-{ lib, config, pkgs, ... }:
-let
- cfg = config.myServices.websites.denise.oms;
- varDir = "/var/lib/buildbot/outputs/denise/oms";
- varDirBeta = "/var/lib/buildbot/outputs/denise/oms_beta";
- socket = "/run/denise_oms/socket.sock";
- socket_beta = "/run/denise_oms_beta/socket.sock";
-in {
- options.myServices.websites.denise.oms.enable = lib.mkEnableOption "enable Denise's OMS website";
-
- config = lib.mkIf cfg.enable {
- services.websites.env.production.vhostConfs.denise_oms = {
- certName = "denise";
- addToCerts = true;
- hosts = [ "oms.syanni.eu" ];
- root = null;
- extraConfig = [
- ''
- ProxyPreserveHost on
- ProxyVia On
- ProxyRequests Off
- ProxyPassMatch ^/.well-known/acme-challenge !
- ProxyPass / unix://${socket}|http://oms.syanni.eu/
- ProxyPassReverse / unix://${socket}|http://oms.syanni.eu/
- ''
- ];
- };
-
- systemd.services.denise-oms = {
- description = "Denise OMS website";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
-
- serviceConfig = {
- Type = "simple";
- WorkingDirectory = varDir;
- ExecStart = let
- python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]);
- in
- "${python}/bin/gunicorn -w4 -p /run/denise_oms/gunicorn.pid --bind unix:${socket} app:app";
- User = "wwwrun";
- Restart = "always";
- RestartSec = "5s";
- PIDFile = "/run/denise_oms/gunicorn.pid";
- RuntimeDirectory = "denise_oms";
- StandardOutput = "journal";
- StandardError = "inherit";
- };
- };
-
- security.sudo.extraRules = [
- {
- commands = [
- { options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-oms-beta.service"; }
- { options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-oms.service"; }
- ];
- users = ["buildbot"];
- runAs = "root";
- }
- ];
- services.websites.env.integration.vhostConfs.denise_oms_beta = {
- certName = "denise";
- addToCerts = true;
- hosts = [ "beta.oms.syanni.eu" ];
- root = null;
- extraConfig = [
- ''
- ProxyPreserveHost on
- ProxyVia On
- ProxyRequests Off
- ProxyPassMatch ^/.well-known/acme-challenge !
- ProxyPass / unix://${socket_beta}|http://beta.oms.syanni.eu/
- ProxyPassReverse / unix://${socket_beta}|http://beta.oms.syanni.eu/
- ''
- ];
- };
-
- systemd.services.denise-oms-beta = {
- description = "Denise OMS beta website";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
-
- serviceConfig = {
- Type = "simple";
- WorkingDirectory = varDirBeta;
- ExecStart = let
- python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]);
- in
- "${python}/bin/gunicorn -w4 -p /run/denise_oms_beta/gunicorn.pid --bind unix:${socket_beta} app:app";
- User = "wwwrun";
- Restart = "always";
- RestartSec = "5s";
- PIDFile = "/run/denise_oms_beta/gunicorn.pid";
- RuntimeDirectory = "denise_oms_beta";
- StandardOutput = "journal";
- StandardError = "inherit";
- };
- };
- };
-}