From ccdd91a78b1a6ae757db20d757ba8674dd25e0cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Thu, 25 Apr 2019 02:18:32 +0200 Subject: Move diaspora to new secrets --- nixops/modules/websites/tools/diaspora/default.nix | 8 +-- .../modules/websites/tools/diaspora/diaspora.nix | 65 +++++++++++----------- 2 files changed, 35 insertions(+), 38 deletions(-) (limited to 'nixops/modules/websites') diff --git a/nixops/modules/websites/tools/diaspora/default.nix b/nixops/modules/websites/tools/diaspora/default.nix index 5d36ce7..0a05daf 100644 --- a/nixops/modules/websites/tools/diaspora/default.nix +++ b/nixops/modules/websites/tools/diaspora/default.nix @@ -29,21 +29,15 @@ in { users.groups.diaspora.gid = config.ids.gids.diaspora; - deployment.keys = diaspora.keys; + mySecrets.keys = diaspora.keys; systemd.services.diaspora = { description = "Diaspora"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" "redis.service" "postgresql.service" - "tools-diaspora-secret_token.service" - "tools-diaspora-config.service" - "tools-diaspora-database_config.service" ]; wants = [ "redis.service" "postgresql.service" - "tools-diaspora-secret_token.service" - "tools-diaspora-config.service" - "tools-diaspora-database_config.service" ]; environment.RAILS_ENV = "production"; diff --git a/nixops/modules/websites/tools/diaspora/diaspora.nix b/nixops/modules/websites/tools/diaspora/diaspora.nix index c7af9da..01aac89 100644 --- a/nixops/modules/websites/tools/diaspora/diaspora.nix +++ b/nixops/modules/websites/tools/diaspora/diaspora.nix @@ -29,21 +29,22 @@ let }; }; }; - keys.tools-diaspora-secret_token = { - destDir = "/run/keys/webapps"; - user = "diaspora"; - group = "diaspora"; - permissions = "0400"; - text = '' - Diaspora::Application.config.secret_key_base = '${env.secret_token}' - ''; - }; - keys.tools-diaspora-config = { - destDir = "/run/keys/webapps"; - user = "diaspora"; - group = "diaspora"; - permissions = "0400"; - text = '' + keys = { + secret_token = { + dest = "webapps/tools-diaspora-secret_token"; + user = "diaspora"; + group = "diaspora"; + permissions = "0400"; + text = '' + Diaspora::Application.config.secret_key_base = '${env.secret_token}' + ''; + }; + config = { + dest = "webapps/tools-diaspora-config"; + user = "diaspora"; + group = "diaspora"; + permissions = "0400"; + text = '' configuration: environment: url: "https://diaspora.immae.eu/" @@ -115,14 +116,14 @@ let environment: development: environment: - ''; - }; - keys.tools-diaspora-database_config = { - destDir = "/run/keys/webapps"; - user = "diaspora"; - group = "diaspora"; - permissions = "0400"; - text = '' + ''; + }; + database = { + dest = "webapps/tools-diaspora-database_config"; + user = "diaspora"; + group = "diaspora"; + permissions = "0400"; + text = '' postgresql: &postgresql adapter: postgresql host: "${env.postgresql.socket}" @@ -149,7 +150,8 @@ let integration2: <<: *combined database: diaspora_integration2 - ''; + ''; + }; }; railsRoot = stdenv.mkDerivation { name = "diaspora_immae"; @@ -161,16 +163,16 @@ let cd $out chmod -R u+rwX . tar -czf public/source.tar.gz ./{app,db,lib,script,Gemfile,Gemfile.lock,Rakefile,config.ru} - ln -s ${writeText "database.yml" keys.tools-diaspora-database_config.text} config/database.yml - ln -s ${writeText "diaspora.yml" keys.tools-diaspora-config.text} config/diaspora.yml - ln -s ${writeText "secret_token.rb" keys.tools-diaspora-secret_token.text} config/initializers/secret_token.rb + ln -s ${writeText "database.yml" keys.database.text} config/database.yml + ln -s ${writeText "diaspora.yml" keys.config.text} config/diaspora.yml + ln -s ${writeText "secret_token.rb" keys.secret_token.text} config/initializers/secret_token.rb ln -sf ${varDir}/schedule.yml config/schedule.yml ln -sf ${varDir}/oidc_key.pem config/oidc_key.pem ln -sf ${varDir}/uploads public/uploads RAILS_ENV=production ${gems}/bin/rake assets:precompile - ln -sf /run/keys/webapps/tools-diaspora-database_config config/database.yml - ln -sf /run/keys/webapps/tools-diaspora-config config/diaspora.yml - ln -sf /run/keys/webapps/tools-diaspora-secret_token config/initializers/secret_token.rb + ln -sf /var/secrets/webapps/tools-diaspora-database_config config/database.yml + ln -sf /var/secrets/webapps/tools-diaspora-config config/diaspora.yml + ln -sf /var/secrets/webapps/tools-diaspora-secret_token config/initializers/secret_token.rb rm -rf tmp log ln -sf ${varDir}/tmp tmp ln -sf ${varDir}/log log @@ -179,6 +181,7 @@ let }; in { - inherit railsRoot varDir socketsDir gems keys; + inherit railsRoot varDir socketsDir gems; + keys = builtins.attrValues keys; railsSocket = "${socketsDir}/diaspora.sock"; } -- cgit v1.2.3