diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-16 13:46:47 +0200 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-16 13:49:24 +0200 |
| commit | 51900e3488284b0711083819a5ecb1b0f280a913 (patch) | |
| tree | 2367f6ac79eb9198d4890cf51add27b37cd7b6b0 /nixops/modules/websites/tools/mediagoblin/default.nix | |
| parent | 3b45d5f2afc3a48809d0353a3133025525247331 (diff) | |
| download | Nix-51900e3488284b0711083819a5ecb1b0f280a913.tar.gz Nix-51900e3488284b0711083819a5ecb1b0f280a913.tar.zst Nix-51900e3488284b0711083819a5ecb1b0f280a913.zip | |
Move etherpad and mediagoblin keys to secure location
Related issue: https://git.immae.eu/mantisbt/view.php?id=122
Diffstat (limited to 'nixops/modules/websites/tools/mediagoblin/default.nix')
| -rw-r--r-- | nixops/modules/websites/tools/mediagoblin/default.nix | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/nixops/modules/websites/tools/mediagoblin/default.nix b/nixops/modules/websites/tools/mediagoblin/default.nix index 54c0478..9b058be 100644 --- a/nixops/modules/websites/tools/mediagoblin/default.nix +++ b/nixops/modules/websites/tools/mediagoblin/default.nix | |||
| @@ -12,6 +12,7 @@ in { | |||
| 12 | }; | 12 | }; |
| 13 | 13 | ||
| 14 | config = lib.mkIf cfg.enable { | 14 | config = lib.mkIf cfg.enable { |
| 15 | deployment.keys = mediagoblin.keys; | ||
| 15 | ids.uids.mediagoblin = myconfig.env.tools.mediagoblin.user.uid; | 16 | ids.uids.mediagoblin = myconfig.env.tools.mediagoblin.user.uid; |
| 16 | ids.gids.mediagoblin = myconfig.env.tools.mediagoblin.user.gid; | 17 | ids.gids.mediagoblin = myconfig.env.tools.mediagoblin.user.gid; |
| 17 | 18 | ||
| @@ -22,6 +23,7 @@ in { | |||
| 22 | description = "Mediagoblin user"; | 23 | description = "Mediagoblin user"; |
| 23 | home = mediagoblin.varDir; | 24 | home = mediagoblin.varDir; |
| 24 | useDefaultShell = true; | 25 | useDefaultShell = true; |
| 26 | extraGroups = [ "keys" ]; | ||
| 25 | }; | 27 | }; |
| 26 | 28 | ||
| 27 | users.groups.mediagoblin.gid = config.ids.gids.mediagoblin; | 29 | users.groups.mediagoblin.gid = config.ids.gids.mediagoblin; |
| @@ -29,7 +31,8 @@ in { | |||
| 29 | systemd.services.mediagoblin-web = { | 31 | systemd.services.mediagoblin-web = { |
| 30 | description = "Mediagoblin service"; | 32 | description = "Mediagoblin service"; |
| 31 | wantedBy = [ "multi-user.target" ]; | 33 | wantedBy = [ "multi-user.target" ]; |
| 32 | after = [ "network.target" ]; | 34 | after = [ "network.target" "tools-mediagoblin-key.service" ]; |
| 35 | wants = [ "postgresql.service" "redis.service" "tools-mediagoblin-key.service" ]; | ||
| 33 | 36 | ||
| 34 | environment.SCRIPT_NAME = "/mediagoblin/"; | 37 | environment.SCRIPT_NAME = "/mediagoblin/"; |
| 35 | 38 | ||