Add comment engine

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2020-06-07 18:46:27 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2020-06-07 19:13:09 +0200
commit: 6338573a8a4b416d5bce384dac712197f90637dc (patch)
tree: d21bf9c28aae19c229db226ad1d283b97d77dcd4 /modules/private/websites/tools/commento
parent: 6c7d42fc4844bc4f9af72dab531be8377825296a (diff)
download: Nix-6338573a8a4b416d5bce384dac712197f90637dc.tar.gz
Nix-6338573a8a4b416d5bce384dac712197f90637dc.tar.zst
Nix-6338573a8a4b416d5bce384dac712197f90637dc.zip
1 files changed, 60 insertions, 0 deletions
diff --git a/modules/private/websites/tools/commento/default.nix b/modules/private/websites/tools/commento/default.nix
new file mode 100644
index 0000000..d0e7d24
--- /dev/null
+++ b/modules/private/websites/tools/commento/default.nix
@@ -0,0 +1,60 @@
+{ lib, pkgs, config, ... }:
+let
+  cfg = config.myServices.websites.tools.commento;
+  env = config.myEnv.tools.commento;
+  webPort = "${host}:${port}";
+  port = toString env.listenPort;
+  host = "localhost";
+  postgresql_url = "postgres://${env.postgresql.user}:${env.postgresql.password}@localhost:${env.postgresql.port}/${env.postgresql.database}?sslmode=disable";
+in
+{
+  options.myServices.websites.tools.commento = {
+    enable = lib.mkEnableOption "Enable commento website";
+  };
+  config = lib.mkIf cfg.enable {
+    secrets.keys = [
+      {
+        dest = "commento/env";
+        permission = "0400";
+        text = ''
+          COMMENTO_ORIGIN=https://commento.immae.eu/
+          COMMENTO_PORT=${port}
+          COMMENTO_POSTGRES=${postgresql_url}
+          COMMENTO_FORBID_NEW_OWNERS=true
+          COMMENTO_BIND_ADDRESS=${host}
+          COMMENTO_GZIP_STATIC=true
+          COMMENTO_SMTP_HOST=${env.smtp.host}
+          COMMENTO_SMTP_PORT=${env.smtp.port}
+          COMMENTO_SMTP_USERNAME=${env.smtp.email}
+          COMMENTO_SMTP_PASSWORD=${env.smtp.password}
+          COMMENTO_SMTP_FROM_ADDRESS=${env.smtp.email}
+        '';
+      }
+    ];
+    services.websites.env.tools.vhostConfs.commento = {
+      certName = "eldiron";
+      addToCerts = true;
+      hosts = [ "commento.immae.eu" ];
+      root = null;
+      extraConfig = [
+        ''
+          ProxyPass / http://${webPort}/
+          ProxyPassReverse / http://${webPort}/
+          ProxyPreserveHost On
+        ''
+      ];
+    };
+    systemd.services.commento = {
+      description = "Commento";
+      wantedBy = [ "multi-user.target" ];
+      requires = ["postgresql.service"];
+      after = ["network.target" "postgresql.service"];
+      serviceConfig = {
+        User = "wwwrun";
+        ExecStart = "${pkgs.commento}/commento";
+        EnvironmentFile = config.secrets.fullPaths."commento/env";
+      };
+    };
+  };
+}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2020-06-07 18:46:27 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2020-06-07 19:13:09 +0200
commit	6338573a8a4b416d5bce384dac712197f90637dc (patch)
tree	d21bf9c28aae19c229db226ad1d283b97d77dcd4 /modules/private/websites/tools/commento
parent	6c7d42fc4844bc4f9af72dab531be8377825296a (diff)
download	Nix-6338573a8a4b416d5bce384dac712197f90637dc.tar.gz Nix-6338573a8a4b416d5bce384dac712197f90637dc.tar.zst Nix-6338573a8a4b416d5bce384dac712197f90637dc.zip

diff --git a/modules/private/websites/tools/commento/default.nix b/modules/private/websites/tools/commento/default.nix new file mode 100644 index 0000000..d0e7d24 --- /dev/null +++ b/modules/private/websites/tools/commento/default.nix
@@ -0,0 +1,60 @@
	1	{ lib, pkgs, config, ... }:
	2	let
	3	cfg = config.myServices.websites.tools.commento;
	4	env = config.myEnv.tools.commento;
	5	webPort = "${host}:${port}";
	6	port = toString env.listenPort;
	7	host = "localhost";
	8	postgresql_url = "postgres://${env.postgresql.user}:${env.postgresql.password}@localhost:${env.postgresql.port}/${env.postgresql.database}?sslmode=disable";
	9	in
	10	{
	11	options.myServices.websites.tools.commento = {
	12	enable = lib.mkEnableOption "Enable commento website";
	13	};
	14	config = lib.mkIf cfg.enable {
	15	secrets.keys = [
	16	{
	17	dest = "commento/env";
	18	permission = "0400";
	19	text = ''
	20	COMMENTO_ORIGIN=https://commento.immae.eu/
	21	COMMENTO_PORT=${port}
	22	COMMENTO_POSTGRES=${postgresql_url}
	23	COMMENTO_FORBID_NEW_OWNERS=true
	24	COMMENTO_BIND_ADDRESS=${host}
	25	COMMENTO_GZIP_STATIC=true
	26	COMMENTO_SMTP_HOST=${env.smtp.host}
	27	COMMENTO_SMTP_PORT=${env.smtp.port}
	28	COMMENTO_SMTP_USERNAME=${env.smtp.email}
	29	COMMENTO_SMTP_PASSWORD=${env.smtp.password}
	30	COMMENTO_SMTP_FROM_ADDRESS=${env.smtp.email}
	31	'';
	32	}
	33	];
	34
	35	services.websites.env.tools.vhostConfs.commento = {
	36	certName = "eldiron";
	37	addToCerts = true;
	38	hosts = [ "commento.immae.eu" ];
	39	root = null;
	40	extraConfig = [
	41	''
	42	ProxyPass / http://${webPort}/
	43	ProxyPassReverse / http://${webPort}/
	44	ProxyPreserveHost On
	45	''
	46	];
	47	};
	48	systemd.services.commento = {
	49	description = "Commento";
	50	wantedBy = [ "multi-user.target" ];
	51	requires = ["postgresql.service"];
	52	after = ["network.target" "postgresql.service"];
	53	serviceConfig = {
	54	User = "wwwrun";
	55	ExecStart = "${pkgs.commento}/commento";
	56	EnvironmentFile = config.secrets.fullPaths."commento/env";
	57	};
	58	};
	59	};
	60	}