X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Ftools%2Fmediagoblin.nix;h=bf45e8efddbf065db705c9949eaa11f9202e0bb1;hb=1a7188052f235fb632700478fad0108e4306107d;hp=2b56007de293a7d20f56b9dcf43d342fd0b06df4;hpb=0f3009993afc4e88ff728226cf6edc15db3ab415;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/nixops/modules/websites/tools/mediagoblin.nix b/nixops/modules/websites/tools/mediagoblin.nix index 2b56007..bf45e8e 100644 --- a/nixops/modules/websites/tools/mediagoblin.nix +++ b/nixops/modules/websites/tools/mediagoblin.nix @@ -1,69 +1,22 @@ { lib, pkgs, config, myconfig, mylibs, ... }: let env = myconfig.env.tools.mediagoblin; - socketsDir = "/run/mediagoblin"; - varDir = "/var/lib/mediagoblin"; cfg = config.services.myWebsites.tools.mediagoblin; - mediagoblin_init = "/var/secrets/webapps/tools-mediagoblin"; - paste_local = pkgs.writeText "paste_local.ini" '' - [DEFAULT] - debug = false - - [pipeline:main] - pipeline = mediagoblin - - [app:mediagoblin] - use = egg:mediagoblin#app - config = ${mediagoblin_init} ${pythonRoot}/mediagoblin.ini - /mgoblin_static = ${pythonRoot}/mediagoblin/static - - [loggers] - keys = root - - [handlers] - keys = console - - [formatters] - keys = generic - - [logger_root] - level = INFO - handlers = console - - [handler_console] - class = StreamHandler - args = (sys.stderr,) - level = NOTSET - formatter = generic - - [formatter_generic] - format = %(levelname)-7.7s [%(name)s] %(message)s - - [filter:errors] - use = egg:mediagoblin#errors - debug = false - - [server:main] - use = egg:waitress#main - unix_socket = ${socketsDir}/mediagoblin.sock - unix_socket_perms = 777 - url_scheme = https - ''; - pythonRoot = pkgs.webapps.mediagoblin-with-plugins; + mcfg = config.services.mediagoblin; in { options.services.myWebsites.tools.mediagoblin = { enable = lib.mkEnableOption "enable mediagoblin's website"; }; config = lib.mkIf cfg.enable { - mySecrets.keys = [{ + secrets.keys = [{ dest = "webapps/tools-mediagoblin"; user = "mediagoblin"; group = "mediagoblin"; permissions = "0400"; text = '' [DEFAULT] - data_basedir = "${varDir}" + data_basedir = "${mcfg.dataDir}" [mediagoblin] direct_remote_path = /mgoblin_static/ @@ -118,94 +71,12 @@ in { ''; }]; - ids.uids.mediagoblin = myconfig.env.tools.mediagoblin.user.uid; - ids.gids.mediagoblin = myconfig.env.tools.mediagoblin.user.gid; + users.users.mediagoblin.extraGroups = [ "keys" ]; - users.users.mediagoblin = { - name = "mediagoblin"; - uid = config.ids.uids.mediagoblin; - group = "mediagoblin"; - description = "Mediagoblin user"; - home = varDir; - useDefaultShell = true; - extraGroups = [ "keys" ]; - }; - - users.groups.mediagoblin.gid = config.ids.gids.mediagoblin; - - systemd.services.mediagoblin-web = { - description = "Mediagoblin service"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - wants = [ "postgresql.service" "redis.service" ]; - - environment.SCRIPT_NAME = "/mediagoblin/"; - - script = '' - exec ./bin/paster serve \ - ${paste_local} \ - --pid-file=${socketsDir}/mediagoblin.pid - ''; - - preStop = '' - exec ./bin/paster serve \ - --pid-file=${socketsDir}/mediagoblin.pid \ - ${paste_local} stop - ''; - preStart = '' - ./bin/gmg -cf ${mediagoblin_init} dbupdate - ''; - - serviceConfig = { - User = "mediagoblin"; - PrivateTmp = true; - Restart = "always"; - TimeoutSec = 15; - Type = "simple"; - WorkingDirectory = pythonRoot; - PIDFile = "${socketsDir}/mediagoblin.pid"; - }; - - unitConfig.RequiresMountsFor = varDir; - }; - - systemd.services.mediagoblin-celeryd = { - description = "Mediagoblin service"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "mediagoblin-web.service" ]; - - environment.MEDIAGOBLIN_CONFIG = mediagoblin_init; - environment.CELERY_CONFIG_MODULE = "mediagoblin.init.celery.from_celery"; - - script = '' - exec ./bin/celery worker \ - --logfile=${varDir}/celery.log \ - --loglevel=INFO - ''; - - serviceConfig = { - User = "mediagoblin"; - PrivateTmp = true; - Restart = "always"; - TimeoutSec = 60; - Type = "simple"; - WorkingDirectory = pythonRoot; - PIDFile = "${socketsDir}/mediagoblin-celeryd.pid"; - }; - - unitConfig.RequiresMountsFor = varDir; - }; - - system.activationScripts.mediagoblin = { - deps = [ "users" ]; - text = '' - install -m 0755 -o mediagoblin -g mediagoblin -d ${socketsDir} - install -m 0755 -o mediagoblin -g mediagoblin -d ${varDir} - if [ -d ${varDir}/plugin_static/ ]; then - rm ${varDir}/plugin_static/coreplugin_basic_auth - ln -sf ${pythonRoot}/mediagoblin/plugins/basic_auth/static ${varDir}/plugin_static/coreplugin_basic_auth - fi - ''; + services.mediagoblin = { + enable = true; + plugins = builtins.attrValues pkgs.webapps.mediagoblin-plugins; + configFile = "/var/secrets/webapps/tools-mediagoblin"; }; services.myWebsites.tools.modules = [ @@ -218,20 +89,20 @@ in { hosts = ["mgoblin.immae.eu" ]; root = null; extraConfig = [ '' - Alias /mgoblin_media ${varDir}/media/public - + Alias /mgoblin_media ${mcfg.dataDir}/media/public + Options -Indexes +FollowSymLinks +MultiViews +Includes Require all granted - Alias /theme_static ${varDir}/theme_static - + Alias /theme_static ${mcfg.dataDir}/theme_static + Options -Indexes +FollowSymLinks +MultiViews +Includes Require all granted - Alias /plugin_static ${varDir}/plugin_static - + Alias /plugin_static ${mcfg.dataDir}/plugin_static + Options -Indexes +FollowSymLinks +MultiViews +Includes Require all granted @@ -243,8 +114,8 @@ in { ProxyPass /theme_static ! ProxyPass /plugin_static ! ProxyPassMatch ^/.well-known/acme-challenge ! - ProxyPass / unix://${socketsDir}/mediagoblin.sock|http://mgoblin.immae.eu/ - ProxyPassReverse / unix://${socketsDir}/mediagoblin.sock|http://mgoblin.immae.eu/ + ProxyPass / unix://${mcfg.socketsDir}/mediagoblin.sock|http://mgoblin.immae.eu/ + ProxyPassReverse / unix://${mcfg.socketsDir}/mediagoblin.sock|http://mgoblin.immae.eu/ '' ]; }; };