1 { lib, config, pkgs, ... }:
3 cfg = config.myServices.websites.nicecoop.odoo;
4 pcfg = config.myEnv.websites.nicecoop.odoo;
5 odoo = pkgs.callPackage ./odoo {};
6 hostname = "odoo.nc.immae.dev";
8 nix-bundle = import (builtins.fetchTarball "https://github.com/matthewbauer/nix-bundle/archive/master.tar.gz") {};
10 wkhtmltopdf = (import <nixpkgs> { overlays = []; }).wkhtmltopdf;
12 odoo-bundle = nix-bundle.nix-bootstrap { target = odoo; run = "/bin/odoo"; extraTargets = builtins.attrValues extraTargets; };
14 pkgs.runCommand "download-bundles" {} ''
16 cp ${odoo-bundle} $out/odoo
19 sha256sum * > sha256sums.txt
20 cat > extra-paths.json <<"EOF"
21 ${builtins.toJSON extraTargets}
25 options.myServices.websites.nicecoop.odoo.enable = lib.mkEnableOption "enable nicecoop's odoo website";
27 config = lib.mkIf cfg.enable {
28 myServices.databases.postgresql.authorizedHosts = {
32 database = "nicecoop_odoo";
33 ip4 = ["82.65.251.137"];
34 ip6 = ["2a01:e0a:58d:55f0::/64"];
38 secrets.keys."websites/nicecoop/odoo.conf" = {
39 user = config.services.httpd.Inte.user;
40 group = config.services.httpd.Inte.group;
44 ; This is the password that allows database operations:
45 admin_passwd = ${pcfg.admin_password}
46 db_host = ${pcfg.postgresql.socket}
47 db_port = ${pcfg.postgresql.port}
48 db_user = ${pcfg.postgresql.user}
49 db_password = ${pcfg.postgresql.password}
50 db_name = ${pcfg.postgresql.database}
57 limit_memory_soft = 471974428
58 limit_memory_hard = 1395864371
60 osv_memory_count_limit = False
61 osv_memory_age_limit = 1.0
62 without_demo = ['all']
65 http_interface = 127.0.0.1
66 http_port = ${builtins.toString pcfg.port}
67 longpolling_port = ${builtins.toString pcfg.longpoll_port}
71 services.websites.env.integration.modules = [ "remoteip" ];
72 services.websites.env.integration.vhostConfs.nicecoop_odoo = {
73 certName = "integration";
79 Alias /download-bundles ${download-bundles}
84 ProxyPass /download-bundles !
85 ProxyPassMatch ^/.well-known/acme-challenge !
86 ProxyPass /longpoll http://localhost:${builtins.toString pcfg.longpoll_port}/
87 ProxyPassReverse /longpoll http://localhost:${builtins.toString pcfg.longpoll_port}/
88 ProxyPass / http://localhost:${builtins.toString pcfg.port}/
89 ProxyPassReverse / http://localhost:${builtins.toString pcfg.port}/
90 RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
91 RemoteIPHeader X-Real-IP
93 <Directory ${download-bundles}>
100 services.filesWatcher.nicecoop-odoo = {
102 paths = [ config.secrets.fullPaths."websites/nicecoop/odoo.conf" ];
104 systemd.services.nicecoop-odoo = {
105 description = "Nicecoop Odoo website";
106 after = [ "network.target" ];
107 wantedBy = [ "multi-user.target" ];
109 path = [ (import <nixpkgs> { overlays = []; }).wkhtmltopdf ];
112 "HOME=%S/nicecoop_odoo"
115 ExecStart = "${odoo}/bin/odoo -c ${config.secrets.fullPaths."websites/nicecoop/odoo.conf"}";
119 StandardOutput = "journal";
120 StandardError = "inherit";
121 StateDirectory = "nicecoop_odoo";
122 WorkingDirectory = "%S/nicecoop_odoo";