]>
Commit | Line | Data |
---|---|---|
ab8f306d | 1 | { lib, pkgs, config, ... }: |
56eba416 | 2 | let |
ab8f306d | 3 | env = config.myEnv.tools.mediagoblin; |
4288c2f2 | 4 | cfg = config.myServices.websites.tools.mediagoblin; |
996a68c2 | 5 | mcfg = config.services.mediagoblin; |
56eba416 | 6 | in { |
4288c2f2 | 7 | options.myServices.websites.tools.mediagoblin = { |
56eba416 IB |
8 | enable = lib.mkEnableOption "enable mediagoblin's website"; |
9 | }; | |
10 | ||
11 | config = lib.mkIf cfg.enable { | |
d880826a IB |
12 | services.duplyBackup.profiles.mgoblin = { |
13 | rootDir = mcfg.dataDir; | |
14 | }; | |
4c4652aa | 15 | secrets.keys."webapps/tools-mediagoblin" = { |
ddd3f845 IB |
16 | user = "mediagoblin"; |
17 | group = "mediagoblin"; | |
18 | permissions = "0400"; | |
ab8f306d IB |
19 | text = |
20 | let | |
21 | psql_url = with env.postgresql; "postgresql://${user}:${password}@:${port}/${database}?host=${socket}"; | |
22 | redis_url = with env.redis; "redis+socket://${socket}?virtual_host=${db}"; | |
23 | in | |
24 | '' | |
ddd3f845 | 25 | [DEFAULT] |
996a68c2 | 26 | data_basedir = "${mcfg.dataDir}" |
ddd3f845 IB |
27 | |
28 | [mediagoblin] | |
29 | direct_remote_path = /mgoblin_static/ | |
30 | email_sender_address = "mediagoblin@tools.immae.eu" | |
31 | ||
32 | #sql_engine = sqlite:///%(data_basedir)s/mediagoblin.db | |
ab8f306d | 33 | sql_engine = ${psql_url} |
ddd3f845 IB |
34 | |
35 | email_debug_mode = false | |
36 | allow_registration = false | |
37 | allow_reporting = true | |
38 | ||
39 | theme = airymodified | |
40 | ||
41 | user_privilege_scheme = "uploader,commenter,reporter" | |
42 | ||
43 | # We need to redefine them here since we override data_basedir | |
44 | # cf /usr/share/webapps/mediagoblin/mediagoblin/config_spec.ini | |
45 | workbench_path = %(data_basedir)s/media/workbench | |
46 | crypto_path = %(data_basedir)s/crypto | |
47 | theme_install_dir = %(data_basedir)s/themes/ | |
48 | theme_linked_assets_dir = %(data_basedir)s/theme_static/ | |
49 | plugin_linked_assets_dir = %(data_basedir)s/plugin_static/ | |
50 | ||
51 | [storage:queuestore] | |
52 | base_dir = %(data_basedir)s/media/queue | |
53 | ||
54 | [storage:publicstore] | |
55 | base_dir = %(data_basedir)s/media/public | |
56 | base_url = /mgoblin_media/ | |
57 | ||
58 | [celery] | |
ab8f306d IB |
59 | CELERY_RESULT_DBURI = ${redis_url} |
60 | BROKER_URL = ${redis_url} | |
ddd3f845 IB |
61 | CELERYD_CONCURRENCY = 1 |
62 | ||
63 | [plugins] | |
64 | [[mediagoblin.plugins.geolocation]] | |
65 | [[mediagoblin.plugins.ldap]] | |
66 | [[[immae.eu]]] | |
ab8f306d IB |
67 | LDAP_SERVER_URI = 'ldaps://${env.ldap.host}:636' |
68 | LDAP_SEARCH_BASE = '${env.ldap.base}' | |
69 | LDAP_BIND_DN = '${env.ldap.dn}' | |
ddd3f845 | 70 | LDAP_BIND_PW = '${env.ldap.password}' |
ab8f306d | 71 | LDAP_SEARCH_FILTER = '${env.ldap.filter}' |
ddd3f845 IB |
72 | EMAIL_SEARCH_FIELD = 'mail' |
73 | [[mediagoblin.plugins.basicsearch]] | |
74 | [[mediagoblin.plugins.piwigo]] | |
75 | [[mediagoblin.plugins.processing_info]] | |
76 | [[mediagoblin.media_types.image]] | |
77 | [[mediagoblin.media_types.video]] | |
78 | ''; | |
4c4652aa | 79 | }; |
ddd3f845 | 80 | |
996a68c2 | 81 | users.users.mediagoblin.extraGroups = [ "keys" ]; |
56eba416 | 82 | |
996a68c2 IB |
83 | services.mediagoblin = { |
84 | enable = true; | |
34c7b88e | 85 | package = pkgs.webapps.mediagoblin.withPlugins (p: [p.basicsearch]); |
da30ae4f | 86 | configFile = config.secrets.fullPaths."webapps/tools-mediagoblin"; |
56eba416 | 87 | }; |
17f6eae9 IB |
88 | services.filesWatcher.mediagoblin-web = { |
89 | restart = true; | |
90 | paths = [ mcfg.configFile ]; | |
91 | }; | |
92 | services.filesWatcher.mediagoblin-celeryd = { | |
93 | restart = true; | |
94 | paths = [ mcfg.configFile ]; | |
95 | }; | |
56eba416 | 96 | |
29f8cb85 | 97 | services.websites.env.tools.modules = [ |
a952acc4 | 98 | "proxy" "proxy_http" |
56eba416 IB |
99 | ]; |
100 | users.users.wwwrun.extraGroups = [ "mediagoblin" ]; | |
29f8cb85 | 101 | services.websites.env.tools.vhostConfs.mgoblin = { |
56eba416 | 102 | certName = "eldiron"; |
7df420c2 | 103 | addToCerts = true; |
56eba416 IB |
104 | hosts = ["mgoblin.immae.eu" ]; |
105 | root = null; | |
106 | extraConfig = [ '' | |
996a68c2 IB |
107 | Alias /mgoblin_media ${mcfg.dataDir}/media/public |
108 | <Directory ${mcfg.dataDir}/media/public> | |
56eba416 IB |
109 | Options -Indexes +FollowSymLinks +MultiViews +Includes |
110 | Require all granted | |
111 | </Directory> | |
112 | ||
996a68c2 IB |
113 | Alias /theme_static ${mcfg.dataDir}/theme_static |
114 | <Directory ${mcfg.dataDir}/theme_static> | |
56eba416 IB |
115 | Options -Indexes +FollowSymLinks +MultiViews +Includes |
116 | Require all granted | |
117 | </Directory> | |
118 | ||
996a68c2 IB |
119 | Alias /plugin_static ${mcfg.dataDir}/plugin_static |
120 | <Directory ${mcfg.dataDir}/plugin_static> | |
56eba416 IB |
121 | Options -Indexes +FollowSymLinks +MultiViews +Includes |
122 | Require all granted | |
123 | </Directory> | |
124 | ||
125 | ProxyPreserveHost on | |
126 | ProxyVia On | |
127 | ProxyRequests Off | |
128 | ProxyPass /mgoblin_media ! | |
129 | ProxyPass /theme_static ! | |
130 | ProxyPass /plugin_static ! | |
131 | ProxyPassMatch ^/.well-known/acme-challenge ! | |
658822fb IB |
132 | ProxyPass / unix://${mcfg.sockets.paster}|http://mgoblin.immae.eu/ |
133 | ProxyPassReverse / unix://${mcfg.sockets.paster}|http://mgoblin.immae.eu/ | |
56eba416 IB |
134 | '' ]; |
135 | }; | |
136 | }; | |
137 | } |