--- /dev/null
+{ lib, pkgs, config, myconfig, mylibs, ... }:
+let
+ mediagoblin = pkgs.callPackage ./mediagoblin.nix {
+ inherit (mylibs) fetchedGit fetchedGithub;
+ env = myconfig.env.tools.mediagoblin;
+ };
+
+ cfg = config.services.myWebsites.tools.mediagoblin;
+in {
+ options.services.myWebsites.tools.mediagoblin = {
+ enable = lib.mkEnableOption "enable mediagoblin's website";
+ };
+
+ config = lib.mkIf cfg.enable {
+ ids.uids.mediagoblin = 397;
+ ids.gids.mediagoblin = 397;
+
+ users.users.mediagoblin = {
+ name = "mediagoblin";
+ uid = config.ids.uids.mediagoblin;
+ group = "mediagoblin";
+ description = "Mediagoblin user";
+ home = mediagoblin.varDir;
+ useDefaultShell = true;
+ };
+
+ users.groups.mediagoblin.gid = config.ids.gids.mediagoblin;
+
+ systemd.services.mediagoblin-web = {
+ description = "Mediagoblin service";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+
+ environment.SCRIPT_NAME = "/mediagoblin/";
+
+ script = ''
+ exec ./bin/paster serve \
+ ${mediagoblin.pythonRoot}/paste_local.ini \
+ --pid-file=${mediagoblin.socketsDir}/mediagoblin.pid
+ '';
+
+ preStop = ''
+ exec ./bin/paster serve \
+ --pid-file=${mediagoblin.socketsDir}/mediagoblin.pid \
+ ${mediagoblin.pythonRoot}/paste_local.ini stop
+ '';
+ preStart = ''
+ ./bin/gmg dbupdate
+ '';
+
+ serviceConfig = {
+ User = "mediagoblin";
+ PrivateTmp = true;
+ Restart = "always";
+ TimeoutSec = 15;
+ Type = "simple";
+ WorkingDirectory = mediagoblin.pythonRoot;
+ PIDFile = "${mediagoblin.socketsDir}/mediagoblin.pid";
+ };
+
+ unitConfig.RequiresMountsFor = mediagoblin.varDir;
+ };
+
+ systemd.services.mediagoblin-celeryd = {
+ description = "Mediagoblin service";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" "mediagoblin-web.service" ];
+
+ environment.MEDIAGOBLIN_CONFIG = "${mediagoblin.pythonRoot}/mediagoblin_local.ini";
+ environment.CELERY_CONFIG_MODULE = "mediagoblin.init.celery.from_celery";
+
+ script = ''
+ exec ./bin/celery worker \
+ --logfile=${mediagoblin.varDir}/celery.log \
+ --loglevel=INFO
+ '';
+
+ serviceConfig = {
+ User = "mediagoblin";
+ PrivateTmp = true;
+ Restart = "always";
+ TimeoutSec = 60;
+ Type = "simple";
+ WorkingDirectory = mediagoblin.pythonRoot;
+ PIDFile = "${mediagoblin.socketsDir}/mediagoblin-celeryd.pid";
+ };
+
+ unitConfig.RequiresMountsFor = mediagoblin.varDir;
+ };
+
+ system.activationScripts.mediagoblin = {
+ deps = [ "users" ];
+ text = ''
+ install -m 0755 -o mediagoblin -g mediagoblin -d ${mediagoblin.socketsDir}
+ install -m 0755 -o mediagoblin -g mediagoblin -d ${mediagoblin.varDir}
+ if [ -d ${mediagoblin.varDir}/plugin_static/ ]; then
+ rm ${mediagoblin.varDir}/plugin_static/coreplugin_basic_auth
+ ln -sf ${mediagoblin.pythonRoot}/mediagoblin/plugins/basic_auth/static ${mediagoblin.varDir}/plugin_static/coreplugin_basic_auth
+ fi
+ '';
+ };
+
+ services.myWebsites.tools.modules = [
+ "proxy" "proxy_http" "proxy_balancer"
+ "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat"
+ ];
+ users.users.wwwrun.extraGroups = [ "mediagoblin" ];
+ security.acme.certs."eldiron".extraDomains."mgoblin.immae.eu" = null;
+ services.myWebsites.tools.vhostConfs.mgoblin = {
+ certName = "eldiron";
+ hosts = ["mgoblin.immae.eu" ];
+ root = null;
+ extraConfig = [ ''
+ Alias /mgoblin_media ${mediagoblin.varDir}/media/public
+ <Directory ${mediagoblin.varDir}/media/public>
+ Options -Indexes +FollowSymLinks +MultiViews +Includes
+ Require all granted
+ </Directory>
+
+ Alias /theme_static ${mediagoblin.varDir}/theme_static
+ <Directory ${mediagoblin.varDir}/theme_static>
+ Options -Indexes +FollowSymLinks +MultiViews +Includes
+ Require all granted
+ </Directory>
+
+ Alias /plugin_static ${mediagoblin.varDir}/plugin_static
+ <Directory ${mediagoblin.varDir}/plugin_static>
+ Options -Indexes +FollowSymLinks +MultiViews +Includes
+ Require all granted
+ </Directory>
+
+ ProxyPreserveHost on
+ ProxyVia On
+ ProxyRequests Off
+ ProxyPass /mgoblin_media !
+ ProxyPass /theme_static !
+ ProxyPass /plugin_static !
+ ProxyPassMatch ^/.well-known/acme-challenge !
+ ProxyPass / balancer://paster_server/
+ ProxyPassReverse / balancer://paster_server
+ <Proxy balancer://paster_server>
+ BalancerMember unix://${mediagoblin.socketsDir}/mediagoblin.sock|http://
+ </Proxy>
+ '' ];
+ };
+ };
+}