Make wwwrun run the python application

[perso/Immae/Config/Nix.git] / modules / private / websites / denise / oms.nix

diff --git a/modules/private/websites/denise/oms.nix b/modules/private/websites/denise/oms.nix
index 18773ae8cedfb36878bc05914a9f752182089eb1..2f18037fc946f49435c2a5f980a9dc95bb17911a 100644 (file)
--- a/modules/private/websites/denise/oms.nix
+++ b/modules/private/websites/denise/oms.nix
@@ -38,7 +38,7 @@ in {
           python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]);
         in
           "${python}/bin/gunicorn -w4 -p /run/denise_oms/gunicorn.pid --bind unix:${socket} app:app";
-        User = "buildbot";
+        User = "wwwrun";
         Restart = "always";
         RestartSec = "5s";
         PIDFile = "/run/denise_oms/gunicorn.pid";
@@ -48,6 +48,16 @@ in {
       };
     };
 
+    security.sudo.extraRules = [
+      {
+        commands = [
+          { options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-oms-beta.service"; }
+          { options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-oms.service"; }
+        ];
+        users = ["buildbot"];
+        runAs = "root";
+      }
+    ];
     services.websites.env.integration.vhostConfs.denise_oms_beta = {
       certName     = "denise";
       addToCerts   = true;
@@ -77,7 +87,7 @@ in {
           python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]);
         in
           "${python}/bin/gunicorn -w4 -p /run/denise_oms_beta/gunicorn.pid --bind unix:${socket_beta} app:app";
-        User = "buildbot";
+        User = "wwwrun";
         Restart = "always";
         RestartSec = "5s";
         PIDFile = "/run/denise_oms_beta/gunicorn.pid";