]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - nixops/modules/websites/tools/mediagoblin/mediagoblin.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Move etherpad and mediagoblin keys to secure location
[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / mediagoblin / mediagoblin.nix
1 { env, makeWrapper, stdenv, writeText, fetchurl, buildBowerComponents, fetchedGit, fetchedGithub, which, python36, pkgs, automake, autoconf, nodejs, nodePackages, git, cacert }:
2 let
3 plugins = {
4 basicsearch = stdenv.mkDerivation (fetchedGithub ./mediagoblin-plugin-basicsearch.json // rec {
5 phases = "unpackPhase installPhase";
6 installPhase = ''
7 cp -R . $out
8 '';
9 });
10 };
11 overridePython = let
12 packageOverrides = self: super: {
13 celery = super.celery.overridePythonAttrs(old: rec {
14 version = "3.1.26.post2";
15 src = self.fetchPypi {
16 inherit version;
17 inherit (old) pname;
18 sha256 = "5493e172ae817b81ba7d09443ada114886765a8ce02f16a56e6fac68d953a9b2";
19 };
20 patches = [];
21 doCheck = false;
22 });
23 billiard = super.billiard.overridePythonAttrs(old: rec {
24 version = "3.3.0.23";
25 src = self.fetchPypi {
26 inherit version;
27 inherit (old) pname;
28 sha256 = "02wxsc6bhqvzh8j6w758kvgqbnj14l796mvmrcms8fgfamd2lak9";
29 };
30 });
31 amqp = super.amqp.overridePythonAttrs(old: rec {
32 version = "1.4.9";
33 src = self.fetchPypi {
34 inherit version;
35 inherit (old) pname;
36 sha256 = "2dea4d16d073c902c3b89d9b96620fb6729ac0f7a923bbc777cb4ad827c0c61a";
37 };
38 });
39 kombu = super.kombu.overridePythonAttrs(old: rec {
40 version = "3.0.37";
41 src = self.fetchPypi {
42 inherit version;
43 inherit (old) pname;
44 sha256 = "e064a00c66b4d1058cd2b0523fb8d98c82c18450244177b6c0f7913016642650";
45 };
46 propagatedBuildInputs = old.propagatedBuildInputs ++ [ self.anyjson ];
47 doCheck = false;
48 });
49 sqlalchemy = super.sqlalchemy.overridePythonAttrs(old: rec {
50 version = "1.1.18";
51 src = self.fetchPypi {
52 inherit version;
53 inherit (old) pname;
54 sha256 = "8b0ec71af9291191ba83a91c03d157b19ab3e7119e27da97932a4773a3f664a9";
55 };
56 });
57 tempita_5_3_dev = super.buildPythonPackage (fetchedGithub ./tempita.json // rec {
58 buildInputs = with self; [ nose ];
59 disabled = false;
60 });
61 sqlalchemy_migrate = super.sqlalchemy_migrate.overridePythonAttrs(old: rec {
62 propagatedBuildInputs = with self; [ pbr tempita_5_3_dev decorator sqlalchemy six sqlparse ];
63 });
64 pasteScript = super.pasteScript.overridePythonAttrs(old: rec {
65 version = "2.0.2";
66 name = "PasteScript-${version}";
67 src = fetchurl {
68 url = "mirror://pypi/P/PasteScript/${name}.tar.gz";
69 sha256 = "1h3nnhn45kf4pbcv669ik4faw04j58k8vbj1hwrc532k0nc28gy0";
70 };
71 propagatedBuildInputs = with self; [ six paste PasteDeploy ];
72 });
73 };
74 in
75 python36.override { inherit packageOverrides; };
76 pythonEnv = python-pkgs: with python-pkgs; [
77 waitress alembic dateutil wtforms pybcrypt
78 pytest pytest_xdist werkzeug celery
79 kombu jinja2 Babel webtest configobj markdown
80 sqlalchemy itsdangerous pytz sphinx six
81 oauthlib unidecode jsonschema PasteDeploy
82 requests PyLD exifread
83 typing pasteScript lxml
84 # For images plugin
85 pillow
86 # For video plugin
87 gst-python
88 # migrations
89 sqlalchemy_migrate
90 # authentication
91 ldap3
92 redis
93 psycopg2
94 ];
95 python = overridePython.withPackages pythonEnv;
96 gmg = writeText "gmg" ''
97 #!${python}/bin/python
98 __requires__ = 'mediagoblin'
99 import sys
100 from pkg_resources import load_entry_point
101
102 if __name__ == '__main__':
103 sys.exit(
104 load_entry_point('mediagoblin', 'console_scripts', 'gmg')()
105 )
106 '';
107 in
108 rec {
109 socketsDir = "/run/mediagoblin";
110 varDir = "/var/lib/mediagoblin";
111 bowerComponents = buildBowerComponents {
112 name = "mediagoblin-bower-components";
113 generated = ./bower-packages.nix;
114 src = (fetchedGit ./mediagoblin.json).src;
115 };
116 mediagoblin = stdenv.mkDerivation (fetchedGit ./mediagoblin.json // rec {
117 preConfigure = ''
118 # ./bootstrap.sh
119 aclocal -I m4 --install
120 autoreconf -fvi
121 # end
122 export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
123 export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
124 export HOME=$PWD
125 '';
126 configureFlags = [ "--with-python3" "--without-virtualenv" ];
127 postBuild = ''
128 cp -a ${bowerComponents}/bower_components/* extlib
129 chmod -R u+w extlib
130 make extlib
131 '';
132 installPhase = ''
133 sed -i "s/registry.has_key(current_theme_name)/current_theme_name in registry/" mediagoblin/tools/theme.py
134 sed -i -e "s@\[DEFAULT\]@[DEFAULT]\nhere = $out@" mediagoblin/config_spec.ini
135 cp ${./ldap_fix.py} mediagoblin/plugins/ldap/tools.py
136 ln -s ${plugins.basicsearch}/basicsearch mediagoblin/plugins/basicsearch
137 find . -name '*.pyc' -delete
138 find . -type f -exec sed -i "s|$PWD|$out|g" {} \;
139 python setup.py build
140 cp -a . $out
141 mkdir $out/bin
142 cp ${gmg} $out/bin/gmg
143 chmod a+x $out/bin/gmg
144 '';
145 buildInputs = [ makeWrapper git cacert automake autoconf which nodePackages.bower nodejs python ];
146 propagatedBuildInputs = [ python ];
147 });
148 paste_local = writeText "paste_local.ini" ''
149 [DEFAULT]
150 debug = false
151
152 [pipeline:main]
153 pipeline = mediagoblin
154
155 [app:mediagoblin]
156 use = egg:mediagoblin#app
157 config = %(here)s/mediagoblin_local.ini %(here)s/mediagoblin.ini
158 /mgoblin_static = %(here)s/mediagoblin/static
159
160 [loggers]
161 keys = root
162
163 [handlers]
164 keys = console
165
166 [formatters]
167 keys = generic
168
169 [logger_root]
170 level = INFO
171 handlers = console
172
173 [handler_console]
174 class = StreamHandler
175 args = (sys.stderr,)
176 level = NOTSET
177 formatter = generic
178
179 [formatter_generic]
180 format = %(levelname)-7.7s [%(name)s] %(message)s
181
182 [filter:errors]
183 use = egg:mediagoblin#errors
184 debug = false
185
186 [server:main]
187 use = egg:waitress#main
188 unix_socket = ${socketsDir}/mediagoblin.sock
189 unix_socket_perms = 777
190 url_scheme = https
191 '';
192
193 keys.tools-mediagoblin = {
194 destDir = "/run/keys/webapps";
195 user = "mediagoblin";
196 group = "mediagoblin";
197 permissions = "0400";
198 text = ''
199 [DEFAULT]
200 data_basedir = "${varDir}"
201
202 [mediagoblin]
203 direct_remote_path = /mgoblin_static/
204 email_sender_address = "mediagoblin@tools.immae.eu"
205
206 #sql_engine = sqlite:///%(data_basedir)s/mediagoblin.db
207 sql_engine = ${env.psql_url}
208
209 email_debug_mode = false
210 allow_registration = false
211 allow_reporting = true
212
213 theme = airymodified
214
215 user_privilege_scheme = "uploader,commenter,reporter"
216
217 # We need to redefine them here since we override data_basedir
218 # cf /usr/share/webapps/mediagoblin/mediagoblin/config_spec.ini
219 workbench_path = %(data_basedir)s/media/workbench
220 crypto_path = %(data_basedir)s/crypto
221 theme_install_dir = %(data_basedir)s/themes/
222 theme_linked_assets_dir = %(data_basedir)s/theme_static/
223 plugin_linked_assets_dir = %(data_basedir)s/plugin_static/
224
225 [storage:queuestore]
226 base_dir = %(data_basedir)s/media/queue
227
228 [storage:publicstore]
229 base_dir = %(data_basedir)s/media/public
230 base_url = /mgoblin_media/
231
232 [celery]
233 CELERY_RESULT_DBURI = ${env.redis_url}
234 BROKER_URL = ${env.redis_url}
235 CELERYD_CONCURRENCY = 1
236
237 [plugins]
238 [[mediagoblin.plugins.geolocation]]
239 [[mediagoblin.plugins.ldap]]
240 [[[immae.eu]]]
241 LDAP_SERVER_URI = 'ldaps://ldap.immae.eu:636'
242 LDAP_SEARCH_BASE = 'dc=immae,dc=eu'
243 LDAP_BIND_DN = 'cn=mediagoblin,ou=services,dc=immae,dc=eu'
244 LDAP_BIND_PW = '${env.ldap.password}'
245 LDAP_SEARCH_FILTER = '(&(memberOf=cn=users,cn=mediagoblin,ou=services,dc=immae,dc=eu)(uid={username}))'
246 EMAIL_SEARCH_FIELD = 'mail'
247 [[mediagoblin.plugins.basicsearch]]
248 [[mediagoblin.plugins.piwigo]]
249 [[mediagoblin.plugins.processing_info]]
250 [[mediagoblin.media_types.image]]
251 [[mediagoblin.media_types.video]]
252 '';
253 };
254 pythonRoot =
255 with pkgs.gst_all_1;
256 stdenv.mkDerivation {
257 name = "mediagoblin_immae";
258 inherit mediagoblin;
259 buildInputs= [ makeWrapper ];
260 propagatedBuildInputs = [ gst-libav gst-plugins-good gst-plugins-bad gst-plugins-ugly gstreamer ];
261 builder = let
262 libpaths = [
263 python
264 gstreamer
265 gst-plugins-base
266 gst-libav
267 gst-plugins-good
268 gst-plugins-bad
269 gst-plugins-ugly
270 ];
271 plugin_paths = builtins.concatStringsSep ":" (map (x: "${x}/lib") libpaths);
272 typelib_paths = "${gstreamer}/lib/girepository-1.0:${gst-plugins-base}/lib/girepository-1.0";
273 in writeText "build_mediagoblin_immae" ''
274 source $stdenv/setup
275 cp -a $mediagoblin $out
276 cd $out
277 chmod -R u+rwX .
278 sed -i -e "/from gi.repository import GstPbutils/s/^/gi.require_version('GstPbutils', '1.0')\n/" mediagoblin/media_types/video/transcoders.py
279 wrapProgram bin/gmg --prefix PYTHONPATH : "$out:$PYTHONPATH" \
280 --prefix GST_PLUGIN_SYSTEM_PATH : ${plugin_paths} \
281 --prefix GI_TYPELIB_PATH : ${typelib_paths}
282 makeWrapper ${python}/bin/paster bin/paster --prefix PYTHONPATH : "$out:$PYTHONPATH" \
283 --prefix GST_PLUGIN_SYSTEM_PATH : ${plugin_paths} \
284 --prefix GI_TYPELIB_PATH : ${typelib_paths}
285 makeWrapper ${python}/bin/celery bin/celery --prefix PYTHONPATH : "$out:$PYTHONPATH" \
286 --prefix GST_PLUGIN_SYSTEM_PATH : ${plugin_paths} \
287 --prefix GI_TYPELIB_PATH : ${typelib_paths}
288 find . -type f -exec sed -i "s|$mediagoblin|$out|g" {} \;
289 ln -s ${paste_local} ./paste_local.ini
290 ln -s /run/keys/webapps/tools-mediagoblin ./mediagoblin_local.ini
291 ln -sf ${varDir} ./user_dev
292 '';
293 };
294 }
My infrastructure configuration