{ lib, config, pkgs, ... }: let cfg = config.myServices.websites.nicecoop.odoo; pcfg = config.myEnv.websites.nicecoop.odoo; odoo = pkgs.callPackage ./odoo {}; hostname = "odoo.nc.immae.dev"; download-bundles = let nix-bundle = import (builtins.fetchTarball "https://github.com/matthewbauer/nix-bundle/archive/master.tar.gz") {}; extraTargets = { wkhtmltopdf = (import { overlays = []; }).wkhtmltopdf; }; odoo-bundle = nix-bundle.nix-bootstrap { target = odoo; run = "/bin/odoo"; extraTargets = builtins.attrValues extraTargets; }; in pkgs.runCommand "download-bundles" {} '' mkdir -p $out cp ${odoo-bundle} $out/odoo chmod +x $out/* cd $out sha256sum * > sha256sums.txt cat > extra-paths.json <<"EOF" ${builtins.toJSON extraTargets} EOF ''; in { options.myServices.websites.nicecoop.odoo.enable = lib.mkEnableOption "enable nicecoop's odoo website"; config = lib.mkIf cfg.enable { myServices.databases.postgresql.authorizedHosts = { nicecoop = [ { username = "bucardo"; database = "nicecoop_odoo"; ip4 = ["82.65.251.137"]; ip6 = ["2a01:e0a:58d:55f0::/64"]; } ]; }; secrets.keys."websites/nicecoop/odoo.conf" = { user = config.services.httpd.Inte.user; group = config.services.httpd.Inte.group; permissions = "0400"; text = '' [options] ; This is the password that allows database operations: admin_passwd = ${pcfg.admin_password} db_host = ${pcfg.postgresql.socket} db_port = ${pcfg.postgresql.port} db_user = ${pcfg.postgresql.user} db_password = ${pcfg.postgresql.password} db_name = ${pcfg.postgresql.database} db_maxconn = 64 workers = 5 max_cron_threads = 2 limit_time_cpu = 60 limit_time_real = 170 limit_memory_soft = 471974428 limit_memory_hard = 1395864371 limit_request = 8196 osv_memory_count_limit = False osv_memory_age_limit = 1.0 without_demo = ['all'] proxy_mode = True http_interface = 127.0.0.1 http_port = ${builtins.toString pcfg.port} longpolling_port = ${builtins.toString pcfg.longpoll_port} ''; }; services.websites.env.integration.modules = [ "remoteip" ]; services.websites.env.integration.vhostConfs.nicecoop_odoo = { certName = "integration"; addToCerts = true; hosts = [ hostname ]; root = null; extraConfig = [ '' Alias /download-bundles ${download-bundles} RewriteEngine On ProxyPreserveHost on ProxyVia On ProxyRequests Off ProxyPass /download-bundles ! ProxyPassMatch ^/.well-known/acme-challenge ! ProxyPass /longpoll http://localhost:${builtins.toString pcfg.longpoll_port}/ ProxyPassReverse /longpoll http://localhost:${builtins.toString pcfg.longpoll_port}/ ProxyPass / http://localhost:${builtins.toString pcfg.port}/ ProxyPassReverse / http://localhost:${builtins.toString pcfg.port}/ RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} RemoteIPHeader X-Real-IP Require all granted '' ]; }; services.filesWatcher.nicecoop-odoo = { restart = true; paths = [ config.secrets.fullPaths."websites/nicecoop/odoo.conf" ]; }; systemd.services.nicecoop-odoo = { description = "Nicecoop Odoo website"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; path = [ (import { overlays = []; }).wkhtmltopdf ]; serviceConfig = { Environment = [ "HOME=%S/nicecoop_odoo" ]; Type = "simple"; ExecStart = "${odoo}/bin/odoo -c ${config.secrets.fullPaths."websites/nicecoop/odoo.conf"}"; User = "wwwrun"; Restart = "always"; RestartSec = "5s"; StandardOutput = "journal"; StandardError = "inherit"; StateDirectory = "nicecoop_odoo"; WorkingDirectory = "%S/nicecoop_odoo"; }; }; }; }