]>
Commit | Line | Data |
---|---|---|
1 | { lib, config, pkgs, ... }: | |
2 | let | |
3 | cfg = config.myServices.websites.nicecoop.odoo; | |
4 | pcfg = config.myEnv.websites.nicecoop.odoo; | |
5 | odoo = pkgs.callPackage ./odoo {}; | |
6 | hostname = "odoo.nc.immae.dev"; | |
7 | download-bundles = let | |
8 | nix-bundle = import (builtins.fetchTarball "https://github.com/matthewbauer/nix-bundle/archive/master.tar.gz") {}; | |
9 | extraTargets = { | |
10 | wkhtmltopdf = (import <nixpkgs> { overlays = []; }).wkhtmltopdf; | |
11 | }; | |
12 | odoo-bundle = nix-bundle.nix-bootstrap { target = odoo; run = "/bin/odoo"; extraTargets = builtins.attrValues extraTargets; }; | |
13 | in | |
14 | pkgs.runCommand "download-bundles" {} '' | |
15 | mkdir -p $out | |
16 | cp ${odoo-bundle} $out/odoo | |
17 | chmod +x $out/* | |
18 | cd $out | |
19 | sha256sum * > sha256sums.txt | |
20 | cat > extra-paths.json <<"EOF" | |
21 | ${builtins.toJSON extraTargets} | |
22 | EOF | |
23 | ''; | |
24 | in { | |
25 | options.myServices.websites.nicecoop.odoo.enable = lib.mkEnableOption "enable nicecoop's odoo website"; | |
26 | ||
27 | config = lib.mkIf cfg.enable { | |
28 | myServices.databases.postgresql.authorizedHosts = { | |
29 | nicecoop = [ | |
30 | { | |
31 | username = "bucardo"; | |
32 | database = "nicecoop_odoo"; | |
33 | ip4 = ["82.65.251.137"]; | |
34 | ip6 = ["2a01:e0a:58d:55f0::/64"]; | |
35 | } | |
36 | ]; | |
37 | }; | |
38 | secrets.keys."websites/nicecoop/odoo.conf" = { | |
39 | user = config.services.httpd.Inte.user; | |
40 | group = config.services.httpd.Inte.group; | |
41 | permissions = "0400"; | |
42 | text = '' | |
43 | [options] | |
44 | ; This is the password that allows database operations: | |
45 | admin_passwd = ${pcfg.admin_password} | |
46 | db_host = ${pcfg.postgresql.socket} | |
47 | db_port = ${pcfg.postgresql.port} | |
48 | db_user = ${pcfg.postgresql.user} | |
49 | db_password = ${pcfg.postgresql.password} | |
50 | db_name = ${pcfg.postgresql.database} | |
51 | db_maxconn = 64 | |
52 | ||
53 | workers = 5 | |
54 | max_cron_threads = 2 | |
55 | limit_time_cpu = 60 | |
56 | limit_time_real = 170 | |
57 | limit_memory_soft = 471974428 | |
58 | limit_memory_hard = 1395864371 | |
59 | limit_request = 8196 | |
60 | osv_memory_count_limit = False | |
61 | osv_memory_age_limit = 1.0 | |
62 | without_demo = ['all'] | |
63 | ||
64 | proxy_mode = True | |
65 | http_interface = 127.0.0.1 | |
66 | http_port = ${builtins.toString pcfg.port} | |
67 | longpolling_port = ${builtins.toString pcfg.longpoll_port} | |
68 | ''; | |
69 | }; | |
70 | ||
71 | services.websites.env.integration.modules = [ "remoteip" ]; | |
72 | services.websites.env.integration.vhostConfs.nicecoop_odoo = { | |
73 | certName = "integration"; | |
74 | addToCerts = true; | |
75 | hosts = [ hostname ]; | |
76 | root = null; | |
77 | extraConfig = [ | |
78 | '' | |
79 | Alias /download-bundles ${download-bundles} | |
80 | RewriteEngine On | |
81 | ProxyPreserveHost on | |
82 | ProxyVia On | |
83 | ProxyRequests Off | |
84 | ProxyPass /download-bundles ! | |
85 | ProxyPassMatch ^/.well-known/acme-challenge ! | |
86 | ProxyPass /longpoll http://localhost:${builtins.toString pcfg.longpoll_port}/ | |
87 | ProxyPassReverse /longpoll http://localhost:${builtins.toString pcfg.longpoll_port}/ | |
88 | ProxyPass / http://localhost:${builtins.toString pcfg.port}/ | |
89 | ProxyPassReverse / http://localhost:${builtins.toString pcfg.port}/ | |
90 | RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} | |
91 | RemoteIPHeader X-Real-IP | |
92 | ||
93 | <Directory ${download-bundles}> | |
94 | Require all granted | |
95 | </Directory> | |
96 | '' | |
97 | ]; | |
98 | }; | |
99 | ||
100 | services.filesWatcher.nicecoop-odoo = { | |
101 | restart = true; | |
102 | paths = [ config.secrets.fullPaths."websites/nicecoop/odoo.conf" ]; | |
103 | }; | |
104 | systemd.services.nicecoop-odoo = { | |
105 | description = "Nicecoop Odoo website"; | |
106 | after = [ "network.target" ]; | |
107 | wantedBy = [ "multi-user.target" ]; | |
108 | ||
109 | path = [ (import <nixpkgs> { overlays = []; }).wkhtmltopdf ]; | |
110 | serviceConfig = { | |
111 | Environment = [ | |
112 | "HOME=%S/nicecoop_odoo" | |
113 | ]; | |
114 | Type = "simple"; | |
115 | ExecStart = "${odoo}/bin/odoo -c ${config.secrets.fullPaths."websites/nicecoop/odoo.conf"}"; | |
116 | User = "wwwrun"; | |
117 | Restart = "always"; | |
118 | RestartSec = "5s"; | |
119 | StandardOutput = "journal"; | |
120 | StandardError = "inherit"; | |
121 | StateDirectory = "nicecoop_odoo"; | |
122 | WorkingDirectory = "%S/nicecoop_odoo"; | |
123 | }; | |
124 | }; | |
125 | ||
126 | }; | |
127 | } |