Move tools to new secrets location

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-04-25 09:26:26 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-04-25 09:26:26 +0200
commit: 8db8e666707a0e51af9353c76c5863e1a5482ed5 (patch)
tree: 64bfdc2cb62f84250955424ad202fc875d4ddbc4 /nixops/modules/websites/tools/tools
parent: 32c84ff89c2b8931f58cea63961a178a9b1d0efe (diff)
download: Nix-8db8e666707a0e51af9353c76c5863e1a5482ed5.tar.gz
Nix-8db8e666707a0e51af9353c76c5863e1a5482ed5.tar.zst
Nix-8db8e666707a0e51af9353c76c5863e1a5482ed5.zip
8 files changed, 48 insertions, 48 deletions
diff --git a/nixops/modules/websites/tools/tools/default.nix b/nixops/modules/websites/tools/tools/default.nix
index 463e059..9be9d5d 100644
--- a/nixops/modules/websites/tools/tools/default.nix
+++ b/nixops/modules/websites/tools/tools/default.nix
@@ -46,14 +46,14 @@ in {
    security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
    security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;
-    deployment.keys =
+    mySecrets.keys =
      kanboard.keys
-      // ldap.keys
+      ++ ldap.keys
-      // roundcubemail.keys
+      ++ roundcubemail.keys
-      // shaarli.keys
+      ++ shaarli.keys
-      // ttrss.keys
+      ++ ttrss.keys
-      // wallabag.keys
+      ++ wallabag.keys
-      // yourls.keys;
+      ++ yourls.keys;
    services.myWebsites.integration.modules =
      rainloop.apache.modules;
diff --git a/nixops/modules/websites/tools/tools/kanboard.nix b/nixops/modules/websites/tools/tools/kanboard.nix
index dd5b18f..37cb8cc 100644
--- a/nixops/modules/websites/tools/tools/kanboard.nix
+++ b/nixops/modules/websites/tools/tools/kanboard.nix
@@ -10,8 +10,8 @@ rec {
      install -TDm644 ${webRoot}/dataold/web.config ${varDir}/data/web.config
    '';
  };
-  keys.tools-kanboard = {
+  keys = [{
-    destDir = "/run/keys/webapps";
+    dest = "webapps/tools-kanboard";
    user = apache.user;
    group = apache.group;
    permissions = "0400";
@@ -37,12 +37,12 @@ rec {
      define('LDAP_GROUP_ADMIN_DN', 'cn=admins,cn=kanboard,ou=services,dc=immae,dc=eu');
      ?>
      '';
-  };
+  }];
  webRoot = stdenv.mkDerivation (fetchedGithub ./kanboard.json // rec {
    dontBuild = true;
    installPhase = ''
      cp -a . $out
-      ln -s /run/keys/webapps/tools-kanboard $out/config.php
+      ln -s /var/secrets/webapps/tools-kanboard $out/config.php
      mv $out/data $out/dataold
      ln -s ${varDir}/data $out/data
      '';
@@ -71,8 +71,8 @@ rec {
      '';
  };
  phpFpm = rec {
-    serviceDeps = [ "postgresql.service" "openldap.service" "tools-kanboard-key.service" ];
+    serviceDeps = [ "postgresql.service" "openldap.service" ];
-    basedir = builtins.concatStringsSep ":" [ webRoot varDir "/run/keys/webapps/tools-kanboard" ];
+    basedir = builtins.concatStringsSep ":" [ webRoot varDir "/var/secrets/webapps/tools-kanboard" ];
    socket = "/var/run/phpfpm/kanboard.sock";
    pool = ''
      listen = ${socket}
diff --git a/nixops/modules/websites/tools/tools/ldap.nix b/nixops/modules/websites/tools/tools/ldap.nix
index 623adb5..7c26b61 100644
--- a/nixops/modules/websites/tools/tools/ldap.nix
+++ b/nixops/modules/websites/tools/tools/ldap.nix
@@ -1,7 +1,7 @@
 { lib, php, env, writeText, stdenv, optipng, fetchurl }:
 rec {
-  keys.tools-ldap = {
+  keys = [{
-    destDir = "/run/keys/webapps";
+    dest = "webapps/tools-ldap";
    user = apache.user;
    group = apache.group;
    permissions = "0400";
@@ -24,7 +24,7 @@ rec {
      $servers->setValue('login','attr','uid');
      $servers->setValue('login','fallback_dn',true);
      '';
-  };
+  }];
  webRoot = stdenv.mkDerivation rec {
    version = "1.2.3";
    name = "phpldapadmin-${version}";
@@ -45,7 +45,7 @@ rec {
    '';
    installPhase = ''
      cp -a . $out
-      ln -sf /run/keys/webapps/tools-ldap $out/config/config.php
+      ln -sf /var/secrets/webapps/tools-ldap $out/config/config.php
    '';
  };
  apache = rec {
@@ -68,8 +68,8 @@ rec {
      '';
  };
  phpFpm = rec {
-    serviceDeps = [ "openldap.service" "tools-ldap-key.service" ];
+    serviceDeps = [ "openldap.service" ];
-    basedir = builtins.concatStringsSep ":" [ webRoot "/run/keys/webapps/tools-ldap" ];
+    basedir = builtins.concatStringsSep ":" [ webRoot "/var/secrets/webapps/tools-ldap" ];
    socket = "/var/run/phpfpm/ldap.sock";
    pool = ''
      listen = ${socket}
diff --git a/nixops/modules/websites/tools/tools/roundcubemail.nix b/nixops/modules/websites/tools/tools/roundcubemail.nix
index 5fc3412..9939b77 100644
--- a/nixops/modules/websites/tools/tools/roundcubemail.nix
+++ b/nixops/modules/websites/tools/tools/roundcubemail.nix
@@ -78,8 +78,8 @@ let
        install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
      '';
    };
-    keys.tools-roundcube = {
+    keys = [{
-      destDir = "/run/keys/webapps";
+      dest = "webapps/tools-roundcube";
      user = apache.user;
      group = apache.group;
      permissions = "0400";
@@ -136,7 +136,7 @@ let
          $config['temp_dir'] = '${varDir}/cache';
          $config['mime_types'] = '${apacheHttpd}/conf/mime.types';
      '';
-    };
+    }];
    webRoot = stdenv.mkDerivation rec {
      version = "1.4-rc1";
      name = "roundcubemail-${version}";
@@ -154,7 +154,7 @@ let
      '';
      installPhase = ''
        cp -a . $out
-        ln -s /run/keys/webapps/tools-roundcube $out/config/config.inc.php
+        ln -s /var/secrets/webapps/tools-roundcube $out/config/config.inc.php
        ${builtins.concatStringsSep "\n" (
          lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/plugins/${name}") plugins
        )}
@@ -184,9 +184,9 @@ let
        '';
    };
    phpFpm = rec {
-      serviceDeps = [ "postgresql.service" "tools-roundcube-key.service" ];
+      serviceDeps = [ "postgresql.service" ];
      basedir = builtins.concatStringsSep ":" (
-        [ webRoot "/run/keys/webapps/tools-roundcube" varDir ]
+        [ webRoot "/var/secrets/webapps/tools-roundcube" varDir ]
        ++ lib.attrsets.mapAttrsToList (name: value: value) plugins
        ++ lib.attrsets.mapAttrsToList (name: value: value) skins);
      phpConfig = ''
diff --git a/nixops/modules/websites/tools/tools/shaarli.nix b/nixops/modules/websites/tools/tools/shaarli.nix
index 56658fd..19b27c2 100644
--- a/nixops/modules/websites/tools/tools/shaarli.nix
+++ b/nixops/modules/websites/tools/tools/shaarli.nix
@@ -49,7 +49,7 @@ in rec {
    vhostConf = ''
      Alias /Shaarli "${root}"
-      Include /run/keys/webapps/tools-shaarli
+      Include /var/secrets/webapps/tools-shaarli
      <Directory "${root}">
        DirectoryIndex index.php index.htm index.html
        Options Indexes FollowSymLinks MultiViews Includes
@@ -61,8 +61,8 @@ in rec {
      </Directory>
      '';
  };
-  keys.tools-shaarli = {
+  keys = [{
-    destDir = "/run/keys/webapps";
+    dest = "webapps/tools-shaarli";
    user = apache.user;
    group = apache.group;
    permissions = "0400";
@@ -73,7 +73,7 @@ in rec {
      SetEnv SHAARLI_LDAP_BASE     "${env.ldap.base}"
      SetEnv SHAARLI_LDAP_FILTER   "${env.ldap.search}"
      '';
-  };
+  }];
  phpFpm = rec {
    serviceDeps = [ "openldap.service" ];
    basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
diff --git a/nixops/modules/websites/tools/tools/ttrss.nix b/nixops/modules/websites/tools/tools/ttrss.nix
index 0fe94f9..e6cad56 100644
--- a/nixops/modules/websites/tools/tools/ttrss.nix
+++ b/nixops/modules/websites/tools/tools/ttrss.nix
@@ -52,8 +52,8 @@ let
        install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
      '';
    };
-    keys.tools-ttrss = {
+    keys = [{
-      destDir = "/run/keys/webapps";
+      dest = "webapps/tools-ttrss";
      user = apache.user;
      group = apache.group;
      permissions = "0400";
@@ -120,7 +120,7 @@ let
          define('LDAP_AUTH_LOG_ATTEMPTS', FALSE);
          define('LDAP_AUTH_DEBUG', FALSE);
        '';
-    };
+    }];
    webRoot = stdenv.mkDerivation (fetchedGit ./tt-rss.json // rec {
      buildPhase = ''
        rm -rf lock feed-icons cache
@@ -128,7 +128,7 @@ let
      '';
      installPhase = ''
        cp -a . $out
-        ln -s /run/keys/webapps/tools-ttrss $out/config.php
+        ln -s /var/secrets/webapps/tools-ttrss $out/config.php
        ${builtins.concatStringsSep "\n" (
          lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/plugins/${name}") plugins
        )}
@@ -155,9 +155,9 @@ let
        '';
    };
    phpFpm = rec {
-      serviceDeps = [ "postgresql.service" "openldap.service" "tools-ttrss-key.service" ];
+      serviceDeps = [ "postgresql.service" "openldap.service" ];
      basedir = builtins.concatStringsSep ":" (
-        [ webRoot "/run/keys/webapps/tools-ttrss" varDir ]
+        [ webRoot "/var/secrets/webapps/tools-ttrss" varDir ]
        ++ lib.attrsets.mapAttrsToList (name: value: value) plugins);
      socket = "/var/run/phpfpm/ttrss.sock";
      pool = ''
diff --git a/nixops/modules/websites/tools/tools/wallabag.nix b/nixops/modules/websites/tools/tools/wallabag.nix
index f145bf3..596b9bc 100644
--- a/nixops/modules/websites/tools/tools/wallabag.nix
+++ b/nixops/modules/websites/tools/tools/wallabag.nix
@@ -2,8 +2,8 @@
 let
  wallabag = rec {
    varDir = "/var/lib/wallabag";
-    keys.tools-wallabag = {
+    keys = [{
-      destDir = "/run/keys/webapps";
+      dest = "webapps/tools-wallabag";
      user = apache.user;
      group = apache.group;
      permissions = "0400";
@@ -65,7 +65,7 @@ let
                class:     Swift_SendmailTransport
                arguments: ['/run/wrappers/bin/sendmail -bs']
        '';
-    };
+    }];
    webappDir = composerEnv.buildPackage rec {
      packages = {
        "fr3d/ldap-bundle" = {
@@ -110,7 +110,7 @@ let
      '';
      postInstall = ''
        rm -rf web/assets var/{cache,logs,sessions} app/config/parameters.yml data
-        ln -sf /run/keys/webapps/tools-wallabag app/config/parameters.yml
+        ln -sf /var/secrets/webapps/tools-wallabag app/config/parameters.yml
        ln -sf ${varDir}/var/{cache,logs,sessions} var
        ln -sf ${varDir}/data data
        ln -sf ${varDir}/assets web/assets
@@ -171,11 +171,11 @@ let
          /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction
          popd > /dev/null
          echo -n "${webappDir}" > ${varDir}/currentWebappDir
-          sha512sum /run/keys/webapps/tools-wallabag > ${varDir}/currentKey
+          sha512sum /var/secrets/webapps/tools-wallabag > ${varDir}/currentKey
        fi
        '';
-      serviceDeps = [ "postgresql.service" "openldap.service" "tools-wallabag-key.service" ];
+      serviceDeps = [ "postgresql.service" "openldap.service" ];
-      basedir = builtins.concatStringsSep ":" [ webappDir "/run/keys/webapps/tools-wallabag" varDir ];
+      basedir = builtins.concatStringsSep ":" [ webappDir "/var/secrets/webapps/tools-wallabag" varDir ];
      socket = "/var/run/phpfpm/wallabag.sock";
      pool = ''
        listen = ${socket}
diff --git a/nixops/modules/websites/tools/tools/yourls.nix b/nixops/modules/websites/tools/tools/yourls.nix
index 390dabe..470fb7b 100644
--- a/nixops/modules/websites/tools/tools/yourls.nix
+++ b/nixops/modules/websites/tools/tools/yourls.nix
@@ -13,8 +13,8 @@ let
    activationScript = ''
      install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/yourls
    '';
-    keys.tools-yourls = {
+    keys = [{
-      destDir = "/run/keys/webapps";
+      dest = "webapps/tools-yourls";
      user = apache.user;
      group = apache.group;
      permissions = "0400";
@@ -46,13 +46,13 @@ let
        define( 'LDAPAUTH_USERCACHE_TYPE', 0);
      '';
-    };
+    }];
    webRoot = stdenv.mkDerivation (fetchedGithub ./yourls.json // rec {
      installPhase = ''
        mkdir -p $out
        cp -a */ *.php $out/
        cp sample-robots.txt $out/robots.txt
-        ln -sf /run/keys/webapps/tools-yourls $out/includes/config.php
+        ln -sf /var/secrets/webapps/tools-yourls $out/includes/config.php
        ${builtins.concatStringsSep "\n" (
          lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/user/plugins/${name}") plugins
        )}
@@ -85,9 +85,9 @@ let
        '';
    };
    phpFpm = rec {
-      serviceDeps = [ "mysql.service" "openldap.service" "tools-yourls-key.service" ];
+      serviceDeps = [ "mysql.service" "openldap.service" ];
      basedir = builtins.concatStringsSep ":" (
-        [ webRoot "/run/keys/webapps/tools-yourls" ]
+        [ webRoot "/var/secrets/webapps/tools-yourls" ]
        ++ lib.attrsets.mapAttrsToList (name: value: value) plugins);
      socket = "/var/run/phpfpm/yourls.sock";
      pool = ''
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-04-25 09:26:26 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-04-25 09:26:26 +0200
commit	8db8e666707a0e51af9353c76c5863e1a5482ed5 (patch)
tree	64bfdc2cb62f84250955424ad202fc875d4ddbc4 /nixops/modules/websites/tools/tools
parent	32c84ff89c2b8931f58cea63961a178a9b1d0efe (diff)
download	Nix-8db8e666707a0e51af9353c76c5863e1a5482ed5.tar.gz Nix-8db8e666707a0e51af9353c76c5863e1a5482ed5.tar.zst Nix-8db8e666707a0e51af9353c76c5863e1a5482ed5.zip

diff --git a/nixops/modules/websites/tools/tools/default.nix b/nixops/modules/websites/tools/tools/default.nix index 463e059..9be9d5d 100644 --- a/nixops/modules/websites/tools/tools/default.nix +++ b/nixops/modules/websites/tools/tools/default.nix
@@ -46,14 +46,14 @@ in {
46	security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;	46	security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
47	security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;	47	security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;
48		48
49	deployment.keys =	49	mySecrets.keys =
50	kanboard.keys	50	kanboard.keys
51	// ldap.keys	51	++ ldap.keys
52	// roundcubemail.keys	52	++ roundcubemail.keys
53	// shaarli.keys	53	++ shaarli.keys
54	// ttrss.keys	54	++ ttrss.keys
55	// wallabag.keys	55	++ wallabag.keys
56	// yourls.keys;	56	++ yourls.keys;
57		57
58	services.myWebsites.integration.modules =	58	services.myWebsites.integration.modules =
59	rainloop.apache.modules;	59	rainloop.apache.modules;


diff --git a/nixops/modules/websites/tools/tools/kanboard.nix b/nixops/modules/websites/tools/tools/kanboard.nix index dd5b18f..37cb8cc 100644 --- a/nixops/modules/websites/tools/tools/kanboard.nix +++ b/nixops/modules/websites/tools/tools/kanboard.nix
@@ -10,8 +10,8 @@ rec {
10	install -TDm644 ${webRoot}/dataold/web.config ${varDir}/data/web.config	10	install -TDm644 ${webRoot}/dataold/web.config ${varDir}/data/web.config
11	'';	11	'';
12	};	12	};
13	keys.tools-kanboard = {	13	keys = [{
14	destDir = "/run/keys/webapps";	14	dest = "webapps/tools-kanboard";
15	user = apache.user;	15	user = apache.user;
16	group = apache.group;	16	group = apache.group;
17	permissions = "0400";	17	permissions = "0400";
@@ -37,12 +37,12 @@ rec {
37	define('LDAP_GROUP_ADMIN_DN', 'cn=admins,cn=kanboard,ou=services,dc=immae,dc=eu');	37	define('LDAP_GROUP_ADMIN_DN', 'cn=admins,cn=kanboard,ou=services,dc=immae,dc=eu');
38	?>	38	?>
39	'';	39	'';
40	};	40	}];
41	webRoot = stdenv.mkDerivation (fetchedGithub ./kanboard.json // rec {	41	webRoot = stdenv.mkDerivation (fetchedGithub ./kanboard.json // rec {
42	dontBuild = true;	42	dontBuild = true;
43	installPhase = ''	43	installPhase = ''
44	cp -a . $out	44	cp -a . $out
45	ln -s /run/keys/webapps/tools-kanboard $out/config.php	45	ln -s /var/secrets/webapps/tools-kanboard $out/config.php
46	mv $out/data $out/dataold	46	mv $out/data $out/dataold
47	ln -s ${varDir}/data $out/data	47	ln -s ${varDir}/data $out/data
48	'';	48	'';
@@ -71,8 +71,8 @@ rec {
71	'';	71	'';
72	};	72	};
73	phpFpm = rec {	73	phpFpm = rec {
74	serviceDeps = [ "postgresql.service" "openldap.service" "tools-kanboard-key.service" ];	74	serviceDeps = [ "postgresql.service" "openldap.service" ];
75	basedir = builtins.concatStringsSep ":" [ webRoot varDir "/run/keys/webapps/tools-kanboard" ];	75	basedir = builtins.concatStringsSep ":" [ webRoot varDir "/var/secrets/webapps/tools-kanboard" ];
76	socket = "/var/run/phpfpm/kanboard.sock";	76	socket = "/var/run/phpfpm/kanboard.sock";
77	pool = ''	77	pool = ''
78	listen = ${socket}	78	listen = ${socket}


diff --git a/nixops/modules/websites/tools/tools/ldap.nix b/nixops/modules/websites/tools/tools/ldap.nix index 623adb5..7c26b61 100644 --- a/nixops/modules/websites/tools/tools/ldap.nix +++ b/nixops/modules/websites/tools/tools/ldap.nix
@@ -1,7 +1,7 @@
1	{ lib, php, env, writeText, stdenv, optipng, fetchurl }:	1	{ lib, php, env, writeText, stdenv, optipng, fetchurl }:
2	rec {	2	rec {
3	keys.tools-ldap = {	3	keys = [{
4	destDir = "/run/keys/webapps";	4	dest = "webapps/tools-ldap";
5	user = apache.user;	5	user = apache.user;
6	group = apache.group;	6	group = apache.group;
7	permissions = "0400";	7	permissions = "0400";
@@ -24,7 +24,7 @@ rec {
24	$servers->setValue('login','attr','uid');	24	$servers->setValue('login','attr','uid');
25	$servers->setValue('login','fallback_dn',true);	25	$servers->setValue('login','fallback_dn',true);
26	'';	26	'';
27	};	27	}];
28	webRoot = stdenv.mkDerivation rec {	28	webRoot = stdenv.mkDerivation rec {
29	version = "1.2.3";	29	version = "1.2.3";
30	name = "phpldapadmin-${version}";	30	name = "phpldapadmin-${version}";
@@ -45,7 +45,7 @@ rec {
45	'';	45	'';
46	installPhase = ''	46	installPhase = ''
47	cp -a . $out	47	cp -a . $out
48	ln -sf /run/keys/webapps/tools-ldap $out/config/config.php	48	ln -sf /var/secrets/webapps/tools-ldap $out/config/config.php
49	'';	49	'';
50	};	50	};
51	apache = rec {	51	apache = rec {
@@ -68,8 +68,8 @@ rec {
68	'';	68	'';
69	};	69	};
70	phpFpm = rec {	70	phpFpm = rec {
71	serviceDeps = [ "openldap.service" "tools-ldap-key.service" ];	71	serviceDeps = [ "openldap.service" ];
72	basedir = builtins.concatStringsSep ":" [ webRoot "/run/keys/webapps/tools-ldap" ];	72	basedir = builtins.concatStringsSep ":" [ webRoot "/var/secrets/webapps/tools-ldap" ];
73	socket = "/var/run/phpfpm/ldap.sock";	73	socket = "/var/run/phpfpm/ldap.sock";
74	pool = ''	74	pool = ''
75	listen = ${socket}	75	listen = ${socket}


diff --git a/nixops/modules/websites/tools/tools/roundcubemail.nix b/nixops/modules/websites/tools/tools/roundcubemail.nix index 5fc3412..9939b77 100644 --- a/nixops/modules/websites/tools/tools/roundcubemail.nix +++ b/nixops/modules/websites/tools/tools/roundcubemail.nix
@@ -78,8 +78,8 @@ let
78	install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions	78	install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
79	'';	79	'';
80	};	80	};
81	keys.tools-roundcube = {	81	keys = [{
82	destDir = "/run/keys/webapps";	82	dest = "webapps/tools-roundcube";
83	user = apache.user;	83	user = apache.user;
84	group = apache.group;	84	group = apache.group;
85	permissions = "0400";	85	permissions = "0400";
@@ -136,7 +136,7 @@ let
136	$config['temp_dir'] = '${varDir}/cache';	136	$config['temp_dir'] = '${varDir}/cache';
137	$config['mime_types'] = '${apacheHttpd}/conf/mime.types';	137	$config['mime_types'] = '${apacheHttpd}/conf/mime.types';
138	'';	138	'';
139	};	139	}];
140	webRoot = stdenv.mkDerivation rec {	140	webRoot = stdenv.mkDerivation rec {
141	version = "1.4-rc1";	141	version = "1.4-rc1";
142	name = "roundcubemail-${version}";	142	name = "roundcubemail-${version}";
@@ -154,7 +154,7 @@ let
154	'';	154	'';
155	installPhase = ''	155	installPhase = ''
156	cp -a . $out	156	cp -a . $out
157	ln -s /run/keys/webapps/tools-roundcube $out/config/config.inc.php	157	ln -s /var/secrets/webapps/tools-roundcube $out/config/config.inc.php
158	${builtins.concatStringsSep "\n" (	158	${builtins.concatStringsSep "\n" (
159	lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/plugins/${name}") plugins	159	lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/plugins/${name}") plugins
160	)}	160	)}
@@ -184,9 +184,9 @@ let
184	'';	184	'';
185	};	185	};
186	phpFpm = rec {	186	phpFpm = rec {
187	serviceDeps = [ "postgresql.service" "tools-roundcube-key.service" ];	187	serviceDeps = [ "postgresql.service" ];
188	basedir = builtins.concatStringsSep ":" (	188	basedir = builtins.concatStringsSep ":" (
189	[ webRoot "/run/keys/webapps/tools-roundcube" varDir ]	189	[ webRoot "/var/secrets/webapps/tools-roundcube" varDir ]
190	++ lib.attrsets.mapAttrsToList (name: value: value) plugins	190	++ lib.attrsets.mapAttrsToList (name: value: value) plugins
191	++ lib.attrsets.mapAttrsToList (name: value: value) skins);	191	++ lib.attrsets.mapAttrsToList (name: value: value) skins);
192	phpConfig = ''	192	phpConfig = ''


diff --git a/nixops/modules/websites/tools/tools/shaarli.nix b/nixops/modules/websites/tools/tools/shaarli.nix index 56658fd..19b27c2 100644 --- a/nixops/modules/websites/tools/tools/shaarli.nix +++ b/nixops/modules/websites/tools/tools/shaarli.nix
@@ -49,7 +49,7 @@ in rec {
49	vhostConf = ''	49	vhostConf = ''
50	Alias /Shaarli "${root}"	50	Alias /Shaarli "${root}"
51		51
52	Include /run/keys/webapps/tools-shaarli	52	Include /var/secrets/webapps/tools-shaarli
53	<Directory "${root}">	53	<Directory "${root}">
54	DirectoryIndex index.php index.htm index.html	54	DirectoryIndex index.php index.htm index.html
55	Options Indexes FollowSymLinks MultiViews Includes	55	Options Indexes FollowSymLinks MultiViews Includes
@@ -61,8 +61,8 @@ in rec {
61	</Directory>	61	</Directory>
62	'';	62	'';
63	};	63	};
64	keys.tools-shaarli = {	64	keys = [{
65	destDir = "/run/keys/webapps";	65	dest = "webapps/tools-shaarli";
66	user = apache.user;	66	user = apache.user;
67	group = apache.group;	67	group = apache.group;
68	permissions = "0400";	68	permissions = "0400";
@@ -73,7 +73,7 @@ in rec {
73	SetEnv SHAARLI_LDAP_BASE "${env.ldap.base}"	73	SetEnv SHAARLI_LDAP_BASE "${env.ldap.base}"
74	SetEnv SHAARLI_LDAP_FILTER "${env.ldap.search}"	74	SetEnv SHAARLI_LDAP_FILTER "${env.ldap.search}"
75	'';	75	'';
76	};	76	}];
77	phpFpm = rec {	77	phpFpm = rec {
78	serviceDeps = [ "openldap.service" ];	78	serviceDeps = [ "openldap.service" ];
79	basedir = builtins.concatStringsSep ":" [ webRoot varDir ];	79	basedir = builtins.concatStringsSep ":" [ webRoot varDir ];


diff --git a/nixops/modules/websites/tools/tools/ttrss.nix b/nixops/modules/websites/tools/tools/ttrss.nix index 0fe94f9..e6cad56 100644 --- a/nixops/modules/websites/tools/tools/ttrss.nix +++ b/nixops/modules/websites/tools/tools/ttrss.nix
@@ -52,8 +52,8 @@ let
52	install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions	52	install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
53	'';	53	'';
54	};	54	};
55	keys.tools-ttrss = {	55	keys = [{
56	destDir = "/run/keys/webapps";	56	dest = "webapps/tools-ttrss";
57	user = apache.user;	57	user = apache.user;
58	group = apache.group;	58	group = apache.group;
59	permissions = "0400";	59	permissions = "0400";
@@ -120,7 +120,7 @@ let
120	define('LDAP_AUTH_LOG_ATTEMPTS', FALSE);	120	define('LDAP_AUTH_LOG_ATTEMPTS', FALSE);
121	define('LDAP_AUTH_DEBUG', FALSE);	121	define('LDAP_AUTH_DEBUG', FALSE);
122	'';	122	'';
123	};	123	}];
124	webRoot = stdenv.mkDerivation (fetchedGit ./tt-rss.json // rec {	124	webRoot = stdenv.mkDerivation (fetchedGit ./tt-rss.json // rec {
125	buildPhase = ''	125	buildPhase = ''
126	rm -rf lock feed-icons cache	126	rm -rf lock feed-icons cache
@@ -128,7 +128,7 @@ let
128	'';	128	'';
129	installPhase = ''	129	installPhase = ''
130	cp -a . $out	130	cp -a . $out
131	ln -s /run/keys/webapps/tools-ttrss $out/config.php	131	ln -s /var/secrets/webapps/tools-ttrss $out/config.php
132	${builtins.concatStringsSep "\n" (	132	${builtins.concatStringsSep "\n" (
133	lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/plugins/${name}") plugins	133	lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/plugins/${name}") plugins
134	)}	134	)}
@@ -155,9 +155,9 @@ let
155	'';	155	'';
156	};	156	};
157	phpFpm = rec {	157	phpFpm = rec {
158	serviceDeps = [ "postgresql.service" "openldap.service" "tools-ttrss-key.service" ];	158	serviceDeps = [ "postgresql.service" "openldap.service" ];
159	basedir = builtins.concatStringsSep ":" (	159	basedir = builtins.concatStringsSep ":" (
160	[ webRoot "/run/keys/webapps/tools-ttrss" varDir ]	160	[ webRoot "/var/secrets/webapps/tools-ttrss" varDir ]
161	++ lib.attrsets.mapAttrsToList (name: value: value) plugins);	161	++ lib.attrsets.mapAttrsToList (name: value: value) plugins);
162	socket = "/var/run/phpfpm/ttrss.sock";	162	socket = "/var/run/phpfpm/ttrss.sock";
163	pool = ''	163	pool = ''


diff --git a/nixops/modules/websites/tools/tools/wallabag.nix b/nixops/modules/websites/tools/tools/wallabag.nix index f145bf3..596b9bc 100644 --- a/nixops/modules/websites/tools/tools/wallabag.nix +++ b/nixops/modules/websites/tools/tools/wallabag.nix
@@ -2,8 +2,8 @@
2	let	2	let
3	wallabag = rec {	3	wallabag = rec {
4	varDir = "/var/lib/wallabag";	4	varDir = "/var/lib/wallabag";
5	keys.tools-wallabag = {	5	keys = [{
6	destDir = "/run/keys/webapps";	6	dest = "webapps/tools-wallabag";
7	user = apache.user;	7	user = apache.user;
8	group = apache.group;	8	group = apache.group;
9	permissions = "0400";	9	permissions = "0400";
@@ -65,7 +65,7 @@ let
65	class: Swift_SendmailTransport	65	class: Swift_SendmailTransport
66	arguments: ['/run/wrappers/bin/sendmail -bs']	66	arguments: ['/run/wrappers/bin/sendmail -bs']
67	'';	67	'';
68	};	68	}];
69	webappDir = composerEnv.buildPackage rec {	69	webappDir = composerEnv.buildPackage rec {
70	packages = {	70	packages = {
71	"fr3d/ldap-bundle" = {	71	"fr3d/ldap-bundle" = {
@@ -110,7 +110,7 @@ let
110	'';	110	'';
111	postInstall = ''	111	postInstall = ''
112	rm -rf web/assets var/{cache,logs,sessions} app/config/parameters.yml data	112	rm -rf web/assets var/{cache,logs,sessions} app/config/parameters.yml data
113	ln -sf /run/keys/webapps/tools-wallabag app/config/parameters.yml	113	ln -sf /var/secrets/webapps/tools-wallabag app/config/parameters.yml
114	ln -sf ${varDir}/var/{cache,logs,sessions} var	114	ln -sf ${varDir}/var/{cache,logs,sessions} var
115	ln -sf ${varDir}/data data	115	ln -sf ${varDir}/data data
116	ln -sf ${varDir}/assets web/assets	116	ln -sf ${varDir}/assets web/assets
@@ -171,11 +171,11 @@ let
171	/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction	171	/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction
172	popd > /dev/null	172	popd > /dev/null
173	echo -n "${webappDir}" > ${varDir}/currentWebappDir	173	echo -n "${webappDir}" > ${varDir}/currentWebappDir
174	sha512sum /run/keys/webapps/tools-wallabag > ${varDir}/currentKey	174	sha512sum /var/secrets/webapps/tools-wallabag > ${varDir}/currentKey
175	fi	175	fi
176	'';	176	'';
177	serviceDeps = [ "postgresql.service" "openldap.service" "tools-wallabag-key.service" ];	177	serviceDeps = [ "postgresql.service" "openldap.service" ];
178	basedir = builtins.concatStringsSep ":" [ webappDir "/run/keys/webapps/tools-wallabag" varDir ];	178	basedir = builtins.concatStringsSep ":" [ webappDir "/var/secrets/webapps/tools-wallabag" varDir ];
179	socket = "/var/run/phpfpm/wallabag.sock";	179	socket = "/var/run/phpfpm/wallabag.sock";
180	pool = ''	180	pool = ''
181	listen = ${socket}	181	listen = ${socket}


diff --git a/nixops/modules/websites/tools/tools/yourls.nix b/nixops/modules/websites/tools/tools/yourls.nix index 390dabe..470fb7b 100644 --- a/nixops/modules/websites/tools/tools/yourls.nix +++ b/nixops/modules/websites/tools/tools/yourls.nix
@@ -13,8 +13,8 @@ let
13	activationScript = ''	13	activationScript = ''
14	install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/yourls	14	install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/yourls
15	'';	15	'';
16	keys.tools-yourls = {	16	keys = [{
17	destDir = "/run/keys/webapps";	17	dest = "webapps/tools-yourls";
18	user = apache.user;	18	user = apache.user;
19	group = apache.group;	19	group = apache.group;
20	permissions = "0400";	20	permissions = "0400";
@@ -46,13 +46,13 @@ let
46		46
47	define( 'LDAPAUTH_USERCACHE_TYPE', 0);	47	define( 'LDAPAUTH_USERCACHE_TYPE', 0);
48	'';	48	'';
49	};	49	}];
50	webRoot = stdenv.mkDerivation (fetchedGithub ./yourls.json // rec {	50	webRoot = stdenv.mkDerivation (fetchedGithub ./yourls.json // rec {
51	installPhase = ''	51	installPhase = ''
52	mkdir -p $out	52	mkdir -p $out
53	cp -a / .php $out/	53	cp -a / .php $out/
54	cp sample-robots.txt $out/robots.txt	54	cp sample-robots.txt $out/robots.txt
55	ln -sf /run/keys/webapps/tools-yourls $out/includes/config.php	55	ln -sf /var/secrets/webapps/tools-yourls $out/includes/config.php
56	${builtins.concatStringsSep "\n" (	56	${builtins.concatStringsSep "\n" (
57	lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/user/plugins/${name}") plugins	57	lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/user/plugins/${name}") plugins
58	)}	58	)}
@@ -85,9 +85,9 @@ let
85	'';	85	'';
86	};	86	};
87	phpFpm = rec {	87	phpFpm = rec {
88	serviceDeps = [ "mysql.service" "openldap.service" "tools-yourls-key.service" ];	88	serviceDeps = [ "mysql.service" "openldap.service" ];
89	basedir = builtins.concatStringsSep ":" (	89	basedir = builtins.concatStringsSep ":" (
90	[ webRoot "/run/keys/webapps/tools-yourls" ]	90	[ webRoot "/var/secrets/webapps/tools-yourls" ]
91	++ lib.attrsets.mapAttrsToList (name: value: value) plugins);	91	++ lib.attrsets.mapAttrsToList (name: value: value) plugins);
92	socket = "/var/run/phpfpm/yourls.sock";	92	socket = "/var/run/phpfpm/yourls.sock";
93	pool = ''	93	pool = ''