Site de Bingo de Denise

[perso/Immae/Config/Nix.git] / modules / private / websites / denise / bingo.nix
diff --git a/modules/private/websites/denise/bingo.nix b/modules/private/websites/denise/bingo.nix

new file mode 100644 (file)

index 0000000..9130462
--- /dev/null
+++ b/modules/private/websites/denise/bingo.nix
@@ -0,0 +1,100 @@
+{ lib, config, pkgs, ... }:
+let
+  cfg = config.myServices.websites.denise.bingo;
+  varDir = "/var/lib/buildbot/outputs/denise/bingo";
+  varDirBeta = "/var/lib/buildbot/outputs/denise/bingo_beta";
+  socket = "/run/denise_bingo/socket.sock";
+  socket_beta = "/run/denise_bingo_beta/socket.sock";
+in {
+  options.myServices.websites.denise.bingo.enable = lib.mkEnableOption "enable Denise's bingo website";
+
+  config = lib.mkIf cfg.enable {
+    services.websites.env.production.vhostConfs.denise_bingo = {
+      certName     = "denise";
+      addToCerts   = true;
+      hosts        = [ "bingo.syanni.eu" ];
+      root         = null;
+      extraConfig  = [
+        ''
+        ProxyPreserveHost on
+        ProxyVia On
+        ProxyRequests Off
+        ProxyPassMatch ^/.well-known/acme-challenge !
+        ProxyPass / unix://${socket}|http://bingo.syanni.eu/
+        ProxyPassReverse / unix://${socket}|http://bingo.syanni.eu/
+          ''
+      ];
+    };
+
+    systemd.services.denise-bingo = {
+      description = "Denise bingo website";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+
+      serviceConfig = {
+        Type = "simple";
+        WorkingDirectory = varDir;
+        ExecStart = let
+          python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]);
+        in
+          "${python}/bin/gunicorn -w4 -p /run/denise_bingo/gunicorn.pid --bind unix:${socket} app:app";
+        User = "wwwrun";
+        Restart = "always";
+        RestartSec = "5s";
+        PIDFile = "/run/denise_bingo/gunicorn.pid";
+        RuntimeDirectory = "denise_bingo";
+        StandardOutput = "journal";
+        StandardError = "inherit";
+      };
+    };
+
+    security.sudo.extraRules = [
+      {
+        commands = [
+          { options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-bingo-beta.service"; }
+          { options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-bingo.service"; }
+        ];
+        users = ["buildbot"];
+        runAs = "root";
+      }
+    ];
+    services.websites.env.integration.vhostConfs.denise_bingo_beta = {
+      certName     = "denise";
+      addToCerts   = true;
+      hosts        = [ "beta.bingo.syanni.eu" ];
+      root         = null;
+      extraConfig  = [
+        ''
+        ProxyPreserveHost on
+        ProxyVia On
+        ProxyRequests Off
+        ProxyPassMatch ^/.well-known/acme-challenge !
+        ProxyPass / unix://${socket_beta}|http://beta.bingo.syanni.eu/
+        ProxyPassReverse / unix://${socket_beta}|http://beta.bingo.syanni.eu/
+          ''
+      ];
+    };
+
+    systemd.services.denise-bingo-beta = {
+      description = "Denise bingo beta website";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+
+      serviceConfig = {
+        Type = "simple";
+        WorkingDirectory = varDirBeta;
+        ExecStart = let
+          python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask ]);
+        in
+          "${python}/bin/gunicorn -w4 -p /run/denise_bingo_beta/gunicorn.pid --bind unix:${socket_beta} app:app";
+        User = "wwwrun";
+        Restart = "always";
+        RestartSec = "5s";
+        PIDFile = "/run/denise_bingo_beta/gunicorn.pid";
+        RuntimeDirectory = "denise_bingo_beta";
+        StandardOutput = "journal";
+        StandardError = "inherit";
+      };
+    };
+  };
+}