diff options
-rw-r--r-- | modules/private/websites/tools/tools/csp_reports.nix | 12 | ||||
-rw-r--r-- | modules/private/websites/tools/tools/default.nix | 7 | ||||
m--------- | nixops/secrets | 0 |
3 files changed, 17 insertions, 2 deletions
diff --git a/modules/private/websites/tools/tools/csp_reports.nix b/modules/private/websites/tools/tools/csp_reports.nix new file mode 100644 index 0000000..4660251 --- /dev/null +++ b/modules/private/websites/tools/tools/csp_reports.nix | |||
@@ -0,0 +1,12 @@ | |||
1 | { env }: | ||
2 | rec { | ||
3 | keys = [{ | ||
4 | dest = "webapps/tools-csp-reports.conf"; | ||
5 | user = "wwwrun"; | ||
6 | group = "wwwrun"; | ||
7 | permissions = "0400"; | ||
8 | text = with env.postgresql; '' | ||
9 | env[CSP_REPORT_URI] = "host=${socket} dbname=${database} user=${user} password=${password}" | ||
10 | ''; | ||
11 | }]; | ||
12 | } | ||
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix index 1e30eed..7903ca5 100644 --- a/modules/private/websites/tools/tools/default.nix +++ b/modules/private/websites/tools/tools/default.nix | |||
@@ -55,6 +55,9 @@ let | |||
55 | dmarc-reports = pkgs.callPackage ./dmarc_reports.nix { | 55 | dmarc-reports = pkgs.callPackage ./dmarc_reports.nix { |
56 | env = config.myEnv.tools.dmarc_reports; | 56 | env = config.myEnv.tools.dmarc_reports; |
57 | }; | 57 | }; |
58 | csp-reports = pkgs.callPackage ./csp_reports.nix { | ||
59 | env = config.myEnv.tools.csp_reports; | ||
60 | }; | ||
58 | 61 | ||
59 | landing = pkgs.callPackage ./landing.nix {}; | 62 | landing = pkgs.callPackage ./landing.nix {}; |
60 | 63 | ||
@@ -74,6 +77,7 @@ in { | |||
74 | ++ wallabag.keys | 77 | ++ wallabag.keys |
75 | ++ yourls.keys | 78 | ++ yourls.keys |
76 | ++ dmarc-reports.keys | 79 | ++ dmarc-reports.keys |
80 | ++ csp-reports.keys | ||
77 | ++ webhooks.keys; | 81 | ++ webhooks.keys; |
78 | 82 | ||
79 | services.duplyBackup.profiles = { | 83 | services.duplyBackup.profiles = { |
@@ -302,11 +306,10 @@ in { | |||
302 | "/run/wrappers/bin/sendmail" landing "/tmp" | 306 | "/run/wrappers/bin/sendmail" landing "/tmp" |
303 | "${config.secrets.location}/webapps/webhooks" | 307 | "${config.secrets.location}/webapps/webhooks" |
304 | ]; | 308 | ]; |
309 | "include" = "${config.secrets.location}/webapps/tools-csp-reports.conf"; | ||
305 | }; | 310 | }; |
306 | phpEnv = { | 311 | phpEnv = { |
307 | CONTACT_EMAIL = config.myEnv.tools.contact; | 312 | CONTACT_EMAIL = config.myEnv.tools.contact; |
308 | CSP_REPORT_URI = with config.myEnv.tools.csp_reports.postgresql; | ||
309 | "\"host=${socket} dbname=${database} user=${user} password=${password}\""; | ||
310 | }; | 313 | }; |
311 | phpPackage = pkgs.php72; | 314 | phpPackage = pkgs.php72; |
312 | }; | 315 | }; |
diff --git a/nixops/secrets b/nixops/secrets | |||
Subproject 1b3be53dd5e79ba1af9207aff17486a0558a40a | Subproject d3e1cb5463246bbf7b42a0fc3bf542d24c4597b | ||