diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-15 01:17:31 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-15 01:17:31 +0200 |
commit | 5f08b34c5247ee0c4de2a9264d059b69271e3473 (patch) | |
tree | b8a8db5ae02e9a8022e1e565c6f3f9deebd4687c /nixops/modules/websites/tools/tools/shaarli.nix | |
parent | a840a21c954be6342603ae7a45dde6c005761696 (diff) | |
download | Nix-5f08b34c5247ee0c4de2a9264d059b69271e3473.tar.gz Nix-5f08b34c5247ee0c4de2a9264d059b69271e3473.tar.zst Nix-5f08b34c5247ee0c4de2a9264d059b69271e3473.zip |
Move shaarli passwords to secure location
Related issue: https://git.immae.eu/mantisbt/view.php?id=122
Diffstat (limited to 'nixops/modules/websites/tools/tools/shaarli.nix')
-rw-r--r-- | nixops/modules/websites/tools/tools/shaarli.nix | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/nixops/modules/websites/tools/tools/shaarli.nix b/nixops/modules/websites/tools/tools/shaarli.nix index 0f6b460..157c4de 100644 --- a/nixops/modules/websites/tools/tools/shaarli.nix +++ b/nixops/modules/websites/tools/tools/shaarli.nix | |||
@@ -50,12 +50,6 @@ in rec { | |||
50 | Alias /Shaarli "${root}" | 50 | Alias /Shaarli "${root}" |
51 | 51 | ||
52 | <Directory "${root}"> | 52 | <Directory "${root}"> |
53 | SetEnv SHAARLI_LDAP_PASSWORD "${env.ldap.password}" | ||
54 | SetEnv SHAARLI_LDAP_DN "${env.ldap.dn}" | ||
55 | SetEnv SHAARLI_LDAP_HOST "ldaps://${env.ldap.host}" | ||
56 | SetEnv SHAARLI_LDAP_BASE "${env.ldap.base}" | ||
57 | SetEnv SHAARLI_LDAP_FILTER "${env.ldap.search}" | ||
58 | |||
59 | DirectoryIndex index.php index.htm index.html | 53 | DirectoryIndex index.php index.htm index.html |
60 | Options Indexes FollowSymLinks MultiViews Includes | 54 | Options Indexes FollowSymLinks MultiViews Includes |
61 | AllowOverride All | 55 | AllowOverride All |
@@ -66,7 +60,22 @@ in rec { | |||
66 | </Directory> | 60 | </Directory> |
67 | ''; | 61 | ''; |
68 | }; | 62 | }; |
63 | keys.tools-shaarli = { | ||
64 | destDir = "/run/keys/webapps"; | ||
65 | user = apache.user; | ||
66 | group = apache.group; | ||
67 | permissions = "0700"; | ||
68 | text = '' | ||
69 | SHAARLI_LDAP_PASSWORD="${env.ldap.password}" | ||
70 | SHAARLI_LDAP_DN="${env.ldap.dn}" | ||
71 | SHAARLI_LDAP_HOST="ldaps://${env.ldap.host}" | ||
72 | SHAARLI_LDAP_BASE="${env.ldap.base}" | ||
73 | SHAARLI_LDAP_FILTER="${env.ldap.search}" | ||
74 | ''; | ||
75 | }; | ||
69 | phpFpm = rec { | 76 | phpFpm = rec { |
77 | serviceDeps = [ "openldap.service" "tools-shaarli-key.service" ]; | ||
78 | envFile = "/run/keys/webapps/tools-shaarli"; | ||
70 | basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; | 79 | basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; |
71 | socket = "/var/run/phpfpm/shaarli.sock"; | 80 | socket = "/var/run/phpfpm/shaarli.sock"; |
72 | pool = '' | 81 | pool = '' |
@@ -78,6 +87,7 @@ in rec { | |||
78 | pm = ondemand | 87 | pm = ondemand |
79 | pm.max_children = 60 | 88 | pm.max_children = 60 |
80 | pm.process_idle_timeout = 60 | 89 | pm.process_idle_timeout = 60 |
90 | clear_env = no | ||
81 | 91 | ||
82 | ; Needed to avoid clashes in browser cookies (same domain) | 92 | ; Needed to avoid clashes in browser cookies (same domain) |
83 | php_value[session.name] = ShaarliPHPSESSID | 93 | php_value[session.name] = ShaarliPHPSESSID |