modules/private/websites/nicecoop/copanier.nix

   1 { lib, config, pkgs, flakes, ... }:
   2 let
   3   cfg = config.myServices.websites.nicecoop.copanier;
   4   pcfg = config.myEnv.websites.nicecoop.copanier;
   5   hostname = "copanier.nc.immae.dev";
   6   socket = "/run/nicecoop_copanier/socket.sock";
   7   copanier = flakes.subflakes.public.copanier.defaultPackage.x86_64-linux;
   8 in {
   9   options.myServices.websites.nicecoop.copanier.enable = lib.mkEnableOption "enable nicecoop's copanier website";
  10
  11   config = lib.mkIf cfg.enable {
  12     services.websites.env.integration.vhostConfs.nicecoop_copanier = {
  13       certName     = "integration";
  14       addToCerts   = true;
  15       hosts        = [ hostname ];
  16       root         = null;
  17       extraConfig  = [
  18         ''
  19         ProxyPreserveHost on
  20         ProxyVia On
  21         ProxyRequests Off
  22         ProxyPassMatch ^/.well-known/acme-challenge !
  23         ProxyPassMatch ^/static !
  24         ProxyPass / unix://${socket}|http://${hostname}/
  25         ProxyPassReverse / unix://${socket}|http://${hostname}/
  26         Alias /static ${copanier}/${copanier.python.sitePackages}/copanier/static
  27         <Directory ${copanier}/${copanier.python.sitePackages}/copanier/static>
  28           AllowOverride None
  29           Require all granted
  30         </Directory>
  31         ''
  32       ];
  33     };
  34
  35     secrets.keys."websites/nicecoop/copanier" = {
  36       user = "wwwrun";
  37       group = "wwwrun";
  38       permissions = "0400";
  39       text = ''
  40         COPANIER_DATA_ROOT=/var/lib/nicecoop_copanier
  41         COPANIER_SITE_URL=https://${hostname}
  42         COPANIER_SITE_NAME=Copanier Nicecoop
  43         COPANIER_SITE_DESCRIPTION=Copanier
  44         COPANIER_XLSX_FILENAME=produits
  45         COPANIER_SEND_EMAILS=True
  46         COPANIER_SMTP_HOST=${pcfg.smtp.host}
  47         COPANIER_SMTP_PASSWORD=${pcfg.smtp.password}
  48         COPANIER_SMTP_LOGIN=${pcfg.smtp.email}
  49         COPANIER_FROM_EMAIL=${pcfg.smtp.email}
  50         COPANIER_EMAIL_SIGNATURE=Nicecoop
  51         COPANIER_STAFF=${builtins.concatStringsSep " " pcfg.staff}
  52       '';
  53     };
  54     systemd.services.nicecoop-copanier = {
  55       description = "Nicecoop Copanier website";
  56       after = [ "network.target" ];
  57       wantedBy = [ "multi-user.target" ];
  58
  59       serviceConfig = {
  60         EnvironmentFile = config.secrets.fullPaths."websites/nicecoop/copanier";
  61         Type = "simple";
  62         ExecStart = let
  63           python = copanier.python.withPackages (p: [ p.gunicorn p.uvloop copanier ]);
  64         in
  65           "${python}/bin/gunicorn -k roll.worker.Worker copanier:app --bind unix:${socket}";
  66         User = "wwwrun";
  67         Restart = "always";
  68         RestartSec = "5s";
  69         StandardOutput = "journal";
  70         StandardError = "inherit";
  71         StateDirectory = "nicecoop_copanier";
  72         RuntimeDirectory = "nicecoop_copanier";
  73       };
  74     };
  75
  76   };
  77 }
  78