]>
Commit | Line | Data |
---|---|---|
1 | { lib, pkgs, config, mediagoblin, ... }: | |
2 | let | |
3 | env = config.myEnv.tools.mediagoblin; | |
4 | cfg = config.myServices.websites.tools.mediagoblin; | |
5 | mcfg = config.services.mediagoblin; | |
6 | in { | |
7 | options.myServices.websites.tools.mediagoblin = { | |
8 | enable = lib.mkEnableOption "enable mediagoblin's website"; | |
9 | }; | |
10 | ||
11 | config = lib.mkIf cfg.enable { | |
12 | myServices.dns.zones."immae.eu".subdomains.mgoblin = | |
13 | with config.myServices.dns.helpers; ips servers.eldiron.ips.main; | |
14 | ||
15 | myServices.chatonsProperties.services.mediagoblin = { | |
16 | file.datetime = "2022-08-21T20:00:00"; | |
17 | service = { | |
18 | name = "Mediagoblin"; | |
19 | description = "MediaGoblin is a free software media publishing platform that anyone can run"; | |
20 | website = "https://mgoblin.immae.eu/"; | |
21 | logo = "https://mgoblin.immae.eu/mgoblin_static/images/goblin.ico"; | |
22 | status.level = "OK"; | |
23 | status.description = "OK"; | |
24 | registration."" = ["MEMBER" "CLIENT"]; | |
25 | registration.load = "OPEN"; | |
26 | install.type = "PACKAGE"; | |
27 | }; | |
28 | software = { | |
29 | name = "Mediagoblin"; | |
30 | website = "https://mediagoblin.org/"; | |
31 | license.url = "http://www.gnu.org/licenses/agpl.html"; | |
32 | license.name = "GNU Affero General Public License"; | |
33 | version = mcfg.package.version; | |
34 | source.url = "https://git.savannah.gnu.org/git/mediagoblin.git"; | |
35 | modules = map (a: a.pluginName) mcfg.package.plugins; | |
36 | }; | |
37 | }; | |
38 | secrets.keys."webapps/tools-mediagoblin" = { | |
39 | user = "mediagoblin"; | |
40 | group = "mediagoblin"; | |
41 | permissions = "0400"; | |
42 | text = | |
43 | let | |
44 | psql_url = with env.postgresql; "postgresql://${user}:${password}@:${port}/${database}?host=${socket}"; | |
45 | redis_url = with env.redis; "redis+socket://${socket}?virtual_host=${db}"; | |
46 | in | |
47 | '' | |
48 | [DEFAULT] | |
49 | data_basedir = "${mcfg.dataDir}" | |
50 | ||
51 | [mediagoblin] | |
52 | direct_remote_path = /mgoblin_static/ | |
53 | email_sender_address = "mediagoblin@tools.immae.eu" | |
54 | ||
55 | #sql_engine = sqlite:///%(data_basedir)s/mediagoblin.db | |
56 | sql_engine = ${psql_url} | |
57 | ||
58 | email_debug_mode = false | |
59 | allow_registration = false | |
60 | allow_reporting = true | |
61 | ||
62 | theme = airymodified | |
63 | ||
64 | user_privilege_scheme = "uploader,commenter,reporter" | |
65 | ||
66 | # We need to redefine them here since we override data_basedir | |
67 | # cf /usr/share/webapps/mediagoblin/mediagoblin/config_spec.ini | |
68 | workbench_path = %(data_basedir)s/media/workbench | |
69 | crypto_path = %(data_basedir)s/crypto | |
70 | theme_install_dir = %(data_basedir)s/themes/ | |
71 | theme_linked_assets_dir = %(data_basedir)s/theme_static/ | |
72 | plugin_linked_assets_dir = %(data_basedir)s/plugin_static/ | |
73 | ||
74 | [storage:queuestore] | |
75 | base_dir = %(data_basedir)s/media/queue | |
76 | ||
77 | [storage:publicstore] | |
78 | base_dir = %(data_basedir)s/media/public | |
79 | base_url = /mgoblin_media/ | |
80 | ||
81 | [celery] | |
82 | CELERY_RESULT_DBURI = ${redis_url} | |
83 | BROKER_URL = ${redis_url} | |
84 | CELERYD_CONCURRENCY = 1 | |
85 | ||
86 | [plugins] | |
87 | [[mediagoblin.plugins.geolocation]] | |
88 | [[mediagoblin.plugins.ldap]] | |
89 | [[[immae.eu]]] | |
90 | LDAP_SERVER_URI = 'ldaps://${env.ldap.host}:636' | |
91 | LDAP_SEARCH_BASE = '${env.ldap.base}' | |
92 | LDAP_BIND_DN = '${env.ldap.dn}' | |
93 | LDAP_BIND_PW = '${env.ldap.password}' | |
94 | LDAP_SEARCH_FILTER = '${env.ldap.filter}' | |
95 | EMAIL_SEARCH_FIELD = 'mail' | |
96 | [[mediagoblin.plugins.basicsearch]] | |
97 | [[mediagoblin.plugins.piwigo]] | |
98 | [[mediagoblin.plugins.processing_info]] | |
99 | [[mediagoblin.media_types.image]] | |
100 | [[mediagoblin.media_types.video]] | |
101 | ''; | |
102 | }; | |
103 | ||
104 | users.users.mediagoblin.extraGroups = [ "keys" ]; | |
105 | ||
106 | services.mediagoblin = { | |
107 | enable = true; | |
108 | package = mediagoblin.withPlugins (p: [p.basicsearch]); | |
109 | configFile = config.secrets.fullPaths."webapps/tools-mediagoblin"; | |
110 | }; | |
111 | services.filesWatcher.mediagoblin-web = { | |
112 | restart = true; | |
113 | paths = [ mcfg.configFile ]; | |
114 | }; | |
115 | services.filesWatcher.mediagoblin-celeryd = { | |
116 | restart = true; | |
117 | paths = [ mcfg.configFile ]; | |
118 | }; | |
119 | ||
120 | services.websites.env.tools.modules = [ | |
121 | "proxy" "proxy_http" | |
122 | ]; | |
123 | users.users.wwwrun.extraGroups = [ "mediagoblin" ]; | |
124 | security.acme.certs.eldiron.extraDomainNames = [ "mgoblin.immae.eu" ]; | |
125 | services.websites.env.tools.vhostConfs.mgoblin = { | |
126 | certName = "eldiron"; | |
127 | hosts = ["mgoblin.immae.eu" ]; | |
128 | root = null; | |
129 | extraConfig = [ '' | |
130 | Alias /mgoblin_media ${mcfg.dataDir}/media/public | |
131 | <Directory ${mcfg.dataDir}/media/public> | |
132 | Options -Indexes +FollowSymLinks +MultiViews +Includes | |
133 | Require all granted | |
134 | </Directory> | |
135 | ||
136 | Alias /theme_static ${mcfg.dataDir}/theme_static | |
137 | <Directory ${mcfg.dataDir}/theme_static> | |
138 | Options -Indexes +FollowSymLinks +MultiViews +Includes | |
139 | Require all granted | |
140 | </Directory> | |
141 | ||
142 | Alias /plugin_static ${mcfg.dataDir}/plugin_static | |
143 | <Directory ${mcfg.dataDir}/plugin_static> | |
144 | Options -Indexes +FollowSymLinks +MultiViews +Includes | |
145 | Require all granted | |
146 | </Directory> | |
147 | ||
148 | ProxyPreserveHost on | |
149 | ProxyVia On | |
150 | ProxyRequests Off | |
151 | ProxyPass /mgoblin_media ! | |
152 | ProxyPass /theme_static ! | |
153 | ProxyPass /plugin_static ! | |
154 | ProxyPassMatch ^/.well-known/acme-challenge ! | |
155 | ProxyPass / unix://${mcfg.sockets.paster}|http://mgoblin.immae.eu/ | |
156 | ProxyPassReverse / unix://${mcfg.sockets.paster}|http://mgoblin.immae.eu/ | |
157 | '' ]; | |
158 | }; | |
159 | myServices.monitoring.fromMasterActivatedPlugins = [ "http" ]; | |
160 | myServices.monitoring.fromMasterObjects.service = [ | |
161 | { | |
162 | service_description = "mediagoblin website is running on mgoblin.immae.eu"; | |
163 | host_name = config.hostEnv.fqdn; | |
164 | use = "external-web-service"; | |
165 | check_command = ["check_https" "mgoblin.immae.eu" "/" "<title>GNU MediaGoblin"]; | |
166 | ||
167 | servicegroups = "webstatus-webapps"; | |
168 | _webstatus_name = "Mediagoblin"; | |
169 | _webstatus_url = "https://mgoblin.immae.eu/"; | |
170 | } | |
171 | ]; | |
172 | }; | |
173 | } |