]>
Commit | Line | Data |
---|---|---|
a295d69f IB |
1 | { lib, config, pkgs, ... }: |
2 | let | |
3 | cfg = config.myServices.websites.denise.oms; | |
cb589b2e | 4 | varDir = "/var/lib/buildbot/outputs/denise/oms"; |
485354e5 | 5 | varDirBeta = "/var/lib/buildbot/outputs/denise/oms_beta"; |
a295d69f | 6 | socket = "/run/denise_oms/socket.sock"; |
485354e5 | 7 | socket_beta = "/run/denise_oms_beta/socket.sock"; |
a295d69f IB |
8 | in { |
9 | options.myServices.websites.denise.oms.enable = lib.mkEnableOption "enable Denise's OMS website"; | |
10 | ||
11 | config = lib.mkIf cfg.enable { | |
12 | services.websites.env.production.vhostConfs.denise_oms = { | |
13 | certName = "denise"; | |
14 | addToCerts = true; | |
15 | hosts = [ "oms.syanni.eu" ]; | |
16 | root = null; | |
17 | extraConfig = [ | |
18 | '' | |
19 | ProxyPreserveHost on | |
20 | ProxyVia On | |
21 | ProxyRequests Off | |
22 | ProxyPassMatch ^/.well-known/acme-challenge ! | |
23 | ProxyPass / unix://${socket}|http://oms.syanni.eu/ | |
24 | ProxyPassReverse / unix://${socket}|http://oms.syanni.eu/ | |
25 | '' | |
26 | ]; | |
27 | }; | |
28 | ||
29 | systemd.services.denise-oms = { | |
30 | description = "Denise OMS website"; | |
31 | after = [ "network.target" ]; | |
32 | wantedBy = [ "multi-user.target" ]; | |
33 | ||
34 | serviceConfig = { | |
35 | Type = "simple"; | |
36 | WorkingDirectory = varDir; | |
37 | ExecStart = let | |
e34b3079 | 38 | python = pkgs.python39.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]); |
a295d69f IB |
39 | in |
40 | "${python}/bin/gunicorn -w4 -p /run/denise_oms/gunicorn.pid --bind unix:${socket} app:app"; | |
ecd9a306 | 41 | User = "wwwrun"; |
a295d69f IB |
42 | Restart = "always"; |
43 | RestartSec = "5s"; | |
44 | PIDFile = "/run/denise_oms/gunicorn.pid"; | |
45 | RuntimeDirectory = "denise_oms"; | |
46 | StandardOutput = "journal"; | |
47 | StandardError = "inherit"; | |
48 | }; | |
49 | }; | |
485354e5 | 50 | |
ecd9a306 IB |
51 | security.sudo.extraRules = [ |
52 | { | |
53 | commands = [ | |
54 | { options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-oms-beta.service"; } | |
55 | { options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-oms.service"; } | |
56 | ]; | |
57 | users = ["buildbot"]; | |
58 | runAs = "root"; | |
59 | } | |
60 | ]; | |
485354e5 | 61 | services.websites.env.integration.vhostConfs.denise_oms_beta = { |
2ff9258e | 62 | certName = "integration"; |
485354e5 IB |
63 | addToCerts = true; |
64 | hosts = [ "beta.oms.syanni.eu" ]; | |
65 | root = null; | |
66 | extraConfig = [ | |
67 | '' | |
68 | ProxyPreserveHost on | |
69 | ProxyVia On | |
70 | ProxyRequests Off | |
71 | ProxyPassMatch ^/.well-known/acme-challenge ! | |
72 | ProxyPass / unix://${socket_beta}|http://beta.oms.syanni.eu/ | |
73 | ProxyPassReverse / unix://${socket_beta}|http://beta.oms.syanni.eu/ | |
74 | '' | |
75 | ]; | |
76 | }; | |
77 | ||
78 | systemd.services.denise-oms-beta = { | |
79 | description = "Denise OMS beta website"; | |
80 | after = [ "network.target" ]; | |
81 | wantedBy = [ "multi-user.target" ]; | |
82 | ||
83 | serviceConfig = { | |
84 | Type = "simple"; | |
85 | WorkingDirectory = varDirBeta; | |
86 | ExecStart = let | |
e34b3079 | 87 | python = pkgs.python39.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]); |
485354e5 IB |
88 | in |
89 | "${python}/bin/gunicorn -w4 -p /run/denise_oms_beta/gunicorn.pid --bind unix:${socket_beta} app:app"; | |
ecd9a306 | 90 | User = "wwwrun"; |
485354e5 IB |
91 | Restart = "always"; |
92 | RestartSec = "5s"; | |
93 | PIDFile = "/run/denise_oms_beta/gunicorn.pid"; | |
94 | RuntimeDirectory = "denise_oms_beta"; | |
95 | StandardOutput = "journal"; | |
96 | StandardError = "inherit"; | |
97 | }; | |
98 | }; | |
a295d69f IB |
99 | }; |
100 | } |