Add Denise websites

[perso/Immae/Config/Nix.git] / modules / private / websites / denise / oms.nix

diff --git a/modules/private/websites/denise/oms.nix b/modules/private/websites/denise/oms.nix
new file mode 100644 (file)
index 0000000..9650468
--- /dev/null
+++ b/modules/private/websites/denise/oms.nix
@@ -0,0 +1,49 @@
+{ lib, config, pkgs, ... }:
+let
+  cfg = config.myServices.websites.denise.oms;
+  varDir = "/var/lib/buildbot/outputs/denise_oms";
+  socket = "/run/denise_oms/socket.sock";
+in {
+  options.myServices.websites.denise.oms.enable = lib.mkEnableOption "enable Denise's OMS website";
+
+  config = lib.mkIf cfg.enable {
+    services.websites.env.production.vhostConfs.denise_oms = {
+      certName     = "denise";
+      addToCerts   = true;
+      hosts        = [ "oms.syanni.eu" ];
+      root         = null;
+      extraConfig  = [
+        ''
+        ProxyPreserveHost on
+        ProxyVia On
+        ProxyRequests Off
+        ProxyPassMatch ^/.well-known/acme-challenge !
+        ProxyPass / unix://${socket}|http://oms.syanni.eu/
+        ProxyPassReverse / unix://${socket}|http://oms.syanni.eu/
+          ''
+      ];
+    };
+
+    systemd.services.denise-oms = {
+      description = "Denise OMS website";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+
+      serviceConfig = {
+        Type = "simple";
+        WorkingDirectory = varDir;
+        ExecStart = let
+          python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib ]);
+        in
+          "${python}/bin/gunicorn -w4 -p /run/denise_oms/gunicorn.pid --bind unix:${socket} app:app";
+        User = "buildbot";
+        Restart = "always";
+        RestartSec = "5s";
+        PIDFile = "/run/denise_oms/gunicorn.pid";
+        RuntimeDirectory = "denise_oms";
+        StandardOutput = "journal";
+        StandardError = "inherit";
+      };
+    };
+  };
+}