aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--modules/default.nix1
-rw-r--r--modules/myids.nix3
-rw-r--r--modules/secrets.nix (renamed from nixops/modules/secrets.nix)30
-rw-r--r--nixops/eldiron.nix1
-rw-r--r--nixops/modules/buildbot/default.nix2
-rw-r--r--nixops/modules/databases/mysql.nix2
-rw-r--r--nixops/modules/databases/openldap.nix2
-rw-r--r--nixops/modules/databases/postgresql.nix2
-rw-r--r--nixops/modules/ftp.nix2
-rw-r--r--nixops/modules/mail.nix2
-rw-r--r--nixops/modules/mpd.nix2
-rw-r--r--nixops/modules/ssh/default.nix2
-rw-r--r--nixops/modules/task/default.nix2
-rw-r--r--nixops/modules/websites/aten/default.nix4
-rw-r--r--nixops/modules/websites/chloe/default.nix4
-rw-r--r--nixops/modules/websites/connexionswing/default.nix4
-rw-r--r--nixops/modules/websites/default.nix2
-rw-r--r--nixops/modules/websites/ftp/jerome.nix2
-rw-r--r--nixops/modules/websites/ludivine/default.nix4
-rw-r--r--nixops/modules/websites/piedsjaloux/default.nix4
-rw-r--r--nixops/modules/websites/tellesflorian/default.nix2
-rw-r--r--nixops/modules/websites/tools/cloud.nix2
-rw-r--r--nixops/modules/websites/tools/dav/default.nix2
-rw-r--r--nixops/modules/websites/tools/diaspora.nix2
-rw-r--r--nixops/modules/websites/tools/ether.nix2
-rw-r--r--nixops/modules/websites/tools/git/default.nix2
-rw-r--r--nixops/modules/websites/tools/mastodon.nix2
-rw-r--r--nixops/modules/websites/tools/mediagoblin.nix2
-rw-r--r--nixops/modules/websites/tools/peertube.nix2
-rw-r--r--nixops/modules/websites/tools/tools/default.nix2
30 files changed, 52 insertions, 45 deletions
diff --git a/modules/default.nix b/modules/default.nix
index fa67144..4445c55 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -1,5 +1,6 @@
1{ 1{
2 myids = ./myids.nix; 2 myids = ./myids.nix;
3 secrets = ./secrets.nix;
3 4
4 mediagoblin = ./webapps/mediagoblin.nix; 5 mediagoblin = ./webapps/mediagoblin.nix;
5 peertube = ./webapps/peertube.nix; 6 peertube = ./webapps/peertube.nix;
diff --git a/modules/myids.nix b/modules/myids.nix
index bd6caf3..8f74425 100644
--- a/modules/myids.nix
+++ b/modules/myids.nix
@@ -1,12 +1,15 @@
1{ ... }: 1{ ... }:
2{ 2{
3 # Check that there is no clash with nixos/modules/misc/ids.nix
3 config = { 4 config = {
4 ids.uids = { 5 ids.uids = {
5 peertube = 394; 6 peertube = 394;
7 nullmailer = 396;
6 mediagoblin = 397; 8 mediagoblin = 397;
7 }; 9 };
8 ids.gids = { 10 ids.gids = {
9 peertube = 394; 11 peertube = 394;
12 nullmailer = 396;
10 mediagoblin = 397; 13 mediagoblin = 397;
11 }; 14 };
12 }; 15 };
diff --git a/nixops/modules/secrets.nix b/modules/secrets.nix
index 8500088..b282e56 100644
--- a/nixops/modules/secrets.nix
+++ b/modules/secrets.nix
@@ -1,14 +1,20 @@
1{ lib, pkgs, config, myconfig, mylibs, ... }: 1{ lib, pkgs, config, ... }:
2{ 2{
3 options.mySecrets = { 3 options.secrets = {
4 keys = lib.mkOption { 4 keys = lib.mkOption {
5 type = lib.types.listOf lib.types.unspecified; 5 type = lib.types.listOf lib.types.unspecified;
6 default = {}; 6 default = [];
7 description = "Keys to upload to server"; 7 description = "Keys to upload to server";
8 }; 8 };
9 location = lib.mkOption {
10 type = lib.types.path;
11 default = "/var/secrets";
12 description = "Location where to put the keys";
13 };
9 }; 14 };
10 config = let 15 config = let
11 keys = config.mySecrets.keys; 16 location = config.secrets.location;
17 keys = config.secrets.keys;
12 empty = pkgs.runCommand "empty" { preferLocalBuild = true; } "mkdir -p $out && touch $out/done"; 18 empty = pkgs.runCommand "empty" { preferLocalBuild = true; } "mkdir -p $out && touch $out/done";
13 dumpKey = v: '' 19 dumpKey = v: ''
14 mkdir -p secrets/$(dirname ${v.dest}) 20 mkdir -p secrets/$(dirname ${v.dest})
@@ -25,19 +31,19 @@
25 tar --format=ustar --mtime='1970-01-01' --owner="$u" --group="$g" --mode="$p" --append -f $out "$k" 31 tar --format=ustar --mtime='1970-01-01' --owner="$u" --group="$g" --mode="$p" --append -f $out "$k"
26 done 32 done
27 ''; 33 '';
28 in { 34 in lib.mkIf (builtins.length keys > 0) {
29 system.activationScripts.secrets = { 35 system.activationScripts.secrets = {
30 deps = [ "users" "wrappers" ]; 36 deps = [ "users" "wrappers" ];
31 text = '' 37 text = ''
32 install -m0750 -o root -g keys -d /var/secrets 38 install -m0750 -o root -g keys -d ${location}
33 if [ -f /run/keys/secrets.tar ]; then 39 if [ -f /run/keys/secrets.tar ]; then
34 if [ ! -f /var/secrets/currentSecrets ] || ! sha512sum -c --status "/var/secrets/currentSecrets"; then 40 if [ ! -f ${location}/currentSecrets ] || ! sha512sum -c --status "${location}/currentSecrets"; then
35 echo "rebuilding secrets" 41 echo "rebuilding secrets"
36 rm -rf /var/secrets 42 rm -rf ${location}
37 install -m0750 -o root -g keys -d /var/secrets 43 install -m0750 -o root -g keys -d ${location}
38 ${pkgs.gnutar}/bin/tar --strip-components 1 -C /var/secrets -xf /run/keys/secrets.tar 44 ${pkgs.gnutar}/bin/tar --strip-components 1 -C ${location} -xf /run/keys/secrets.tar
39 sha512sum /run/keys/secrets.tar > /var/secrets/currentSecrets 45 sha512sum /run/keys/secrets.tar > ${location}/currentSecrets
40 find /var/secrets -type d -exec chown root:keys {} \; -exec chmod o-rx {} \; 46 find ${location} -type d -exec chown root:keys {} \; -exec chmod o-rx {} \;
41 fi 47 fi
42 fi 48 fi
43 ''; 49 '';
diff --git a/nixops/eldiron.nix b/nixops/eldiron.nix
index 71615fa..7d97377 100644
--- a/nixops/eldiron.nix
+++ b/nixops/eldiron.nix
@@ -45,7 +45,6 @@
45 ./modules/irc.nix 45 ./modules/irc.nix
46 ./modules/buildbot 46 ./modules/buildbot
47 ./modules/dns.nix 47 ./modules/dns.nix
48 ./modules/secrets.nix
49 ] ++ (builtins.attrValues (import ../modules)); 48 ] ++ (builtins.attrValues (import ../modules));
50 services.myGitolite.enable = true; 49 services.myGitolite.enable = true;
51 services.myDatabases.enable = true; 50 services.myDatabases.enable = true;
diff --git a/nixops/modules/buildbot/default.nix b/nixops/modules/buildbot/default.nix
index 7632602..5cf833b 100644
--- a/nixops/modules/buildbot/default.nix
+++ b/nixops/modules/buildbot/default.nix
@@ -106,7 +106,7 @@ in
106 ''; 106 '';
107 }) myconfig.env.buildbot.projects; 107 }) myconfig.env.buildbot.projects;
108 108
109 mySecrets.keys = ( 109 secrets.keys = (
110 lib.lists.flatten ( 110 lib.lists.flatten (
111 lib.attrsets.mapAttrsToList (k: project: 111 lib.attrsets.mapAttrsToList (k: project:
112 lib.attrsets.mapAttrsToList (k: v: 112 lib.attrsets.mapAttrsToList (k: v:
diff --git a/nixops/modules/databases/mysql.nix b/nixops/modules/databases/mysql.nix
index 2d56155..23b8b90 100644
--- a/nixops/modules/databases/mysql.nix
+++ b/nixops/modules/databases/mysql.nix
@@ -44,7 +44,7 @@ in {
44 ''; 44 '';
45 }; 45 };
46 46
47 mySecrets.keys = [ 47 secrets.keys = [
48 { 48 {
49 dest = "mysql/mysqldump"; 49 dest = "mysql/mysqldump";
50 permissions = "0400"; 50 permissions = "0400";
diff --git a/nixops/modules/databases/openldap.nix b/nixops/modules/databases/openldap.nix
index a447ccc..542e209 100644
--- a/nixops/modules/databases/openldap.nix
+++ b/nixops/modules/databases/openldap.nix
@@ -56,7 +56,7 @@ in {
56 }; 56 };
57 57
58 config = lib.mkIf cfg.enable { 58 config = lib.mkIf cfg.enable {
59 mySecrets.keys = [ 59 secrets.keys = [
60 { 60 {
61 dest = "ldap/password"; 61 dest = "ldap/password";
62 permissions = "0400"; 62 permissions = "0400";
diff --git a/nixops/modules/databases/postgresql.nix b/nixops/modules/databases/postgresql.nix
index b113e9f..3a58c48 100644
--- a/nixops/modules/databases/postgresql.nix
+++ b/nixops/modules/databases/postgresql.nix
@@ -69,7 +69,7 @@ in {
69 ''; 69 '';
70 }; 70 };
71 71
72 mySecrets.keys = [ 72 secrets.keys = [
73 { 73 {
74 dest = "postgresql/pam"; 74 dest = "postgresql/pam";
75 permissions = "0400"; 75 permissions = "0400";
diff --git a/nixops/modules/ftp.nix b/nixops/modules/ftp.nix
index 541e119..871e9ef 100644
--- a/nixops/modules/ftp.nix
+++ b/nixops/modules/ftp.nix
@@ -43,7 +43,7 @@
43 install -m 0755 -o ftp -g ftp -d /var/lib/ftp 43 install -m 0755 -o ftp -g ftp -d /var/lib/ftp
44 ''; 44 '';
45 45
46 mySecrets.keys = [{ 46 secrets.keys = [{
47 dest = "pure-ftpd-ldap"; 47 dest = "pure-ftpd-ldap";
48 permissions = "0400"; 48 permissions = "0400";
49 user = "ftp"; 49 user = "ftp";
diff --git a/nixops/modules/mail.nix b/nixops/modules/mail.nix
index 6ec9165..993e5f1 100644
--- a/nixops/modules/mail.nix
+++ b/nixops/modules/mail.nix
@@ -1,7 +1,5 @@
1{ lib, pkgs, config, myconfig, mylibs, ... }: 1{ lib, pkgs, config, myconfig, mylibs, ... }:
2{ 2{
3 config.ids.uids.nullmailer = myconfig.env.users.nullmailer.uid;
4 config.ids.gids.nullmailer = myconfig.env.users.nullmailer.gid;
5 config.users.users.nullmailer.uid = config.ids.uids.nullmailer; 3 config.users.users.nullmailer.uid = config.ids.uids.nullmailer;
6 config.users.groups.nullmailer.gid = config.ids.gids.nullmailer; 4 config.users.groups.nullmailer.gid = config.ids.gids.nullmailer;
7 5
diff --git a/nixops/modules/mpd.nix b/nixops/modules/mpd.nix
index 7c896ca..83c225b 100644
--- a/nixops/modules/mpd.nix
+++ b/nixops/modules/mpd.nix
@@ -1,7 +1,7 @@
1{ lib, pkgs, config, myconfig, mylibs, ... }: 1{ lib, pkgs, config, myconfig, mylibs, ... }:
2{ 2{
3 config = { 3 config = {
4 mySecrets.keys = [ 4 secrets.keys = [
5 { 5 {
6 dest = "mpd"; 6 dest = "mpd";
7 permissions = "0400"; 7 permissions = "0400";
diff --git a/nixops/modules/ssh/default.nix b/nixops/modules/ssh/default.nix
index 4dc0d65..e8d6063 100644
--- a/nixops/modules/ssh/default.nix
+++ b/nixops/modules/ssh/default.nix
@@ -8,7 +8,7 @@
8 AuthorizedKeysCommandUser nobody 8 AuthorizedKeysCommandUser nobody
9 ''; 9 '';
10 10
11 mySecrets.keys = [{ 11 secrets.keys = [{
12 dest = "ssh-ldap"; 12 dest = "ssh-ldap";
13 user = "nobody"; 13 user = "nobody";
14 group = "nogroup"; 14 group = "nogroup";
diff --git a/nixops/modules/task/default.nix b/nixops/modules/task/default.nix
index 1f5ddd2..01d032d 100644
--- a/nixops/modules/task/default.nix
+++ b/nixops/modules/task/default.nix
@@ -86,7 +86,7 @@ in {
86 }; 86 };
87 87
88 config = lib.mkIf cfg.enable { 88 config = lib.mkIf cfg.enable {
89 mySecrets.keys = [{ 89 secrets.keys = [{
90 dest = "webapps/tools-taskwarrior-web"; 90 dest = "webapps/tools-taskwarrior-web";
91 user = "wwwrun"; 91 user = "wwwrun";
92 group = "wwwrun"; 92 group = "wwwrun";
diff --git a/nixops/modules/websites/aten/default.nix b/nixops/modules/websites/aten/default.nix
index 6f58d3c..f6efe01 100644
--- a/nixops/modules/websites/aten/default.nix
+++ b/nixops/modules/websites/aten/default.nix
@@ -25,7 +25,7 @@ in {
25 25
26 config = lib.mkMerge [ 26 config = lib.mkMerge [
27 (lib.mkIf cfg.production.enable { 27 (lib.mkIf cfg.production.enable {
28 mySecrets.keys = aten_prod.keys; 28 secrets.keys = aten_prod.keys;
29 services.myWebsites.commons.stats.enable = true; 29 services.myWebsites.commons.stats.enable = true;
30 services.myWebsites.commons.stats.sites = [ 30 services.myWebsites.commons.stats.sites = [
31 { 31 {
@@ -59,7 +59,7 @@ in {
59 }; 59 };
60 }) 60 })
61 (lib.mkIf cfg.integration.enable { 61 (lib.mkIf cfg.integration.enable {
62 mySecrets.keys = aten_dev.keys; 62 secrets.keys = aten_dev.keys;
63 security.acme.certs."eldiron".extraDomains."dev.aten.pro" = null; 63 security.acme.certs."eldiron".extraDomains."dev.aten.pro" = null;
64 services.myPhpfpm.preStart.aten_dev = aten_dev.phpFpm.preStart; 64 services.myPhpfpm.preStart.aten_dev = aten_dev.phpFpm.preStart;
65 services.myPhpfpm.serviceDependencies.aten_dev = aten_dev.phpFpm.serviceDeps; 65 services.myPhpfpm.serviceDependencies.aten_dev = aten_dev.phpFpm.serviceDeps;
diff --git a/nixops/modules/websites/chloe/default.nix b/nixops/modules/websites/chloe/default.nix
index 33ced2e..0ea9213 100644
--- a/nixops/modules/websites/chloe/default.nix
+++ b/nixops/modules/websites/chloe/default.nix
@@ -25,7 +25,7 @@ in {
25 25
26 config = lib.mkMerge [ 26 config = lib.mkMerge [
27 (lib.mkIf cfg.production.enable { 27 (lib.mkIf cfg.production.enable {
28 mySecrets.keys = chloe_prod.keys; 28 secrets.keys = chloe_prod.keys;
29 services.myWebsites.commons.stats.enable = true; 29 services.myWebsites.commons.stats.enable = true;
30 services.myWebsites.commons.stats.sites = [ 30 services.myWebsites.commons.stats.sites = [
31 { 31 {
@@ -60,7 +60,7 @@ in {
60 }; 60 };
61 }) 61 })
62 (lib.mkIf cfg.integration.enable { 62 (lib.mkIf cfg.integration.enable {
63 mySecrets.keys = chloe_dev.keys; 63 secrets.keys = chloe_dev.keys;
64 security.acme.certs."eldiron".extraDomains."chloe.immae.eu" = null; 64 security.acme.certs."eldiron".extraDomains."chloe.immae.eu" = null;
65 services.myPhpfpm.serviceDependencies.chloe_dev = chloe_dev.phpFpm.serviceDeps; 65 services.myPhpfpm.serviceDependencies.chloe_dev = chloe_dev.phpFpm.serviceDeps;
66 services.myPhpfpm.poolConfigs.chloe_dev = chloe_dev.phpFpm.pool; 66 services.myPhpfpm.poolConfigs.chloe_dev = chloe_dev.phpFpm.pool;
diff --git a/nixops/modules/websites/connexionswing/default.nix b/nixops/modules/websites/connexionswing/default.nix
index c0036d8..2966cb8 100644
--- a/nixops/modules/websites/connexionswing/default.nix
+++ b/nixops/modules/websites/connexionswing/default.nix
@@ -25,7 +25,7 @@ in {
25 25
26 config = lib.mkMerge [ 26 config = lib.mkMerge [
27 (lib.mkIf cfg.production.enable { 27 (lib.mkIf cfg.production.enable {
28 mySecrets.keys = connexionswing_prod.keys; 28 secrets.keys = connexionswing_prod.keys;
29 services.myWebsites.commons.stats.enable = true; 29 services.myWebsites.commons.stats.enable = true;
30 services.myWebsites.commons.stats.sites = [ 30 services.myWebsites.commons.stats.sites = [
31 { 31 {
@@ -61,7 +61,7 @@ in {
61 }; 61 };
62 }) 62 })
63 (lib.mkIf cfg.integration.enable { 63 (lib.mkIf cfg.integration.enable {
64 mySecrets.keys = connexionswing_dev.keys; 64 secrets.keys = connexionswing_dev.keys;
65 security.acme.certs."eldiron".extraDomains."sandetludo.immae.eu" = null; 65 security.acme.certs."eldiron".extraDomains."sandetludo.immae.eu" = null;
66 security.acme.certs."eldiron".extraDomains."connexionswing.immae.eu" = null; 66 security.acme.certs."eldiron".extraDomains."connexionswing.immae.eu" = null;
67 services.myPhpfpm.preStart.connexionswing_dev = connexionswing_dev.phpFpm.preStart; 67 services.myPhpfpm.preStart.connexionswing_dev = connexionswing_dev.phpFpm.preStart;
diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix
index 555e780..ceef1e1 100644
--- a/nixops/modules/websites/default.nix
+++ b/nixops/modules/websites/default.nix
@@ -228,7 +228,7 @@ in
228 services.myWebsites.TellesFlorian.integration.enable = true; 228 services.myWebsites.TellesFlorian.integration.enable = true;
229 services.myWebsites.Florian.integration.enable = true; 229 services.myWebsites.Florian.integration.enable = true;
230 230
231 mySecrets.keys = [{ 231 secrets.keys = [{
232 dest = "apache-ldap"; 232 dest = "apache-ldap";
233 user = "wwwrun"; 233 user = "wwwrun";
234 group = "wwwrun"; 234 group = "wwwrun";
diff --git a/nixops/modules/websites/ftp/jerome.nix b/nixops/modules/websites/ftp/jerome.nix
index 18d16a1..610de02 100644
--- a/nixops/modules/websites/ftp/jerome.nix
+++ b/nixops/modules/websites/ftp/jerome.nix
@@ -29,7 +29,7 @@ in {
29 domain = "naturaloutil.immae.eu"; 29 domain = "naturaloutil.immae.eu";
30 }; 30 };
31 31
32 mySecrets.keys = [{ 32 secrets.keys = [{
33 dest = "webapps/prod-naturaloutil"; 33 dest = "webapps/prod-naturaloutil";
34 user = "wwwrun"; 34 user = "wwwrun";
35 group = "wwwrun"; 35 group = "wwwrun";
diff --git a/nixops/modules/websites/ludivine/default.nix b/nixops/modules/websites/ludivine/default.nix
index a3d3922..7fa33ed 100644
--- a/nixops/modules/websites/ludivine/default.nix
+++ b/nixops/modules/websites/ludivine/default.nix
@@ -21,7 +21,7 @@ in {
21 21
22 config = lib.mkMerge [ 22 config = lib.mkMerge [
23 (lib.mkIf cfg.production.enable { 23 (lib.mkIf cfg.production.enable {
24 mySecrets.keys = ludivinecassal_prod.keys; 24 secrets.keys = ludivinecassal_prod.keys;
25 services.myWebsites.commons.stats.enable = true; 25 services.myWebsites.commons.stats.enable = true;
26 services.myWebsites.commons.stats.sites = [ 26 services.myWebsites.commons.stats.sites = [
27 { 27 {
@@ -54,7 +54,7 @@ in {
54 }; 54 };
55 }) 55 })
56 (lib.mkIf cfg.integration.enable { 56 (lib.mkIf cfg.integration.enable {
57 mySecrets.keys = ludivinecassal_dev.keys; 57 secrets.keys = ludivinecassal_dev.keys;
58 security.acme.certs."eldiron".extraDomains."ludivine.immae.eu" = null; 58 security.acme.certs."eldiron".extraDomains."ludivine.immae.eu" = null;
59 59
60 services.myPhpfpm.preStart.ludivinecassal_dev = ludivinecassal_dev.phpFpm.preStart; 60 services.myPhpfpm.preStart.ludivinecassal_dev = ludivinecassal_dev.phpFpm.preStart;
diff --git a/nixops/modules/websites/piedsjaloux/default.nix b/nixops/modules/websites/piedsjaloux/default.nix
index b2bd2fd..d75170f 100644
--- a/nixops/modules/websites/piedsjaloux/default.nix
+++ b/nixops/modules/websites/piedsjaloux/default.nix
@@ -25,7 +25,7 @@ in {
25 25
26 config = lib.mkMerge [ 26 config = lib.mkMerge [
27 (lib.mkIf cfg.production.enable { 27 (lib.mkIf cfg.production.enable {
28 mySecrets.keys = piedsjaloux_prod.keys; 28 secrets.keys = piedsjaloux_prod.keys;
29 services.myWebsites.commons.stats.enable = true; 29 services.myWebsites.commons.stats.enable = true;
30 services.myWebsites.commons.stats.sites = [ 30 services.myWebsites.commons.stats.sites = [
31 { 31 {
@@ -58,7 +58,7 @@ in {
58 }; 58 };
59 }) 59 })
60 (lib.mkIf cfg.integration.enable { 60 (lib.mkIf cfg.integration.enable {
61 mySecrets.keys = piedsjaloux_dev.keys; 61 secrets.keys = piedsjaloux_dev.keys;
62 security.acme.certs."eldiron".extraDomains."piedsjaloux.immae.eu" = null; 62 security.acme.certs."eldiron".extraDomains."piedsjaloux.immae.eu" = null;
63 services.myPhpfpm.preStart.piedsjaloux_dev = piedsjaloux_dev.phpFpm.preStart; 63 services.myPhpfpm.preStart.piedsjaloux_dev = piedsjaloux_dev.phpFpm.preStart;
64 services.myPhpfpm.serviceDependencies.piedsjaloux_dev = piedsjaloux_dev.phpFpm.serviceDeps; 64 services.myPhpfpm.serviceDependencies.piedsjaloux_dev = piedsjaloux_dev.phpFpm.serviceDeps;
diff --git a/nixops/modules/websites/tellesflorian/default.nix b/nixops/modules/websites/tellesflorian/default.nix
index 16d788f..f86b0c5 100644
--- a/nixops/modules/websites/tellesflorian/default.nix
+++ b/nixops/modules/websites/tellesflorian/default.nix
@@ -16,7 +16,7 @@ in {
16 }; 16 };
17 17
18 config = lib.mkIf cfg.integration.enable { 18 config = lib.mkIf cfg.integration.enable {
19 mySecrets.keys = tellesflorian_dev.keys; 19 secrets.keys = tellesflorian_dev.keys;
20 security.acme.certs."eldiron".extraDomains."app.tellesflorian.com" = null; 20 security.acme.certs."eldiron".extraDomains."app.tellesflorian.com" = null;
21 services.myPhpfpm.preStart.tellesflorian_dev = tellesflorian_dev.phpFpm.preStart; 21 services.myPhpfpm.preStart.tellesflorian_dev = tellesflorian_dev.phpFpm.preStart;
22 services.myPhpfpm.serviceDependencies.tellesflorian_dev = tellesflorian_dev.phpFpm.serviceDeps; 22 services.myPhpfpm.serviceDependencies.tellesflorian_dev = tellesflorian_dev.phpFpm.serviceDeps;
diff --git a/nixops/modules/websites/tools/cloud.nix b/nixops/modules/websites/tools/cloud.nix
index a7fcd61..8af2914 100644
--- a/nixops/modules/websites/tools/cloud.nix
+++ b/nixops/modules/websites/tools/cloud.nix
@@ -80,7 +80,7 @@ in {
80 ]; 80 ];
81 }; 81 };
82 82
83 mySecrets.keys = [{ 83 secrets.keys = [{
84 dest = "webapps/tools-nextcloud"; 84 dest = "webapps/tools-nextcloud";
85 user = "wwwrun"; 85 user = "wwwrun";
86 group = "wwwrun"; 86 group = "wwwrun";
diff --git a/nixops/modules/websites/tools/dav/default.nix b/nixops/modules/websites/tools/dav/default.nix
index c24f8db..bf5e412 100644
--- a/nixops/modules/websites/tools/dav/default.nix
+++ b/nixops/modules/websites/tools/dav/default.nix
@@ -29,7 +29,7 @@ in {
29 config = lib.mkIf cfg.enable { 29 config = lib.mkIf cfg.enable {
30 security.acme.certs."eldiron".extraDomains."dav.immae.eu" = null; 30 security.acme.certs."eldiron".extraDomains."dav.immae.eu" = null;
31 31
32 mySecrets.keys = davical.keys; 32 secrets.keys = davical.keys;
33 services.myWebsites.tools.modules = davical.apache.modules; 33 services.myWebsites.tools.modules = davical.apache.modules;
34 34
35 services.myWebsites.tools.vhostConfs.dav = { 35 services.myWebsites.tools.vhostConfs.dav = {
diff --git a/nixops/modules/websites/tools/diaspora.nix b/nixops/modules/websites/tools/diaspora.nix
index 53989b7..1088e71 100644
--- a/nixops/modules/websites/tools/diaspora.nix
+++ b/nixops/modules/websites/tools/diaspora.nix
@@ -35,7 +35,7 @@ in {
35 }; 35 };
36 36
37 users.groups.diaspora.gid = config.ids.gids.diaspora; 37 users.groups.diaspora.gid = config.ids.gids.diaspora;
38 mySecrets.keys = [ 38 secrets.keys = [
39 { 39 {
40 dest = "webapps/diaspora/diaspora.yml"; 40 dest = "webapps/diaspora/diaspora.yml";
41 user = "diaspora"; 41 user = "diaspora";
diff --git a/nixops/modules/websites/tools/ether.nix b/nixops/modules/websites/tools/ether.nix
index 1c952af..80472f0 100644
--- a/nixops/modules/websites/tools/ether.nix
+++ b/nixops/modules/websites/tools/ether.nix
@@ -14,7 +14,7 @@ in {
14 }; 14 };
15 15
16 config = lib.mkIf cfg.enable { 16 config = lib.mkIf cfg.enable {
17 mySecrets.keys = [ 17 secrets.keys = [
18 { 18 {
19 dest = "webapps/tools-etherpad-apikey"; 19 dest = "webapps/tools-etherpad-apikey";
20 permissions = "0400"; 20 permissions = "0400";
diff --git a/nixops/modules/websites/tools/git/default.nix b/nixops/modules/websites/tools/git/default.nix
index e7dbd6f..799c180 100644
--- a/nixops/modules/websites/tools/git/default.nix
+++ b/nixops/modules/websites/tools/git/default.nix
@@ -16,7 +16,7 @@ in {
16 config = lib.mkIf cfg.enable { 16 config = lib.mkIf cfg.enable {
17 security.acme.certs."eldiron".extraDomains."git.immae.eu" = null; 17 security.acme.certs."eldiron".extraDomains."git.immae.eu" = null;
18 18
19 mySecrets.keys = mantisbt.keys; 19 secrets.keys = mantisbt.keys;
20 services.myWebsites.tools.modules = 20 services.myWebsites.tools.modules =
21 gitweb.apache.modules ++ 21 gitweb.apache.modules ++
22 mantisbt.apache.modules; 22 mantisbt.apache.modules;
diff --git a/nixops/modules/websites/tools/mastodon.nix b/nixops/modules/websites/tools/mastodon.nix
index 3279cf8..c461bec 100644
--- a/nixops/modules/websites/tools/mastodon.nix
+++ b/nixops/modules/websites/tools/mastodon.nix
@@ -16,7 +16,7 @@ in {
16 }; 16 };
17 17
18 config = lib.mkIf cfg.enable { 18 config = lib.mkIf cfg.enable {
19 mySecrets.keys = [{ 19 secrets.keys = [{
20 dest = "webapps/tools-mastodon"; 20 dest = "webapps/tools-mastodon";
21 user = "mastodon"; 21 user = "mastodon";
22 group = "mastodon"; 22 group = "mastodon";
diff --git a/nixops/modules/websites/tools/mediagoblin.nix b/nixops/modules/websites/tools/mediagoblin.nix
index bdb8323..bf45e8e 100644
--- a/nixops/modules/websites/tools/mediagoblin.nix
+++ b/nixops/modules/websites/tools/mediagoblin.nix
@@ -9,7 +9,7 @@ in {
9 }; 9 };
10 10
11 config = lib.mkIf cfg.enable { 11 config = lib.mkIf cfg.enable {
12 mySecrets.keys = [{ 12 secrets.keys = [{
13 dest = "webapps/tools-mediagoblin"; 13 dest = "webapps/tools-mediagoblin";
14 user = "mediagoblin"; 14 user = "mediagoblin";
15 group = "mediagoblin"; 15 group = "mediagoblin";
diff --git a/nixops/modules/websites/tools/peertube.nix b/nixops/modules/websites/tools/peertube.nix
index 9a56a85..ab5e08a 100644
--- a/nixops/modules/websites/tools/peertube.nix
+++ b/nixops/modules/websites/tools/peertube.nix
@@ -16,7 +16,7 @@ in {
16 }; 16 };
17 users.users.peertube.extraGroups = [ "keys" ]; 17 users.users.peertube.extraGroups = [ "keys" ];
18 18
19 mySecrets.keys = [{ 19 secrets.keys = [{
20 dest = "webapps/tools-peertube"; 20 dest = "webapps/tools-peertube";
21 user = "peertube"; 21 user = "peertube";
22 group = "peertube"; 22 group = "peertube";
diff --git a/nixops/modules/websites/tools/tools/default.nix b/nixops/modules/websites/tools/tools/default.nix
index addb2c3..7a14e12 100644
--- a/nixops/modules/websites/tools/tools/default.nix
+++ b/nixops/modules/websites/tools/tools/default.nix
@@ -49,7 +49,7 @@ in {
49 security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null; 49 security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
50 security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null; 50 security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;
51 51
52 mySecrets.keys = 52 secrets.keys =
53 kanboard.keys 53 kanboard.keys
54 ++ ldap.keys 54 ++ ldap.keys
55 ++ roundcubemail.keys 55 ++ roundcubemail.keys