X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Ftools%2Fmgoblin%2Fdefault.nix;h=6d6a5a4deb0fab86dda0415de27ed14ca638ec15;hb=da30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2;hp=1d398db24ebecf20e6b39ee483af6ecb18cc5929;hpb=17f6eae9907a122d4472da727ae8b1ac1c40c027;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/websites/tools/mgoblin/default.nix b/modules/private/websites/tools/mgoblin/default.nix
index 1d398db..6d6a5a4 100644
--- a/modules/private/websites/tools/mgoblin/default.nix
+++ b/modules/private/websites/tools/mgoblin/default.nix
@@ -1,6 +1,6 @@
-{ lib, pkgs, config, myconfig,  ... }:
+{ lib, pkgs, config,  ... }:
 let
-  env = myconfig.env.tools.mediagoblin;
+  env = config.myEnv.tools.mediagoblin;
   cfg = config.myServices.websites.tools.mediagoblin;
   mcfg = config.services.mediagoblin;
 in {
@@ -9,12 +9,20 @@ in {
   };
 
   config = lib.mkIf cfg.enable {
+    services.duplyBackup.profiles.mgoblin = {
+      rootDir = mcfg.dataDir;
+    };
     secrets.keys = [{
       dest = "webapps/tools-mediagoblin";
       user = "mediagoblin";
       group = "mediagoblin";
       permissions = "0400";
-      text = ''
+      text =
+        let
+          psql_url = with env.postgresql; "postgresql://${user}:${password}@:${port}/${database}?host=${socket}";
+          redis_url = with env.redis; "redis+socket://${socket}?virtual_host=${db}";
+        in
+      ''
         [DEFAULT]
         data_basedir = "${mcfg.dataDir}"
 
@@ -23,7 +31,7 @@ in {
         email_sender_address = "mediagoblin@tools.immae.eu"
 
         #sql_engine = sqlite:///%(data_basedir)s/mediagoblin.db
-        sql_engine = ${env.psql_url}
+        sql_engine = ${psql_url}
 
         email_debug_mode = false
         allow_registration = false
@@ -49,19 +57,19 @@ in {
         base_url = /mgoblin_media/
 
         [celery]
-        CELERY_RESULT_DBURI = ${env.redis_url}
-        BROKER_URL = ${env.redis_url}
+        CELERY_RESULT_DBURI = ${redis_url}
+        BROKER_URL = ${redis_url}
         CELERYD_CONCURRENCY = 1
 
         [plugins]
           [[mediagoblin.plugins.geolocation]]
           [[mediagoblin.plugins.ldap]]
             [[[immae.eu]]]
-              LDAP_SERVER_URI = 'ldaps://ldap.immae.eu:636'
-              LDAP_SEARCH_BASE = 'dc=immae,dc=eu'
-              LDAP_BIND_DN = 'cn=mediagoblin,ou=services,dc=immae,dc=eu'
+              LDAP_SERVER_URI = 'ldaps://${env.ldap.host}:636'
+              LDAP_SEARCH_BASE = '${env.ldap.base}'
+              LDAP_BIND_DN = '${env.ldap.dn}'
               LDAP_BIND_PW = '${env.ldap.password}'
-              LDAP_SEARCH_FILTER = '(&(memberOf=cn=users,cn=mediagoblin,ou=services,dc=immae,dc=eu)(uid={username}))'
+              LDAP_SEARCH_FILTER = '${env.ldap.filter}'
               EMAIL_SEARCH_FIELD = 'mail'
           [[mediagoblin.plugins.basicsearch]]
           [[mediagoblin.plugins.piwigo]]
@@ -75,8 +83,8 @@ in {
 
     services.mediagoblin = {
       enable     = true;
-      plugins    = builtins.attrValues pkgs.webapps.mediagoblin-plugins;
-      configFile = "/var/secrets/webapps/tools-mediagoblin";
+      package    = pkgs.webapps.mediagoblin.withPlugins (p: [p.basicsearch]);
+      configFile = config.secrets.fullPaths."webapps/tools-mediagoblin";
     };
     services.filesWatcher.mediagoblin-web = {
       restart = true;
@@ -87,11 +95,11 @@ in {
       paths = [ mcfg.configFile ];
     };
 
-    services.websites.tools.modules = [
+    services.websites.env.tools.modules = [
       "proxy" "proxy_http"
     ];
     users.users.wwwrun.extraGroups = [ "mediagoblin" ];
-    services.websites.tools.vhostConfs.mgoblin = {
+    services.websites.env.tools.vhostConfs.mgoblin = {
       certName    = "eldiron";
       addToCerts  = true;
       hosts       = ["mgoblin.immae.eu" ];