{ lib, pkgs, config, myconfig, mylibs, ... }:
let
env = myconfig.env.tools.mediagoblin;
cfg = config.services.myWebsites.tools.mediagoblin;
mcfg = config.services.mediagoblin;
in {
options.services.myWebsites.tools.mediagoblin = {
enable = lib.mkEnableOption "enable mediagoblin's website";
};
config = lib.mkIf cfg.enable {
secrets.keys = [{
dest = "webapps/tools-mediagoblin";
user = "mediagoblin";
group = "mediagoblin";
permissions = "0400";
text = ''
[DEFAULT]
data_basedir = "${mcfg.dataDir}"
[mediagoblin]
direct_remote_path = /mgoblin_static/
email_sender_address = "mediagoblin@tools.immae.eu"
#sql_engine = sqlite:///%(data_basedir)s/mediagoblin.db
sql_engine = ${env.psql_url}
email_debug_mode = false
allow_registration = false
allow_reporting = true
theme = airymodified
user_privilege_scheme = "uploader,commenter,reporter"
# We need to redefine them here since we override data_basedir
# cf /usr/share/webapps/mediagoblin/mediagoblin/config_spec.ini
workbench_path = %(data_basedir)s/media/workbench
crypto_path = %(data_basedir)s/crypto
theme_install_dir = %(data_basedir)s/themes/
theme_linked_assets_dir = %(data_basedir)s/theme_static/
plugin_linked_assets_dir = %(data_basedir)s/plugin_static/
[storage:queuestore]
base_dir = %(data_basedir)s/media/queue
[storage:publicstore]
base_dir = %(data_basedir)s/media/public
base_url = /mgoblin_media/
[celery]
CELERY_RESULT_DBURI = ${env.redis_url}
BROKER_URL = ${env.redis_url}
CELERYD_CONCURRENCY = 1
[plugins]
[[mediagoblin.plugins.geolocation]]
[[mediagoblin.plugins.ldap]]
[[[immae.eu]]]
LDAP_SERVER_URI = 'ldaps://ldap.immae.eu:636'
LDAP_SEARCH_BASE = 'dc=immae,dc=eu'
LDAP_BIND_DN = 'cn=mediagoblin,ou=services,dc=immae,dc=eu'
LDAP_BIND_PW = '${env.ldap.password}'
LDAP_SEARCH_FILTER = '(&(memberOf=cn=users,cn=mediagoblin,ou=services,dc=immae,dc=eu)(uid={username}))'
EMAIL_SEARCH_FIELD = 'mail'
[[mediagoblin.plugins.basicsearch]]
[[mediagoblin.plugins.piwigo]]
[[mediagoblin.plugins.processing_info]]
[[mediagoblin.media_types.image]]
[[mediagoblin.media_types.video]]
'';
}];
users.users.mediagoblin.extraGroups = [ "keys" ];
services.mediagoblin = {
enable = true;
plugins = builtins.attrValues pkgs.webapps.mediagoblin-plugins;
configFile = "/var/secrets/webapps/tools-mediagoblin";
};
services.myWebsites.tools.modules = [
"proxy" "proxy_http"
];
users.users.wwwrun.extraGroups = [ "mediagoblin" ];
security.acme.certs."eldiron".extraDomains."mgoblin.immae.eu" = null;
services.myWebsites.tools.vhostConfs.mgoblin = {
certName = "eldiron";
hosts = ["mgoblin.immae.eu" ];
root = null;
extraConfig = [ ''
Alias /mgoblin_media ${mcfg.dataDir}/media/public
Options -Indexes +FollowSymLinks +MultiViews +Includes
Require all granted
Alias /theme_static ${mcfg.dataDir}/theme_static
Options -Indexes +FollowSymLinks +MultiViews +Includes
Require all granted
Alias /plugin_static ${mcfg.dataDir}/plugin_static
Options -Indexes +FollowSymLinks +MultiViews +Includes
Require all granted
ProxyPreserveHost on
ProxyVia On
ProxyRequests Off
ProxyPass /mgoblin_media !
ProxyPass /theme_static !
ProxyPass /plugin_static !
ProxyPassMatch ^/.well-known/acme-challenge !
ProxyPass / unix://${mcfg.sockets.paster}|http://mgoblin.immae.eu/
ProxyPassReverse / unix://${mcfg.sockets.paster}|http://mgoblin.immae.eu/
'' ];
};
};
}