blob: 2f18037fc946f49435c2a5f980a9dc95bb17911a (
plain) (
tree)
|
|
{ lib, config, pkgs, ... }:
let
cfg = config.myServices.websites.denise.oms;
varDir = "/var/lib/buildbot/outputs/denise/oms";
varDirBeta = "/var/lib/buildbot/outputs/denise/oms_beta";
socket = "/run/denise_oms/socket.sock";
socket_beta = "/run/denise_oms_beta/socket.sock";
in {
options.myServices.websites.denise.oms.enable = lib.mkEnableOption "enable Denise's OMS website";
config = lib.mkIf cfg.enable {
services.websites.env.production.vhostConfs.denise_oms = {
certName = "denise";
addToCerts = true;
hosts = [ "oms.syanni.eu" ];
root = null;
extraConfig = [
''
ProxyPreserveHost on
ProxyVia On
ProxyRequests Off
ProxyPassMatch ^/.well-known/acme-challenge !
ProxyPass / unix://${socket}|http://oms.syanni.eu/
ProxyPassReverse / unix://${socket}|http://oms.syanni.eu/
''
];
};
systemd.services.denise-oms = {
description = "Denise OMS website";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
WorkingDirectory = varDir;
ExecStart = let
python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]);
in
"${python}/bin/gunicorn -w4 -p /run/denise_oms/gunicorn.pid --bind unix:${socket} app:app";
User = "wwwrun";
Restart = "always";
RestartSec = "5s";
PIDFile = "/run/denise_oms/gunicorn.pid";
RuntimeDirectory = "denise_oms";
StandardOutput = "journal";
StandardError = "inherit";
};
};
security.sudo.extraRules = [
{
commands = [
{ options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-oms-beta.service"; }
{ options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-oms.service"; }
];
users = ["buildbot"];
runAs = "root";
}
];
services.websites.env.integration.vhostConfs.denise_oms_beta = {
certName = "denise";
addToCerts = true;
hosts = [ "beta.oms.syanni.eu" ];
root = null;
extraConfig = [
''
ProxyPreserveHost on
ProxyVia On
ProxyRequests Off
ProxyPassMatch ^/.well-known/acme-challenge !
ProxyPass / unix://${socket_beta}|http://beta.oms.syanni.eu/
ProxyPassReverse / unix://${socket_beta}|http://beta.oms.syanni.eu/
''
];
};
systemd.services.denise-oms-beta = {
description = "Denise OMS beta website";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
WorkingDirectory = varDirBeta;
ExecStart = let
python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]);
in
"${python}/bin/gunicorn -w4 -p /run/denise_oms_beta/gunicorn.pid --bind unix:${socket_beta} app:app";
User = "wwwrun";
Restart = "always";
RestartSec = "5s";
PIDFile = "/run/denise_oms_beta/gunicorn.pid";
RuntimeDirectory = "denise_oms_beta";
StandardOutput = "journal";
StandardError = "inherit";
};
};
};
}
|