[perso/Immae/Config/Nix.git] / virtual / modules / websites / tools / mediagoblin / default.nix

{ lib, pkgs, config, mylibs, ... }:
let
  mediagoblin = pkgs.callPackage ./mediagoblin.nix {
    inherit (mylibs) checkEnv fetchedGit fetchedGithub;
  };

  cfg = config.services.myWebsites.tools.mediagoblin;
in {
  options.services.myWebsites.tools.mediagoblin = {
    enable = lib.mkEnableOption "enable mediagoblin's website";
  };

  config = lib.mkIf cfg.enable {
    # FIXME: Can we use dynamic users from systemd?
    # nixos/modules/misc/ids.nix
    ids.uids.mediagoblin = 397;
    ids.gids.mediagoblin = 397;

    users.users.mediagoblin = {
      name = "mediagoblin";
      uid = config.ids.uids.mediagoblin;
      group = "mediagoblin";
      description = "Mediagoblin user";
      home = mediagoblin.varDir;
      useDefaultShell = true;
    };

    users.groups.mediagoblin.gid = config.ids.gids.mediagoblin;

    systemd.services.mediagoblin-web = {
      description = "Mediagoblin service";
      wantedBy = [ "multi-user.target" ];
      after = [ "network.target" ];

      environment.SCRIPT_NAME = "/mediagoblin/";

      script = ''
        exec ./bin/paster serve \
          ${mediagoblin.pythonRoot}/paste_local.ini \
          --pid-file=${mediagoblin.socketsDir}/mediagoblin.pid
      '';

      preStop = ''
        exec ./bin/paster serve \
          --pid-file=${mediagoblin.socketsDir}/mediagoblin.pid \
          ${mediagoblin.pythonRoot}/paste_local.ini stop
        '';
      preStart = ''
        ./bin/gmg dbupdate
      '';

      serviceConfig = {
        User = "mediagoblin";
        PrivateTmp = true;
        Restart = "always";
        TimeoutSec = 15;
        Type = "simple";
        WorkingDirectory = mediagoblin.pythonRoot;
        PIDFile = "${mediagoblin.socketsDir}/mediagoblin.pid";
      };

      unitConfig.RequiresMountsFor = mediagoblin.varDir;
    };

    systemd.services.mediagoblin-celeryd = {
      description = "Mediagoblin service";
      wantedBy = [ "multi-user.target" ];
      after = [ "network.target" "mediagoblin-web.service" ];

      environment.MEDIAGOBLIN_CONFIG = "${mediagoblin.pythonRoot}/mediagoblin_local.ini";
      environment.CELERY_CONFIG_MODULE = "mediagoblin.init.celery.from_celery";

      script = ''
        exec ./bin/celery worker \
          --logfile=${mediagoblin.varDir}/celery.log \
          --loglevel=INFO
      '';

      serviceConfig = {
        User = "mediagoblin";
        PrivateTmp = true;
        Restart = "always";
        TimeoutSec = 15;
        Type = "simple";
        WorkingDirectory = mediagoblin.pythonRoot;
        PIDFile = "${mediagoblin.socketsDir}/mediagoblin-celeryd.pid";
      };

      unitConfig.RequiresMountsFor = mediagoblin.varDir;
    };

    # FIXME: background jobs and upload
    # FIXME: initial sync
    system.activationScripts.mediagoblin = {
      deps = [ "users" ];
      text = ''
      install -m 0755 -o mediagoblin -g mediagoblin -d ${mediagoblin.socketsDir}
      install -m 0755 -o mediagoblin -g mediagoblin -d ${mediagoblin.varDir}
      if [ -d ${mediagoblin.varDir}/plugin_static/ ]; then
        rm ${mediagoblin.varDir}/plugin_static/coreplugin_basic_auth
        ln -sf ${mediagoblin.pythonRoot}/mediagoblin/plugins/basic_auth/static ${mediagoblin.varDir}/plugin_static/coreplugin_basic_auth
      fi
      '';
    };

    services.myWebsites.tools.modules = [
      "proxy" "proxy_http" "proxy_balancer"
      # FIXME: probably only one balancer method is needed:
      "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat"
    ];
    users.users.wwwrun.extraGroups = [ "mediagoblin" ];
    security.acme.certs."eldiron".extraDomains."mgoblin.immae.eu" = null;
    services.myWebsites.tools.vhostConfs.mgoblin = {
      certName    = "eldiron";
      hosts       = ["mgoblin.immae.eu" ];
      root        = null;
      extraConfig = [ ''
        Alias /mgoblin_media ${mediagoblin.varDir}/media/public
        <Directory ${mediagoblin.varDir}/media/public>
          Options -Indexes +FollowSymLinks +MultiViews +Includes
          Require all granted
        </Directory>

        Alias /theme_static ${mediagoblin.varDir}/theme_static
        <Directory ${mediagoblin.varDir}/theme_static>
          Options -Indexes +FollowSymLinks +MultiViews +Includes
          Require all granted
        </Directory>

        Alias /plugin_static ${mediagoblin.varDir}/plugin_static
        <Directory ${mediagoblin.varDir}/plugin_static>
          Options -Indexes +FollowSymLinks +MultiViews +Includes
          Require all granted
        </Directory>

        ProxyPreserveHost on
        ProxyVia On
        ProxyRequests Off
        ProxyPass /mgoblin_media !
        ProxyPass /theme_static !
        ProxyPass /plugin_static !
        ProxyPassMatch ^/.well-known/acme-challenge !
        ProxyPass / balancer://paster_server/
        ProxyPassReverse / balancer://paster_server
        <Proxy balancer://paster_server>
          BalancerMember unix://${mediagoblin.socketsDir}/mediagoblin.sock|http://
        </Proxy>
      '' ];
    };
  };
}
Commit	Line	Data
56eba416 IB	1	{ lib, pkgs, config, mylibs, ... }:
	2	let
	3	mediagoblin = pkgs.callPackage ./mediagoblin.nix {
	4	inherit (mylibs) checkEnv fetchedGit fetchedGithub;
	5	};
	6
	7	cfg = config.services.myWebsites.tools.mediagoblin;
	8	in {
	9	options.services.myWebsites.tools.mediagoblin = {
	10	enable = lib.mkEnableOption "enable mediagoblin's website";
	11	};
	12
	13	config = lib.mkIf cfg.enable {
	14	# FIXME: Can we use dynamic users from systemd?
	15	# nixos/modules/misc/ids.nix
	16	ids.uids.mediagoblin = 397;
	17	ids.gids.mediagoblin = 397;
	18
	19	users.users.mediagoblin = {
	20	name = "mediagoblin";
	21	uid = config.ids.uids.mediagoblin;
	22	group = "mediagoblin";
	23	description = "Mediagoblin user";
	24	home = mediagoblin.varDir;
	25	useDefaultShell = true;
	26	};
	27
	28	users.groups.mediagoblin.gid = config.ids.gids.mediagoblin;
	29
	30	systemd.services.mediagoblin-web = {
	31	description = "Mediagoblin service";
	32	wantedBy = [ "multi-user.target" ];
	33	after = [ "network.target" ];
	34
	35	environment.SCRIPT_NAME = "/mediagoblin/";
	36
	37	script = ''
	38	exec ./bin/paster serve \
	39	${mediagoblin.pythonRoot}/paste_local.ini \
	40	--pid-file=${mediagoblin.socketsDir}/mediagoblin.pid
	41	'';
	42
	43	preStop = ''
	44	exec ./bin/paster serve \
	45	--pid-file=${mediagoblin.socketsDir}/mediagoblin.pid \
	46	${mediagoblin.pythonRoot}/paste_local.ini stop
	47	'';
	48	preStart = ''
	49	./bin/gmg dbupdate
	50	'';
	51
	52	serviceConfig = {
	53	User = "mediagoblin";
	54	PrivateTmp = true;
	55	Restart = "always";
	56	TimeoutSec = 15;
	57	Type = "simple";
	58	WorkingDirectory = mediagoblin.pythonRoot;
	59	PIDFile = "${mediagoblin.socketsDir}/mediagoblin.pid";
	60	};
	61
	62	unitConfig.RequiresMountsFor = mediagoblin.varDir;
	63	};
	64
65	systemd.services.mediagoblin-celeryd = {
66	description = "Mediagoblin service";
67	wantedBy = [ "multi-user.target" ];
68	after = [ "network.target" "mediagoblin-web.service" ];
69
70	environment.MEDIAGOBLIN_CONFIG = "${mediagoblin.pythonRoot}/mediagoblin_local.ini";
71	environment.CELERY_CONFIG_MODULE = "mediagoblin.init.celery.from_celery";
72
73	script = ''
74	exec ./bin/celery worker \
75	--logfile=${mediagoblin.varDir}/celery.log \
76	--loglevel=INFO
77	'';
78
79	serviceConfig = {
80	User = "mediagoblin";
81	PrivateTmp = true;
82	Restart = "always";
83	TimeoutSec = 15;
84	Type = "simple";
85	WorkingDirectory = mediagoblin.pythonRoot;
86	PIDFile = "${mediagoblin.socketsDir}/mediagoblin-celeryd.pid";
87	};
88
89	unitConfig.RequiresMountsFor = mediagoblin.varDir;
90	};
91
92	# FIXME: background jobs and upload
93	# FIXME: initial sync
94	system.activationScripts.mediagoblin = {
95	deps = [ "users" ];
96	text = ''
97	install -m 0755 -o mediagoblin -g mediagoblin -d ${mediagoblin.socketsDir}
98	install -m 0755 -o mediagoblin -g mediagoblin -d ${mediagoblin.varDir}
99	if [ -d ${mediagoblin.varDir}/plugin_static/ ]; then
100	rm ${mediagoblin.varDir}/plugin_static/coreplugin_basic_auth
101	ln -sf ${mediagoblin.pythonRoot}/mediagoblin/plugins/basic_auth/static ${mediagoblin.varDir}/plugin_static/coreplugin_basic_auth
102	fi
103	'';
104	};
105
106	services.myWebsites.tools.modules = [
107	"proxy" "proxy_http" "proxy_balancer"
108	# FIXME: probably only one balancer method is needed:
109	"lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat"
110	];
111	users.users.wwwrun.extraGroups = [ "mediagoblin" ];
112	security.acme.certs."eldiron".extraDomains."mgoblin.immae.eu" = null;
113	services.myWebsites.tools.vhostConfs.mgoblin = {
114	certName = "eldiron";
115	hosts = ["mgoblin.immae.eu" ];
116	root = null;
117	extraConfig = [ ''
118	Alias /mgoblin_media ${mediagoblin.varDir}/media/public
119	<Directory ${mediagoblin.varDir}/media/public>
120	Options -Indexes +FollowSymLinks +MultiViews +Includes
121	Require all granted
122	</Directory>
123
124	Alias /theme_static ${mediagoblin.varDir}/theme_static
125	<Directory ${mediagoblin.varDir}/theme_static>
126	Options -Indexes +FollowSymLinks +MultiViews +Includes
127	Require all granted
128	</Directory>
129
130	Alias /plugin_static ${mediagoblin.varDir}/plugin_static
131	<Directory ${mediagoblin.varDir}/plugin_static>
132	Options -Indexes +FollowSymLinks +MultiViews +Includes
133	Require all granted
134	</Directory>
135
136	ProxyPreserveHost on
137	ProxyVia On
138	ProxyRequests Off
139	ProxyPass /mgoblin_media !
140	ProxyPass /theme_static !
141	ProxyPass /plugin_static !
142	ProxyPassMatch ^/.well-known/acme-challenge !
143	ProxyPass / balancer://paster_server/
144	ProxyPassReverse / balancer://paster_server
145	<Proxy balancer://paster_server>
146	BalancerMember unix://${mediagoblin.socketsDir}/mediagoblin.sock\|http://
147	</Proxy>
148	'' ];
149	};
150	};
151	}