X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Ftools%2Fmediagoblin%2Fdefault.nix;h=a02af3840cc65aefc7774d0af2b72f1ed18613a6;hp=36329d9fd91653613ef701fbe908efc09a8d4a2d;hb=ddd3f845089062716d7fc64e5a5e4e413363df91;hpb=7da817e32f5e285f5fe09726f6031d8c6d4c74ea diff --git a/nixops/modules/websites/tools/mediagoblin/default.nix b/nixops/modules/websites/tools/mediagoblin/default.nix index 36329d9..a02af38 100644 --- a/nixops/modules/websites/tools/mediagoblin/default.nix +++ b/nixops/modules/websites/tools/mediagoblin/default.nix @@ -1,18 +1,123 @@ { lib, pkgs, config, myconfig, mylibs, ... }: let - mediagoblin = pkgs.callPackage ./mediagoblin.nix { - inherit (mylibs) fetchedGit fetchedGithub; - env = myconfig.env.tools.mediagoblin; - }; - + env = myconfig.env.tools.mediagoblin; + socketsDir = "/run/mediagoblin"; + varDir = "/var/lib/mediagoblin"; cfg = config.services.myWebsites.tools.mediagoblin; + mediagoblin_init = "/var/secrets/webapps/tools-mediagoblin"; + paste_local = pkgs.writeText "paste_local.ini" '' + [DEFAULT] + debug = false + + [pipeline:main] + pipeline = mediagoblin + + [app:mediagoblin] + use = egg:mediagoblin#app + config = ${mediagoblin_init} ${pythonRoot}/mediagoblin.ini + /mgoblin_static = ${pythonRoot}/mediagoblin/static + + [loggers] + keys = root + + [handlers] + keys = console + + [formatters] + keys = generic + + [logger_root] + level = INFO + handlers = console + + [handler_console] + class = StreamHandler + args = (sys.stderr,) + level = NOTSET + formatter = generic + + [formatter_generic] + format = %(levelname)-7.7s [%(name)s] %(message)s + + [filter:errors] + use = egg:mediagoblin#errors + debug = false + + [server:main] + use = egg:waitress#main + unix_socket = ${socketsDir}/mediagoblin.sock + unix_socket_perms = 777 + url_scheme = https + ''; + pythonRoot = pkgs.webapps.mediagoblin-with-plugins; in { options.services.myWebsites.tools.mediagoblin = { enable = lib.mkEnableOption "enable mediagoblin's website"; }; config = lib.mkIf cfg.enable { - mySecrets.keys = mediagoblin.keys; + mySecrets.keys = [{ + dest = "webapps/tools-mediagoblin"; + user = "mediagoblin"; + group = "mediagoblin"; + permissions = "0400"; + text = '' + [DEFAULT] + data_basedir = "${varDir}" + + [mediagoblin] + direct_remote_path = /mgoblin_static/ + email_sender_address = "mediagoblin@tools.immae.eu" + + #sql_engine = sqlite:///%(data_basedir)s/mediagoblin.db + sql_engine = ${env.psql_url} + + email_debug_mode = false + allow_registration = false + allow_reporting = true + + theme = airymodified + + user_privilege_scheme = "uploader,commenter,reporter" + + # We need to redefine them here since we override data_basedir + # cf /usr/share/webapps/mediagoblin/mediagoblin/config_spec.ini + workbench_path = %(data_basedir)s/media/workbench + crypto_path = %(data_basedir)s/crypto + theme_install_dir = %(data_basedir)s/themes/ + theme_linked_assets_dir = %(data_basedir)s/theme_static/ + plugin_linked_assets_dir = %(data_basedir)s/plugin_static/ + + [storage:queuestore] + base_dir = %(data_basedir)s/media/queue + + [storage:publicstore] + base_dir = %(data_basedir)s/media/public + base_url = /mgoblin_media/ + + [celery] + CELERY_RESULT_DBURI = ${env.redis_url} + BROKER_URL = ${env.redis_url} + CELERYD_CONCURRENCY = 1 + + [plugins] + [[mediagoblin.plugins.geolocation]] + [[mediagoblin.plugins.ldap]] + [[[immae.eu]]] + LDAP_SERVER_URI = 'ldaps://ldap.immae.eu:636' + LDAP_SEARCH_BASE = 'dc=immae,dc=eu' + LDAP_BIND_DN = 'cn=mediagoblin,ou=services,dc=immae,dc=eu' + LDAP_BIND_PW = '${env.ldap.password}' + LDAP_SEARCH_FILTER = '(&(memberOf=cn=users,cn=mediagoblin,ou=services,dc=immae,dc=eu)(uid={username}))' + EMAIL_SEARCH_FIELD = 'mail' + [[mediagoblin.plugins.basicsearch]] + [[mediagoblin.plugins.piwigo]] + [[mediagoblin.plugins.processing_info]] + [[mediagoblin.media_types.image]] + [[mediagoblin.media_types.video]] + ''; + }]; + ids.uids.mediagoblin = myconfig.env.tools.mediagoblin.user.uid; ids.gids.mediagoblin = myconfig.env.tools.mediagoblin.user.gid; @@ -21,7 +126,7 @@ in { uid = config.ids.uids.mediagoblin; group = "mediagoblin"; description = "Mediagoblin user"; - home = mediagoblin.varDir; + home = varDir; useDefaultShell = true; extraGroups = [ "keys" ]; }; @@ -38,17 +143,17 @@ in { script = '' exec ./bin/paster serve \ - ${mediagoblin.pythonRoot}/paste_local.ini \ - --pid-file=${mediagoblin.socketsDir}/mediagoblin.pid + ${paste_local} \ + --pid-file=${socketsDir}/mediagoblin.pid ''; preStop = '' exec ./bin/paster serve \ - --pid-file=${mediagoblin.socketsDir}/mediagoblin.pid \ - ${mediagoblin.pythonRoot}/paste_local.ini stop + --pid-file=${socketsDir}/mediagoblin.pid \ + ${paste_local} stop ''; preStart = '' - ./bin/gmg dbupdate + ./bin/gmg -cf ${mediagoblin_init} dbupdate ''; serviceConfig = { @@ -57,11 +162,11 @@ in { Restart = "always"; TimeoutSec = 15; Type = "simple"; - WorkingDirectory = mediagoblin.pythonRoot; - PIDFile = "${mediagoblin.socketsDir}/mediagoblin.pid"; + WorkingDirectory = pythonRoot; + PIDFile = "${socketsDir}/mediagoblin.pid"; }; - unitConfig.RequiresMountsFor = mediagoblin.varDir; + unitConfig.RequiresMountsFor = varDir; }; systemd.services.mediagoblin-celeryd = { @@ -69,12 +174,12 @@ in { wantedBy = [ "multi-user.target" ]; after = [ "network.target" "mediagoblin-web.service" ]; - environment.MEDIAGOBLIN_CONFIG = "${mediagoblin.pythonRoot}/mediagoblin_local.ini"; + environment.MEDIAGOBLIN_CONFIG = "${pythonRoot}/mediagoblin_local.ini"; environment.CELERY_CONFIG_MODULE = "mediagoblin.init.celery.from_celery"; script = '' exec ./bin/celery worker \ - --logfile=${mediagoblin.varDir}/celery.log \ + --logfile=${varDir}/celery.log \ --loglevel=INFO ''; @@ -84,21 +189,21 @@ in { Restart = "always"; TimeoutSec = 60; Type = "simple"; - WorkingDirectory = mediagoblin.pythonRoot; - PIDFile = "${mediagoblin.socketsDir}/mediagoblin-celeryd.pid"; + WorkingDirectory = pythonRoot; + PIDFile = "${socketsDir}/mediagoblin-celeryd.pid"; }; - unitConfig.RequiresMountsFor = mediagoblin.varDir; + unitConfig.RequiresMountsFor = varDir; }; system.activationScripts.mediagoblin = { deps = [ "users" ]; text = '' - install -m 0755 -o mediagoblin -g mediagoblin -d ${mediagoblin.socketsDir} - install -m 0755 -o mediagoblin -g mediagoblin -d ${mediagoblin.varDir} - if [ -d ${mediagoblin.varDir}/plugin_static/ ]; then - rm ${mediagoblin.varDir}/plugin_static/coreplugin_basic_auth - ln -sf ${mediagoblin.pythonRoot}/mediagoblin/plugins/basic_auth/static ${mediagoblin.varDir}/plugin_static/coreplugin_basic_auth + install -m 0755 -o mediagoblin -g mediagoblin -d ${socketsDir} + install -m 0755 -o mediagoblin -g mediagoblin -d ${varDir} + if [ -d ${varDir}/plugin_static/ ]; then + rm ${varDir}/plugin_static/coreplugin_basic_auth + ln -sf ${pythonRoot}/mediagoblin/plugins/basic_auth/static ${varDir}/plugin_static/coreplugin_basic_auth fi ''; }; @@ -113,20 +218,20 @@ in { hosts = ["mgoblin.immae.eu" ]; root = null; extraConfig = [ '' - Alias /mgoblin_media ${mediagoblin.varDir}/media/public - + Alias /mgoblin_media ${varDir}/media/public + Options -Indexes +FollowSymLinks +MultiViews +Includes Require all granted - Alias /theme_static ${mediagoblin.varDir}/theme_static - + Alias /theme_static ${varDir}/theme_static + Options -Indexes +FollowSymLinks +MultiViews +Includes Require all granted - Alias /plugin_static ${mediagoblin.varDir}/plugin_static - + Alias /plugin_static ${varDir}/plugin_static + Options -Indexes +FollowSymLinks +MultiViews +Includes Require all granted @@ -138,8 +243,8 @@ in { ProxyPass /theme_static ! ProxyPass /plugin_static ! ProxyPassMatch ^/.well-known/acme-challenge ! - ProxyPass / unix://${mediagoblin.socketsDir}/mediagoblin.sock|http://mgoblin.immae.eu/ - ProxyPassReverse / unix://${mediagoblin.socketsDir}/mediagoblin.sock|http://mgoblin.immae.eu/ + ProxyPass / unix://${socketsDir}/mediagoblin.sock|http://mgoblin.immae.eu/ + ProxyPassReverse / unix://${socketsDir}/mediagoblin.sock|http://mgoblin.immae.eu/ '' ]; }; };