[perso/Immae/Config/Nix.git] / modules / private / websites / denise / oms.nix

{ lib, config, pkgs, ... }:
let
  cfg = config.myServices.websites.denise.oms;
  varDir = "/var/lib/buildbot/outputs/denise/oms";
  varDirBeta = "/var/lib/buildbot/outputs/denise/oms_beta";
  socket = "/run/denise_oms/socket.sock";
  socket_beta = "/run/denise_oms_beta/socket.sock";
in {
  options.myServices.websites.denise.oms.enable = lib.mkEnableOption "enable Denise's OMS website";

  config = lib.mkIf cfg.enable {
    services.websites.env.production.vhostConfs.denise_oms = {
      certName     = "denise";
      addToCerts   = true;
      hosts        = [ "oms.syanni.eu" ];
      root         = null;
      extraConfig  = [
        ''
        ProxyPreserveHost on
        ProxyVia On
        ProxyRequests Off
        ProxyPassMatch ^/.well-known/acme-challenge !
        ProxyPass / unix://${socket}|http://oms.syanni.eu/
        ProxyPassReverse / unix://${socket}|http://oms.syanni.eu/
          ''
      ];
    };

    systemd.services.denise-oms = {
      description = "Denise OMS website";
      after = [ "network.target" ];
      wantedBy = [ "multi-user.target" ];

      serviceConfig = {
        Type = "simple";
        WorkingDirectory = varDir;
        ExecStart = let
          python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]);
        in
          "${python}/bin/gunicorn -w4 -p /run/denise_oms/gunicorn.pid --bind unix:${socket} app:app";
        User = "wwwrun";
        Restart = "always";
        RestartSec = "5s";
        PIDFile = "/run/denise_oms/gunicorn.pid";
        RuntimeDirectory = "denise_oms";
        StandardOutput = "journal";
        StandardError = "inherit";
      };
    };

    security.sudo.extraRules = [
      {
        commands = [
          { options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-oms-beta.service"; }
          { options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-oms.service"; }
        ];
        users = ["buildbot"];
        runAs = "root";
      }
    ];
    services.websites.env.integration.vhostConfs.denise_oms_beta = {
      certName     = "denise";
      addToCerts   = true;
      hosts        = [ "beta.oms.syanni.eu" ];
      root         = null;
      extraConfig  = [
        ''
        ProxyPreserveHost on
        ProxyVia On
        ProxyRequests Off
        ProxyPassMatch ^/.well-known/acme-challenge !
        ProxyPass / unix://${socket_beta}|http://beta.oms.syanni.eu/
        ProxyPassReverse / unix://${socket_beta}|http://beta.oms.syanni.eu/
          ''
      ];
    };

    systemd.services.denise-oms-beta = {
      description = "Denise OMS beta website";
      after = [ "network.target" ];
      wantedBy = [ "multi-user.target" ];

      serviceConfig = {
        Type = "simple";
        WorkingDirectory = varDirBeta;
        ExecStart = let
          python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]);
        in
          "${python}/bin/gunicorn -w4 -p /run/denise_oms_beta/gunicorn.pid --bind unix:${socket_beta} app:app";
        User = "wwwrun";
        Restart = "always";
        RestartSec = "5s";
        PIDFile = "/run/denise_oms_beta/gunicorn.pid";
        RuntimeDirectory = "denise_oms_beta";
        StandardOutput = "journal";
        StandardError = "inherit";
      };
    };
  };
}
Commit	Line	Data
a295d69f IB	1	{ lib, config, pkgs, ... }:
	2	let
	3	cfg = config.myServices.websites.denise.oms;
cb589b2e	4	varDir = "/var/lib/buildbot/outputs/denise/oms";
485354e5	5	varDirBeta = "/var/lib/buildbot/outputs/denise/oms_beta";
a295d69f	6	socket = "/run/denise_oms/socket.sock";
485354e5	7	socket_beta = "/run/denise_oms_beta/socket.sock";
a295d69f IB	8	in {
	9	options.myServices.websites.denise.oms.enable = lib.mkEnableOption "enable Denise's OMS website";
	10
	11	config = lib.mkIf cfg.enable {
	12	services.websites.env.production.vhostConfs.denise_oms = {
	13	certName = "denise";
	14	addToCerts = true;
	15	hosts = [ "oms.syanni.eu" ];
	16	root = null;
	17	extraConfig = [
	18	''
	19	ProxyPreserveHost on
	20	ProxyVia On
	21	ProxyRequests Off
	22	ProxyPassMatch ^/.well-known/acme-challenge !
	23	ProxyPass / unix://${socket}\|http://oms.syanni.eu/
	24	ProxyPassReverse / unix://${socket}\|http://oms.syanni.eu/
	25	''
	26	];
	27	};
	28
	29	systemd.services.denise-oms = {
	30	description = "Denise OMS website";
	31	after = [ "network.target" ];
	32	wantedBy = [ "multi-user.target" ];
	33
	34	serviceConfig = {
	35	Type = "simple";
	36	WorkingDirectory = varDir;
	37	ExecStart = let
839b49f1	38	python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]);
a295d69f IB	39	in
a295d69f IB	40	"${python}/bin/gunicorn -w4 -p /run/denise_oms/gunicorn.pid --bind unix:${socket} app:app";
ecd9a306	41	User = "wwwrun";
a295d69f IB	42	Restart = "always";
	43	RestartSec = "5s";
	44	PIDFile = "/run/denise_oms/gunicorn.pid";
	45	RuntimeDirectory = "denise_oms";
	46	StandardOutput = "journal";
	47	StandardError = "inherit";
	48	};
	49	};
485354e5	50
ecd9a306 IB	51	security.sudo.extraRules = [
	52	{
	53	commands = [
	54	{ options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-oms-beta.service"; }
	55	{ options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-oms.service"; }
	56	];
	57	users = ["buildbot"];
	58	runAs = "root";
	59	}
	60	];
485354e5 IB	61	services.websites.env.integration.vhostConfs.denise_oms_beta = {
	62	certName = "denise";
	63	addToCerts = true;
	64	hosts = [ "beta.oms.syanni.eu" ];
	65	root = null;
	66	extraConfig = [
	67	''
	68	ProxyPreserveHost on
	69	ProxyVia On
	70	ProxyRequests Off
	71	ProxyPassMatch ^/.well-known/acme-challenge !
	72	ProxyPass / unix://${socket_beta}\|http://beta.oms.syanni.eu/
	73	ProxyPassReverse / unix://${socket_beta}\|http://beta.oms.syanni.eu/
	74	''
	75	];
	76	};
	77
	78	systemd.services.denise-oms-beta = {
	79	description = "Denise OMS beta website";
	80	after = [ "network.target" ];
	81	wantedBy = [ "multi-user.target" ];
	82
	83	serviceConfig = {
	84	Type = "simple";
	85	WorkingDirectory = varDirBeta;
	86	ExecStart = let
	87	python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]);
	88	in
	89	"${python}/bin/gunicorn -w4 -p /run/denise_oms_beta/gunicorn.pid --bind unix:${socket_beta} app:app";
ecd9a306	90	User = "wwwrun";
485354e5 IB	91	Restart = "always";
	92	RestartSec = "5s";
	93	PIDFile = "/run/denise_oms_beta/gunicorn.pid";
	94	RuntimeDirectory = "denise_oms_beta";
	95	StandardOutput = "journal";
	96	StandardError = "inherit";
	97	};
	98	};
a295d69f IB	99	};
a295d69f IB	100	}