]>
Commit | Line | Data |
---|---|---|
9d90e7e2 | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
56eba416 IB |
2 | let |
3 | mediagoblin = pkgs.callPackage ./mediagoblin.nix { | |
9d90e7e2 IB |
4 | inherit (mylibs) fetchedGit fetchedGithub; |
5 | env = myconfig.env.tools.mediagoblin; | |
56eba416 IB |
6 | }; |
7 | ||
8 | cfg = config.services.myWebsites.tools.mediagoblin; | |
9 | in { | |
10 | options.services.myWebsites.tools.mediagoblin = { | |
11 | enable = lib.mkEnableOption "enable mediagoblin's website"; | |
12 | }; | |
13 | ||
14 | config = lib.mkIf cfg.enable { | |
32c84ff8 | 15 | mySecrets.keys = mediagoblin.keys; |
3b075825 IB |
16 | ids.uids.mediagoblin = myconfig.env.tools.mediagoblin.user.uid; |
17 | ids.gids.mediagoblin = myconfig.env.tools.mediagoblin.user.gid; | |
56eba416 IB |
18 | |
19 | users.users.mediagoblin = { | |
20 | name = "mediagoblin"; | |
21 | uid = config.ids.uids.mediagoblin; | |
22 | group = "mediagoblin"; | |
23 | description = "Mediagoblin user"; | |
24 | home = mediagoblin.varDir; | |
25 | useDefaultShell = true; | |
51900e34 | 26 | extraGroups = [ "keys" ]; |
56eba416 IB |
27 | }; |
28 | ||
29 | users.groups.mediagoblin.gid = config.ids.gids.mediagoblin; | |
30 | ||
31 | systemd.services.mediagoblin-web = { | |
32 | description = "Mediagoblin service"; | |
33 | wantedBy = [ "multi-user.target" ]; | |
32c84ff8 IB |
34 | after = [ "network.target" ]; |
35 | wants = [ "postgresql.service" "redis.service" ]; | |
56eba416 IB |
36 | |
37 | environment.SCRIPT_NAME = "/mediagoblin/"; | |
38 | ||
39 | script = '' | |
40 | exec ./bin/paster serve \ | |
41 | ${mediagoblin.pythonRoot}/paste_local.ini \ | |
42 | --pid-file=${mediagoblin.socketsDir}/mediagoblin.pid | |
43 | ''; | |
44 | ||
45 | preStop = '' | |
46 | exec ./bin/paster serve \ | |
47 | --pid-file=${mediagoblin.socketsDir}/mediagoblin.pid \ | |
48 | ${mediagoblin.pythonRoot}/paste_local.ini stop | |
49 | ''; | |
50 | preStart = '' | |
51 | ./bin/gmg dbupdate | |
52 | ''; | |
53 | ||
54 | serviceConfig = { | |
55 | User = "mediagoblin"; | |
56 | PrivateTmp = true; | |
57 | Restart = "always"; | |
58 | TimeoutSec = 15; | |
59 | Type = "simple"; | |
60 | WorkingDirectory = mediagoblin.pythonRoot; | |
61 | PIDFile = "${mediagoblin.socketsDir}/mediagoblin.pid"; | |
62 | }; | |
63 | ||
64 | unitConfig.RequiresMountsFor = mediagoblin.varDir; | |
65 | }; | |
66 | ||
67 | systemd.services.mediagoblin-celeryd = { | |
68 | description = "Mediagoblin service"; | |
69 | wantedBy = [ "multi-user.target" ]; | |
70 | after = [ "network.target" "mediagoblin-web.service" ]; | |
71 | ||
72 | environment.MEDIAGOBLIN_CONFIG = "${mediagoblin.pythonRoot}/mediagoblin_local.ini"; | |
73 | environment.CELERY_CONFIG_MODULE = "mediagoblin.init.celery.from_celery"; | |
74 | ||
75 | script = '' | |
76 | exec ./bin/celery worker \ | |
77 | --logfile=${mediagoblin.varDir}/celery.log \ | |
78 | --loglevel=INFO | |
79 | ''; | |
80 | ||
81 | serviceConfig = { | |
82 | User = "mediagoblin"; | |
83 | PrivateTmp = true; | |
84 | Restart = "always"; | |
d65bf723 | 85 | TimeoutSec = 60; |
56eba416 IB |
86 | Type = "simple"; |
87 | WorkingDirectory = mediagoblin.pythonRoot; | |
88 | PIDFile = "${mediagoblin.socketsDir}/mediagoblin-celeryd.pid"; | |
89 | }; | |
90 | ||
91 | unitConfig.RequiresMountsFor = mediagoblin.varDir; | |
92 | }; | |
93 | ||
56eba416 IB |
94 | system.activationScripts.mediagoblin = { |
95 | deps = [ "users" ]; | |
96 | text = '' | |
97 | install -m 0755 -o mediagoblin -g mediagoblin -d ${mediagoblin.socketsDir} | |
98 | install -m 0755 -o mediagoblin -g mediagoblin -d ${mediagoblin.varDir} | |
99 | if [ -d ${mediagoblin.varDir}/plugin_static/ ]; then | |
100 | rm ${mediagoblin.varDir}/plugin_static/coreplugin_basic_auth | |
101 | ln -sf ${mediagoblin.pythonRoot}/mediagoblin/plugins/basic_auth/static ${mediagoblin.varDir}/plugin_static/coreplugin_basic_auth | |
102 | fi | |
103 | ''; | |
104 | }; | |
105 | ||
106 | services.myWebsites.tools.modules = [ | |
a952acc4 | 107 | "proxy" "proxy_http" |
56eba416 IB |
108 | ]; |
109 | users.users.wwwrun.extraGroups = [ "mediagoblin" ]; | |
110 | security.acme.certs."eldiron".extraDomains."mgoblin.immae.eu" = null; | |
111 | services.myWebsites.tools.vhostConfs.mgoblin = { | |
112 | certName = "eldiron"; | |
113 | hosts = ["mgoblin.immae.eu" ]; | |
114 | root = null; | |
115 | extraConfig = [ '' | |
116 | Alias /mgoblin_media ${mediagoblin.varDir}/media/public | |
117 | <Directory ${mediagoblin.varDir}/media/public> | |
118 | Options -Indexes +FollowSymLinks +MultiViews +Includes | |
119 | Require all granted | |
120 | </Directory> | |
121 | ||
122 | Alias /theme_static ${mediagoblin.varDir}/theme_static | |
123 | <Directory ${mediagoblin.varDir}/theme_static> | |
124 | Options -Indexes +FollowSymLinks +MultiViews +Includes | |
125 | Require all granted | |
126 | </Directory> | |
127 | ||
128 | Alias /plugin_static ${mediagoblin.varDir}/plugin_static | |
129 | <Directory ${mediagoblin.varDir}/plugin_static> | |
130 | Options -Indexes +FollowSymLinks +MultiViews +Includes | |
131 | Require all granted | |
132 | </Directory> | |
133 | ||
134 | ProxyPreserveHost on | |
135 | ProxyVia On | |
136 | ProxyRequests Off | |
137 | ProxyPass /mgoblin_media ! | |
138 | ProxyPass /theme_static ! | |
139 | ProxyPass /plugin_static ! | |
140 | ProxyPassMatch ^/.well-known/acme-challenge ! | |
a952acc4 IB |
141 | ProxyPass / unix://${mediagoblin.socketsDir}/mediagoblin.sock|http://mgoblin.immae.eu/ |
142 | ProxyPassReverse / unix://${mediagoblin.socketsDir}/mediagoblin.sock|http://mgoblin.immae.eu/ | |
56eba416 IB |
143 | '' ]; |
144 | }; | |
145 | }; | |
146 | } |