modules/private/websites/denise/oms.nix

   1 { lib, config, pkgs, ... }:
   2 let
   3   cfg = config.myServices.websites.denise.oms;
   4   varDir = "/var/lib/buildbot/outputs/denise/oms";
   5   socket = "/run/denise_oms/socket.sock";
   6 in {
   7   options.myServices.websites.denise.oms.enable = lib.mkEnableOption "enable Denise's OMS website";
   8
   9   config = lib.mkIf cfg.enable {
  10     services.websites.env.production.vhostConfs.denise_oms = {
  11       certName     = "denise";
  12       addToCerts   = true;
  13       hosts        = [ "oms.syanni.eu" ];
  14       root         = null;
  15       extraConfig  = [
  16         ''
  17         ProxyPreserveHost on
  18         ProxyVia On
  19         ProxyRequests Off
  20         ProxyPassMatch ^/.well-known/acme-challenge !
  21         ProxyPass / unix://${socket}|http://oms.syanni.eu/
  22         ProxyPassReverse / unix://${socket}|http://oms.syanni.eu/
  23           ''
  24       ];
  25     };
  26
  27     systemd.services.denise-oms = {
  28       description = "Denise OMS website";
  29       after = [ "network.target" ];
  30       wantedBy = [ "multi-user.target" ];
  31
  32       serviceConfig = {
  33         Type = "simple";
  34         WorkingDirectory = varDir;
  35         ExecStart = let
  36           python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]);
  37         in
  38           "${python}/bin/gunicorn -w4 -p /run/denise_oms/gunicorn.pid --bind unix:${socket} app:app";
  39         User = "buildbot";
  40         Restart = "always";
  41         RestartSec = "5s";
  42         PIDFile = "/run/denise_oms/gunicorn.pid";
  43         RuntimeDirectory = "denise_oms";
  44         StandardOutput = "journal";
  45         StandardError = "inherit";
  46       };
  47     };
  48   };
  49 }