[perso/Immae/Config/Nix.git] / modules / private / websites / tools / mgoblin / default.nix

{ lib, pkgs, config,  ... }:
let
  env = config.myEnv.tools.mediagoblin;
  cfg = config.myServices.websites.tools.mediagoblin;
  mcfg = config.services.mediagoblin;
in {
  options.myServices.websites.tools.mediagoblin = {
    enable = lib.mkEnableOption "enable mediagoblin's website";
  };

  config = lib.mkIf cfg.enable {
    services.duplyBackup.profiles.mgoblin = {
      rootDir = mcfg.dataDir;
    };
    secrets.keys."webapps/tools-mediagoblin" = {
      user = "mediagoblin";
      group = "mediagoblin";
      permissions = "0400";
      text =
        let
          psql_url = with env.postgresql; "postgresql://${user}:${password}@:${port}/${database}?host=${socket}";
          redis_url = with env.redis; "redis+socket://${socket}?virtual_host=${db}";
        in
      ''
        [DEFAULT]
        data_basedir = "${mcfg.dataDir}"

        [mediagoblin]
        direct_remote_path = /mgoblin_static/
        email_sender_address = "mediagoblin@tools.immae.eu"

        #sql_engine = sqlite:///%(data_basedir)s/mediagoblin.db
        sql_engine = ${psql_url}

        email_debug_mode = false
        allow_registration = false
        allow_reporting = true

        theme = airymodified

        user_privilege_scheme = "uploader,commenter,reporter"

        # We need to redefine them here since we override data_basedir
        # cf /usr/share/webapps/mediagoblin/mediagoblin/config_spec.ini
        workbench_path = %(data_basedir)s/media/workbench
        crypto_path = %(data_basedir)s/crypto
        theme_install_dir = %(data_basedir)s/themes/
        theme_linked_assets_dir = %(data_basedir)s/theme_static/
        plugin_linked_assets_dir = %(data_basedir)s/plugin_static/

        [storage:queuestore]
        base_dir = %(data_basedir)s/media/queue

        [storage:publicstore]
        base_dir = %(data_basedir)s/media/public
        base_url = /mgoblin_media/

        [celery]
        CELERY_RESULT_DBURI = ${redis_url}
        BROKER_URL = ${redis_url}
        CELERYD_CONCURRENCY = 1

        [plugins]
          [[mediagoblin.plugins.geolocation]]
          [[mediagoblin.plugins.ldap]]
            [[[immae.eu]]]
              LDAP_SERVER_URI = 'ldaps://${env.ldap.host}:636'
              LDAP_SEARCH_BASE = '${env.ldap.base}'
              LDAP_BIND_DN = '${env.ldap.dn}'
              LDAP_BIND_PW = '${env.ldap.password}'
              LDAP_SEARCH_FILTER = '${env.ldap.filter}'
              EMAIL_SEARCH_FIELD = 'mail'
          [[mediagoblin.plugins.basicsearch]]
          [[mediagoblin.plugins.piwigo]]
          [[mediagoblin.plugins.processing_info]]
          [[mediagoblin.media_types.image]]
          [[mediagoblin.media_types.video]]
        '';
    };

    users.users.mediagoblin.extraGroups = [ "keys" ];

    services.mediagoblin = {
      enable     = true;
      package    = pkgs.webapps.mediagoblin.withPlugins (p: [p.basicsearch]);
      configFile = config.secrets.fullPaths."webapps/tools-mediagoblin";
    };
    services.filesWatcher.mediagoblin-web = {
      restart = true;
      paths = [ mcfg.configFile ];
    };
    services.filesWatcher.mediagoblin-celeryd = {
      restart = true;
      paths = [ mcfg.configFile ];
    };

    services.websites.env.tools.modules = [
      "proxy" "proxy_http"
    ];
    users.users.wwwrun.extraGroups = [ "mediagoblin" ];
    services.websites.env.tools.vhostConfs.mgoblin = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = ["mgoblin.immae.eu" ];
      root        = null;
      extraConfig = [ ''
        Alias /mgoblin_media ${mcfg.dataDir}/media/public
        <Directory ${mcfg.dataDir}/media/public>
          Options -Indexes +FollowSymLinks +MultiViews +Includes
          Require all granted
        </Directory>

        Alias /theme_static ${mcfg.dataDir}/theme_static
        <Directory ${mcfg.dataDir}/theme_static>
          Options -Indexes +FollowSymLinks +MultiViews +Includes
          Require all granted
        </Directory>

        Alias /plugin_static ${mcfg.dataDir}/plugin_static
        <Directory ${mcfg.dataDir}/plugin_static>
          Options -Indexes +FollowSymLinks +MultiViews +Includes
          Require all granted
        </Directory>

        ProxyPreserveHost on
        ProxyVia On
        ProxyRequests Off
        ProxyPass /mgoblin_media !
        ProxyPass /theme_static !
        ProxyPass /plugin_static !
        ProxyPassMatch ^/.well-known/acme-challenge !
        ProxyPass / unix://${mcfg.sockets.paster}|http://mgoblin.immae.eu/
        ProxyPassReverse / unix://${mcfg.sockets.paster}|http://mgoblin.immae.eu/
      '' ];
    };
  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
56eba416	2	let
ab8f306d	3	env = config.myEnv.tools.mediagoblin;
4288c2f2	4	cfg = config.myServices.websites.tools.mediagoblin;
996a68c2	5	mcfg = config.services.mediagoblin;
56eba416	6	in {
4288c2f2	7	options.myServices.websites.tools.mediagoblin = {
56eba416 IB	8	enable = lib.mkEnableOption "enable mediagoblin's website";
	9	};
	10
	11	config = lib.mkIf cfg.enable {
d880826a IB	12	services.duplyBackup.profiles.mgoblin = {
	13	rootDir = mcfg.dataDir;
	14	};
4c4652aa	15	secrets.keys."webapps/tools-mediagoblin" = {
ddd3f845 IB	16	user = "mediagoblin";
	17	group = "mediagoblin";
	18	permissions = "0400";
ab8f306d IB	19	text =
	20	let
	21	psql_url = with env.postgresql; "postgresql://${user}:${password}@:${port}/${database}?host=${socket}";
	22	redis_url = with env.redis; "redis+socket://${socket}?virtual_host=${db}";
	23	in
	24	''
ddd3f845	25	[DEFAULT]
996a68c2	26	data_basedir = "${mcfg.dataDir}"
ddd3f845 IB	27
	28	[mediagoblin]
	29	direct_remote_path = /mgoblin_static/
	30	email_sender_address = "mediagoblin@tools.immae.eu"
	31
	32	#sql_engine = sqlite:///%(data_basedir)s/mediagoblin.db
ab8f306d	33	sql_engine = ${psql_url}
ddd3f845 IB	34
	35	email_debug_mode = false
	36	allow_registration = false
	37	allow_reporting = true
	38
	39	theme = airymodified
	40
	41	user_privilege_scheme = "uploader,commenter,reporter"
	42
	43	# We need to redefine them here since we override data_basedir
	44	# cf /usr/share/webapps/mediagoblin/mediagoblin/config_spec.ini
	45	workbench_path = %(data_basedir)s/media/workbench
	46	crypto_path = %(data_basedir)s/crypto
	47	theme_install_dir = %(data_basedir)s/themes/
	48	theme_linked_assets_dir = %(data_basedir)s/theme_static/
	49	plugin_linked_assets_dir = %(data_basedir)s/plugin_static/
	50
	51	[storage:queuestore]
	52	base_dir = %(data_basedir)s/media/queue
	53
	54	[storage:publicstore]
	55	base_dir = %(data_basedir)s/media/public
	56	base_url = /mgoblin_media/
	57
	58	[celery]
ab8f306d IB	59	CELERY_RESULT_DBURI = ${redis_url}
ab8f306d IB	60	BROKER_URL = ${redis_url}
ddd3f845 IB	61	CELERYD_CONCURRENCY = 1
	62
	63	[plugins]
	64	[[mediagoblin.plugins.geolocation]]
	65	[[mediagoblin.plugins.ldap]]
	66	[[[immae.eu]]]
ab8f306d IB	67	LDAP_SERVER_URI = 'ldaps://${env.ldap.host}:636'
	68	LDAP_SEARCH_BASE = '${env.ldap.base}'
	69	LDAP_BIND_DN = '${env.ldap.dn}'
ddd3f845	70	LDAP_BIND_PW = '${env.ldap.password}'
ab8f306d	71	LDAP_SEARCH_FILTER = '${env.ldap.filter}'
ddd3f845 IB	72	EMAIL_SEARCH_FIELD = 'mail'
	73	[[mediagoblin.plugins.basicsearch]]
	74	[[mediagoblin.plugins.piwigo]]
	75	[[mediagoblin.plugins.processing_info]]
	76	[[mediagoblin.media_types.image]]
	77	[[mediagoblin.media_types.video]]
	78	'';
4c4652aa	79	};
ddd3f845	80
996a68c2	81	users.users.mediagoblin.extraGroups = [ "keys" ];
56eba416	82
996a68c2 IB	83	services.mediagoblin = {
996a68c2 IB	84	enable = true;
34c7b88e	85	package = pkgs.webapps.mediagoblin.withPlugins (p: [p.basicsearch]);
da30ae4f	86	configFile = config.secrets.fullPaths."webapps/tools-mediagoblin";
56eba416	87	};
17f6eae9 IB	88	services.filesWatcher.mediagoblin-web = {
	89	restart = true;
	90	paths = [ mcfg.configFile ];
	91	};
	92	services.filesWatcher.mediagoblin-celeryd = {
	93	restart = true;
	94	paths = [ mcfg.configFile ];
	95	};
56eba416	96
29f8cb85	97	services.websites.env.tools.modules = [
a952acc4	98	"proxy" "proxy_http"
56eba416 IB	99	];
56eba416 IB	100	users.users.wwwrun.extraGroups = [ "mediagoblin" ];
29f8cb85	101	services.websites.env.tools.vhostConfs.mgoblin = {
56eba416	102	certName = "eldiron";
7df420c2	103	addToCerts = true;
56eba416 IB	104	hosts = ["mgoblin.immae.eu" ];
	105	root = null;
	106	extraConfig = [ ''
996a68c2 IB	107	Alias /mgoblin_media ${mcfg.dataDir}/media/public
996a68c2 IB	108	<Directory ${mcfg.dataDir}/media/public>
56eba416 IB	109	Options -Indexes +FollowSymLinks +MultiViews +Includes
	110	Require all granted
	111	</Directory>
	112
996a68c2 IB	113	Alias /theme_static ${mcfg.dataDir}/theme_static
996a68c2 IB	114	<Directory ${mcfg.dataDir}/theme_static>
56eba416 IB	115	Options -Indexes +FollowSymLinks +MultiViews +Includes
	116	Require all granted
	117	</Directory>
	118
996a68c2 IB	119	Alias /plugin_static ${mcfg.dataDir}/plugin_static
996a68c2 IB	120	<Directory ${mcfg.dataDir}/plugin_static>
56eba416 IB	121	Options -Indexes +FollowSymLinks +MultiViews +Includes
	122	Require all granted
	123	</Directory>
	124
	125	ProxyPreserveHost on
	126	ProxyVia On
	127	ProxyRequests Off
	128	ProxyPass /mgoblin_media !
	129	ProxyPass /theme_static !
	130	ProxyPass /plugin_static !
	131	ProxyPassMatch ^/.well-known/acme-challenge !
658822fb IB	132	ProxyPass / unix://${mcfg.sockets.paster}\|http://mgoblin.immae.eu/
658822fb IB	133	ProxyPassReverse / unix://${mcfg.sockets.paster}\|http://mgoblin.immae.eu/
56eba416 IB	134	'' ];
	135	};
	136	};
	137	}