1 files changed, 12 insertions, 12 deletions
diff --git a/modules/private/buildbot/default.nix b/modules/private/buildbot/default.nix
index ea0bef6..903f453 100644
--- a/modules/private/buildbot/default.nix
+++ b/modules/private/buildbot/default.nix
@@ -42,7 +42,7 @@ in
    };
    services.websites.env.tools.watchPaths = lib.attrsets.mapAttrsToList
-      (k: project: "/var/secrets/buildbot/${project.name}/webhook-httpd-include")
+      (k: project: config.secrets.fullPaths."buildbot/${project.name}/webhook-httpd-include")
      config.myEnv.buildbot.projects;
    services.websites.env.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: ''
@@ -62,7 +62,7 @@ in
          <RequireAny>
            Require local
            Require ldap-group cn=users,ou=${project.name},cn=buildbot,ou=services,dc=immae,dc=eu
-            Include /var/secrets/buildbot/${project.name}/webhook-httpd-include
+            Include ${config.secrets.fullPaths."buildbot/${project.name}/webhook-httpd-include"}
          </RequireAny>
        </Location>
        '') config.myEnv.buildbot.projects;
@@ -146,11 +146,11 @@ in
    services.filesWatcher = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
      restart = true;
      paths = [
-        "/var/secrets/buildbot/ldap"
+        config.secrets.fullPaths."buildbot/ldap"
-        "/var/secrets/buildbot/worker_password"
+        config.secrets.fullPaths."buildbot/worker_password"
-        "/var/secrets/buildbot/ssh_key"
+        config.secrets.fullPaths."buildbot/ssh_key"
-        "/var/secrets/buildbot/${project.name}/environment_file"
+        config.secrets.fullPaths."buildbot/${project.name}/environment_file"
-      ] ++ lib.attrsets.mapAttrsToList (k: v: "/var/secrets/buildbot/${project.name}/${k}") project.secrets;
+      ] ++ lib.attrsets.mapAttrsToList (k: v: config.secrets.fullPaths."buildbot/${project.name}/${k}") project.secrets;
    }) config.myEnv.buildbot.projects;
    systemd.slices.buildbot = {
@@ -206,13 +206,13 @@ in
      fi
      ln -sf ${tac_file} ${varDir}/${project.name}/buildbot.tac
      # different buildbots may be trying that simultaneously, add the || true to avoid complaining in case of race
-      install -Dm600 -o buildbot -g buildbot -T /var/secrets/buildbot/ssh_key ${varDir}/buildbot_key || true
+      install -Dm600 -o buildbot -g buildbot -T ${config.secrets.fullPaths."buildbot/ssh_key"} ${varDir}/buildbot_key || true
      buildbot_secrets=${varDir}/${project.name}/secrets
      install -m 0700 -o buildbot -g buildbot -d $buildbot_secrets
-      install -Dm600 -o buildbot -g buildbot -T /var/secrets/buildbot/ldap $buildbot_secrets/ldap
+      install -Dm600 -o buildbot -g buildbot -T ${config.secrets.fullPaths."buildbot/ldap"} $buildbot_secrets/ldap
-      install -Dm600 -o buildbot -g buildbot -T /var/secrets/buildbot/worker_password $buildbot_secrets/worker_password
+      install -Dm600 -o buildbot -g buildbot -T ${config.secrets.fullPaths."buildbot/worker_password"} $buildbot_secrets/worker_password
      ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList
-        (k: v: "install -Dm600 -o buildbot -g buildbot -T /var/secrets/buildbot/${project.name}/${k} $buildbot_secrets/${k}") project.secrets
+        (k: v: "install -Dm600 -o buildbot -g buildbot -T ${config.secrets.fullPaths."buildbot/${project.name}/${k}"} $buildbot_secrets/${k}") project.secrets
      )}
      ${buildbot}/bin/buildbot upgrade-master ${varDir}/${project.name}
      '';
@@ -247,7 +247,7 @@ in
        SupplementaryGroups = "keys";
        WorkingDirectory = "${varDir}/${project.name}";
        ExecStart = "${buildbot}/bin/buildbot start";
-        EnvironmentFile = "/var/secrets/buildbot/${project.name}/environment_file";
+        EnvironmentFile = config.secrets.fullPaths."buildbot/${project.name}/environment_file";
      };
    }) config.myEnv.buildbot.projects;
  };

diff --git a/modules/private/buildbot/default.nix b/modules/private/buildbot/default.nix index ea0bef6..903f453 100644 --- a/modules/private/buildbot/default.nix +++ b/modules/private/buildbot/default.nix
@@ -42,7 +42,7 @@ in
42	};	42	};
43		43
44	services.websites.env.tools.watchPaths = lib.attrsets.mapAttrsToList	44	services.websites.env.tools.watchPaths = lib.attrsets.mapAttrsToList
45	(k: project: "/var/secrets/buildbot/${project.name}/webhook-httpd-include")	45	(k: project: config.secrets.fullPaths."buildbot/${project.name}/webhook-httpd-include")
46	config.myEnv.buildbot.projects;	46	config.myEnv.buildbot.projects;
47		47
48	services.websites.env.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: ''	48	services.websites.env.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: ''
@@ -62,7 +62,7 @@ in
62	<RequireAny>	62	<RequireAny>
63	Require local	63	Require local
64	Require ldap-group cn=users,ou=${project.name},cn=buildbot,ou=services,dc=immae,dc=eu	64	Require ldap-group cn=users,ou=${project.name},cn=buildbot,ou=services,dc=immae,dc=eu
65	Include /var/secrets/buildbot/${project.name}/webhook-httpd-include	65	Include ${config.secrets.fullPaths."buildbot/${project.name}/webhook-httpd-include"}
66	</RequireAny>	66	</RequireAny>
67	</Location>	67	</Location>
68	'') config.myEnv.buildbot.projects;	68	'') config.myEnv.buildbot.projects;
@@ -146,11 +146,11 @@ in
146	services.filesWatcher = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {	146	services.filesWatcher = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
147	restart = true;	147	restart = true;
148	paths = [	148	paths = [
149	"/var/secrets/buildbot/ldap"	149	config.secrets.fullPaths."buildbot/ldap"
150	"/var/secrets/buildbot/worker_password"	150	config.secrets.fullPaths."buildbot/worker_password"
151	"/var/secrets/buildbot/ssh_key"	151	config.secrets.fullPaths."buildbot/ssh_key"
152	"/var/secrets/buildbot/${project.name}/environment_file"	152	config.secrets.fullPaths."buildbot/${project.name}/environment_file"
153	] ++ lib.attrsets.mapAttrsToList (k: v: "/var/secrets/buildbot/${project.name}/${k}") project.secrets;	153	] ++ lib.attrsets.mapAttrsToList (k: v: config.secrets.fullPaths."buildbot/${project.name}/${k}") project.secrets;
154	}) config.myEnv.buildbot.projects;	154	}) config.myEnv.buildbot.projects;
155		155
156	systemd.slices.buildbot = {	156	systemd.slices.buildbot = {
@@ -206,13 +206,13 @@ in
206	fi	206	fi
207	ln -sf ${tac_file} ${varDir}/${project.name}/buildbot.tac	207	ln -sf ${tac_file} ${varDir}/${project.name}/buildbot.tac
208	# different buildbots may be trying that simultaneously, add the \|\| true to avoid complaining in case of race	208	# different buildbots may be trying that simultaneously, add the \|\| true to avoid complaining in case of race
209	install -Dm600 -o buildbot -g buildbot -T /var/secrets/buildbot/ssh_key ${varDir}/buildbot_key \|\| true	209	install -Dm600 -o buildbot -g buildbot -T ${config.secrets.fullPaths."buildbot/ssh_key"} ${varDir}/buildbot_key \|\| true
210	buildbot_secrets=${varDir}/${project.name}/secrets	210	buildbot_secrets=${varDir}/${project.name}/secrets
211	install -m 0700 -o buildbot -g buildbot -d $buildbot_secrets	211	install -m 0700 -o buildbot -g buildbot -d $buildbot_secrets
212	install -Dm600 -o buildbot -g buildbot -T /var/secrets/buildbot/ldap $buildbot_secrets/ldap	212	install -Dm600 -o buildbot -g buildbot -T ${config.secrets.fullPaths."buildbot/ldap"} $buildbot_secrets/ldap
213	install -Dm600 -o buildbot -g buildbot -T /var/secrets/buildbot/worker_password $buildbot_secrets/worker_password	213	install -Dm600 -o buildbot -g buildbot -T ${config.secrets.fullPaths."buildbot/worker_password"} $buildbot_secrets/worker_password
214	${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList	214	${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList
215	(k: v: "install -Dm600 -o buildbot -g buildbot -T /var/secrets/buildbot/${project.name}/${k} $buildbot_secrets/${k}") project.secrets	215	(k: v: "install -Dm600 -o buildbot -g buildbot -T ${config.secrets.fullPaths."buildbot/${project.name}/${k}"} $buildbot_secrets/${k}") project.secrets
216	)}	216	)}
217	${buildbot}/bin/buildbot upgrade-master ${varDir}/${project.name}	217	${buildbot}/bin/buildbot upgrade-master ${varDir}/${project.name}
218	'';	218	'';
@@ -247,7 +247,7 @@ in
247	SupplementaryGroups = "keys";	247	SupplementaryGroups = "keys";
248	WorkingDirectory = "${varDir}/${project.name}";	248	WorkingDirectory = "${varDir}/${project.name}";
249	ExecStart = "${buildbot}/bin/buildbot start";	249	ExecStart = "${buildbot}/bin/buildbot start";
250	EnvironmentFile = "/var/secrets/buildbot/${project.name}/environment_file";	250	EnvironmentFile = config.secrets.fullPaths."buildbot/${project.name}/environment_file";
251	};	251	};
252	}) config.myEnv.buildbot.projects;	252	}) config.myEnv.buildbot.projects;
253	};	253	};