aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--modules/private/websites/tools/tools/csp_reports.nix12
-rw-r--r--modules/private/websites/tools/tools/default.nix7
m---------nixops/secrets0
3 files changed, 17 insertions, 2 deletions
diff --git a/modules/private/websites/tools/tools/csp_reports.nix b/modules/private/websites/tools/tools/csp_reports.nix
new file mode 100644
index 0000000..4660251
--- /dev/null
+++ b/modules/private/websites/tools/tools/csp_reports.nix
@@ -0,0 +1,12 @@
1{ env }:
2rec {
3 keys = [{
4 dest = "webapps/tools-csp-reports.conf";
5 user = "wwwrun";
6 group = "wwwrun";
7 permissions = "0400";
8 text = with env.postgresql; ''
9 env[CSP_REPORT_URI] = "host=${socket} dbname=${database} user=${user} password=${password}"
10 '';
11 }];
12}
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix
index 1e30eed..7903ca5 100644
--- a/modules/private/websites/tools/tools/default.nix
+++ b/modules/private/websites/tools/tools/default.nix
@@ -55,6 +55,9 @@ let
55 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix { 55 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
56 env = config.myEnv.tools.dmarc_reports; 56 env = config.myEnv.tools.dmarc_reports;
57 }; 57 };
58 csp-reports = pkgs.callPackage ./csp_reports.nix {
59 env = config.myEnv.tools.csp_reports;
60 };
58 61
59 landing = pkgs.callPackage ./landing.nix {}; 62 landing = pkgs.callPackage ./landing.nix {};
60 63
@@ -74,6 +77,7 @@ in {
74 ++ wallabag.keys 77 ++ wallabag.keys
75 ++ yourls.keys 78 ++ yourls.keys
76 ++ dmarc-reports.keys 79 ++ dmarc-reports.keys
80 ++ csp-reports.keys
77 ++ webhooks.keys; 81 ++ webhooks.keys;
78 82
79 services.duplyBackup.profiles = { 83 services.duplyBackup.profiles = {
@@ -302,11 +306,10 @@ in {
302 "/run/wrappers/bin/sendmail" landing "/tmp" 306 "/run/wrappers/bin/sendmail" landing "/tmp"
303 "${config.secrets.location}/webapps/webhooks" 307 "${config.secrets.location}/webapps/webhooks"
304 ]; 308 ];
309 "include" = "${config.secrets.location}/webapps/tools-csp-reports.conf";
305 }; 310 };
306 phpEnv = { 311 phpEnv = {
307 CONTACT_EMAIL = config.myEnv.tools.contact; 312 CONTACT_EMAIL = config.myEnv.tools.contact;
308 CSP_REPORT_URI = with config.myEnv.tools.csp_reports.postgresql;
309 "\"host=${socket} dbname=${database} user=${user} password=${password}\"";
310 }; 313 };
311 phpPackage = pkgs.php72; 314 phpPackage = pkgs.php72;
312 }; 315 };
diff --git a/nixops/secrets b/nixops/secrets
Subproject 1b3be53dd5e79ba1af9207aff17486a0558a40a Subproject d3e1cb5463246bbf7b42a0fc3bf542d24c4597b