projects / perso / Immae / Config / Nix.git / blame
| Commit | Line | Data |
|---|---|---|
| 27da4e10 IB |
1 | { lib, config, pkgs, ... }: |
| 2 | let | |
| 3 | cfg = config.myServices.websites.nicecoop.copanier; | |
| 4 | pcfg = config.myEnv.websites.nicecoop.copanier; | |
| 5 | hostname = "copanier.nc.immae.dev"; | |
| 6 | socket = "/run/nicecoop_copanier/socket.sock"; | |
| 7 | in { | |
| 8 | options.myServices.websites.nicecoop.copanier.enable = lib.mkEnableOption "enable nicecoop's copanier website"; | |
| 9 | ||
| 10 | config = lib.mkIf cfg.enable { | |
| 11 | services.websites.env.integration.vhostConfs.nicecoop_copanier = { | |
| 12 | certName = "integration"; | |
| 13 | addToCerts = true; | |
| 14 | hosts = [ hostname ]; | |
| 15 | root = null; | |
| 16 | extraConfig = [ | |
| 17 | '' | |
| 18 | ProxyPreserveHost on | |
| 19 | ProxyVia On | |
| 20 | ProxyRequests Off | |
| 21 | ProxyPassMatch ^/.well-known/acme-challenge ! | |
| 22 | ProxyPassMatch ^/static ! | |
| 23 | ProxyPass / unix://${socket}|http://${hostname}/ | |
| 24 | ProxyPassReverse / unix://${socket}|http://${hostname}/ | |
| 25 | Alias /static ${pkgs.webapps.copanier}/${pkgs.webapps.copanier.python.sitePackages}/copanier/static | |
| 26 | <Directory ${pkgs.webapps.copanier}/${pkgs.webapps.copanier.python.sitePackages}/copanier/static> | |
| 27 | AllowOverride None | |
| 28 | Require all granted | |
| 29 | </Directory> | |
| 30 | '' | |
| 31 | ]; | |
| 32 | }; | |
| 33 | ||
| 34 | secrets.keys."websites/nicecoop/copanier" = { | |
| 35 | user = "wwwrun"; | |
| 36 | group = "wwwrun"; | |
| 37 | permissions = "0400"; | |
| 38 | text = '' | |
| 39 | COPANIER_DATA_ROOT=/var/lib/nicecoop_copanier | |
| 40 | COPANIER_SITE_URL=https://${hostname} | |
| 41 | COPANIER_SITE_NAME=Copanier Nicecoop | |
| 42 | COPANIER_SITE_DESCRIPTION=Copanier | |
| 43 | COPANIER_XLSX_FILENAME=produits | |
| 44 | COPANIER_SEND_EMAILS=True | |
| 45 | COPANIER_SMTP_HOST=${pcfg.smtp.host} | |
| 46 | COPANIER_SMTP_PASSWORD=${pcfg.smtp.password} | |
| 47 | COPANIER_SMTP_LOGIN=${pcfg.smtp.email} | |
| 48 | COPANIER_FROM_EMAIL=${pcfg.smtp.email} | |
| 49 | COPANIER_EMAIL_SIGNATURE=Nicecoop | |
| 50 | COPANIER_STAFF=${builtins.concatStringsSep " " pcfg.staff} | |
| 51 | ''; | |
| 52 | }; | |
| 53 | systemd.services.nicecoop-copanier = { | |
| 54 | description = "Nicecoop Copanier website"; | |
| 55 | after = [ "network.target" ]; | |
| 56 | wantedBy = [ "multi-user.target" ]; | |
| 57 | ||
| 58 | serviceConfig = { | |
| 59 | EnvironmentFile = config.secrets.fullPaths."websites/nicecoop/copanier"; | |
| 60 | Type = "simple"; | |
| 61 | ExecStart = let | |
| 62 | python = pkgs.webapps.copanier.python.withPackages (p: [ p.gunicorn p.uvloop pkgs.webapps.copanier ]); | |
| 63 | in | |
| 64 | "${python}/bin/gunicorn -k roll.worker.Worker copanier:app --bind unix:${socket}"; | |
| 65 | User = "wwwrun"; | |
| 66 | Restart = "always"; | |
| 67 | RestartSec = "5s"; | |
| 68 | StandardOutput = "journal"; | |
| 69 | StandardError = "inherit"; | |
| 70 | StateDirectory = "nicecoop_copanier"; | |
| 71 | RuntimeDirectory = "nicecoop_copanier"; | |
| 72 | }; | |
| 73 | }; | |
| 74 | ||
| 75 | }; | |
| 76 | } | |
| 77 |