X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Fdenise%2Foms.nix;h=2f18037fc946f49435c2a5f980a9dc95bb17911a;hp=18773ae8cedfb36878bc05914a9f752182089eb1;hb=ecd9a3060bdcc4309e4fad6c046b72b880618774;hpb=c20a589de267dded1c096e1c1339b5efe5156f1f

diff --git a/modules/private/websites/denise/oms.nix b/modules/private/websites/denise/oms.nix
index 18773ae..2f18037 100644
--- a/modules/private/websites/denise/oms.nix
+++ b/modules/private/websites/denise/oms.nix
@@ -38,7 +38,7 @@ in {
           python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]);
         in
           "${python}/bin/gunicorn -w4 -p /run/denise_oms/gunicorn.pid --bind unix:${socket} app:app";
-        User = "buildbot";
+        User = "wwwrun";
         Restart = "always";
         RestartSec = "5s";
         PIDFile = "/run/denise_oms/gunicorn.pid";
@@ -48,6 +48,16 @@ in {
       };
     };
 
+    security.sudo.extraRules = [
+      {
+        commands = [
+          { options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-oms-beta.service"; }
+          { options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-oms.service"; }
+        ];
+        users = ["buildbot"];
+        runAs = "root";
+      }
+    ];
     services.websites.env.integration.vhostConfs.denise_oms_beta = {
       certName     = "denise";
       addToCerts   = true;
@@ -77,7 +87,7 @@ in {
           python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]);
         in
           "${python}/bin/gunicorn -w4 -p /run/denise_oms_beta/gunicorn.pid --bind unix:${socket_beta} app:app";
-        User = "buildbot";
+        User = "wwwrun";
         Restart = "always";
         RestartSec = "5s";
         PIDFile = "/run/denise_oms_beta/gunicorn.pid";