdir $out/doc
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-04-25 09:05:46 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-04-25 09:05:46 +0200
commit	32c84ff89c2b8931f58cea63961a178a9b1d0efe (patch)
tree	7a90c28e1db3d8c704b2371737f2f2fae471db67 /nixops/modules/websites/tools/ether
parent	742697c95318d3625298437995e948ee00a00ba5 (diff)
download	Nix-32c84ff89c2b8931f58cea63961a178a9b1d0efe.tar.gz Nix-32c84ff89c2b8931f58cea63961a178a9b1d0efe.tar.zst Nix-32c84ff89c2b8931f58cea63961a178a9b1d0efe.zip

diff --git a/nixops/modules/websites/tools/ether/default.nix b/nixops/modules/websites/tools/ether/default.nix index 7fdcb57..0d04c36 100644 --- a/nixops/modules/websites/tools/ether/default.nix +++ b/nixops/modules/websites/tools/ether/default.nix
@@ -12,12 +12,12 @@ in {
12	};	12	};
13		13
14	config = lib.mkIf cfg.enable {	14	config = lib.mkIf cfg.enable {
15	deployment.keys = etherpad.keys;	15	mySecrets.keys = etherpad.keys;
16	systemd.services.etherpad-lite = {	16	systemd.services.etherpad-lite = {
17	description = "Etherpad-lite";	17	description = "Etherpad-lite";
18	wantedBy = [ "multi-user.target" ];	18	wantedBy = [ "multi-user.target" ];
19	after = [ "network.target" "postgresql.service" "tools-etherpad-key.service" "tools-etherpad-apikey-key.service" "tools-etherpad-sessionkey-key.service" ];	19	after = [ "network.target" "postgresql.service" ];
20	wants = [ "postgresql.service" "tools-etherpad-key.service" "tools-etherpad-apikey-key.service" "tools-etherpad-sessionkey-key.service" ];	20	wants = [ "postgresql.service" ];
21		21
22	environment.NODE_ENV = "production";	22	environment.NODE_ENV = "production";
23	environment.HOME = etherpad.webappDir;	23	environment.HOME = etherpad.webappDir;
@@ -26,7 +26,7 @@ in {
26		26
27	script = ''	27	script = ''
28	exec ${pkgs.nodejs}/bin/node ${etherpad.webappDir}/src/node/server.js \	28	exec ${pkgs.nodejs}/bin/node ${etherpad.webappDir}/src/node/server.js \
29	--settings /run/keys/webapps/tools-etherpad	29	--settings /var/secrets/webapps/tools-etherpad
30	'';	30	'';
31		31
32	serviceConfig = {	32	serviceConfig = {
@@ -44,7 +44,7 @@ in {
44	Restart = "always";	44	Restart = "always";
45	Type = "simple";	45	Type = "simple";
46	TimeoutSec = 60;	46	TimeoutSec = 60;
47	ExecStartPre = "+${pkgs.coreutils}/bin/chown etherpad-lite:etherpad-lite /run/keys/webapps/tools-etherpad /run/keys/webapps/tools-etherpad-sessionkey /run/keys/webapps/tools-etherpad-apikey";	47	ExecStartPre = "+${pkgs.coreutils}/bin/chown etherpad-lite:etherpad-lite /var/secrets/webapps/tools-etherpad /var/secrets/webapps/tools-etherpad-sessionkey /var/secrets/webapps/tools-etherpad-apikey";
48	};	48	};
49	};	49	};
50		50


diff --git a/nixops/modules/websites/tools/ether/etherpad_lite.nix b/nixops/modules/websites/tools/ether/etherpad_lite.nix index 689156e..14ad565 100644 --- a/nixops/modules/websites/tools/ether/etherpad_lite.nix +++ b/nixops/modules/websites/tools/ether/etherpad_lite.nix
@@ -30,19 +30,19 @@ let
30	"ep_subscript_and_superscript"	30	"ep_subscript_and_superscript"
31	"ep_timesliderdiff"	31	"ep_timesliderdiff"
32	];	32	];
33	keys = {	33	keys = [
34	tools-etherpad-apikey = {	34	{
35	destDir = "/run/keys/webapps";	35	dest = "webapps/tools-etherpad-apikey";
36	permissions = "0400";	36	permissions = "0400";
37	text = env.api_key;	37	text = env.api_key;
38	};	38	}
39	tools-etherpad-sessionkey = {	39	{
40	destDir = "/run/keys/webapps";	40	dest = "webapps/tools-etherpad-sessionkey";
41	permissions = "0400";	41	permissions = "0400";
42	text = env.session_key;	42	text = env.session_key;
43	};	43	}
44	tools-etherpad = {	44	{
45	destDir = "/run/keys/webapps";	45	dest = "webapps/tools-etherpad";
46	permissions = "0400";	46	permissions = "0400";
47	text =	47	text =
48	# Make sure we’re not rebuilding whole libreoffice just because of a	48	# Make sure we’re not rebuilding whole libreoffice just because of a
@@ -144,8 +144,8 @@ let
144	"logconfig" : { "appenders": [ { "type": "console" } ] }	144	"logconfig" : { "appenders": [ { "type": "console" } ] }
145	}	145	}
146	'';	146	'';
147	};	147	}
148	};	148	];
149	webappDir = stdenv.mkDerivation (fetchedGithub ./etherpad-lite.json // rec {	149	webappDir = stdenv.mkDerivation (fetchedGithub ./etherpad-lite.json // rec {
150	__noChroot = true;	150	__noChroot = true;
151	patches = [ ./libreoffice_patch.diff ];	151	patches = [ ./libreoffice_patch.diff ];
@@ -182,8 +182,8 @@ let
182	install -t $out/src/ -vDm 644 src/.ep_initialized	182	install -t $out/src/ -vDm 644 src/.ep_initialized
183	cp -a node_modules $out/	183	cp -a node_modules $out/
184	cp -a src/* $out/src/	184	cp -a src/* $out/src/
185	ln -sf /run/keys/webapps/tools-etherpad-sessionkey $out/SESSIONKEY.txt	185	ln -sf /var/secrets/webapps/tools-etherpad-sessionkey $out/SESSIONKEY.txt
186	ln -sf /run/keys/webapps/tools-etherpad-apikey $out/APIKEY.txt	186	ln -sf /var/secrets/webapps/tools-etherpad-apikey $out/APIKEY.txt
187	cp ${jquery} $out/src/static/js/jquery.js	187	cp ${jquery} $out/src/static/js/jquery.js
188		188
189	mkdir $out/doc	189	mkdir $out/doc