aboutsummaryrefslogtreecommitdiff
path: root/nixops/modules/websites
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2019-01-26 14:51:19 +0100
committerIsmaël Bouya <ismael.bouya@normalesup.org>2019-01-26 14:57:15 +0100
commit7ebcaad53a3261d8a4aefd8a64c5c7d9d8ac2fa0 (patch)
tree955c11eb61c79333296cfb82f49836bd7e3eca70 /nixops/modules/websites
parentbad8f8d3cfaf48e6693f9718857a4648a86b0d37 (diff)
downloadNix-7ebcaad53a3261d8a4aefd8a64c5c7d9d8ac2fa0.tar.gz
Nix-7ebcaad53a3261d8a4aefd8a64c5c7d9d8ac2fa0.tar.zst
Nix-7ebcaad53a3261d8a4aefd8a64c5c7d9d8ac2fa0.zip
Fix the SSL state for databases connections
Whenever possible, we use a socket connexion (all postgresql connections, and a few mysql ones) When remote (only mysql), we require SSL in the users database (cannot be enforced globally) Also, put pam configurations in a correct state Fixes https://git.immae.eu/mantisbt/view.php?id=89 Fixes https://git.immae.eu/mantisbt/view.php?id=90 Fixes https://git.immae.eu/mantisbt/view.php?id=88
Diffstat (limited to 'nixops/modules/websites')
-rw-r--r--nixops/modules/websites/chloe/chloe.nix3
-rw-r--r--nixops/modules/websites/chloe/chloe_config_dev/connect.php11
-rw-r--r--nixops/modules/websites/chloe/chloe_config_prod/connect.php11
-rw-r--r--nixops/modules/websites/connexionswing/connexionswing.nix4
-rw-r--r--nixops/modules/websites/ludivine/ludivinecassal.nix4
-rw-r--r--nixops/modules/websites/piedsjaloux/piedsjaloux.nix4
-rw-r--r--nixops/modules/websites/tellesflorian/tellesflorian.nix4
-rw-r--r--nixops/modules/websites/tools/dav/davical.nix2
-rw-r--r--nixops/modules/websites/tools/diaspora/diaspora.nix8
-rw-r--r--nixops/modules/websites/tools/git/mantisbt/mantisbt.nix6
-rw-r--r--nixops/modules/websites/tools/tools/ttrss.nix8
-rw-r--r--nixops/modules/websites/tools/tools/yourls.nix4
12 files changed, 44 insertions, 25 deletions
diff --git a/nixops/modules/websites/chloe/chloe.nix b/nixops/modules/websites/chloe/chloe.nix
index 355cca7..9752db6 100644
--- a/nixops/modules/websites/chloe/chloe.nix
+++ b/nixops/modules/websites/chloe/chloe.nix
@@ -23,7 +23,8 @@ let
23 env[SPIP_LDAP_SEARCH_DN] = "${config.ldap.dn}" 23 env[SPIP_LDAP_SEARCH_DN] = "${config.ldap.dn}"
24 env[SPIP_LDAP_SEARCH_PW] = "${config.ldap.password}" 24 env[SPIP_LDAP_SEARCH_PW] = "${config.ldap.password}"
25 env[SPIP_LDAP_SEARCH] = "${config.ldap.search}" 25 env[SPIP_LDAP_SEARCH] = "${config.ldap.search}"
26 env[SPIP_MYSQL_HOST] = "db-1.immae.eu" 26 env[SPIP_MYSQL_HOST] = "${config.mysql.host}"
27 env[SPIP_MYSQL_PORT] = "${config.mysql.port}"
27 env[SPIP_MYSQL_DB] = "${config.mysql.name}" 28 env[SPIP_MYSQL_DB] = "${config.mysql.name}"
28 env[SPIP_MYSQL_USER] = "${config.mysql.user}" 29 env[SPIP_MYSQL_USER] = "${config.mysql.user}"
29 env[SPIP_MYSQL_PASSWORD] = "${config.mysql.password}" 30 env[SPIP_MYSQL_PASSWORD] = "${config.mysql.password}"
diff --git a/nixops/modules/websites/chloe/chloe_config_dev/connect.php b/nixops/modules/websites/chloe/chloe_config_dev/connect.php
index 2e4439f..18b0933 100644
--- a/nixops/modules/websites/chloe/chloe_config_dev/connect.php
+++ b/nixops/modules/websites/chloe/chloe_config_dev/connect.php
@@ -2,5 +2,14 @@
2if (!defined("_ECRIRE_INC_VERSION")) return; 2if (!defined("_ECRIRE_INC_VERSION")) return;
3define('_MYSQL_SET_SQL_MODE',true); 3define('_MYSQL_SET_SQL_MODE',true);
4$GLOBALS['spip_connect_version'] = 0.7; 4$GLOBALS['spip_connect_version'] = 0.7;
5spip_connect_db(getenv("SPIP_MYSQL_HOST"),'',getenv("SPIP_MYSQL_USER"),getenv("SPIP_MYSQL_PASSWORD"),getenv("SPIP_MYSQL_DB"),'mysql', 'spip','ldap.php'); 5spip_connect_db(
6 getenv("SPIP_MYSQL_HOST"),
7 getenv("SPIP_MYSQL_PORT"),
8 getenv("SPIP_MYSQL_USER"),
9 getenv("SPIP_MYSQL_PASSWORD"),
10 getenv("SPIP_MYSQL_DB"),
11 'mysql',
12 'spip',
13 'ldap.php'
14);
6?> 15?>
diff --git a/nixops/modules/websites/chloe/chloe_config_prod/connect.php b/nixops/modules/websites/chloe/chloe_config_prod/connect.php
index 2e4439f..18b0933 100644
--- a/nixops/modules/websites/chloe/chloe_config_prod/connect.php
+++ b/nixops/modules/websites/chloe/chloe_config_prod/connect.php
@@ -2,5 +2,14 @@
2if (!defined("_ECRIRE_INC_VERSION")) return; 2if (!defined("_ECRIRE_INC_VERSION")) return;
3define('_MYSQL_SET_SQL_MODE',true); 3define('_MYSQL_SET_SQL_MODE',true);
4$GLOBALS['spip_connect_version'] = 0.7; 4$GLOBALS['spip_connect_version'] = 0.7;
5spip_connect_db(getenv("SPIP_MYSQL_HOST"),'',getenv("SPIP_MYSQL_USER"),getenv("SPIP_MYSQL_PASSWORD"),getenv("SPIP_MYSQL_DB"),'mysql', 'spip','ldap.php'); 5spip_connect_db(
6 getenv("SPIP_MYSQL_HOST"),
7 getenv("SPIP_MYSQL_PORT"),
8 getenv("SPIP_MYSQL_USER"),
9 getenv("SPIP_MYSQL_PASSWORD"),
10 getenv("SPIP_MYSQL_DB"),
11 'mysql',
12 'spip',
13 'ldap.php'
14);
6?> 15?>
diff --git a/nixops/modules/websites/connexionswing/connexionswing.nix b/nixops/modules/websites/connexionswing/connexionswing.nix
index f394574..a9ee2ba 100644
--- a/nixops/modules/websites/connexionswing/connexionswing.nix
+++ b/nixops/modules/websites/connexionswing/connexionswing.nix
@@ -7,8 +7,8 @@ let
7 writeText "parameters.yml" '' 7 writeText "parameters.yml" ''
8 # This file is auto-generated during the composer install 8 # This file is auto-generated during the composer install
9 parameters: 9 parameters:
10 database_host: db-1.immae.eu 10 database_host: ${config.mysql.host}
11 database_port: null 11 database_port: ${config.mysql.port}
12 database_name: ${config.mysql.name} 12 database_name: ${config.mysql.name}
13 database_user: ${config.mysql.user} 13 database_user: ${config.mysql.user}
14 database_password: ${config.mysql.password} 14 database_password: ${config.mysql.password}
diff --git a/nixops/modules/websites/ludivine/ludivinecassal.nix b/nixops/modules/websites/ludivine/ludivinecassal.nix
index eff0bf8..e17a64e 100644
--- a/nixops/modules/websites/ludivine/ludivinecassal.nix
+++ b/nixops/modules/websites/ludivine/ludivinecassal.nix
@@ -7,8 +7,8 @@ let
7 writeText "parameters.yml" '' 7 writeText "parameters.yml" ''
8 # This file is auto-generated during the composer install 8 # This file is auto-generated during the composer install
9 parameters: 9 parameters:
10 database_host: db-1.immae.eu 10 database_host: ${config.mysql.host}
11 database_port: null 11 database_port: ${config.mysql.port}
12 database_name: ${config.mysql.name} 12 database_name: ${config.mysql.name}
13 database_user: ${config.mysql.user} 13 database_user: ${config.mysql.user}
14 database_password: ${config.mysql.password} 14 database_password: ${config.mysql.password}
diff --git a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix
index 1b53c4a..52838c6 100644
--- a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix
+++ b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix
@@ -7,8 +7,8 @@ let
7 writeText "parameters.yml" '' 7 writeText "parameters.yml" ''
8 # This file is auto-generated during the composer install 8 # This file is auto-generated during the composer install
9 parameters: 9 parameters:
10 database_host: db-1.immae.eu 10 database_host: ${config.mysql.host}
11 database_port: null 11 database_port: ${config.mysql.port}
12 database_name: ${config.mysql.name} 12 database_name: ${config.mysql.name}
13 database_user: ${config.mysql.user} 13 database_user: ${config.mysql.user}
14 database_password: ${config.mysql.password} 14 database_password: ${config.mysql.password}
diff --git a/nixops/modules/websites/tellesflorian/tellesflorian.nix b/nixops/modules/websites/tellesflorian/tellesflorian.nix
index 4237af8..41be4b0 100644
--- a/nixops/modules/websites/tellesflorian/tellesflorian.nix
+++ b/nixops/modules/websites/tellesflorian/tellesflorian.nix
@@ -7,8 +7,8 @@ let
7 writeText "parameters.yml" '' 7 writeText "parameters.yml" ''
8 # This file is auto-generated during the composer install 8 # This file is auto-generated during the composer install
9 parameters: 9 parameters:
10 database_host: db-1.immae.eu 10 database_host: ${config.mysql.host}
11 database_port: null 11 database_port: ${config.mysql.port}
12 database_name: ${config.mysql.name} 12 database_name: ${config.mysql.name}
13 database_user: ${config.mysql.user} 13 database_user: ${config.mysql.user}
14 database_password: ${config.mysql.password} 14 database_password: ${config.mysql.password}
diff --git a/nixops/modules/websites/tools/dav/davical.nix b/nixops/modules/websites/tools/dav/davical.nix
index 4d0639f..3f43607 100644
--- a/nixops/modules/websites/tools/dav/davical.nix
+++ b/nixops/modules/websites/tools/dav/davical.nix
@@ -18,7 +18,7 @@ let
18 davical = rec { 18 davical = rec {
19 config = writeText "davical_config.php" '' 19 config = writeText "davical_config.php" ''
20 <?php 20 <?php
21 $c->pg_connect[] = "dbname=davical user=davical_app host=db-1.immae.eu password=${env.postgresql.password}"; 21 $c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}";
22 22
23 $c->readonly_webdav_collections = false; 23 $c->readonly_webdav_collections = false;
24 24
diff --git a/nixops/modules/websites/tools/diaspora/diaspora.nix b/nixops/modules/websites/tools/diaspora/diaspora.nix
index 798ebe6..765c0a5 100644
--- a/nixops/modules/websites/tools/diaspora/diaspora.nix
+++ b/nixops/modules/websites/tools/diaspora/diaspora.nix
@@ -99,9 +99,9 @@ let
99 database_config = writeText "database.yml" '' 99 database_config = writeText "database.yml" ''
100 postgresql: &postgresql 100 postgresql: &postgresql
101 adapter: postgresql 101 adapter: postgresql
102 host: db-1.immae.eu 102 host: "${env.postgresql.socket}"
103 port: 5432 103 port: "${env.postgresql.port}"
104 username: "diaspora" 104 username: "${env.postgresql.user}"
105 password: "${env.postgresql.password}" 105 password: "${env.postgresql.password}"
106 encoding: unicode 106 encoding: unicode
107 common: &common 107 common: &common
@@ -113,7 +113,7 @@ let
113 database: diaspora_development 113 database: diaspora_development
114 production: 114 production:
115 <<: *combined 115 <<: *combined
116 database: diaspora 116 database: ${env.postgresql.database}
117 test: 117 test:
118 <<: *combined 118 <<: *combined
119 database: "diaspora_test" 119 database: "diaspora_test"
diff --git a/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix b/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix
index bc2ff3a..c6c3bff 100644
--- a/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix
+++ b/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix
@@ -20,10 +20,10 @@ let
20 config = 20 config =
21 writeText "config_inc.php" '' 21 writeText "config_inc.php" ''
22 <?php 22 <?php
23 $g_hostname = 'db-1.immae.eu'; 23 $g_hostname = '${env.postgresql.socket}';
24 $g_db_username = 'mantisbt'; 24 $g_db_username = '${env.postgresql.user}';
25 $g_db_password = '${env.postgresql.password}'; 25 $g_db_password = '${env.postgresql.password}';
26 $g_database_name = 'mantisbt'; 26 $g_database_name = '${env.postgresql.database}';
27 $g_db_type = 'pgsql'; 27 $g_db_type = 'pgsql';
28 $g_crypto_master_salt = '${env.master_salt}'; 28 $g_crypto_master_salt = '${env.master_salt}';
29 $g_allow_signup = OFF; 29 $g_allow_signup = OFF;
diff --git a/nixops/modules/websites/tools/tools/ttrss.nix b/nixops/modules/websites/tools/tools/ttrss.nix
index 76105be..95cca9d 100644
--- a/nixops/modules/websites/tools/tools/ttrss.nix
+++ b/nixops/modules/websites/tools/tools/ttrss.nix
@@ -66,11 +66,11 @@ let
66 define('MYSQL_CHARSET', 'UTF8'); 66 define('MYSQL_CHARSET', 'UTF8');
67 67
68 define('DB_TYPE', 'pgsql'); 68 define('DB_TYPE', 'pgsql');
69 define('DB_HOST', 'db-1.immae.eu'); 69 define('DB_HOST', '${env.postgresql.socket}');
70 define('DB_USER', 'ttrss'); 70 define('DB_USER', '${env.postgresql.user}');
71 define('DB_NAME', 'ttrss'); 71 define('DB_NAME', '${env.postgresql.database}');
72 define('DB_PASS', '${env.postgresql.password}'); 72 define('DB_PASS', '${env.postgresql.password}');
73 define('DB_PORT', '5432'); 73 define('DB_PORT', '${env.postgresql.port}');
74 74
75 define('AUTH_AUTO_CREATE', true); 75 define('AUTH_AUTO_CREATE', true);
76 define('AUTH_AUTO_LOGIN', true); 76 define('AUTH_AUTO_LOGIN', true);
diff --git a/nixops/modules/websites/tools/tools/yourls.nix b/nixops/modules/websites/tools/tools/yourls.nix
index b97dac9..66dd2fd 100644
--- a/nixops/modules/websites/tools/tools/yourls.nix
+++ b/nixops/modules/websites/tools/tools/yourls.nix
@@ -18,9 +18,9 @@ let
18 define( 'YOURLS_DB_USER', '${env.mysql.user}' ); 18 define( 'YOURLS_DB_USER', '${env.mysql.user}' );
19 define( 'YOURLS_DB_PASS', '${env.mysql.password}' ); 19 define( 'YOURLS_DB_PASS', '${env.mysql.password}' );
20 define( 'YOURLS_DB_NAME', '${env.mysql.database}' ); 20 define( 'YOURLS_DB_NAME', '${env.mysql.database}' );
21 define( 'YOURLS_DB_HOST', 'db-1.immae.eu' ); 21 define( 'YOURLS_DB_HOST', '${env.mysql.host}' );
22 define( 'YOURLS_DB_PREFIX', 'yourls_' ); 22 define( 'YOURLS_DB_PREFIX', 'yourls_' );
23 define( 'YOURLS_SITE', 'http://tools.immae.eu/url' ); 23 define( 'YOURLS_SITE', 'https://tools.immae.eu/url' );
24 define( 'YOURLS_HOURS_OFFSET', 0 ); 24 define( 'YOURLS_HOURS_OFFSET', 0 );
25 define( 'YOURLS_LANG', ''' ); 25 define( 'YOURLS_LANG', ''' );
26 define( 'YOURLS_UNIQUE_URLS', true ); 26 define( 'YOURLS_UNIQUE_URLS', true );
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-08 18:04:50 +0000