modules/private/websites/nicecoop/odoo.nix

   1 { lib, config, pkgs, ... }:
   2 let
   3   cfg = config.myServices.websites.nicecoop.odoo;
   4   pcfg = config.myEnv.websites.nicecoop.odoo;
   5   odoo = pkgs.callPackage ./odoo {};
   6   hostname = "odoo.nc.immae.dev";
   7   download-bundles = let
   8     nix-bundle = import (builtins.fetchTarball "https://github.com/matthewbauer/nix-bundle/archive/master.tar.gz") {};
   9     extraTargets = {
  10       wkhtmltopdf = (import <nixpkgs> { overlays = []; }).wkhtmltopdf;
  11     };
  12     odoo-bundle = nix-bundle.nix-bootstrap { target = odoo; run = "/bin/odoo"; extraTargets = builtins.attrValues extraTargets; };
  13   in
  14     pkgs.runCommand "download-bundles" {} ''
  15       mkdir -p $out
  16       cp ${odoo-bundle} $out/odoo
  17       chmod +x $out/*
  18       cd $out
  19       sha256sum * > sha256sums.txt
  20       cat > extra-paths.json <<"EOF"
  21       ${builtins.toJSON extraTargets}
  22       EOF
  23     '';
  24 in {
  25   options.myServices.websites.nicecoop.odoo.enable = lib.mkEnableOption "enable nicecoop's odoo website";
  26
  27   config = lib.mkIf cfg.enable {
  28     myServices.databases.postgresql.authorizedHosts = {
  29       nicecoop = [
  30         {
  31           username = "bucardo";
  32           database = "nicecoop_odoo";
  33           ip4 = ["82.65.251.137"];
  34           ip6 = ["2a01:e0a:58d:55f0::/64"];
  35         }
  36       ];
  37     };
  38     secrets.keys."websites/nicecoop/odoo.conf" = {
  39       user = config.services.httpd.Inte.user;
  40       group = config.services.httpd.Inte.group;
  41       permissions = "0400";
  42       text = ''
  43         [options]
  44         ; This is the password that allows database operations:
  45         admin_passwd = ${pcfg.admin_password}
  46         db_host = ${pcfg.postgresql.socket}
  47         db_port = ${pcfg.postgresql.port}
  48         db_user = ${pcfg.postgresql.user}
  49         db_password = ${pcfg.postgresql.password}
  50         db_name = ${pcfg.postgresql.database}
  51         db_maxconn = 64
  52
  53         workers = 5
  54         max_cron_threads = 2
  55         limit_time_cpu = 60
  56         limit_time_real = 170
  57         limit_memory_soft = 471974428
  58         limit_memory_hard = 1395864371
  59         limit_request = 8196
  60         osv_memory_count_limit = False
  61         osv_memory_age_limit = 1.0
  62         without_demo = ['all']
  63
  64         proxy_mode = True
  65         http_interface = 127.0.0.1
  66         http_port = ${builtins.toString pcfg.port}
  67         longpolling_port = ${builtins.toString pcfg.longpoll_port}
  68       '';
  69     };
  70
  71     services.websites.env.integration.modules = [ "remoteip" ];
  72     services.websites.env.integration.vhostConfs.nicecoop_odoo = {
  73       certName     = "integration";
  74       addToCerts   = true;
  75       hosts        = [ hostname ];
  76       root         = null;
  77       extraConfig  = [
  78         ''
  79         Alias /download-bundles ${download-bundles}
  80         RewriteEngine On
  81         ProxyPreserveHost on
  82         ProxyVia On
  83         ProxyRequests Off
  84         ProxyPass /download-bundles !
  85         ProxyPassMatch ^/.well-known/acme-challenge !
  86         ProxyPass /longpoll http://localhost:${builtins.toString pcfg.longpoll_port}/
  87         ProxyPassReverse /longpoll http://localhost:${builtins.toString pcfg.longpoll_port}/
  88         ProxyPass / http://localhost:${builtins.toString pcfg.port}/
  89         ProxyPassReverse / http://localhost:${builtins.toString pcfg.port}/
  90         RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
  91         RemoteIPHeader X-Real-IP
  92
  93         <Directory ${download-bundles}>
  94           Require all granted
  95         </Directory>
  96         ''
  97       ];
  98     };
  99
 100     services.filesWatcher.nicecoop-odoo = {
 101       restart = true;
 102       paths = [ config.secrets.fullPaths."websites/nicecoop/odoo.conf" ];
 103     };
 104     systemd.services.nicecoop-odoo = {
 105       description = "Nicecoop Odoo website";
 106       after = [ "network.target" ];
 107       wantedBy = [ "multi-user.target" ];
 108
 109       path = [ (import <nixpkgs> { overlays = []; }).wkhtmltopdf ];
 110       serviceConfig = {
 111         Environment = [
 112           "HOME=%S/nicecoop_odoo"
 113         ];
 114         Type = "simple";
 115         ExecStart = "${odoo}/bin/odoo -c ${config.secrets.fullPaths."websites/nicecoop/odoo.conf"}";
 116         User = "wwwrun";
 117         Restart = "always";
 118         RestartSec = "5s";
 119         StandardOutput = "journal";
 120         StandardError = "inherit";
 121         StateDirectory = "nicecoop_odoo";
 122         WorkingDirectory = "%S/nicecoop_odoo";
 123       };
 124     };
 125
 126   };
 127 }