From 32c84ff89c2b8931f58cea63961a178a9b1d0efe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Thu, 25 Apr 2019 09:05:46 +0200 Subject: Move etherpad mastodon mediagoblin task and peertube to new secrets --- nixops/modules/websites/tools/ether/default.nix | 10 ++++----- .../modules/websites/tools/ether/etherpad_lite.nix | 26 +++++++++++----------- 2 files changed, 18 insertions(+), 18 deletions(-) (limited to 'nixops/modules/websites/tools/ether') diff --git a/nixops/modules/websites/tools/ether/default.nix b/nixops/modules/websites/tools/ether/default.nix index 7fdcb57..0d04c36 100644 --- a/nixops/modules/websites/tools/ether/default.nix +++ b/nixops/modules/websites/tools/ether/default.nix @@ -12,12 +12,12 @@ in { }; config = lib.mkIf cfg.enable { - deployment.keys = etherpad.keys; + mySecrets.keys = etherpad.keys; systemd.services.etherpad-lite = { description = "Etherpad-lite"; wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "postgresql.service" "tools-etherpad-key.service" "tools-etherpad-apikey-key.service" "tools-etherpad-sessionkey-key.service" ]; - wants = [ "postgresql.service" "tools-etherpad-key.service" "tools-etherpad-apikey-key.service" "tools-etherpad-sessionkey-key.service" ]; + after = [ "network.target" "postgresql.service" ]; + wants = [ "postgresql.service" ]; environment.NODE_ENV = "production"; environment.HOME = etherpad.webappDir; @@ -26,7 +26,7 @@ in { script = '' exec ${pkgs.nodejs}/bin/node ${etherpad.webappDir}/src/node/server.js \ - --settings /run/keys/webapps/tools-etherpad + --settings /var/secrets/webapps/tools-etherpad ''; serviceConfig = { @@ -44,7 +44,7 @@ in { Restart = "always"; Type = "simple"; TimeoutSec = 60; - ExecStartPre = "+${pkgs.coreutils}/bin/chown etherpad-lite:etherpad-lite /run/keys/webapps/tools-etherpad /run/keys/webapps/tools-etherpad-sessionkey /run/keys/webapps/tools-etherpad-apikey"; + ExecStartPre = "+${pkgs.coreutils}/bin/chown etherpad-lite:etherpad-lite /var/secrets/webapps/tools-etherpad /var/secrets/webapps/tools-etherpad-sessionkey /var/secrets/webapps/tools-etherpad-apikey"; }; }; diff --git a/nixops/modules/websites/tools/ether/etherpad_lite.nix b/nixops/modules/websites/tools/ether/etherpad_lite.nix index 689156e..14ad565 100644 --- a/nixops/modules/websites/tools/ether/etherpad_lite.nix +++ b/nixops/modules/websites/tools/ether/etherpad_lite.nix @@ -30,19 +30,19 @@ let "ep_subscript_and_superscript" "ep_timesliderdiff" ]; - keys = { - tools-etherpad-apikey = { - destDir = "/run/keys/webapps"; + keys = [ + { + dest = "webapps/tools-etherpad-apikey"; permissions = "0400"; text = env.api_key; - }; - tools-etherpad-sessionkey = { - destDir = "/run/keys/webapps"; + } + { + dest = "webapps/tools-etherpad-sessionkey"; permissions = "0400"; text = env.session_key; - }; - tools-etherpad = { - destDir = "/run/keys/webapps"; + } + { + dest = "webapps/tools-etherpad"; permissions = "0400"; text = # Make sure we’re not rebuilding whole libreoffice just because of a @@ -144,8 +144,8 @@ let "logconfig" : { "appenders": [ { "type": "console" } ] } } ''; - }; - }; + } + ]; webappDir = stdenv.mkDerivation (fetchedGithub ./etherpad-lite.json // rec { __noChroot = true; patches = [ ./libreoffice_patch.diff ]; @@ -182,8 +182,8 @@ let install -t $out/src/ -vDm 644 src/.ep_initialized cp -a node_modules $out/ cp -a src/* $out/src/ - ln -sf /run/keys/webapps/tools-etherpad-sessionkey $out/SESSIONKEY.txt - ln -sf /run/keys/webapps/tools-etherpad-apikey $out/APIKEY.txt + ln -sf /var/secrets/webapps/tools-etherpad-sessionkey $out/SESSIONKEY.txt + ln -sf /var/secrets/webapps/tools-etherpad-apikey $out/APIKEY.txt cp ${jquery} $out/src/static/js/jquery.js mkdir $out/doc -- cgit v1.2.3