-{ lib, pkgs, config, ... }:
-let
- cfg = config.myServices.websites.tools.commento;
- env = config.myEnv.tools.commento;
- webPort = "${host}:${port}";
- port = toString env.listenPort;
- host = "localhost";
- postgresql_url = "postgres://${env.postgresql.user}:${env.postgresql.password}@localhost:${env.postgresql.port}/${env.postgresql.database}?sslmode=disable";
-in
-{
- options.myServices.websites.tools.commento = {
- enable = lib.mkEnableOption "Enable commento website";
- };
- config = lib.mkIf cfg.enable {
- secrets.keys = {
- "commento/env" = {
- permissions = "0400";
- text = ''
- COMMENTO_ORIGIN=https://commento.immae.eu/
- COMMENTO_PORT=${port}
- COMMENTO_POSTGRES=${postgresql_url}
- COMMENTO_FORBID_NEW_OWNERS=true
- COMMENTO_BIND_ADDRESS=${host}
- COMMENTO_GZIP_STATIC=true
- COMMENTO_SMTP_HOST=${env.smtp.host}
- COMMENTO_SMTP_PORT=${env.smtp.port}
- COMMENTO_SMTP_USERNAME=${env.smtp.email}
- COMMENTO_SMTP_PASSWORD=${env.smtp.password}
- COMMENTO_SMTP_FROM_ADDRESS=${env.smtp.email}
- '';
- };
- };
-
- services.websites.env.tools.vhostConfs.commento = {
- certName = "eldiron";
- addToCerts = true;
- hosts = [ "commento.immae.eu" ];
- root = null;
- extraConfig = [
- ''
- ProxyPass / http://${webPort}/
- ProxyPassReverse / http://${webPort}/
- ProxyPreserveHost On
- ''
- ];
- };
- systemd.services.commento = {
- description = "Commento";
- wantedBy = [ "multi-user.target" ];
- requires = ["postgresql.service"];
- after = ["network.target" "postgresql.service"];
- serviceConfig = {
- User = "wwwrun";
- ExecStart = "${pkgs.commento}/commento";
- EnvironmentFile = config.secrets.fullPaths."commento/env";
- };
- };
- };
-}