X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Ftools%2Fmediagoblin%2Fdefault.nix;fp=nixops%2Fmodules%2Fwebsites%2Ftools%2Fmediagoblin%2Fdefault.nix;h=5f60503d32e204272283dc2d9c434139a402dd9e;hb=01f21083a897b86bf148f1d2bb9c8edca4d3786a;hp=0000000000000000000000000000000000000000;hpb=bfe3c9c9df0c5112bc8806483292b55ed0f7e02d;p=perso%2FImmae%2FConfig%2FNix.git
diff --git a/nixops/modules/websites/tools/mediagoblin/default.nix b/nixops/modules/websites/tools/mediagoblin/default.nix
new file mode 100644
index 0000000..5f60503
--- /dev/null
+++ b/nixops/modules/websites/tools/mediagoblin/default.nix
@@ -0,0 +1,147 @@
+{ lib, pkgs, config, myconfig, mylibs, ... }:
+let
+ mediagoblin = pkgs.callPackage ./mediagoblin.nix {
+ inherit (mylibs) fetchedGit fetchedGithub;
+ env = myconfig.env.tools.mediagoblin;
+ };
+
+ cfg = config.services.myWebsites.tools.mediagoblin;
+in {
+ options.services.myWebsites.tools.mediagoblin = {
+ enable = lib.mkEnableOption "enable mediagoblin's website";
+ };
+
+ config = lib.mkIf cfg.enable {
+ ids.uids.mediagoblin = 397;
+ ids.gids.mediagoblin = 397;
+
+ users.users.mediagoblin = {
+ name = "mediagoblin";
+ uid = config.ids.uids.mediagoblin;
+ group = "mediagoblin";
+ description = "Mediagoblin user";
+ home = mediagoblin.varDir;
+ useDefaultShell = true;
+ };
+
+ users.groups.mediagoblin.gid = config.ids.gids.mediagoblin;
+
+ systemd.services.mediagoblin-web = {
+ description = "Mediagoblin service";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+
+ environment.SCRIPT_NAME = "/mediagoblin/";
+
+ script = ''
+ exec ./bin/paster serve \
+ ${mediagoblin.pythonRoot}/paste_local.ini \
+ --pid-file=${mediagoblin.socketsDir}/mediagoblin.pid
+ '';
+
+ preStop = ''
+ exec ./bin/paster serve \
+ --pid-file=${mediagoblin.socketsDir}/mediagoblin.pid \
+ ${mediagoblin.pythonRoot}/paste_local.ini stop
+ '';
+ preStart = ''
+ ./bin/gmg dbupdate
+ '';
+
+ serviceConfig = {
+ User = "mediagoblin";
+ PrivateTmp = true;
+ Restart = "always";
+ TimeoutSec = 15;
+ Type = "simple";
+ WorkingDirectory = mediagoblin.pythonRoot;
+ PIDFile = "${mediagoblin.socketsDir}/mediagoblin.pid";
+ };
+
+ unitConfig.RequiresMountsFor = mediagoblin.varDir;
+ };
+
+ systemd.services.mediagoblin-celeryd = {
+ description = "Mediagoblin service";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" "mediagoblin-web.service" ];
+
+ environment.MEDIAGOBLIN_CONFIG = "${mediagoblin.pythonRoot}/mediagoblin_local.ini";
+ environment.CELERY_CONFIG_MODULE = "mediagoblin.init.celery.from_celery";
+
+ script = ''
+ exec ./bin/celery worker \
+ --logfile=${mediagoblin.varDir}/celery.log \
+ --loglevel=INFO
+ '';
+
+ serviceConfig = {
+ User = "mediagoblin";
+ PrivateTmp = true;
+ Restart = "always";
+ TimeoutSec = 60;
+ Type = "simple";
+ WorkingDirectory = mediagoblin.pythonRoot;
+ PIDFile = "${mediagoblin.socketsDir}/mediagoblin-celeryd.pid";
+ };
+
+ unitConfig.RequiresMountsFor = mediagoblin.varDir;
+ };
+
+ system.activationScripts.mediagoblin = {
+ deps = [ "users" ];
+ text = ''
+ install -m 0755 -o mediagoblin -g mediagoblin -d ${mediagoblin.socketsDir}
+ install -m 0755 -o mediagoblin -g mediagoblin -d ${mediagoblin.varDir}
+ if [ -d ${mediagoblin.varDir}/plugin_static/ ]; then
+ rm ${mediagoblin.varDir}/plugin_static/coreplugin_basic_auth
+ ln -sf ${mediagoblin.pythonRoot}/mediagoblin/plugins/basic_auth/static ${mediagoblin.varDir}/plugin_static/coreplugin_basic_auth
+ fi
+ '';
+ };
+
+ services.myWebsites.tools.modules = [
+ "proxy" "proxy_http" "proxy_balancer"
+ "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat"
+ ];
+ users.users.wwwrun.extraGroups = [ "mediagoblin" ];
+ security.acme.certs."eldiron".extraDomains."mgoblin.immae.eu" = null;
+ services.myWebsites.tools.vhostConfs.mgoblin = {
+ certName = "eldiron";
+ hosts = ["mgoblin.immae.eu" ];
+ root = null;
+ extraConfig = [ ''
+ Alias /mgoblin_media ${mediagoblin.varDir}/media/public
+
+ Options -Indexes +FollowSymLinks +MultiViews +Includes
+ Require all granted
+
+
+ Alias /theme_static ${mediagoblin.varDir}/theme_static
+
+ Options -Indexes +FollowSymLinks +MultiViews +Includes
+ Require all granted
+
+
+ Alias /plugin_static ${mediagoblin.varDir}/plugin_static
+
+ Options -Indexes +FollowSymLinks +MultiViews +Includes
+ Require all granted
+
+
+ ProxyPreserveHost on
+ ProxyVia On
+ ProxyRequests Off
+ ProxyPass /mgoblin_media !
+ ProxyPass /theme_static !
+ ProxyPass /plugin_static !
+ ProxyPassMatch ^/.well-known/acme-challenge !
+ ProxyPass / balancer://paster_server/
+ ProxyPassReverse / balancer://paster_server
+
+ BalancerMember unix://${mediagoblin.socketsDir}/mediagoblin.sock|http://
+
+ '' ];
+ };
+ };
+}