{ lib, pkgs, config, myconfig, mylibs, ... }:
let
mediagoblin = pkgs.callPackage ./mediagoblin.nix {
inherit (mylibs) fetchedGit fetchedGithub;
env = myconfig.env.tools.mediagoblin;
};
cfg = config.services.myWebsites.tools.mediagoblin;
in {
options.services.myWebsites.tools.mediagoblin = {
enable = lib.mkEnableOption "enable mediagoblin's website";
};
config = lib.mkIf cfg.enable {
ids.uids.mediagoblin = myconfig.env.tools.mediagoblin.user.uid;
ids.gids.mediagoblin = myconfig.env.tools.mediagoblin.user.gid;
users.users.mediagoblin = {
name = "mediagoblin";
uid = config.ids.uids.mediagoblin;
group = "mediagoblin";
description = "Mediagoblin user";
home = mediagoblin.varDir;
useDefaultShell = true;
};
users.groups.mediagoblin.gid = config.ids.gids.mediagoblin;
systemd.services.mediagoblin-web = {
description = "Mediagoblin service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
environment.SCRIPT_NAME = "/mediagoblin/";
script = ''
exec ./bin/paster serve \
${mediagoblin.pythonRoot}/paste_local.ini \
--pid-file=${mediagoblin.socketsDir}/mediagoblin.pid
'';
preStop = ''
exec ./bin/paster serve \
--pid-file=${mediagoblin.socketsDir}/mediagoblin.pid \
${mediagoblin.pythonRoot}/paste_local.ini stop
'';
preStart = ''
./bin/gmg dbupdate
'';
serviceConfig = {
User = "mediagoblin";
PrivateTmp = true;
Restart = "always";
TimeoutSec = 15;
Type = "simple";
WorkingDirectory = mediagoblin.pythonRoot;
PIDFile = "${mediagoblin.socketsDir}/mediagoblin.pid";
};
unitConfig.RequiresMountsFor = mediagoblin.varDir;
};
systemd.services.mediagoblin-celeryd = {
description = "Mediagoblin service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "mediagoblin-web.service" ];
environment.MEDIAGOBLIN_CONFIG = "${mediagoblin.pythonRoot}/mediagoblin_local.ini";
environment.CELERY_CONFIG_MODULE = "mediagoblin.init.celery.from_celery";
script = ''
exec ./bin/celery worker \
--logfile=${mediagoblin.varDir}/celery.log \
--loglevel=INFO
'';
serviceConfig = {
User = "mediagoblin";
PrivateTmp = true;
Restart = "always";
TimeoutSec = 60;
Type = "simple";
WorkingDirectory = mediagoblin.pythonRoot;
PIDFile = "${mediagoblin.socketsDir}/mediagoblin-celeryd.pid";
};
unitConfig.RequiresMountsFor = mediagoblin.varDir;
};
system.activationScripts.mediagoblin = {
deps = [ "users" ];
text = ''
install -m 0755 -o mediagoblin -g mediagoblin -d ${mediagoblin.socketsDir}
install -m 0755 -o mediagoblin -g mediagoblin -d ${mediagoblin.varDir}
if [ -d ${mediagoblin.varDir}/plugin_static/ ]; then
rm ${mediagoblin.varDir}/plugin_static/coreplugin_basic_auth
ln -sf ${mediagoblin.pythonRoot}/mediagoblin/plugins/basic_auth/static ${mediagoblin.varDir}/plugin_static/coreplugin_basic_auth
fi
'';
};
services.myWebsites.tools.modules = [
"proxy" "proxy_http" "proxy_balancer"
"lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat"
];
users.users.wwwrun.extraGroups = [ "mediagoblin" ];
security.acme.certs."eldiron".extraDomains."mgoblin.immae.eu" = null;
services.myWebsites.tools.vhostConfs.mgoblin = {
certName = "eldiron";
hosts = ["mgoblin.immae.eu" ];
root = null;
extraConfig = [ ''
Alias /mgoblin_media ${mediagoblin.varDir}/media/public
Options -Indexes +FollowSymLinks +MultiViews +Includes
Require all granted
Alias /theme_static ${mediagoblin.varDir}/theme_static
Options -Indexes +FollowSymLinks +MultiViews +Includes
Require all granted
Alias /plugin_static ${mediagoblin.varDir}/plugin_static
Options -Indexes +FollowSymLinks +MultiViews +Includes
Require all granted
ProxyPreserveHost on
ProxyVia On
ProxyRequests Off
ProxyPass /mgoblin_media !
ProxyPass /theme_static !
ProxyPass /plugin_static !
ProxyPassMatch ^/.well-known/acme-challenge !
ProxyPass / balancer://paster_server/
ProxyPassReverse / balancer://paster_server
BalancerMember unix://${mediagoblin.socketsDir}/mediagoblin.sock|http://
'' ];
};
};
}