From 4a65e38be86fb755b0ab57027b0d3b7d28c9b096 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Mon, 15 Apr 2019 01:42:17 +0200 Subject: Move peertube configuration to secure location Related issue: https://git.immae.eu/mantisbt/view.php?id=122 --- nixops/modules/websites/tools/peertube/default.nix | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) (limited to 'nixops/modules/websites/tools/peertube/default.nix') diff --git a/nixops/modules/websites/tools/peertube/default.nix b/nixops/modules/websites/tools/peertube/default.nix index c4f3817..dbdeb76 100644 --- a/nixops/modules/websites/tools/peertube/default.nix +++ b/nixops/modules/websites/tools/peertube/default.nix @@ -29,8 +29,8 @@ in { systemd.services.peertube = { description = "Peertube"; wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "postgresql.service" ]; - wants = [ "postgresql.service" ]; + after = [ "network.target" "postgresql.service" "tools-peertube-key.service" ]; + wants = [ "postgresql.service" "tools-peertube-key.service" ]; environment.NODE_CONFIG_DIR = "${peertube.varDir}/config"; environment.NODE_ENV = "production"; @@ -57,12 +57,20 @@ in { unitConfig.RequiresMountsFor = peertube.varDir; }; + deployment.keys.tools-peertube = { + destDir = "/run/keys/webapps"; + user = "peertube"; + group = "peertube"; + permissions = "0700"; + text = peertube.config; + }; + system.activationScripts.peertube = { deps = [ "users" ]; text = '' - install -m 0755 -o peertube -g peertube -d ${peertube.varDir} - install -m 0755 -o peertube -g peertube -d ${peertube.varDir}/config - install -m 0644 -o peertube -g peertube -T ${peertube.config} ${peertube.varDir}/config/production.yaml + install -m 0750 -o peertube -g peertube -d ${peertube.varDir} + install -m 0750 -o peertube -g peertube -d ${peertube.varDir}/config + install -m 0640 -o peertube -g peertube -T /run/keys/webapps/tools-peertube ${peertube.varDir}/config/production.yaml ''; }; -- cgit v1.2.3