};
config = lib.mkIf cfg.enable {
- ids.uids.mediagoblin = 397;
- ids.gids.mediagoblin = 397;
+ mySecrets.keys = mediagoblin.keys;
+ ids.uids.mediagoblin = myconfig.env.tools.mediagoblin.user.uid;
+ ids.gids.mediagoblin = myconfig.env.tools.mediagoblin.user.gid;
users.users.mediagoblin = {
name = "mediagoblin";
description = "Mediagoblin user";
home = mediagoblin.varDir;
useDefaultShell = true;
+ extraGroups = [ "keys" ];
};
users.groups.mediagoblin.gid = config.ids.gids.mediagoblin;
description = "Mediagoblin service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
+ wants = [ "postgresql.service" "redis.service" ];
environment.SCRIPT_NAME = "/mediagoblin/";
};
services.myWebsites.tools.modules = [
- "proxy" "proxy_http" "proxy_balancer"
- "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat"
+ "proxy" "proxy_http"
];
users.users.wwwrun.extraGroups = [ "mediagoblin" ];
security.acme.certs."eldiron".extraDomains."mgoblin.immae.eu" = null;
ProxyPass /theme_static !
ProxyPass /plugin_static !
ProxyPassMatch ^/.well-known/acme-challenge !
- ProxyPass / balancer://paster_server/
- ProxyPassReverse / balancer://paster_server
- <Proxy balancer://paster_server>
- BalancerMember unix://${mediagoblin.socketsDir}/mediagoblin.sock|http://
- </Proxy>
+ ProxyPass / unix://${mediagoblin.socketsDir}/mediagoblin.sock|http://mgoblin.immae.eu/
+ ProxyPassReverse / unix://${mediagoblin.socketsDir}/mediagoblin.sock|http://mgoblin.immae.eu/
'' ];
};
};