-{ lib, config, pkgs, ... }:
-let
- cfg = config.myServices.websites.denise.bingo;
- varDir = "/var/lib/buildbot/outputs/denise/bingo";
- varDirBeta = "/var/lib/buildbot/outputs/denise/bingo_beta";
- socket = "/run/denise_bingo/socket.sock";
- socket_beta = "/run/denise_bingo_beta/socket.sock";
-in {
- options.myServices.websites.denise.bingo.enable = lib.mkEnableOption "enable Denise's bingo website";
-
- config = lib.mkIf cfg.enable {
- services.websites.env.production.vhostConfs.denise_bingo = {
- certName = "denise";
- addToCerts = true;
- hosts = [ "bingo.syanni.eu" ];
- root = null;
- extraConfig = [
- ''
- ProxyPreserveHost on
- ProxyVia On
- ProxyRequests Off
- ProxyPassMatch ^/.well-known/acme-challenge !
- ProxyPass / unix://${socket}|http://bingo.syanni.eu/
- ProxyPassReverse / unix://${socket}|http://bingo.syanni.eu/
- ''
- ];
- };
-
- systemd.services.denise-bingo = {
- description = "Denise bingo website";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
-
- serviceConfig = {
- Type = "simple";
- WorkingDirectory = varDir;
- ExecStart = let
- python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]);
- in
- "${python}/bin/gunicorn -w4 -p /run/denise_bingo/gunicorn.pid --bind unix:${socket} app:app";
- User = "wwwrun";
- Restart = "always";
- RestartSec = "5s";
- PIDFile = "/run/denise_bingo/gunicorn.pid";
- RuntimeDirectory = "denise_bingo";
- StandardOutput = "journal";
- StandardError = "inherit";
- };
- };
-
- security.sudo.extraRules = [
- {
- commands = [
- { options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-bingo-beta.service"; }
- { options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-bingo.service"; }
- ];
- users = ["buildbot"];
- runAs = "root";
- }
- ];
- services.websites.env.integration.vhostConfs.denise_bingo_beta = {
- certName = "denise";
- addToCerts = true;
- hosts = [ "beta.bingo.syanni.eu" ];
- root = null;
- extraConfig = [
- ''
- ProxyPreserveHost on
- ProxyVia On
- ProxyRequests Off
- ProxyPassMatch ^/.well-known/acme-challenge !
- ProxyPass / unix://${socket_beta}|http://beta.bingo.syanni.eu/
- ProxyPassReverse / unix://${socket_beta}|http://beta.bingo.syanni.eu/
- ''
- ];
- };
-
- systemd.services.denise-bingo-beta = {
- description = "Denise bingo beta website";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
-
- serviceConfig = {
- Type = "simple";
- WorkingDirectory = varDirBeta;
- ExecStart = let
- python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask ]);
- in
- "${python}/bin/gunicorn -w4 -p /run/denise_bingo_beta/gunicorn.pid --bind unix:${socket_beta} app:app";
- User = "wwwrun";
- Restart = "always";
- RestartSec = "5s";
- PIDFile = "/run/denise_bingo_beta/gunicorn.pid";
- RuntimeDirectory = "denise_bingo_beta";
- StandardOutput = "journal";
- StandardError = "inherit";
- };
- };
- };
-}