From 0966f95c6968963988d7ebc846eb0e6087091acc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Sat, 30 Jan 2021 00:41:57 +0100
Subject: Move csp report credentials out of the store

---
 modules/private/websites/tools/tools/csp_reports.nix | 12 ++++++++++++
 modules/private/websites/tools/tools/default.nix     |  7 +++++--
 2 files changed, 17 insertions(+), 2 deletions(-)
 create mode 100644 modules/private/websites/tools/tools/csp_reports.nix

(limited to 'modules/private/websites/tools')

diff --git a/modules/private/websites/tools/tools/csp_reports.nix b/modules/private/websites/tools/tools/csp_reports.nix
new file mode 100644
index 0000000..4660251
--- /dev/null
+++ b/modules/private/websites/tools/tools/csp_reports.nix
@@ -0,0 +1,12 @@
+{ env }:
+rec {
+  keys = [{
+    dest = "webapps/tools-csp-reports.conf";
+    user = "wwwrun";
+    group = "wwwrun";
+    permissions = "0400";
+    text = with env.postgresql; ''
+      env[CSP_REPORT_URI] = "host=${socket} dbname=${database} user=${user} password=${password}"
+    '';
+  }];
+}
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix
index 1e30eed..7903ca5 100644
--- a/modules/private/websites/tools/tools/default.nix
+++ b/modules/private/websites/tools/tools/default.nix
@@ -55,6 +55,9 @@ let
   dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
     env = config.myEnv.tools.dmarc_reports;
   };
+  csp-reports = pkgs.callPackage ./csp_reports.nix {
+    env = config.myEnv.tools.csp_reports;
+  };
 
   landing = pkgs.callPackage ./landing.nix {};
 
@@ -74,6 +77,7 @@ in {
       ++ wallabag.keys
       ++ yourls.keys
       ++ dmarc-reports.keys
+      ++ csp-reports.keys
       ++ webhooks.keys;
 
     services.duplyBackup.profiles = {
@@ -302,11 +306,10 @@ in {
             "/run/wrappers/bin/sendmail" landing "/tmp"
             "${config.secrets.location}/webapps/webhooks"
           ];
+          "include" = "${config.secrets.location}/webapps/tools-csp-reports.conf";
         };
         phpEnv = {
           CONTACT_EMAIL = config.myEnv.tools.contact;
-          CSP_REPORT_URI = with config.myEnv.tools.csp_reports.postgresql;
-            "\"host=${socket} dbname=${database} user=${user} password=${password}\"";
         };
         phpPackage = pkgs.php72;
       };
-- 
cgit v1.2.3