From 996a68c2ec15260dd0c6e8d3d60460e32571d3b7 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Fri, 10 May 2019 14:04:21 +0200 Subject: [PATCH] Move Mediagoblin module outside of nixops --- default.nix | 1 + modules/default.nix | 5 + modules/myids.nix | 11 + modules/webapps/mediagoblin.nix | 193 ++++++++++++++++++ nixops/eldiron.nix | 2 +- nixops/modules/websites/tools/mediagoblin.nix | 159 ++------------- 6 files changed, 226 insertions(+), 145 deletions(-) create mode 100644 modules/default.nix create mode 100644 modules/myids.nix create mode 100644 modules/webapps/mediagoblin.nix diff --git a/default.nix b/default.nix index e092c33..c7f515b 100644 --- a/default.nix +++ b/default.nix @@ -5,6 +5,7 @@ let in { lib = import ./libs.nix { pkgs = pkgs_; }; + modules = import ./modules; overlays = import ./overlays; pkgs = mypkgs; } // mypkgs diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..3cc4149 --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,5 @@ +{ + myids = ./myids.nix; + + mediagoblin = ./webapps/mediagoblin.nix; +} diff --git a/modules/myids.nix b/modules/myids.nix new file mode 100644 index 0000000..a3e5879 --- /dev/null +++ b/modules/myids.nix @@ -0,0 +1,11 @@ +{ ... }: +{ + config = { + ids.uids = { + mediagoblin = 397; + }; + ids.gids = { + mediagoblin = 397; + }; + }; +} diff --git a/modules/webapps/mediagoblin.nix b/modules/webapps/mediagoblin.nix new file mode 100644 index 0000000..6808c82 --- /dev/null +++ b/modules/webapps/mediagoblin.nix @@ -0,0 +1,193 @@ +{ lib, pkgs, config, ... }: +let + name = "mediagoblin"; + cfg = config.services.mediagoblin; + + uid = config.ids.uids.mediagoblin; + gid = config.ids.gids.mediagoblin; + + fullPackage = cfg.package.withPlugins cfg.plugins; + paste_local = pkgs.writeText "paste_local.ini" '' + [DEFAULT] + debug = false + + [pipeline:main] + pipeline = mediagoblin + + [app:mediagoblin] + use = egg:mediagoblin#app + config = ${cfg.configFile} ${fullPackage}/mediagoblin.ini + /mgoblin_static = ${fullPackage}/mediagoblin/static + + [loggers] + keys = root + + [handlers] + keys = console + + [formatters] + keys = generic + + [logger_root] + level = INFO + handlers = console + + [handler_console] + class = StreamHandler + args = (sys.stderr,) + level = NOTSET + formatter = generic + + [formatter_generic] + format = %(levelname)-7.7s [%(name)s] %(message)s + + [filter:errors] + use = egg:mediagoblin#errors + debug = false + + [server:main] + use = egg:waitress#main + unix_socket = ${cfg.socketsDir}/mediagoblin.sock + unix_socket_perms = 777 + url_scheme = https + ''; +in +{ + options.services.mediagoblin = { + enable = lib.mkEnableOption "Enable Mediagoblin’s service"; + user = lib.mkOption { + type = lib.types.str; + default = name; + description = "User account under which Mediagoblin runs"; + }; + group = lib.mkOption { + type = lib.types.str; + default = name; + description = "Group under which Mediagoblin runs"; + }; + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/${name}"; + description = '' + The directory where Mediagoblin stores its data. + ''; + }; + socketsDir = lib.mkOption { + type = lib.types.path; + default = "/run/${name}"; + description = '' + The directory where Mediagoblin puts runtime files and sockets. + ''; + }; + configFile = lib.mkOption { + type = lib.types.path; + description = '' + The configuration file path for Mediagoblin. + ''; + }; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.webapps.mediagoblin; + description = '' + Mediagoblin package to use. + ''; + }; + plugins = lib.mkOption { + type = lib.types.listOf lib.types.package; + default = []; + description = '' + Mediagoblin plugins to use. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton { + inherit name; + inherit uid; + group = cfg.group; + description = "Mediagoblin user"; + home = cfg.dataDir; + useDefaultShell = true; + }); + users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton { + inherit name; + inherit gid; + }); + + systemd.services.mediagoblin-web = { + description = "Mediagoblin service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + wants = [ "postgresql.service" "redis.service" ]; + + environment.SCRIPT_NAME = "/mediagoblin/"; + + script = '' + exec ./bin/paster serve \ + ${paste_local} \ + --pid-file=${cfg.socketsDir}/mediagoblin.pid + ''; + preStop = '' + exec ./bin/paster serve \ + --pid-file=${cfg.socketsDir}/mediagoblin.pid \ + ${paste_local} stop + ''; + preStart = '' + ./bin/gmg -cf ${cfg.configFile} dbupdate + ''; + + serviceConfig = { + User = cfg.user; + PrivateTmp = true; + Restart = "always"; + TimeoutSec = 15; + Type = "simple"; + WorkingDirectory = fullPackage; + PIDFile = "${cfg.socketsDir}/mediagoblin.pid"; + }; + + unitConfig.RequiresMountsFor = cfg.dataDir; + }; + + systemd.services.mediagoblin-celeryd = { + description = "Mediagoblin service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "mediagoblin-web.service" ]; + + environment.MEDIAGOBLIN_CONFIG = cfg.configFile; + environment.CELERY_CONFIG_MODULE = "mediagoblin.init.celery.from_celery"; + + script = '' + exec ./bin/celery worker \ + --logfile=${cfg.dataDir}/celery.log \ + --loglevel=INFO + ''; + + serviceConfig = { + User = cfg.user; + PrivateTmp = true; + Restart = "always"; + TimeoutSec = 60; + Type = "simple"; + WorkingDirectory = fullPackage; + PIDFile = "${cfg.socketsDir}/mediagoblin-celeryd.pid"; + }; + + unitConfig.RequiresMountsFor = cfg.dataDir; + }; + + system.activationScripts.mediagoblin = { + deps = [ "users" ]; + text = '' + install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.socketsDir} + install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir} + if [ -d ${cfg.dataDir}/plugin_static/ ]; then + rm ${cfg.dataDir}/plugin_static/coreplugin_basic_auth + ln -sf ${fullPackage}/mediagoblin/plugins/basic_auth/static ${cfg.dataDir}/plugin_static/coreplugin_basic_auth + fi + ''; + }; + + }; +} diff --git a/nixops/eldiron.nix b/nixops/eldiron.nix index 239e065..71615fa 100644 --- a/nixops/eldiron.nix +++ b/nixops/eldiron.nix @@ -46,7 +46,7 @@ ./modules/buildbot ./modules/dns.nix ./modules/secrets.nix - ]; + ] ++ (builtins.attrValues (import ../modules)); services.myGitolite.enable = true; services.myDatabases.enable = true; services.myWebsites.production.enable = true; diff --git a/nixops/modules/websites/tools/mediagoblin.nix b/nixops/modules/websites/tools/mediagoblin.nix index 2b56007..bdb8323 100644 --- a/nixops/modules/websites/tools/mediagoblin.nix +++ b/nixops/modules/websites/tools/mediagoblin.nix @@ -1,55 +1,8 @@ { lib, pkgs, config, myconfig, mylibs, ... }: let env = myconfig.env.tools.mediagoblin; - socketsDir = "/run/mediagoblin"; - varDir = "/var/lib/mediagoblin"; cfg = config.services.myWebsites.tools.mediagoblin; - mediagoblin_init = "/var/secrets/webapps/tools-mediagoblin"; - paste_local = pkgs.writeText "paste_local.ini" '' - [DEFAULT] - debug = false - - [pipeline:main] - pipeline = mediagoblin - - [app:mediagoblin] - use = egg:mediagoblin#app - config = ${mediagoblin_init} ${pythonRoot}/mediagoblin.ini - /mgoblin_static = ${pythonRoot}/mediagoblin/static - - [loggers] - keys = root - - [handlers] - keys = console - - [formatters] - keys = generic - - [logger_root] - level = INFO - handlers = console - - [handler_console] - class = StreamHandler - args = (sys.stderr,) - level = NOTSET - formatter = generic - - [formatter_generic] - format = %(levelname)-7.7s [%(name)s] %(message)s - - [filter:errors] - use = egg:mediagoblin#errors - debug = false - - [server:main] - use = egg:waitress#main - unix_socket = ${socketsDir}/mediagoblin.sock - unix_socket_perms = 777 - url_scheme = https - ''; - pythonRoot = pkgs.webapps.mediagoblin-with-plugins; + mcfg = config.services.mediagoblin; in { options.services.myWebsites.tools.mediagoblin = { enable = lib.mkEnableOption "enable mediagoblin's website"; @@ -63,7 +16,7 @@ in { permissions = "0400"; text = '' [DEFAULT] - data_basedir = "${varDir}" + data_basedir = "${mcfg.dataDir}" [mediagoblin] direct_remote_path = /mgoblin_static/ @@ -118,94 +71,12 @@ in { ''; }]; - ids.uids.mediagoblin = myconfig.env.tools.mediagoblin.user.uid; - ids.gids.mediagoblin = myconfig.env.tools.mediagoblin.user.gid; + users.users.mediagoblin.extraGroups = [ "keys" ]; - users.users.mediagoblin = { - name = "mediagoblin"; - uid = config.ids.uids.mediagoblin; - group = "mediagoblin"; - description = "Mediagoblin user"; - home = varDir; - useDefaultShell = true; - extraGroups = [ "keys" ]; - }; - - users.groups.mediagoblin.gid = config.ids.gids.mediagoblin; - - systemd.services.mediagoblin-web = { - description = "Mediagoblin service"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - wants = [ "postgresql.service" "redis.service" ]; - - environment.SCRIPT_NAME = "/mediagoblin/"; - - script = '' - exec ./bin/paster serve \ - ${paste_local} \ - --pid-file=${socketsDir}/mediagoblin.pid - ''; - - preStop = '' - exec ./bin/paster serve \ - --pid-file=${socketsDir}/mediagoblin.pid \ - ${paste_local} stop - ''; - preStart = '' - ./bin/gmg -cf ${mediagoblin_init} dbupdate - ''; - - serviceConfig = { - User = "mediagoblin"; - PrivateTmp = true; - Restart = "always"; - TimeoutSec = 15; - Type = "simple"; - WorkingDirectory = pythonRoot; - PIDFile = "${socketsDir}/mediagoblin.pid"; - }; - - unitConfig.RequiresMountsFor = varDir; - }; - - systemd.services.mediagoblin-celeryd = { - description = "Mediagoblin service"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "mediagoblin-web.service" ]; - - environment.MEDIAGOBLIN_CONFIG = mediagoblin_init; - environment.CELERY_CONFIG_MODULE = "mediagoblin.init.celery.from_celery"; - - script = '' - exec ./bin/celery worker \ - --logfile=${varDir}/celery.log \ - --loglevel=INFO - ''; - - serviceConfig = { - User = "mediagoblin"; - PrivateTmp = true; - Restart = "always"; - TimeoutSec = 60; - Type = "simple"; - WorkingDirectory = pythonRoot; - PIDFile = "${socketsDir}/mediagoblin-celeryd.pid"; - }; - - unitConfig.RequiresMountsFor = varDir; - }; - - system.activationScripts.mediagoblin = { - deps = [ "users" ]; - text = '' - install -m 0755 -o mediagoblin -g mediagoblin -d ${socketsDir} - install -m 0755 -o mediagoblin -g mediagoblin -d ${varDir} - if [ -d ${varDir}/plugin_static/ ]; then - rm ${varDir}/plugin_static/coreplugin_basic_auth - ln -sf ${pythonRoot}/mediagoblin/plugins/basic_auth/static ${varDir}/plugin_static/coreplugin_basic_auth - fi - ''; + services.mediagoblin = { + enable = true; + plugins = builtins.attrValues pkgs.webapps.mediagoblin-plugins; + configFile = "/var/secrets/webapps/tools-mediagoblin"; }; services.myWebsites.tools.modules = [ @@ -218,20 +89,20 @@ in { hosts = ["mgoblin.immae.eu" ]; root = null; extraConfig = [ '' - Alias /mgoblin_media ${varDir}/media/public - + Alias /mgoblin_media ${mcfg.dataDir}/media/public + Options -Indexes +FollowSymLinks +MultiViews +Includes Require all granted - Alias /theme_static ${varDir}/theme_static - + Alias /theme_static ${mcfg.dataDir}/theme_static + Options -Indexes +FollowSymLinks +MultiViews +Includes Require all granted - Alias /plugin_static ${varDir}/plugin_static - + Alias /plugin_static ${mcfg.dataDir}/plugin_static + Options -Indexes +FollowSymLinks +MultiViews +Includes Require all granted @@ -243,8 +114,8 @@ in { ProxyPass /theme_static ! ProxyPass /plugin_static ! ProxyPassMatch ^/.well-known/acme-challenge ! - ProxyPass / unix://${socketsDir}/mediagoblin.sock|http://mgoblin.immae.eu/ - ProxyPassReverse / unix://${socketsDir}/mediagoblin.sock|http://mgoblin.immae.eu/ + ProxyPass / unix://${mcfg.socketsDir}/mediagoblin.sock|http://mgoblin.immae.eu/ + ProxyPassReverse / unix://${mcfg.socketsDir}/mediagoblin.sock|http://mgoblin.immae.eu/ '' ]; }; }; -- 2.41.0