diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-01-22 12:49:20 +0100 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-01-22 12:49:20 +0100 |
| commit | 9d90e7e281e8f4cf9371c17c812a1ac9c08aa66d (patch) | |
| tree | 0b011ca0aeeef02dce03a3c825d9a037c5cfc01a /virtual | |
| parent | 0f3047a77ee1e0b3d943e39d50301ba85821c572 (diff) | |
| download | Nix-9d90e7e281e8f4cf9371c17c812a1ac9c08aa66d.tar.gz Nix-9d90e7e281e8f4cf9371c17c812a1ac9c08aa66d.tar.zst Nix-9d90e7e281e8f4cf9371c17c812a1ac9c08aa66d.zip | |
Remove use of environment variables
Fixes https://git.immae.eu/mantisbt/view.php?id=113
Diffstat (limited to 'virtual')
32 files changed, 189 insertions, 237 deletions
diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix index 48266c8..337ea2f 100644 --- a/virtual/eldiron.nix +++ b/virtual/eldiron.nix | |||
| @@ -10,6 +10,7 @@ | |||
| 10 | _module.args = { | 10 | _module.args = { |
| 11 | mylibs = import ../libs.nix; | 11 | mylibs = import ../libs.nix; |
| 12 | myconfig = { | 12 | myconfig = { |
| 13 | env = import ./environment.nix; | ||
| 13 | ips = { | 14 | ips = { |
| 14 | main = "176.9.151.89"; | 15 | main = "176.9.151.89"; |
| 15 | production = "176.9.151.154"; | 16 | production = "176.9.151.154"; |
| @@ -40,8 +41,8 @@ | |||
| 40 | deployment = { | 41 | deployment = { |
| 41 | targetEnv = "hetzner"; | 42 | targetEnv = "hetzner"; |
| 42 | hetzner = { | 43 | hetzner = { |
| 43 | #robotUser = "defined in HETZNER_ROBOT_USER"; | 44 | robotUser = myconfig.env.hetzner.user; |
| 44 | #robotPass = "defined in HETZNER_ROBOT_PASS"; | 45 | robotPass = myconfig.env.hetzner.pass; |
| 45 | mainIPv4 = myconfig.ips.main; | 46 | mainIPv4 = myconfig.ips.main; |
| 46 | partitions = '' | 47 | partitions = '' |
| 47 | clearpart --all --initlabel --drives=sda,sdb | 48 | clearpart --all --initlabel --drives=sda,sdb |
| @@ -70,12 +71,11 @@ | |||
| 70 | 71 | ||
| 71 | environment.etc."ssh/ldap_authorized_keys" = let | 72 | environment.etc."ssh/ldap_authorized_keys" = let |
| 72 | ldap_authorized_keys = | 73 | ldap_authorized_keys = |
| 73 | assert checkEnv "NIXOPS_SSHD_LDAP_PASSWORD"; | ||
| 74 | wrap { | 74 | wrap { |
| 75 | name = "ldap_authorized_keys"; | 75 | name = "ldap_authorized_keys"; |
| 76 | file = ./ldap_authorized_keys.sh; | 76 | file = ./ldap_authorized_keys.sh; |
| 77 | vars = { | 77 | vars = { |
| 78 | LDAP_PASS = builtins.getEnv "NIXOPS_SSHD_LDAP_PASSWORD"; | 78 | LDAP_PASS = myconfig.env.sshd.ldap.password; |
| 79 | GITOLITE_SHELL = "${pkgs.gitolite}/bin/gitolite-shell"; | 79 | GITOLITE_SHELL = "${pkgs.gitolite}/bin/gitolite-shell"; |
| 80 | ECHO = "${pkgs.coreutils}/bin/echo"; | 80 | ECHO = "${pkgs.coreutils}/bin/echo"; |
| 81 | }; | 81 | }; |
diff --git a/virtual/modules/databases/default.nix b/virtual/modules/databases/default.nix index e3a5612..0912830 100644 --- a/virtual/modules/databases/default.nix +++ b/virtual/modules/databases/default.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { lib, pkgs, config, mylibs, ... }: | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
| 2 | let | 2 | let |
| 3 | cfg = config.services.myDatabases; | 3 | cfg = config.services.myDatabases; |
| 4 | in { | 4 | in { |
| @@ -112,20 +112,18 @@ in { | |||
| 112 | 112 | ||
| 113 | security.pam.services = let | 113 | security.pam.services = let |
| 114 | pam_ldap = pkgs.pam_ldap; | 114 | pam_ldap = pkgs.pam_ldap; |
| 115 | pam_ldap_mysql = assert mylibs.checkEnv "NIXOPS_MYSQL_PAM_PASSWORD"; | 115 | pam_ldap_mysql = pkgs.writeText "mysql.conf" '' |
| 116 | pkgs.writeText "mysql.conf" '' | ||
| 117 | host ldap.immae.eu | 116 | host ldap.immae.eu |
| 118 | base dc=immae,dc=eu | 117 | base dc=immae,dc=eu |
| 119 | binddn cn=mysql,cn=pam,ou=services,dc=immae,dc=eu | 118 | binddn cn=mysql,cn=pam,ou=services,dc=immae,dc=eu |
| 120 | bindpw ${builtins.getEnv "NIXOPS_MYSQL_PAM_PASSWORD"} | 119 | bindpw ${myconfig.env.databases.mysql.pam_password} |
| 121 | pam_filter memberOf=cn=users,cn=mysql,cn=pam,ou=services,dc=immae,dc=eu | 120 | pam_filter memberOf=cn=users,cn=mysql,cn=pam,ou=services,dc=immae,dc=eu |
| 122 | ''; | 121 | ''; |
| 123 | pam_ldap_postgresql_replication = assert mylibs.checkEnv "NIXOPS_ELDIRON_LDAP_PASSWORD"; | 122 | pam_ldap_postgresql_replication = pkgs.writeText "postgresql.conf" '' |
| 124 | pkgs.writeText "postgresql.conf" '' | ||
| 125 | host ldap.immae.eu | 123 | host ldap.immae.eu |
| 126 | base dc=immae,dc=eu | 124 | base dc=immae,dc=eu |
| 127 | binddn cn=eldiron,ou=hosts,dc=immae,dc=eu | 125 | binddn cn=eldiron,ou=hosts,dc=immae,dc=eu |
| 128 | bindpw ${builtins.getEnv "NIXOPS_ELDIRON_LDAP_PASSWORD"} | 126 | bindpw ${myconfig.env.ldap.password} |
| 129 | pam_login_attribute cn | 127 | pam_login_attribute cn |
| 130 | ''; | 128 | ''; |
| 131 | in [ | 129 | in [ |
diff --git a/virtual/modules/gitolite/default.nix b/virtual/modules/gitolite/default.nix index b8ecb15..21eabc4 100644 --- a/virtual/modules/gitolite/default.nix +++ b/virtual/modules/gitolite/default.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { lib, pkgs, config, mylibs, ... }: | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
| 2 | let | 2 | let |
| 3 | cfg = config.services.myGitolite; | 3 | cfg = config.services.myGitolite; |
| 4 | in { | 4 | in { |
| @@ -33,14 +33,12 @@ in { | |||
| 33 | basePath = "${cfg.gitoliteDir}/repositories"; | 33 | basePath = "${cfg.gitoliteDir}/repositories"; |
| 34 | }; | 34 | }; |
| 35 | 35 | ||
| 36 | system.activationScripts.gitolite = | 36 | system.activationScripts.gitolite = let |
| 37 | assert mylibs.checkEnv "NIXOPS_GITOLITE_LDAP_PASSWORD"; | ||
| 38 | let | ||
| 39 | gitolite_ldap_groups = mylibs.wrap { | 37 | gitolite_ldap_groups = mylibs.wrap { |
| 40 | name = "gitolite_ldap_groups.sh"; | 38 | name = "gitolite_ldap_groups.sh"; |
| 41 | file = ./gitolite_ldap_groups.sh; | 39 | file = ./gitolite_ldap_groups.sh; |
| 42 | vars = { | 40 | vars = { |
| 43 | LDAP_PASS = builtins.getEnv "NIXOPS_GITOLITE_LDAP_PASSWORD"; | 41 | LDAP_PASS = myconfig.env.tools.gitolite.ldap.password; |
| 44 | }; | 42 | }; |
| 45 | paths = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.coreutils ]; | 43 | paths = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.coreutils ]; |
| 46 | }; | 44 | }; |
diff --git a/virtual/modules/websites/aten/aten.nix b/virtual/modules/websites/aten/aten.nix index 7eec525..1520439 100644 --- a/virtual/modules/websites/aten/aten.nix +++ b/virtual/modules/websites/aten/aten.nix | |||
| @@ -1,9 +1,8 @@ | |||
| 1 | { lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, yarn }: | 1 | { lib, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, yarn }: |
| 2 | let | 2 | let |
| 3 | aten = { environment ? "dev" }: rec { | 3 | aten = { config }: rec { |
| 4 | varPrefix = "ATEN"; | 4 | environment = config.environment; |
| 5 | varDir = "/var/lib/aten_${environment}"; | 5 | varDir = "/var/lib/aten_${environment}"; |
| 6 | envName= lib.strings.toUpper environment; | ||
| 7 | phpFpm = rec { | 6 | phpFpm = rec { |
| 8 | socket = "/var/run/phpfpm/aten-${environment}.sock"; | 7 | socket = "/var/run/phpfpm/aten-${environment}.sock"; |
| 9 | pool = '' | 8 | pool = '' |
| @@ -34,17 +33,14 @@ let | |||
| 34 | user = "wwwrun"; | 33 | user = "wwwrun"; |
| 35 | group = "wwwrun"; | 34 | group = "wwwrun"; |
| 36 | modules = [ "proxy_fcgi" ]; | 35 | modules = [ "proxy_fcgi" ]; |
| 37 | vhostConf = | 36 | vhostConf = '' |
| 38 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_SECRET"; | ||
| 39 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_PSQL_URL"; | ||
| 40 | '' | ||
| 41 | <FilesMatch "\.php$"> | 37 | <FilesMatch "\.php$"> |
| 42 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 38 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" |
| 43 | </FilesMatch> | 39 | </FilesMatch> |
| 44 | 40 | ||
| 45 | SetEnv APP_ENV "${environment}" | 41 | SetEnv APP_ENV "${environment}" |
| 46 | SetEnv APP_SECRET "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"} | 42 | SetEnv APP_SECRET "${config.secret}" |
| 47 | SetEnv DATABASE_URL "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_PSQL_URL"} | 43 | SetEnv DATABASE_URL "${config.psql_url}" |
| 48 | 44 | ||
| 49 | ${if environment == "dev" then '' | 45 | ${if environment == "dev" then '' |
| 50 | <Location /> | 46 | <Location /> |
| @@ -96,8 +92,8 @@ let | |||
| 96 | export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt | 92 | export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt |
| 97 | export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt | 93 | export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt |
| 98 | export APP_ENV="${environment}" | 94 | export APP_ENV="${environment}" |
| 99 | export DATABASE_URL="${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_PSQL_URL"}" | 95 | export DATABASE_URL="${config.psql_url}" |
| 100 | export APP_SECRET="${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"}" | 96 | export APP_SECRET="${config.secret}" |
| 101 | 97 | ||
| 102 | ${if environment == "dev" then '' | 98 | ${if environment == "dev" then '' |
| 103 | composer install | 99 | composer install |
diff --git a/virtual/modules/websites/aten/default.nix b/virtual/modules/websites/aten/default.nix index 2f319bb..db2ab49 100644 --- a/virtual/modules/websites/aten/default.nix +++ b/virtual/modules/websites/aten/default.nix | |||
| @@ -1,8 +1,12 @@ | |||
| 1 | { lib, pkgs, config, mylibs, ... }: | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
| 2 | let | 2 | let |
| 3 | aten = pkgs.callPackage ./aten.nix { inherit (mylibs) checkEnv fetchedGitPrivate; }; | 3 | aten = pkgs.callPackage ./aten.nix { inherit (mylibs) fetchedGitPrivate; }; |
| 4 | aten_dev = aten { environment = "dev"; }; | 4 | aten_dev = aten { |
| 5 | aten_prod = aten { environment = "prod"; }; | 5 | config = myconfig.env.websites.aten.integration; |
| 6 | }; | ||
| 7 | aten_prod = aten { | ||
| 8 | config = myconfig.env.websites.aten.production; | ||
| 9 | }; | ||
| 6 | 10 | ||
| 7 | cfg = config.services.myWebsites.Aten; | 11 | cfg = config.services.myWebsites.Aten; |
| 8 | in { | 12 | in { |
diff --git a/virtual/modules/websites/chloe/chloe.nix b/virtual/modules/websites/chloe/chloe.nix index ca34b5a..dcf076d 100644 --- a/virtual/modules/websites/chloe/chloe.nix +++ b/virtual/modules/websites/chloe/chloe.nix | |||
| @@ -1,18 +1,10 @@ | |||
| 1 | { stdenv, lib, checkEnv, fetchzip, fetchurl, fetchedGitPrivate, sassc }: | 1 | { stdenv, lib, fetchzip, fetchurl, fetchedGitPrivate, sassc }: |
| 2 | let | 2 | let |
| 3 | chloe = { environment ? "dev" }: rec { | 3 | chloe = { config }: rec { |
| 4 | varPrefix = "CHLOE"; | 4 | environment = config.environment; |
| 5 | envName= lib.strings.toUpper environment; | ||
| 6 | phpFpm = rec { | 5 | phpFpm = rec { |
| 7 | socket = "/var/run/phpfpm/chloe-${environment}.sock"; | 6 | socket = "/var/run/phpfpm/chloe-${environment}.sock"; |
| 8 | pool = | 7 | pool = '' |
| 9 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"; | ||
| 10 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"; | ||
| 11 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_DB"; | ||
| 12 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_DN"; | ||
| 13 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD"; | ||
| 14 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH"; | ||
| 15 | '' | ||
| 16 | listen = ${socket} | 8 | listen = ${socket} |
| 17 | user = ${apache.user} | 9 | user = ${apache.user} |
| 18 | group = ${apache.group} | 10 | group = ${apache.group} |
| @@ -28,13 +20,13 @@ let | |||
| 28 | env[SPIP_SITE] = "chloe-${environment}" | 20 | env[SPIP_SITE] = "chloe-${environment}" |
| 29 | env[SPIP_LDAP_BASE] = "dc=immae,dc=eu" | 21 | env[SPIP_LDAP_BASE] = "dc=immae,dc=eu" |
| 30 | env[SPIP_LDAP_HOST] = "ldaps://ldap.immae.eu" | 22 | env[SPIP_LDAP_HOST] = "ldaps://ldap.immae.eu" |
| 31 | env[SPIP_LDAP_SEARCH_DN] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_DN"}" | 23 | env[SPIP_LDAP_SEARCH_DN] = "${config.ldap.dn}" |
| 32 | env[SPIP_LDAP_SEARCH_PW] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD"}" | 24 | env[SPIP_LDAP_SEARCH_PW] = "${config.ldap.password}" |
| 33 | env[SPIP_LDAP_SEARCH] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH"}" | 25 | env[SPIP_LDAP_SEARCH] = "${config.ldap.search}" |
| 34 | env[SPIP_MYSQL_HOST] = "db-1.immae.eu" | 26 | env[SPIP_MYSQL_HOST] = "db-1.immae.eu" |
| 35 | env[SPIP_MYSQL_DB] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_DB"}" | 27 | env[SPIP_MYSQL_DB] = "${config.mysql.name}" |
| 36 | env[SPIP_MYSQL_USER] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"}" | 28 | env[SPIP_MYSQL_USER] = "${config.mysql.user}" |
| 37 | env[SPIP_MYSQL_PASSWORD] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"}" | 29 | env[SPIP_MYSQL_PASSWORD] = "${config.mysql.password}" |
| 38 | ${if environment == "dev" then '' | 30 | ${if environment == "dev" then '' |
| 39 | pm = ondemand | 31 | pm = ondemand |
| 40 | pm.max_children = 5 | 32 | pm.max_children = 5 |
diff --git a/virtual/modules/websites/chloe/default.nix b/virtual/modules/websites/chloe/default.nix index de85e92..94cd4be 100644 --- a/virtual/modules/websites/chloe/default.nix +++ b/virtual/modules/websites/chloe/default.nix | |||
| @@ -1,8 +1,12 @@ | |||
| 1 | { lib, pkgs, config, mylibs, ... }: | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
| 2 | let | 2 | let |
| 3 | chloe = pkgs.callPackage ./chloe.nix { inherit (mylibs) checkEnv fetchedGitPrivate; }; | 3 | chloe = pkgs.callPackage ./chloe.nix { inherit (mylibs) fetchedGitPrivate; }; |
| 4 | chloe_dev = chloe { environment = "dev"; }; | 4 | chloe_dev = chloe { |
| 5 | chloe_prod = chloe { environment = "prod"; }; | 5 | config = myconfig.env.websites.chloe.integration; |
| 6 | }; | ||
| 7 | chloe_prod = chloe { | ||
| 8 | config = myconfig.env.websites.chloe.production; | ||
| 9 | }; | ||
| 6 | 10 | ||
| 7 | cfg = config.services.myWebsites.Chloe; | 11 | cfg = config.services.myWebsites.Chloe; |
| 8 | in { | 12 | in { |
diff --git a/virtual/modules/websites/connexionswing/connexionswing.nix b/virtual/modules/websites/connexionswing/connexionswing.nix index 71f3c0b..66c9b53 100644 --- a/virtual/modules/websites/connexionswing/connexionswing.nix +++ b/virtual/modules/websites/connexionswing/connexionswing.nix | |||
| @@ -1,29 +1,25 @@ | |||
| 1 | { lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert }: | 1 | { lib, writeText, fetchedGitPrivate, stdenv, php, git, cacert }: |
| 2 | let | 2 | let |
| 3 | connexionswing = { environment ? "dev" }: rec { | 3 | connexionswing = { config }: rec { |
| 4 | environment = config.environment; | ||
| 4 | varDir = "/var/lib/connexionswing_${environment}"; | 5 | varDir = "/var/lib/connexionswing_${environment}"; |
| 5 | envName= lib.strings.toUpper environment; | 6 | envName= lib.strings.toUpper environment; |
| 6 | configRoot = | 7 | configRoot = |
| 7 | assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_PASSWORD"; | ||
| 8 | assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_USER"; | ||
| 9 | assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_NAME"; | ||
| 10 | assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_SECRET"; | ||
| 11 | assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_EMAIL"; | ||
| 12 | writeText "parameters.yml" '' | 8 | writeText "parameters.yml" '' |
| 13 | # This file is auto-generated during the composer install | 9 | # This file is auto-generated during the composer install |
| 14 | parameters: | 10 | parameters: |
| 15 | database_host: db-1.immae.eu | 11 | database_host: db-1.immae.eu |
| 16 | database_port: null | 12 | database_port: null |
| 17 | database_name: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_NAME"} | 13 | database_name: ${config.mysql.name} |
| 18 | database_user: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_USER"} | 14 | database_user: ${config.mysql.user} |
| 19 | database_password: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_PASSWORD"} | 15 | database_password: ${config.mysql.password} |
| 20 | mailer_transport: smtp | 16 | mailer_transport: smtp |
| 21 | mailer_host: mail.immae.eu | 17 | mailer_host: mail.immae.eu |
| 22 | mailer_user: null | 18 | mailer_user: null |
| 23 | mailer_password: null | 19 | mailer_password: null |
| 24 | subscription_email: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_EMAIL"} | 20 | subscription_email: ${config.email} |
| 25 | allow_robots: true | 21 | allow_robots: true |
| 26 | secret: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_SECRET"} | 22 | secret: ${config.secret} |
| 27 | ''; | 23 | ''; |
| 28 | phpFpm = rec { | 24 | phpFpm = rec { |
| 29 | socket = "/var/run/phpfpm/connexionswing-${environment}.sock"; | 25 | socket = "/var/run/phpfpm/connexionswing-${environment}.sock"; |
diff --git a/virtual/modules/websites/connexionswing/default.nix b/virtual/modules/websites/connexionswing/default.nix index 5667c91..2e4dfc7 100644 --- a/virtual/modules/websites/connexionswing/default.nix +++ b/virtual/modules/websites/connexionswing/default.nix | |||
| @@ -1,8 +1,12 @@ | |||
| 1 | { lib, pkgs, config, mylibs, ... }: | 1 | { lib, pkgs, config, mylibs, myconfig, ... }: |
| 2 | let | 2 | let |
| 3 | connexionswing = pkgs.callPackage ./connexionswing.nix { inherit (mylibs) checkEnv fetchedGitPrivate; }; | 3 | connexionswing = pkgs.callPackage ./connexionswing.nix { inherit (mylibs) fetchedGitPrivate; }; |
| 4 | connexionswing_dev = connexionswing { environment = "dev"; }; | 4 | connexionswing_dev = connexionswing { |
| 5 | connexionswing_prod = connexionswing { environment = "prod"; }; | 5 | config = myconfig.env.websites.connexionswing.integration; |
| 6 | }; | ||
| 7 | connexionswing_prod = connexionswing { | ||
| 8 | config = myconfig.env.websites.connexionswing.production; | ||
| 9 | }; | ||
| 6 | 10 | ||
| 7 | cfg = config.services.myWebsites.Connexionswing; | 11 | cfg = config.services.myWebsites.Connexionswing; |
| 8 | in { | 12 | in { |
diff --git a/virtual/modules/websites/default.nix b/virtual/modules/websites/default.nix index f2f0be1..59b9e47 100644 --- a/virtual/modules/websites/default.nix +++ b/virtual/modules/websites/default.nix | |||
| @@ -1,8 +1,5 @@ | |||
| 1 | { lib, pkgs, config, mylibs, myconfig, ... }: | 1 | { lib, pkgs, config, mylibs, myconfig, ... }: |
| 2 | let | 2 | let |
| 3 | mypkgs = pkgs.callPackage ../../packages.nix { | ||
| 4 | inherit (mylibs) checkEnv fetchedGit fetchedGithub; | ||
| 5 | }; | ||
| 6 | cfg = config.services.myWebsites; | 3 | cfg = config.services.myWebsites; |
| 7 | makeService = name: cfg: let | 4 | makeService = name: cfg: let |
| 8 | toVhost = vhostConf: { | 5 | toVhost = vhostConf: { |
| @@ -205,7 +202,7 @@ in | |||
| 205 | }; | 202 | }; |
| 206 | ldap = { | 203 | ldap = { |
| 207 | modules = [ "ldap" "authnz_ldap" ]; | 204 | modules = [ "ldap" "authnz_ldap" ]; |
| 208 | extraConfig = assert mylibs.checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; '' | 205 | extraConfig = '' |
| 209 | <IfModule ldap_module> | 206 | <IfModule ldap_module> |
| 210 | LDAPSharedCacheSize 500000 | 207 | LDAPSharedCacheSize 500000 |
| 211 | LDAPCacheEntries 1024 | 208 | LDAPCacheEntries 1024 |
| @@ -218,7 +215,7 @@ in | |||
| 218 | <IfModule authnz_ldap_module> | 215 | <IfModule authnz_ldap_module> |
| 219 | AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS | 216 | AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS |
| 220 | AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu | 217 | AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu |
| 221 | AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}" | 218 | AuthLDAPBindPassword "${myconfig.env.httpd.ldap.password}" |
| 222 | AuthType Basic | 219 | AuthType Basic |
| 223 | AuthName "Authentification requise (Acces LDAP)" | 220 | AuthName "Authentification requise (Acces LDAP)" |
| 224 | AuthBasicProvider ldap | 221 | AuthBasicProvider ldap |
diff --git a/virtual/modules/websites/ludivine/default.nix b/virtual/modules/websites/ludivine/default.nix index 6aa1862..d13d700 100644 --- a/virtual/modules/websites/ludivine/default.nix +++ b/virtual/modules/websites/ludivine/default.nix | |||
| @@ -1,8 +1,12 @@ | |||
| 1 | { lib, pkgs, config, mylibs, ... }: | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
| 2 | let | 2 | let |
| 3 | ludivinecassal = pkgs.callPackage ./ludivinecassal.nix { inherit (mylibs) checkEnv fetchedGitPrivate; }; | 3 | ludivinecassal = pkgs.callPackage ./ludivinecassal.nix { inherit (mylibs) fetchedGitPrivate; }; |
| 4 | ludivinecassal_dev = ludivinecassal { environment = "dev"; }; | 4 | ludivinecassal_dev = ludivinecassal { |
| 5 | ludivinecassal_prod = ludivinecassal { environment = "prod"; }; | 5 | config = myconfig.env.websites.ludivinecassal.integration; |
| 6 | }; | ||
| 7 | ludivinecassal_prod = ludivinecassal { | ||
| 8 | config = myconfig.env.websites.ludivinecassal.production; | ||
| 9 | }; | ||
| 6 | 10 | ||
| 7 | cfg = config.services.myWebsites.Ludivine; | 11 | cfg = config.services.myWebsites.Ludivine; |
| 8 | in { | 12 | in { |
diff --git a/virtual/modules/websites/ludivine/ludivinecassal.nix b/virtual/modules/websites/ludivine/ludivinecassal.nix index 138ea9f..342c698 100644 --- a/virtual/modules/websites/ludivine/ludivinecassal.nix +++ b/virtual/modules/websites/ludivine/ludivinecassal.nix | |||
| @@ -1,30 +1,22 @@ | |||
| 1 | { lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, ruby, sass, imagemagick }: | 1 | { lib, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, ruby, sass, imagemagick }: |
| 2 | let | 2 | let |
| 3 | ludivinecassal = { environment ? "dev" }: rec { | 3 | ludivinecassal = { config }: rec { |
| 4 | varPrefix = "LUDIVINECASSAL"; | 4 | environment = config.environment; |
| 5 | varDir = "/var/lib/ludivinecassal_${environment}"; | 5 | varDir = "/var/lib/ludivinecassal_${environment}"; |
| 6 | envName= lib.strings.toUpper environment; | ||
| 7 | configRoot = | 6 | configRoot = |
| 8 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"; | ||
| 9 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"; | ||
| 10 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"; | ||
| 11 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_SECRET"; | ||
| 12 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD"; | ||
| 13 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_DN"; | ||
| 14 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_FILTER"; | ||
| 15 | writeText "parameters.yml" '' | 7 | writeText "parameters.yml" '' |
| 16 | # This file is auto-generated during the composer install | 8 | # This file is auto-generated during the composer install |
| 17 | parameters: | 9 | parameters: |
| 18 | database_host: db-1.immae.eu | 10 | database_host: db-1.immae.eu |
| 19 | database_port: null | 11 | database_port: null |
| 20 | database_name: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"} | 12 | database_name: ${config.mysql.name} |
| 21 | database_user: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"} | 13 | database_user: ${config.mysql.user} |
| 22 | database_password: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"} | 14 | database_password: ${config.mysql.password} |
| 23 | mailer_transport: smtp | 15 | mailer_transport: smtp |
| 24 | mailer_host: mail.immae.eu | 16 | mailer_host: mail.immae.eu |
| 25 | mailer_user: null | 17 | mailer_user: null |
| 26 | mailer_password: null | 18 | mailer_password: null |
| 27 | secret: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"} | 19 | secret: ${config.secret} |
| 28 | ldap_host: ldap.immae.eu | 20 | ldap_host: ldap.immae.eu |
| 29 | ldap_port: 636 | 21 | ldap_port: 636 |
| 30 | ldap_version: 3 | 22 | ldap_version: 3 |
| @@ -32,9 +24,9 @@ let | |||
| 32 | ldap_tls: false | 24 | ldap_tls: false |
| 33 | ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu' | 25 | ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu' |
| 34 | ldap_base_dn: 'dc=immae,dc=eu' | 26 | ldap_base_dn: 'dc=immae,dc=eu' |
| 35 | ldap_search_dn: '${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_DN"}' | 27 | ldap_search_dn: '${config.ldap.dn}' |
| 36 | ldap_search_password: '${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD"}' | 28 | ldap_search_password: '${config.ldap.password}' |
| 37 | ldap_search_filter: '${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_FILTER"}' | 29 | ldap_search_filter: '${config.ldap.search}' |
| 38 | leapt_im: | 30 | leapt_im: |
| 39 | binary_path: ${imagemagick}/bin | 31 | binary_path: ${imagemagick}/bin |
| 40 | assetic: | 32 | assetic: |
diff --git a/virtual/modules/websites/piedsjaloux/default.nix b/virtual/modules/websites/piedsjaloux/default.nix index 80261a3..f1bb760 100644 --- a/virtual/modules/websites/piedsjaloux/default.nix +++ b/virtual/modules/websites/piedsjaloux/default.nix | |||
| @@ -1,8 +1,12 @@ | |||
| 1 | { lib, pkgs, config, mylibs, ... }: | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
| 2 | let | 2 | let |
| 3 | piedsjaloux = pkgs.callPackage ./piedsjaloux.nix { inherit (mylibs) checkEnv fetchedGitPrivate; }; | 3 | piedsjaloux = pkgs.callPackage ./piedsjaloux.nix { inherit (mylibs) fetchedGitPrivate; }; |
| 4 | piedsjaloux_dev = piedsjaloux { environment = "dev"; }; | 4 | piedsjaloux_dev = piedsjaloux { |
| 5 | piedsjaloux_prod = piedsjaloux { environment = "prod"; }; | 5 | config = myconfig.env.websites.piedsjaloux.integration; |
| 6 | }; | ||
| 7 | piedsjaloux_prod = piedsjaloux { | ||
| 8 | config = myconfig.env.websites.piedsjaloux.production; | ||
| 9 | }; | ||
| 6 | 10 | ||
| 7 | cfg = config.services.myWebsites.PiedsJaloux; | 11 | cfg = config.services.myWebsites.PiedsJaloux; |
| 8 | in { | 12 | in { |
diff --git a/virtual/modules/websites/piedsjaloux/piedsjaloux.nix b/virtual/modules/websites/piedsjaloux/piedsjaloux.nix index 4bbf148..3d30b89 100644 --- a/virtual/modules/websites/piedsjaloux/piedsjaloux.nix +++ b/virtual/modules/websites/piedsjaloux/piedsjaloux.nix | |||
| @@ -1,27 +1,22 @@ | |||
| 1 | { lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, texlive, imagemagick }: | 1 | { lib, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, texlive, imagemagick }: |
| 2 | let | 2 | let |
| 3 | piedsjaloux = { environment ? "dev" }: rec { | 3 | piedsjaloux = { config }: rec { |
| 4 | varPrefix = "PIEDSJALOUX"; | 4 | environment = config.environment; |
| 5 | varDir = "/var/lib/piedsjaloux_${environment}"; | 5 | varDir = "/var/lib/piedsjaloux_${environment}"; |
| 6 | envName= lib.strings.toUpper environment; | ||
| 7 | configRoot = | 6 | configRoot = |
| 8 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"; | ||
| 9 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"; | ||
| 10 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"; | ||
| 11 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_SECRET"; | ||
| 12 | writeText "parameters.yml" '' | 7 | writeText "parameters.yml" '' |
| 13 | # This file is auto-generated during the composer install | 8 | # This file is auto-generated during the composer install |
| 14 | parameters: | 9 | parameters: |
| 15 | database_host: db-1.immae.eu | 10 | database_host: db-1.immae.eu |
| 16 | database_port: null | 11 | database_port: null |
| 17 | database_name: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"} | 12 | database_name: ${config.mysql.name} |
| 18 | database_user: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"} | 13 | database_user: ${config.mysql.user} |
| 19 | database_password: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"} | 14 | database_password: ${config.mysql.password} |
| 20 | mailer_transport: smtp | 15 | mailer_transport: smtp |
| 21 | mailer_host: mail.immae.eu | 16 | mailer_host: mail.immae.eu |
| 22 | mailer_user: null | 17 | mailer_user: null |
| 23 | mailer_password: null | 18 | mailer_password: null |
| 24 | secret: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"} | 19 | secret: ${config.secret} |
| 25 | pdflatex: "${texlive.combine { inherit (texlive) attachfile preprint scheme-small; }}/bin/pdflatex" | 20 | pdflatex: "${texlive.combine { inherit (texlive) attachfile preprint scheme-small; }}/bin/pdflatex" |
| 26 | leapt_im: | 21 | leapt_im: |
| 27 | binary_path: ${imagemagick}/bin | 22 | binary_path: ${imagemagick}/bin |
diff --git a/virtual/modules/websites/tellesflorian/default.nix b/virtual/modules/websites/tellesflorian/default.nix index 8f8c35a..f347169 100644 --- a/virtual/modules/websites/tellesflorian/default.nix +++ b/virtual/modules/websites/tellesflorian/default.nix | |||
| @@ -1,9 +1,11 @@ | |||
| 1 | { lib, pkgs, config, mylibs, ... }: | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
| 2 | let | 2 | let |
| 3 | adminer = pkgs.callPackage ../commons/adminer.nix {}; | 3 | adminer = pkgs.callPackage ../commons/adminer.nix {}; |
| 4 | 4 | ||
| 5 | tellesflorian = pkgs.callPackage ./tellesflorian.nix { inherit (mylibs) checkEnv fetchedGitPrivate; }; | 5 | tellesflorian = pkgs.callPackage ./tellesflorian.nix { inherit (mylibs) fetchedGitPrivate; }; |
| 6 | tellesflorian_dev = tellesflorian { environment = "dev"; }; | 6 | tellesflorian_dev = tellesflorian { |
| 7 | config = myconfig.env.websites.tellesflorian.integration; | ||
| 8 | }; | ||
| 7 | 9 | ||
| 8 | cfg = config.services.myWebsites.TellesFlorian; | 10 | cfg = config.services.myWebsites.TellesFlorian; |
| 9 | in { | 11 | in { |
diff --git a/virtual/modules/websites/tellesflorian/tellesflorian.nix b/virtual/modules/websites/tellesflorian/tellesflorian.nix index 2191b31..03b1faf 100644 --- a/virtual/modules/websites/tellesflorian/tellesflorian.nix +++ b/virtual/modules/websites/tellesflorian/tellesflorian.nix | |||
| @@ -1,27 +1,22 @@ | |||
| 1 | { lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages }: | 1 | { lib, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages }: |
| 2 | let | 2 | let |
| 3 | tellesflorian = { environment ? "dev" }: rec { | 3 | tellesflorian = { config }: rec { |
| 4 | varPrefix = "TELLESFLORIAN"; | 4 | environment = config.environment; |
| 5 | varDir = "/var/lib/tellesflorian_${environment}"; | 5 | varDir = "/var/lib/tellesflorian_${environment}"; |
| 6 | envName= lib.strings.toUpper environment; | ||
| 7 | configRoot = | 6 | configRoot = |
| 8 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"; | ||
| 9 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"; | ||
| 10 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"; | ||
| 11 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_SECRET"; | ||
| 12 | writeText "parameters.yml" '' | 7 | writeText "parameters.yml" '' |
| 13 | # This file is auto-generated during the composer install | 8 | # This file is auto-generated during the composer install |
| 14 | parameters: | 9 | parameters: |
| 15 | database_host: db-1.immae.eu | 10 | database_host: db-1.immae.eu |
| 16 | database_port: null | 11 | database_port: null |
| 17 | database_name: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"} | 12 | database_name: ${config.mysql.name} |
| 18 | database_user: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"} | 13 | database_user: ${config.mysql.user} |
| 19 | database_password: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"} | 14 | database_password: ${config.mysql.password} |
| 20 | mailer_transport: smtp | 15 | mailer_transport: smtp |
| 21 | mailer_host: mail.immae.eu | 16 | mailer_host: mail.immae.eu |
| 22 | mailer_user: null | 17 | mailer_user: null |
| 23 | mailer_password: null | 18 | mailer_password: null |
| 24 | secret: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"} | 19 | secret: ${config.secret} |
| 25 | ''; | 20 | ''; |
| 26 | phpFpm = rec { | 21 | phpFpm = rec { |
| 27 | socket = "/var/run/phpfpm/floriantelles-${environment}.sock"; | 22 | socket = "/var/run/phpfpm/floriantelles-${environment}.sock"; |
| @@ -49,10 +44,8 @@ let | |||
| 49 | pm.max_spare_servers = 3 | 44 | pm.max_spare_servers = 3 |
| 50 | ''}''; | 45 | ''}''; |
| 51 | }; | 46 | }; |
| 52 | passwords = | 47 | passwords = writeText "tellesflorian_passwords" '' |
| 53 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_INVITE_PASSWORDS"; | 48 | invite:${config.invite_passwords} |
| 54 | writeText "tellesflorian_passwords" '' | ||
| 55 | invite:${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_INVITE_PASSWORDS"} | ||
| 56 | ''; | 49 | ''; |
| 57 | apache = { | 50 | apache = { |
| 58 | user = "wwwrun"; | 51 | user = "wwwrun"; |
diff --git a/virtual/modules/websites/tools/cloud/default.nix b/virtual/modules/websites/tools/cloud/default.nix index 7dd5c6e..241b982 100644 --- a/virtual/modules/websites/tools/cloud/default.nix +++ b/virtual/modules/websites/tools/cloud/default.nix | |||
| @@ -1,6 +1,8 @@ | |||
| 1 | { lib, pkgs, config, mylibs, ... }: | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
| 2 | let | 2 | let |
| 3 | nextcloud = pkgs.callPackage ./nextcloud.nix { inherit (mylibs) checkEnv; }; | 3 | nextcloud = pkgs.callPackage ./nextcloud.nix { |
| 4 | env = myconfig.env.tools.nextcloud; | ||
| 5 | }; | ||
| 4 | 6 | ||
| 5 | cfg = config.services.myWebsites.tools.cloud; | 7 | cfg = config.services.myWebsites.tools.cloud; |
| 6 | in { | 8 | in { |
diff --git a/virtual/modules/websites/tools/cloud/nextcloud.nix b/virtual/modules/websites/tools/cloud/nextcloud.nix index b9c8d04..815254b 100644 --- a/virtual/modules/websites/tools/cloud/nextcloud.nix +++ b/virtual/modules/websites/tools/cloud/nextcloud.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { stdenv, fetchurl, checkEnv, writeText, lib, phpPackages, php }: | 1 | { stdenv, fetchurl, env, writeText, lib, phpPackages, php }: |
| 2 | let | 2 | let |
| 3 | nextcloud = let | 3 | nextcloud = let |
| 4 | buildApp = { appName, version, url, sha256, installPhase ? "mkdir -p $out && cp -R . $out/" }: | 4 | buildApp = { appName, version, url, sha256, installPhase ? "mkdir -p $out && cp -R . $out/" }: |
| @@ -96,27 +96,20 @@ let | |||
| 96 | }; | 96 | }; |
| 97 | in rec { | 97 | in rec { |
| 98 | varDir = "/var/lib/nextcloud"; | 98 | varDir = "/var/lib/nextcloud"; |
| 99 | config_php = | 99 | config_php = writeText "config.php" '' |
| 100 | assert checkEnv "NIXOPS_NEXTCLOUD_PASSWORD_SALT"; | ||
| 101 | assert checkEnv "NIXOPS_NEXTCLOUD_DB_USER"; | ||
| 102 | assert checkEnv "NIXOPS_NEXTCLOUD_DB_PASSWORD"; | ||
| 103 | assert checkEnv "NIXOPS_NEXTCLOUD_INSTANCE_ID"; | ||
| 104 | assert checkEnv "NIXOPS_NEXTCLOUD_SECRET"; | ||
| 105 | assert checkEnv "NIXOPS_NEXTCLOUD_REDIS_DB_INDEX"; | ||
| 106 | writeText "config.php" '' | ||
| 107 | <?php | 100 | <?php |
| 108 | $CONFIG = array ( | 101 | $CONFIG = array ( |
| 109 | 'instanceid' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_INSTANCE_ID"}', | 102 | 'instanceid' => '${env.instance_id}', |
| 110 | 'datadirectory' => '/var/lib/nextcloud/', | 103 | 'datadirectory' => '/var/lib/nextcloud/', |
| 111 | 'passwordsalt' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_PASSWORD_SALT"}', | 104 | 'passwordsalt' => '${env.password_salt}', |
| 112 | 'debug' => false, | 105 | 'debug' => false, |
| 113 | 'dbtype' => 'pgsql', | 106 | 'dbtype' => 'pgsql', |
| 114 | 'version' => '15.0.0.10', | 107 | 'version' => '15.0.0.10', |
| 115 | 'dbname' => 'webapps', | 108 | 'dbname' => 'webapps', |
| 116 | 'dbhost' => '/run/postgresql', | 109 | 'dbhost' => '/run/postgresql', |
| 117 | 'dbtableprefix' => 'oc_', | 110 | 'dbtableprefix' => 'oc_', |
| 118 | 'dbuser' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_DB_USER"}', | 111 | 'dbuser' => '${env.postgresql.user}', |
| 119 | 'dbpassword' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_DB_PASSWORD"}', | 112 | 'dbpassword' => '${env.postgresql.password}', |
| 120 | 'installed' => true, | 113 | 'installed' => true, |
| 121 | 'maxZipInputSize' => 0, | 114 | 'maxZipInputSize' => 0, |
| 122 | 'allowZipDownload' => true, | 115 | 'allowZipDownload' => true, |
| @@ -127,7 +120,7 @@ let | |||
| 127 | array ( | 120 | array ( |
| 128 | 0 => 'cloud.immae.eu', | 121 | 0 => 'cloud.immae.eu', |
| 129 | ), | 122 | ), |
| 130 | 'secret' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_SECRET"}', | 123 | 'secret' => '${env.secret}', |
| 131 | 'appstoreenabled' => false, | 124 | 'appstoreenabled' => false, |
| 132 | 'appstore.experimental.enabled' => true, | 125 | 'appstore.experimental.enabled' => true, |
| 133 | 'loglevel' => 0, | 126 | 'loglevel' => 0, |
| @@ -147,7 +140,7 @@ let | |||
| 147 | array ( | 140 | array ( |
| 148 | 'host' => 'localhost', | 141 | 'host' => 'localhost', |
| 149 | 'port' => 6379, | 142 | 'port' => 6379, |
| 150 | 'dbindex' => ${builtins.getEnv "NIXOPS_NEXTCLOUD_REDIS_DB_INDEX"}, | 143 | 'dbindex' => ${env.redis.db_index}, |
| 151 | ), | 144 | ), |
| 152 | 'overwrite.cli.url' => 'https://cloud.immae.eu', | 145 | 'overwrite.cli.url' => 'https://cloud.immae.eu', |
| 153 | 'ldapIgnoreNamingRules' => false, | 146 | 'ldapIgnoreNamingRules' => false, |
diff --git a/virtual/modules/websites/tools/dav/davical.nix b/virtual/modules/websites/tools/dav/davical.nix index cf528ad..4d0639f 100644 --- a/virtual/modules/websites/tools/dav/davical.nix +++ b/virtual/modules/websites/tools/dav/davical.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { stdenv, fetchurl, gettext, writeText, checkEnv }: | 1 | { stdenv, fetchurl, gettext, writeText, env }: |
| 2 | let | 2 | let |
| 3 | awl = stdenv.mkDerivation rec { | 3 | awl = stdenv.mkDerivation rec { |
| 4 | version = "0.59"; | 4 | version = "0.59"; |
| @@ -16,12 +16,9 @@ let | |||
| 16 | ''; | 16 | ''; |
| 17 | }; | 17 | }; |
| 18 | davical = rec { | 18 | davical = rec { |
| 19 | config = | 19 | config = writeText "davical_config.php" '' |
| 20 | assert checkEnv "NIXOPS_DAVICAL_DB_PASSWORD"; | ||
| 21 | assert checkEnv "NIXOPS_DAVICAL_LDAP_PASSWORD"; | ||
| 22 | writeText "davical_config.php" '' | ||
| 23 | <?php | 20 | <?php |
| 24 | $c->pg_connect[] = "dbname=davical user=davical_app host=db-1.immae.eu password=${builtins.getEnv "NIXOPS_DAVICAL_DB_PASSWORD"}"; | 21 | $c->pg_connect[] = "dbname=davical user=davical_app host=db-1.immae.eu password=${env.postgresql.password}"; |
| 25 | 22 | ||
| 26 | $c->readonly_webdav_collections = false; | 23 | $c->readonly_webdav_collections = false; |
| 27 | 24 | ||
| @@ -44,7 +41,7 @@ let | |||
| 44 | 'port' => '389', | 41 | 'port' => '389', |
| 45 | 'startTLS' => 'yes', | 42 | 'startTLS' => 'yes', |
| 46 | 'bindDN'=> 'cn=davical,ou=services,dc=immae,dc=eu', | 43 | 'bindDN'=> 'cn=davical,ou=services,dc=immae,dc=eu', |
| 47 | 'passDN'=> '${builtins.getEnv "NIXOPS_DAVICAL_LDAP_PASSWORD"}', | 44 | 'passDN'=> '${env.ldap.password}', |
| 48 | 'protocolVersion' => '3', | 45 | 'protocolVersion' => '3', |
| 49 | 'baseDNUsers'=> array('ou=users,dc=immae,dc=eu', 'ou=group_users,dc=immae,dc=eu'), | 46 | 'baseDNUsers'=> array('ou=users,dc=immae,dc=eu', 'ou=group_users,dc=immae,dc=eu'), |
| 50 | 'filterUsers' => 'memberOf=cn=users,cn=davical,ou=services,dc=immae,dc=eu', | 47 | 'filterUsers' => 'memberOf=cn=users,cn=davical,ou=services,dc=immae,dc=eu', |
diff --git a/virtual/modules/websites/tools/dav/default.nix b/virtual/modules/websites/tools/dav/default.nix index 201da38..ef9735e 100644 --- a/virtual/modules/websites/tools/dav/default.nix +++ b/virtual/modules/websites/tools/dav/default.nix | |||
| @@ -1,7 +1,9 @@ | |||
| 1 | { lib, pkgs, config, mylibs, ... }: | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
| 2 | let | 2 | let |
| 3 | infcloud = pkgs.callPackage ./infcloud.nix {}; | 3 | infcloud = pkgs.callPackage ./infcloud.nix {}; |
| 4 | davical = pkgs.callPackage ./davical.nix { inherit (mylibs) checkEnv; }; | 4 | davical = pkgs.callPackage ./davical.nix { |
| 5 | env = myconfig.env.tools.davical; | ||
| 6 | }; | ||
| 5 | 7 | ||
| 6 | cfg = config.services.myWebsites.tools.dav; | 8 | cfg = config.services.myWebsites.tools.dav; |
| 7 | in { | 9 | in { |
diff --git a/virtual/modules/websites/tools/diaspora/default.nix b/virtual/modules/websites/tools/diaspora/default.nix index 8285d6c..b15b9ce 100644 --- a/virtual/modules/websites/tools/diaspora/default.nix +++ b/virtual/modules/websites/tools/diaspora/default.nix | |||
| @@ -1,7 +1,8 @@ | |||
| 1 | { lib, pkgs, config, mylibs, ... }: | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
| 2 | let | 2 | let |
| 3 | diaspora = pkgs.callPackage ./diaspora.nix { | 3 | diaspora = pkgs.callPackage ./diaspora.nix { |
| 4 | inherit (mylibs) fetchedGithub checkEnv; | 4 | inherit (mylibs) fetchedGithub; |
| 5 | env = myconfig.env.tools.diaspora; | ||
| 5 | }; | 6 | }; |
| 6 | 7 | ||
| 7 | cfg = config.services.myWebsites.tools.diaspora; | 8 | cfg = config.services.myWebsites.tools.diaspora; |
diff --git a/virtual/modules/websites/tools/diaspora/diaspora.nix b/virtual/modules/websites/tools/diaspora/diaspora.nix index 961e1f8..39de202 100644 --- a/virtual/modules/websites/tools/diaspora/diaspora.nix +++ b/virtual/modules/websites/tools/diaspora/diaspora.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { checkEnv, fetchedGithub, stdenv, defaultGemConfig, writeText, bundlerEnv, ruby_2_4, pkgs, cacert }: | 1 | { env, fetchedGithub, stdenv, defaultGemConfig, writeText, bundlerEnv, ruby_2_4, pkgs, cacert }: |
| 2 | let | 2 | let |
| 3 | gems = bundlerEnv { | 3 | gems = bundlerEnv { |
| 4 | name = "diaspora-env"; | 4 | name = "diaspora-env"; |
| @@ -30,13 +30,10 @@ let | |||
| 30 | ''; | 30 | ''; |
| 31 | propagatedBuildInputs = buildInputs; | 31 | propagatedBuildInputs = buildInputs; |
| 32 | }); | 32 | }); |
| 33 | secret_token = assert checkEnv "NIXOPS_DIASPORA_SECRET_TOKEN"; | 33 | secret_token = writeText "secret_token.rb" '' |
| 34 | writeText "secret_token.rb" '' | 34 | Diaspora::Application.config.secret_key_base = '${env.secret_token}' |
| 35 | Diaspora::Application.config.secret_key_base = '${builtins.getEnv "NIXOPS_DIASPORA_SECRET_TOKEN"}' | ||
| 36 | ''; | 35 | ''; |
| 37 | config = | 36 | config = writeText "diaspora.yml" '' |
| 38 | assert checkEnv "NIXOPS_DIASPORA_LDAP_PASSWORD"; | ||
| 39 | writeText "diaspora.yml" '' | ||
| 40 | configuration: | 37 | configuration: |
| 41 | environment: | 38 | environment: |
| 42 | url: "https://diaspora.immae.eu/" | 39 | url: "https://diaspora.immae.eu/" |
| @@ -101,7 +98,7 @@ let | |||
| 101 | skip_email_confirmation: true | 98 | skip_email_confirmation: true |
| 102 | use_bind_dn: true | 99 | use_bind_dn: true |
| 103 | bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu" | 100 | bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu" |
| 104 | bind_pw: "${builtins.getEnv "NIXOPS_DIASPORA_LDAP_PASSWORD"}" | 101 | bind_pw: "${env.ldap.password}" |
| 105 | search_base: "dc=immae,dc=eu" | 102 | search_base: "dc=immae,dc=eu" |
| 106 | search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))" | 103 | search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))" |
| 107 | production: | 104 | production: |
| @@ -109,15 +106,13 @@ let | |||
| 109 | development: | 106 | development: |
| 110 | environment: | 107 | environment: |
| 111 | ''; | 108 | ''; |
| 112 | database_config = | 109 | database_config = writeText "database.yml" '' |
| 113 | assert checkEnv "NIXOPS_DIASPORA_SQL_PASSWORD"; | ||
| 114 | writeText "database.yml" '' | ||
| 115 | postgresql: &postgresql | 110 | postgresql: &postgresql |
| 116 | adapter: postgresql | 111 | adapter: postgresql |
| 117 | host: db-1.immae.eu | 112 | host: db-1.immae.eu |
| 118 | port: 5432 | 113 | port: 5432 |
| 119 | username: "diaspora" | 114 | username: "diaspora" |
| 120 | password: "${builtins.getEnv "NIXOPS_DIASPORA_SQL_PASSWORD"}" | 115 | password: "${env.postgresql.password}" |
| 121 | encoding: unicode | 116 | encoding: unicode |
| 122 | common: &common | 117 | common: &common |
| 123 | <<: *postgresql | 118 | <<: *postgresql |
diff --git a/virtual/modules/websites/tools/git/default.nix b/virtual/modules/websites/tools/git/default.nix index f53350e..91aa1d0 100644 --- a/virtual/modules/websites/tools/git/default.nix +++ b/virtual/modules/websites/tools/git/default.nix | |||
| @@ -1,6 +1,9 @@ | |||
| 1 | { lib, pkgs, config, mylibs, ... }: | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
| 2 | let | 2 | let |
| 3 | mantisbt = pkgs.callPackage ./mantisbt/mantisbt.nix { inherit (mylibs) checkEnv fetchedGithub; }; | 3 | mantisbt = pkgs.callPackage ./mantisbt/mantisbt.nix { |
| 4 | inherit (mylibs) fetchedGithub; | ||
| 5 | env = myconfig.env.tools.mantisbt; | ||
| 6 | }; | ||
| 4 | gitweb = pkgs.callPackage ./gitweb/gitweb.nix { gitoliteDir = config.services.myGitolite.gitoliteDir; }; | 7 | gitweb = pkgs.callPackage ./gitweb/gitweb.nix { gitoliteDir = config.services.myGitolite.gitoliteDir; }; |
| 5 | 8 | ||
| 6 | cfg = config.services.myWebsites.tools.git; | 9 | cfg = config.services.myWebsites.tools.git; |
diff --git a/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix b/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix index c1cb60d..bc2ff3a 100644 --- a/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix +++ b/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { lib, checkEnv, writeText, stdenv, fetchurl, fetchedGithub }: | 1 | { lib, env, writeText, stdenv, fetchurl, fetchedGithub }: |
| 2 | let | 2 | let |
| 3 | mantisbt = let | 3 | mantisbt = let |
| 4 | plugins = { | 4 | plugins = { |
| @@ -18,17 +18,14 @@ let | |||
| 18 | }; | 18 | }; |
| 19 | in rec { | 19 | in rec { |
| 20 | config = | 20 | config = |
| 21 | assert checkEnv "NIXOPS_MANTISBT_DB_PASSWORD"; | ||
| 22 | assert checkEnv "NIXOPS_MANTISBT_MASTER_SALT"; | ||
| 23 | assert checkEnv "NIXOPS_MANTISBT_LDAP_PASSWORD"; | ||
| 24 | writeText "config_inc.php" '' | 21 | writeText "config_inc.php" '' |
| 25 | <?php | 22 | <?php |
| 26 | $g_hostname = 'db-1.immae.eu'; | 23 | $g_hostname = 'db-1.immae.eu'; |
| 27 | $g_db_username = 'mantisbt'; | 24 | $g_db_username = 'mantisbt'; |
| 28 | $g_db_password = '${builtins.getEnv "NIXOPS_MANTISBT_DB_PASSWORD"}'; | 25 | $g_db_password = '${env.postgresql.password}'; |
| 29 | $g_database_name = 'mantisbt'; | 26 | $g_database_name = 'mantisbt'; |
| 30 | $g_db_type = 'pgsql'; | 27 | $g_db_type = 'pgsql'; |
| 31 | $g_crypto_master_salt = '${builtins.getEnv "NIXOPS_MANTISBT_MASTER_SALT"}'; | 28 | $g_crypto_master_salt = '${env.master_salt}'; |
| 32 | $g_allow_signup = OFF; | 29 | $g_allow_signup = OFF; |
| 33 | $g_allow_anonymous_login = ON; | 30 | $g_allow_anonymous_login = ON; |
| 34 | $g_anonymous_account = 'anonymous'; | 31 | $g_anonymous_account = 'anonymous'; |
| @@ -48,7 +45,7 @@ let | |||
| 48 | $g_ldap_server = 'ldaps://ldap.immae.eu:636'; | 45 | $g_ldap_server = 'ldaps://ldap.immae.eu:636'; |
| 49 | $g_ldap_root_dn = 'ou=users,dc=immae,dc=eu'; | 46 | $g_ldap_root_dn = 'ou=users,dc=immae,dc=eu'; |
| 50 | $g_ldap_bind_dn = 'cn=mantisbt,ou=services,dc=immae,dc=eu'; | 47 | $g_ldap_bind_dn = 'cn=mantisbt,ou=services,dc=immae,dc=eu'; |
| 51 | $g_ldap_bind_passwd = '${builtins.getEnv "NIXOPS_MANTISBT_LDAP_PASSWORD"}'; | 48 | $g_ldap_bind_passwd = '${env.ldap.password}'; |
| 52 | $g_use_ldap_email = ON; | 49 | $g_use_ldap_email = ON; |
| 53 | $g_use_ldap_realname = ON; | 50 | $g_use_ldap_realname = ON; |
| 54 | $g_ldap_uid_field = 'uid'; | 51 | $g_ldap_uid_field = 'uid'; |
diff --git a/virtual/modules/websites/tools/mastodon/default.nix b/virtual/modules/websites/tools/mastodon/default.nix index 25a389b..98ab9be 100644 --- a/virtual/modules/websites/tools/mastodon/default.nix +++ b/virtual/modules/websites/tools/mastodon/default.nix | |||
| @@ -1,7 +1,8 @@ | |||
| 1 | { lib, pkgs, config, mylibs, ... }: | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
| 2 | let | 2 | let |
| 3 | mastodon = pkgs.callPackage ./mastodon.nix { | 3 | mastodon = pkgs.callPackage ./mastodon.nix { |
| 4 | inherit (mylibs) fetchedGithub checkEnv; | 4 | inherit (mylibs) fetchedGithub; |
| 5 | env = myconfig.env.tools.mastodon; | ||
| 5 | }; | 6 | }; |
| 6 | 7 | ||
| 7 | cfg = config.services.myWebsites.tools.mastodon; | 8 | cfg = config.services.myWebsites.tools.mastodon; |
diff --git a/virtual/modules/websites/tools/mastodon/mastodon.nix b/virtual/modules/websites/tools/mastodon/mastodon.nix index e948852..463de1c 100644 --- a/virtual/modules/websites/tools/mastodon/mastodon.nix +++ b/virtual/modules/websites/tools/mastodon/mastodon.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { checkEnv, fetchedGithub, stdenv, writeText, pkgs, cacert }: | 1 | { env, fetchedGithub, stdenv, writeText, pkgs, cacert }: |
| 2 | let | 2 | let |
| 3 | varDir = "/var/lib/mastodon_immae"; | 3 | varDir = "/var/lib/mastodon_immae"; |
| 4 | socketsDir = "/run/mastodon"; | 4 | socketsDir = "/run/mastodon"; |
| @@ -21,35 +21,26 @@ let | |||
| 21 | jemalloc which postgresql python3 cacert | 21 | jemalloc which postgresql python3 cacert |
| 22 | ]; | 22 | ]; |
| 23 | }); | 23 | }); |
| 24 | config = | 24 | config = writeText "mastodon_environment" '' |
| 25 | assert checkEnv "NIXOPS_MASTODON_DB_PASS"; | ||
| 26 | assert checkEnv "NIXOPS_MASTODON_PAPERCLIP_SECRET"; | ||
| 27 | assert checkEnv "NIXOPS_MASTODON_SECRET_KEY_BASE"; | ||
| 28 | assert checkEnv "NIXOPS_MASTODON_OTP_SECRET"; | ||
| 29 | assert checkEnv "NIXOPS_MASTODON_VAPID_PRIVATE_KEY"; | ||
| 30 | assert checkEnv "NIXOPS_MASTODON_VAPID_PUBLIC_KEY"; | ||
| 31 | assert checkEnv "NIXOPS_MASTODON_OTP_SECRET"; | ||
| 32 | assert checkEnv "NIXOPS_MASTODON_LDAP_PASSWORD"; | ||
| 33 | writeText "mastodon_environment" '' | ||
| 34 | REDIS_HOST=localhost | 25 | REDIS_HOST=localhost |
| 35 | REDIS_PORT=6379 | 26 | REDIS_PORT=6379 |
| 36 | REDIS_DB=13 | 27 | REDIS_DB=13 |
| 37 | DB_HOST=/run/postgresql | 28 | DB_HOST=/run/postgresql |
| 38 | DB_USER=mastodon | 29 | DB_USER=mastodon |
| 39 | DB_NAME=mastodon | 30 | DB_NAME=mastodon |
| 40 | DB_PASS=${builtins.getEnv "NIXOPS_MASTODON_DB_PASS"} | 31 | DB_PASS=${env.postgresql.password} |
| 41 | DB_PORT=5432 | 32 | DB_PORT=5432 |
| 42 | 33 | ||
| 43 | LOCAL_DOMAIN=mastodon.immae.eu | 34 | LOCAL_DOMAIN=mastodon.immae.eu |
| 44 | LOCAL_HTTPS=true | 35 | LOCAL_HTTPS=true |
| 45 | ALTERNATE_DOMAINS=immae.eu | 36 | ALTERNATE_DOMAINS=immae.eu |
| 46 | 37 | ||
| 47 | PAPERCLIP_SECRET=${builtins.getEnv "NIXOPS_MASTODON_PAPERCLIP_SECRET"} | 38 | PAPERCLIP_SECRET=${env.paperclip_secret} |
| 48 | SECRET_KEY_BASE=${builtins.getEnv "NIXOPS_MASTODON_SECRET_KEY_BASE"} | 39 | SECRET_KEY_BASE=${env.secret_key_base} |
| 49 | OTP_SECRET=${builtins.getEnv "NIXOPS_MASTODON_OTP_SECRET"} | 40 | OTP_SECRET=${env.otp_secret} |
| 50 | 41 | ||
| 51 | VAPID_PRIVATE_KEY=${builtins.getEnv "NIXOPS_MASTODON_VAPID_PRIVATE_KEY"} | 42 | VAPID_PRIVATE_KEY=${env.vapid.private} |
| 52 | VAPID_PUBLIC_KEY=${builtins.getEnv "NIXOPS_MASTODON_VAPID_PUBLIC_KEY"} | 43 | VAPID_PUBLIC_KEY=${env.vapid.public} |
| 53 | 44 | ||
| 54 | SMTP_SERVER=mail.immae.eu | 45 | SMTP_SERVER=mail.immae.eu |
| 55 | SMTP_PORT=587 | 46 | SMTP_PORT=587 |
| @@ -66,7 +57,7 @@ let | |||
| 66 | LDAP_METHOD=simple_tls | 57 | LDAP_METHOD=simple_tls |
| 67 | LDAP_BASE="dc=immae,dc=eu" | 58 | LDAP_BASE="dc=immae,dc=eu" |
| 68 | LDAP_BIND_DN="cn=mastodon,ou=services,dc=immae,dc=eu" | 59 | LDAP_BIND_DN="cn=mastodon,ou=services,dc=immae,dc=eu" |
| 69 | LDAP_PASSWORD="${builtins.getEnv "NIXOPS_MASTODON_LDAP_PASSWORD"}" | 60 | LDAP_PASSWORD="${env.ldap.password}" |
| 70 | LDAP_UID="uid" | 61 | LDAP_UID="uid" |
| 71 | LDAP_SEARCH_FILTER="(&(%{uid}=%{email})(memberOf=cn=users,cn=mastodon,ou=services,dc=immae,dc=eu))" | 62 | LDAP_SEARCH_FILTER="(&(%{uid}=%{email})(memberOf=cn=users,cn=mastodon,ou=services,dc=immae,dc=eu))" |
| 72 | ''; | 63 | ''; |
diff --git a/virtual/modules/websites/tools/mediagoblin/default.nix b/virtual/modules/websites/tools/mediagoblin/default.nix index 99bdce1..5f60503 100644 --- a/virtual/modules/websites/tools/mediagoblin/default.nix +++ b/virtual/modules/websites/tools/mediagoblin/default.nix | |||
| @@ -1,7 +1,8 @@ | |||
| 1 | { lib, pkgs, config, mylibs, ... }: | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
| 2 | let | 2 | let |
| 3 | mediagoblin = pkgs.callPackage ./mediagoblin.nix { | 3 | mediagoblin = pkgs.callPackage ./mediagoblin.nix { |
| 4 | inherit (mylibs) checkEnv fetchedGit fetchedGithub; | 4 | inherit (mylibs) fetchedGit fetchedGithub; |
| 5 | env = myconfig.env.tools.mediagoblin; | ||
| 5 | }; | 6 | }; |
| 6 | 7 | ||
| 7 | cfg = config.services.myWebsites.tools.mediagoblin; | 8 | cfg = config.services.myWebsites.tools.mediagoblin; |
diff --git a/virtual/modules/websites/tools/mediagoblin/mediagoblin.nix b/virtual/modules/websites/tools/mediagoblin/mediagoblin.nix index e94d8a6..2e62242 100644 --- a/virtual/modules/websites/tools/mediagoblin/mediagoblin.nix +++ b/virtual/modules/websites/tools/mediagoblin/mediagoblin.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { checkEnv, makeWrapper, stdenv, writeText, fetchurl, fetchedGit, fetchedGithub, which, python3, pkgs, automake, autoconf, nodejs, nodePackages, git, cacert }: | 1 | { env, makeWrapper, stdenv, writeText, fetchurl, fetchedGit, fetchedGithub, which, python3, pkgs, automake, autoconf, nodejs, nodePackages, git, cacert }: |
| 2 | let | 2 | let |
| 3 | plugins = { | 3 | plugins = { |
| 4 | basicsearch = stdenv.mkDerivation (fetchedGithub ./mediagoblin-plugin-basicsearch.json // rec { | 4 | basicsearch = stdenv.mkDerivation (fetchedGithub ./mediagoblin-plugin-basicsearch.json // rec { |
| @@ -183,10 +183,7 @@ in | |||
| 183 | url_scheme = https | 183 | url_scheme = https |
| 184 | ''; | 184 | ''; |
| 185 | 185 | ||
| 186 | mediagoblin_local = | 186 | mediagoblin_local = writeText "mediagoblin_local.ini" '' |
| 187 | assert checkEnv "NIXOPS_MEDIAGOBLIN_LDAP_PASSWORD"; | ||
| 188 | assert checkEnv "NIXOPS_MEDIAGOBLIN_SQL_URI"; | ||
| 189 | writeText "mediagoblin_local.ini" '' | ||
| 190 | [DEFAULT] | 187 | [DEFAULT] |
| 191 | data_basedir = "${varDir}" | 188 | data_basedir = "${varDir}" |
| 192 | 189 | ||
| @@ -195,7 +192,7 @@ in | |||
| 195 | email_sender_address = "mediagoblin@mail.immae.eu" | 192 | email_sender_address = "mediagoblin@mail.immae.eu" |
| 196 | 193 | ||
| 197 | #sql_engine = sqlite:///%(data_basedir)s/mediagoblin.db | 194 | #sql_engine = sqlite:///%(data_basedir)s/mediagoblin.db |
| 198 | sql_engine = ${builtins.getEnv "NIXOPS_MEDIAGOBLIN_SQL_URI"} | 195 | sql_engine = ${env.psql_url} |
| 199 | 196 | ||
| 200 | email_debug_mode = false | 197 | email_debug_mode = false |
| 201 | allow_registration = false | 198 | allow_registration = false |
| @@ -232,7 +229,7 @@ in | |||
| 232 | LDAP_SERVER_URI = 'ldaps://ldap.immae.eu:636' | 229 | LDAP_SERVER_URI = 'ldaps://ldap.immae.eu:636' |
| 233 | LDAP_SEARCH_BASE = 'dc=immae,dc=eu' | 230 | LDAP_SEARCH_BASE = 'dc=immae,dc=eu' |
| 234 | LDAP_BIND_DN = 'cn=mediagoblin,ou=services,dc=immae,dc=eu' | 231 | LDAP_BIND_DN = 'cn=mediagoblin,ou=services,dc=immae,dc=eu' |
| 235 | LDAP_BIND_PW = '${builtins.getEnv "NIXOPS_MEDIAGOBLIN_LDAP_PASSWORD"}' | 232 | LDAP_BIND_PW = '${env.ldap.password}' |
| 236 | LDAP_SEARCH_FILTER = '(&(memberOf=cn=users,cn=mediagoblin,ou=services,dc=immae,dc=eu)(uid={username}))' | 233 | LDAP_SEARCH_FILTER = '(&(memberOf=cn=users,cn=mediagoblin,ou=services,dc=immae,dc=eu)(uid={username}))' |
| 237 | EMAIL_SEARCH_FIELD = 'mail' | 234 | EMAIL_SEARCH_FIELD = 'mail' |
| 238 | [[mediagoblin.plugins.basicsearch]] | 235 | [[mediagoblin.plugins.basicsearch]] |
diff --git a/virtual/modules/websites/tools/tools/default.nix b/virtual/modules/websites/tools/tools/default.nix index d69ccc9..294959c 100644 --- a/virtual/modules/websites/tools/tools/default.nix +++ b/virtual/modules/websites/tools/tools/default.nix | |||
| @@ -1,10 +1,13 @@ | |||
| 1 | { lib, pkgs, config, mylibs, ... }: | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
| 2 | let | 2 | let |
| 3 | adminer = pkgs.callPackage ../../commons/adminer.nix {}; | 3 | adminer = pkgs.callPackage ../../commons/adminer.nix {}; |
| 4 | ympd = pkgs.callPackage ./ympd.nix {}; | 4 | ympd = pkgs.callPackage ./ympd.nix {}; |
| 5 | ttrss = pkgs.callPackage ./ttrss.nix { inherit (mylibs) checkEnv fetchedGithub fetchedGit; }; | 5 | ttrss = pkgs.callPackage ./ttrss.nix { |
| 6 | roundcubemail = pkgs.callPackage ./roundcubemail.nix { inherit (mylibs) checkEnv; }; | 6 | inherit (mylibs) fetchedGithub fetchedGit; |
| 7 | wallabag = pkgs.callPackage ./wallabag.nix { inherit (mylibs) checkEnv; }; | 7 | env = myconfig.env.tools.ttrss; |
| 8 | }; | ||
| 9 | roundcubemail = pkgs.callPackage ./roundcubemail.nix { env = myconfig.env.tools.roundcubemail; }; | ||
| 10 | wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; }; | ||
| 8 | 11 | ||
| 9 | cfg = config.services.myWebsites.tools.tools; | 12 | cfg = config.services.myWebsites.tools.tools; |
| 10 | in { | 13 | in { |
diff --git a/virtual/modules/websites/tools/tools/roundcubemail.nix b/virtual/modules/websites/tools/tools/roundcubemail.nix index e1653ae..877ea8b 100644 --- a/virtual/modules/websites/tools/tools/roundcubemail.nix +++ b/virtual/modules/websites/tools/tools/roundcubemail.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { lib, checkEnv, writeText, stdenv, fetchurl }: | 1 | { lib, env, writeText, stdenv, fetchurl }: |
| 2 | let | 2 | let |
| 3 | roundcubemail = let | 3 | roundcubemail = let |
| 4 | plugins = {}; | 4 | plugins = {}; |
| @@ -12,12 +12,9 @@ let | |||
| 12 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions | 12 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions |
| 13 | ''; | 13 | ''; |
| 14 | }; | 14 | }; |
| 15 | config = | 15 | config = writeText "config.php" '' |
| 16 | assert checkEnv "NIXOPS_ROUNDCUBEMAIL_PSQL_URL"; | ||
| 17 | assert checkEnv "NIXOPS_ROUNDCUBEMAIL_SECRET"; | ||
| 18 | writeText "config.php" '' | ||
| 19 | <?php | 16 | <?php |
| 20 | $config['db_dsnw'] = '${builtins.getEnv "NIXOPS_ROUNDCUBEMAIL_PSQL_URL"}'; | 17 | $config['db_dsnw'] = '${env.psql_url}'; |
| 21 | $config['default_host'] = 'ssl://mail.immae.eu'; | 18 | $config['default_host'] = 'ssl://mail.immae.eu'; |
| 22 | $config['imap_conn_options'] = array("ssl" => array("verify_peer" => false)); | 19 | $config['imap_conn_options'] = array("ssl" => array("verify_peer" => false)); |
| 23 | $config['smtp_server'] = 'tls://mail.immae.eu'; | 20 | $config['smtp_server'] = 'tls://mail.immae.eu'; |
| @@ -27,7 +24,7 @@ let | |||
| 27 | 24 | ||
| 28 | $config['support_url'] = '''; | 25 | $config['support_url'] = '''; |
| 29 | 26 | ||
| 30 | $config['des_key'] = '${builtins.getEnv "NIXOPS_ROUNDCUBEMAIL_SECRET"}'; | 27 | $config['des_key'] = '${env.secret}'; |
| 31 | 28 | ||
| 32 | $config['plugins'] = array(); | 29 | $config['plugins'] = array(); |
| 33 | 30 | ||
diff --git a/virtual/modules/websites/tools/tools/ttrss.nix b/virtual/modules/websites/tools/tools/ttrss.nix index 2659afd..76105be 100644 --- a/virtual/modules/websites/tools/tools/ttrss.nix +++ b/virtual/modules/websites/tools/tools/ttrss.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { lib, php, checkEnv, writeText, stdenv, fetchedGit, fetchedGithub }: | 1 | { lib, php, env, writeText, stdenv, fetchedGit, fetchedGithub }: |
| 2 | let | 2 | let |
| 3 | ttrss = let | 3 | ttrss = let |
| 4 | plugins = { | 4 | plugins = { |
| @@ -52,10 +52,7 @@ let | |||
| 52 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions | 52 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions |
| 53 | ''; | 53 | ''; |
| 54 | }; | 54 | }; |
| 55 | config = | 55 | config = writeText "config.php" '' |
| 56 | assert checkEnv "NIXOPS_TTRSS_DB_PASSWORD"; | ||
| 57 | assert checkEnv "NIXOPS_TTRSS_LDAP_PASSWORD"; | ||
| 58 | writeText "config.php" '' | ||
| 59 | <?php | 56 | <?php |
| 60 | 57 | ||
| 61 | define('PHP_EXECUTABLE', '${php}/bin/php'); | 58 | define('PHP_EXECUTABLE', '${php}/bin/php'); |
| @@ -72,7 +69,7 @@ let | |||
| 72 | define('DB_HOST', 'db-1.immae.eu'); | 69 | define('DB_HOST', 'db-1.immae.eu'); |
| 73 | define('DB_USER', 'ttrss'); | 70 | define('DB_USER', 'ttrss'); |
| 74 | define('DB_NAME', 'ttrss'); | 71 | define('DB_NAME', 'ttrss'); |
| 75 | define('DB_PASS', '${builtins.getEnv "NIXOPS_TTRSS_DB_PASSWORD"}'); | 72 | define('DB_PASS', '${env.postgresql.password}'); |
| 76 | define('DB_PORT', '5432'); | 73 | define('DB_PORT', '5432'); |
| 77 | 74 | ||
| 78 | define('AUTH_AUTO_CREATE', true); | 75 | define('AUTH_AUTO_CREATE', true); |
| @@ -117,7 +114,7 @@ let | |||
| 117 | define('LDAP_AUTH_SEARCHFILTER', '(&(memberOf=cn=users,cn=ttrss,ou=services,dc=immae,dc=eu)(|(cn=???)(uid=???)(&(uid:dn:=???)(ou=ttrss))))'); | 114 | define('LDAP_AUTH_SEARCHFILTER', '(&(memberOf=cn=users,cn=ttrss,ou=services,dc=immae,dc=eu)(|(cn=???)(uid=???)(&(uid:dn:=???)(ou=ttrss))))'); |
| 118 | 115 | ||
| 119 | define('LDAP_AUTH_BINDDN', 'cn=ttrss,ou=services,dc=immae,dc=eu'); | 116 | define('LDAP_AUTH_BINDDN', 'cn=ttrss,ou=services,dc=immae,dc=eu'); |
| 120 | define('LDAP_AUTH_BINDPW', '${builtins.getEnv "NIXOPS_TTRSS_LDAP_PASSWORD"}'); | 117 | define('LDAP_AUTH_BINDPW', '${env.ldap.password}'); |
| 121 | define('LDAP_AUTH_LOGIN_ATTRIB', 'immaeTtrssLogin'); | 118 | define('LDAP_AUTH_LOGIN_ATTRIB', 'immaeTtrssLogin'); |
| 122 | 119 | ||
| 123 | define('LDAP_AUTH_LOG_ATTEMPTS', FALSE); | 120 | define('LDAP_AUTH_LOG_ATTEMPTS', FALSE); |
diff --git a/virtual/modules/websites/tools/tools/wallabag.nix b/virtual/modules/websites/tools/tools/wallabag.nix index 0b54fff..22089da 100644 --- a/virtual/modules/websites/tools/tools/wallabag.nix +++ b/virtual/modules/websites/tools/tools/wallabag.nix | |||
| @@ -1,12 +1,8 @@ | |||
| 1 | { stdenv, fetchurl, writeText, checkEnv, phpPackages, php, which }: | 1 | { stdenv, fetchurl, writeText, env, phpPackages, php, which }: |
| 2 | let | 2 | let |
| 3 | wallabag = rec { | 3 | wallabag = rec { |
| 4 | varDir = "/var/lib/wallabag"; | 4 | varDir = "/var/lib/wallabag"; |
| 5 | parameters = | 5 | parameters = writeText "parameters.yml" '' |
| 6 | assert checkEnv "NIXOPS_WALLABAG_SQL_PASSWORD"; | ||
| 7 | assert checkEnv "NIXOPS_WALLABAG_SECRET"; | ||
| 8 | assert checkEnv "NIXOPS_WALLABAG_LDAP_PASSWORD"; | ||
| 9 | writeText "parameters.yml" '' | ||
| 10 | # This file is auto-generated during the composer install | 6 | # This file is auto-generated during the composer install |
| 11 | parameters: | 7 | parameters: |
| 12 | database_driver: pdo_pgsql | 8 | database_driver: pdo_pgsql |
| @@ -15,7 +11,7 @@ let | |||
| 15 | database_port: null | 11 | database_port: null |
| 16 | database_name: webapps | 12 | database_name: webapps |
| 17 | database_user: wallabag | 13 | database_user: wallabag |
| 18 | database_password: ${builtins.getEnv "NIXOPS_WALLABAG_SQL_PASSWORD"} | 14 | database_password: ${env.postgresql.password} |
| 19 | database_path: null | 15 | database_path: null |
| 20 | database_table_prefix: wallabag_ | 16 | database_table_prefix: wallabag_ |
| 21 | database_socket: null | 17 | database_socket: null |
| @@ -26,7 +22,7 @@ let | |||
| 26 | mailer_user: null | 22 | mailer_user: null |
| 27 | mailer_password: null | 23 | mailer_password: null |
| 28 | locale: fr | 24 | locale: fr |
| 29 | secret: ${builtins.getEnv "NIXOPS_WALLABAG_SECRET"} | 25 | secret: ${env.secret} |
| 30 | twofactor_auth: true | 26 | twofactor_auth: true |
| 31 | twofactor_sender: wallabag@immae.eu | 27 | twofactor_sender: wallabag@immae.eu |
| 32 | fosuser_registration: false | 28 | fosuser_registration: false |
| @@ -52,7 +48,7 @@ let | |||
| 52 | ldap_bind_requires_dn: true | 48 | ldap_bind_requires_dn: true |
| 53 | ldap_base: 'dc=immae,dc=eu' | 49 | ldap_base: 'dc=immae,dc=eu' |
| 54 | ldap_manager_dn: 'cn=wallabag,ou=services,dc=immae,dc=eu' | 50 | ldap_manager_dn: 'cn=wallabag,ou=services,dc=immae,dc=eu' |
| 55 | ldap_manager_pw: ${builtins.getEnv "NIXOPS_WALLABAG_LDAP_PASSWORD"} | 51 | ldap_manager_pw: ${env.ldap.password} |
| 56 | ldap_filter: '(&(memberOf=cn=users,cn=wallabag,ou=services,dc=immae,dc=eu))' | 52 | ldap_filter: '(&(memberOf=cn=users,cn=wallabag,ou=services,dc=immae,dc=eu))' |
| 57 | ldap_admin_filter: '(&(memberOf=cn=admins,cn=wallabag,ou=services,dc=immae,dc=eu)(uid=%s))' | 53 | ldap_admin_filter: '(&(memberOf=cn=admins,cn=wallabag,ou=services,dc=immae,dc=eu)(uid=%s))' |
| 58 | ldap_username_attribute: uid | 54 | ldap_username_attribute: uid |