X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Ftools%2Fmgoblin%2Fdefault.nix;h=1e5f5a0b8e501ca15425c85b2f530e076fb85579;hb=5315b439af1f72c3282549508ae58d86d66e38ec;hp=5da81f68163bc6831c1a5c04f5f1713243bcd95d;hpb=4288c2f2431fb782b0d512b1b3749187f2374b6a;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/websites/tools/mgoblin/default.nix b/modules/private/websites/tools/mgoblin/default.nix index 5da81f6..1e5f5a0 100644 --- a/modules/private/websites/tools/mgoblin/default.nix +++ b/modules/private/websites/tools/mgoblin/default.nix @@ -1,6 +1,6 @@ -{ lib, pkgs, config, myconfig, ... }: +{ lib, pkgs, config, ... }: let - env = myconfig.env.tools.mediagoblin; + env = config.myEnv.tools.mediagoblin; cfg = config.myServices.websites.tools.mediagoblin; mcfg = config.services.mediagoblin; in { @@ -9,12 +9,16 @@ in { }; config = lib.mkIf cfg.enable { - secrets.keys = [{ - dest = "webapps/tools-mediagoblin"; + secrets.keys."webapps/tools-mediagoblin" = { user = "mediagoblin"; group = "mediagoblin"; permissions = "0400"; - text = '' + text = + let + psql_url = with env.postgresql; "postgresql://${user}:${password}@:${port}/${database}?host=${socket}"; + redis_url = with env.redis; "redis+socket://${socket}?virtual_host=${db}"; + in + '' [DEFAULT] data_basedir = "${mcfg.dataDir}" @@ -23,7 +27,7 @@ in { email_sender_address = "mediagoblin@tools.immae.eu" #sql_engine = sqlite:///%(data_basedir)s/mediagoblin.db - sql_engine = ${env.psql_url} + sql_engine = ${psql_url} email_debug_mode = false allow_registration = false @@ -49,19 +53,19 @@ in { base_url = /mgoblin_media/ [celery] - CELERY_RESULT_DBURI = ${env.redis_url} - BROKER_URL = ${env.redis_url} + CELERY_RESULT_DBURI = ${redis_url} + BROKER_URL = ${redis_url} CELERYD_CONCURRENCY = 1 [plugins] [[mediagoblin.plugins.geolocation]] [[mediagoblin.plugins.ldap]] [[[immae.eu]]] - LDAP_SERVER_URI = 'ldaps://ldap.immae.eu:636' - LDAP_SEARCH_BASE = 'dc=immae,dc=eu' - LDAP_BIND_DN = 'cn=mediagoblin,ou=services,dc=immae,dc=eu' + LDAP_SERVER_URI = 'ldaps://${env.ldap.host}:636' + LDAP_SEARCH_BASE = '${env.ldap.base}' + LDAP_BIND_DN = '${env.ldap.dn}' LDAP_BIND_PW = '${env.ldap.password}' - LDAP_SEARCH_FILTER = '(&(memberOf=cn=users,cn=mediagoblin,ou=services,dc=immae,dc=eu)(uid={username}))' + LDAP_SEARCH_FILTER = '${env.ldap.filter}' EMAIL_SEARCH_FIELD = 'mail' [[mediagoblin.plugins.basicsearch]] [[mediagoblin.plugins.piwigo]] @@ -69,21 +73,29 @@ in { [[mediagoblin.media_types.image]] [[mediagoblin.media_types.video]] ''; - }]; + }; users.users.mediagoblin.extraGroups = [ "keys" ]; services.mediagoblin = { enable = true; - plugins = builtins.attrValues pkgs.webapps.mediagoblin-plugins; - configFile = "/var/secrets/webapps/tools-mediagoblin"; + package = pkgs.webapps.mediagoblin.withPlugins (p: [p.basicsearch]); + configFile = config.secrets.fullPaths."webapps/tools-mediagoblin"; + }; + services.filesWatcher.mediagoblin-web = { + restart = true; + paths = [ mcfg.configFile ]; + }; + services.filesWatcher.mediagoblin-celeryd = { + restart = true; + paths = [ mcfg.configFile ]; }; - services.websites.tools.modules = [ + services.websites.env.tools.modules = [ "proxy" "proxy_http" ]; users.users.wwwrun.extraGroups = [ "mediagoblin" ]; - services.websites.tools.vhostConfs.mgoblin = { + services.websites.env.tools.vhostConfs.mgoblin = { certName = "eldiron"; addToCerts = true; hosts = ["mgoblin.immae.eu" ];