From 17f6eae9907a122d4472da727ae8b1ac1c40c027 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Sat, 1 Jun 2019 00:01:46 +0200 Subject: Add a filesWatcher service to restart them when secrets change --- modules/private/websites/aten/integration.nix | 3 +++ modules/private/websites/aten/production.nix | 4 +++- modules/private/websites/chloe/integration.nix | 3 +++ modules/private/websites/chloe/production.nix | 3 +++ modules/private/websites/connexionswing/integration.nix | 4 ++++ modules/private/websites/connexionswing/production.nix | 4 ++++ modules/private/websites/default.nix | 4 ++++ modules/private/websites/florian/app.nix | 4 ++++ modules/private/websites/ludivinecassal/integration.nix | 4 ++++ modules/private/websites/ludivinecassal/production.nix | 4 ++++ modules/private/websites/tools/diaspora/default.nix | 5 +++++ modules/private/websites/tools/ether/default.nix | 5 +++++ modules/private/websites/tools/mastodon/default.nix | 13 +++++++++++++ modules/private/websites/tools/mgoblin/default.nix | 8 ++++++++ modules/private/websites/tools/peertube/default.nix | 5 +++++ modules/private/websites/tools/tools/default.nix | 12 ++++++++++++ 16 files changed, 84 insertions(+), 1 deletion(-) (limited to 'modules/private/websites') diff --git a/modules/private/websites/aten/integration.nix b/modules/private/websites/aten/integration.nix index 748e388..384b324 100644 --- a/modules/private/websites/aten/integration.nix +++ b/modules/private/websites/aten/integration.nix @@ -27,6 +27,9 @@ in { root = aten.apache.root; extraConfig = [ aten.apache.vhostConf ]; }; + services.websites.integration.watchPaths = [ + "/var/secrets/webapps/${aten.app.environment}-aten" + ]; }; } diff --git a/modules/private/websites/aten/production.nix b/modules/private/websites/aten/production.nix index 7a4adb5..1a55e8a 100644 --- a/modules/private/websites/aten/production.nix +++ b/modules/private/websites/aten/production.nix @@ -29,6 +29,8 @@ in { root = aten.apache.root; extraConfig = [ aten.apache.vhostConf ]; }; + services.websites.production.watchPaths = [ + "/var/secrets/webapps/${aten.app.environment}-aten" + ]; }; } - diff --git a/modules/private/websites/chloe/integration.nix b/modules/private/websites/chloe/integration.nix index c42a428..25ec4db 100644 --- a/modules/private/websites/chloe/integration.nix +++ b/modules/private/websites/chloe/integration.nix @@ -32,5 +32,8 @@ in { root = chloe.apache.root; extraConfig = [ chloe.apache.vhostConf ]; }; + services.websites.integration.watchPaths = [ + "/var/secrets/webapps/${chloe.app.environment}-chloe" + ]; }; } diff --git a/modules/private/websites/chloe/production.nix b/modules/private/websites/chloe/production.nix index 0bf2d8f..6e0c34d 100644 --- a/modules/private/websites/chloe/production.nix +++ b/modules/private/websites/chloe/production.nix @@ -34,5 +34,8 @@ in { root = chloe.apache.root; extraConfig = [ chloe.apache.vhostConf ]; }; + services.websites.production.watchPaths = [ + "/var/secrets/webapps/${chloe.app.environment}-chloe" + ]; }; } diff --git a/modules/private/websites/connexionswing/integration.nix b/modules/private/websites/connexionswing/integration.nix index 1d8488a..7d77ac7 100644 --- a/modules/private/websites/connexionswing/integration.nix +++ b/modules/private/websites/connexionswing/integration.nix @@ -31,6 +31,10 @@ in { root = connexionswing.apache.root; extraConfig = [ connexionswing.apache.vhostConf ]; }; + services.filesWatcher.phpfpm-connexionswing_dev = { + restart = true; + paths = [ "/var/secrets/webapps/${connexionswing.app.environment}-connexionswing" ]; + }; }; } diff --git a/modules/private/websites/connexionswing/production.nix b/modules/private/websites/connexionswing/production.nix index 555f129..f4cb377 100644 --- a/modules/private/websites/connexionswing/production.nix +++ b/modules/private/websites/connexionswing/production.nix @@ -33,6 +33,10 @@ in { root = connexionswing.apache.root; extraConfig = [ connexionswing.apache.vhostConf ]; }; + services.filesWatcher.phpfpm-connexionswing_prod = { + restart = true; + paths = [ "/var/secrets/webapps/${connexionswing.app.environment}-connexionswing" ]; + }; }; } diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix index 8b02977..c3d941c 100644 --- a/modules/private/websites/default.nix +++ b/modules/private/websites/default.nix @@ -138,6 +138,10 @@ in ''; }; + services.filesWatcher.httpdProd.paths = [ "/var/secrets/apache-ldap" ]; + services.filesWatcher.httpdInte.paths = [ "/var/secrets/apache-ldap" ]; + services.filesWatcher.httpdTools.paths = [ "/var/secrets/apache-ldap" ]; + services.websites.production = { enable = true; adminAddr = "httpd@immae.eu"; diff --git a/modules/private/websites/florian/app.nix b/modules/private/websites/florian/app.nix index 3a6d152..55fb3cb 100644 --- a/modules/private/websites/florian/app.nix +++ b/modules/private/websites/florian/app.nix @@ -32,5 +32,9 @@ in { adminer.apache.vhostConf ]; }; + services.filesWatcher.phpfpm-tellesflorian_dev = { + restart = true; + paths = [ "/var/secrets/webapps/${tellesflorian.app.environment}-tellesflorian" ]; + }; }; } diff --git a/modules/private/websites/ludivinecassal/integration.nix b/modules/private/websites/ludivinecassal/integration.nix index ed0dc9f..f0ef3a6 100644 --- a/modules/private/websites/ludivinecassal/integration.nix +++ b/modules/private/websites/ludivinecassal/integration.nix @@ -28,5 +28,9 @@ in { root = ludivinecassal.apache.root; extraConfig = [ ludivinecassal.apache.vhostConf ]; }; + services.filesWatcher.phpfpm-ludivinecassal_dev = { + restart = true; + paths = [ "/var/secrets/webapps/${ludivinecassal.app.environment}-ludivinecassal" ]; + }; }; } diff --git a/modules/private/websites/ludivinecassal/production.nix b/modules/private/websites/ludivinecassal/production.nix index 3df5613..6a22d98 100644 --- a/modules/private/websites/ludivinecassal/production.nix +++ b/modules/private/websites/ludivinecassal/production.nix @@ -29,5 +29,9 @@ in { root = ludivinecassal.apache.root; extraConfig = [ ludivinecassal.apache.vhostConf ]; }; + services.filesWatcher.phpfpm-ludivinecassal_prod = { + restart = true; + paths = [ "/var/secrets/webapps/${ludivinecassal.app.environment}-ludivinecassal" ]; + }; }; } diff --git a/modules/private/websites/tools/diaspora/default.nix b/modules/private/websites/tools/diaspora/default.nix index efa1fab..6742a81 100644 --- a/modules/private/websites/tools/diaspora/default.nix +++ b/modules/private/websites/tools/diaspora/default.nix @@ -145,6 +145,11 @@ in { configDir = "/var/secrets/webapps/diaspora"; }; + services.filesWatcher.diaspora = { + restart = true; + paths = [ dcfg.configDir ]; + }; + services.websites.tools.modules = [ "headers" "proxy" "proxy_http" ]; diff --git a/modules/private/websites/tools/ether/default.nix b/modules/private/websites/tools/ether/default.nix index ebcbf61..3e68d54 100644 --- a/modules/private/websites/tools/ether/default.nix +++ b/modules/private/websites/tools/ether/default.nix @@ -133,6 +133,11 @@ in { systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys"; + services.filesWatcher.etherpad-lite = { + restart = true; + paths = [ ecfg.sessionKeyFile ecfg.apiKeyFile ecfg.configFile ]; + }; + services.websites.tools.modules = [ "headers" "proxy" "proxy_http" "proxy_wstunnel" ]; diff --git a/modules/private/websites/tools/mastodon/default.nix b/modules/private/websites/tools/mastodon/default.nix index d742a33..1a4b387 100644 --- a/modules/private/websites/tools/mastodon/default.nix +++ b/modules/private/websites/tools/mastodon/default.nix @@ -63,6 +63,19 @@ in { socketsPrefix = "live_immae"; dataDir = "/var/lib/mastodon_immae"; }; + services.filesWatcher.mastodon-streaming = { + restart = true; + paths = [ mcfg.configFile ]; + }; + services.filesWatcher.mastodon-web = { + restart = true; + paths = [ mcfg.configFile ]; + }; + services.filesWatcher.mastodon-sidekiq = { + restart = true; + paths = [ mcfg.configFile ]; + }; + services.websites.tools.modules = [ "headers" "proxy" "proxy_wstunnel" "proxy_http" diff --git a/modules/private/websites/tools/mgoblin/default.nix b/modules/private/websites/tools/mgoblin/default.nix index 5da81f6..1d398db 100644 --- a/modules/private/websites/tools/mgoblin/default.nix +++ b/modules/private/websites/tools/mgoblin/default.nix @@ -78,6 +78,14 @@ in { plugins = builtins.attrValues pkgs.webapps.mediagoblin-plugins; configFile = "/var/secrets/webapps/tools-mediagoblin"; }; + services.filesWatcher.mediagoblin-web = { + restart = true; + paths = [ mcfg.configFile ]; + }; + services.filesWatcher.mediagoblin-celeryd = { + restart = true; + paths = [ mcfg.configFile ]; + }; services.websites.tools.modules = [ "proxy" "proxy_http" diff --git a/modules/private/websites/tools/peertube/default.nix b/modules/private/websites/tools/peertube/default.nix index dee1b81..dd28530 100644 --- a/modules/private/websites/tools/peertube/default.nix +++ b/modules/private/websites/tools/peertube/default.nix @@ -153,6 +153,11 @@ in { services.websites.tools.modules = [ "headers" "proxy" "proxy_http" "proxy_wstunnel" ]; + services.filesWatcher.peertube = { + restart = true; + paths = [ pcfg.configFile ]; + }; + services.websites.tools.vhostConfs.peertube = { certName = "eldiron"; addToCerts = true; diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix index 94a2be1..d75def4 100644 --- a/modules/private/websites/tools/tools/default.nix +++ b/modules/private/websites/tools/tools/default.nix @@ -212,6 +212,11 @@ in { }; }; + services.filesWatcher.ympd = { + restart = true; + paths = [ "/var/secrets/mpd" ]; + }; + services.phpfpm.pools.roundcubemail = { listen = roundcubemail.phpFpm.socket; extraConfig = roundcubemail.phpFpm.pool; @@ -297,6 +302,13 @@ in { "${kanboard.apache.webappName}" = kanboard.webRoot; }; + services.websites.tools.watchPaths = [ + "/var/secrets/webapps/tools-wallabag" + ]; + services.filesWatcher.phpfpm-wallabag = { + restart = true; + paths = [ "/var/secrets/webapps/tools-wallabag" ]; + }; }; } -- cgit v1.2.3