+{ lib, pkgs, config, ... }:
+let
+ cfg = config.myServices.websites.tools.commento;
+ env = config.myEnv.tools.commento;
+ webPort = "${host}:${port}";
+ port = toString env.listenPort;
+ host = "localhost";
+ postgresql_url = "postgres://${env.postgresql.user}:${env.postgresql.password}@localhost:${env.postgresql.port}/${env.postgresql.database}?sslmode=disable";
+in
+{
+ options.myServices.websites.tools.commento = {
+ enable = lib.mkEnableOption "Enable commento website";
+ };
+ config = lib.mkIf cfg.enable {
+ secrets.keys = [
+ {
+ dest = "commento/env";
+ permission = "0400";
+ text = ''
+ COMMENTO_ORIGIN=https://commento.immae.eu/
+ COMMENTO_PORT=${port}
+ COMMENTO_POSTGRES=${postgresql_url}
+ COMMENTO_FORBID_NEW_OWNERS=true
+ COMMENTO_BIND_ADDRESS=${host}
+ COMMENTO_GZIP_STATIC=true
+ COMMENTO_SMTP_HOST=${env.smtp.host}
+ COMMENTO_SMTP_PORT=${env.smtp.port}
+ COMMENTO_SMTP_USERNAME=${env.smtp.email}
+ COMMENTO_SMTP_PASSWORD=${env.smtp.password}
+ COMMENTO_SMTP_FROM_ADDRESS=${env.smtp.email}
+ '';
+ }
+ ];
+
+ services.websites.env.tools.vhostConfs.commento = {
+ certName = "eldiron";
+ addToCerts = true;
+ hosts = [ "commento.immae.eu" ];
+ root = null;
+ extraConfig = [
+ ''
+ ProxyPass / http://${webPort}/
+ ProxyPassReverse / http://${webPort}/
+ ProxyPreserveHost On
+ ''
+ ];
+ };
+ systemd.services.commento = {
+ description = "Commento";
+ wantedBy = [ "multi-user.target" ];
+ requires = ["postgresql.service"];
+ after = ["network.target" "postgresql.service"];
+ serviceConfig = {
+ User = "wwwrun";
+ ExecStart = "${pkgs.commento}/commento";
+ EnvironmentFile = config.secrets.fullPaths."commento/env";
+ };
+ };
+ };
+}