Move websites/tools to modules

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-22 20:01:33 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-22 20:01:33 +0200
commit: 4288c2f2431fb782b0d512b1b3749187f2374b6a (patch)
tree: aaf812414f91d6b695a7507265e7572de8dc477c /modules/private/websites/tools/mgoblin
parent: f40f5b235b890f46770a22f005f8a0f664cf0562 (diff)
download: Nix-4288c2f2431fb782b0d512b1b3749187f2374b6a.tar.gz
Nix-4288c2f2431fb782b0d512b1b3749187f2374b6a.tar.zst
Nix-4288c2f2431fb782b0d512b1b3749187f2374b6a.zip
1 files changed, 122 insertions, 0 deletions
diff --git a/modules/private/websites/tools/mgoblin/default.nix b/modules/private/websites/tools/mgoblin/default.nix
new file mode 100644
index 0000000..5da81f6
--- /dev/null
+++ b/modules/private/websites/tools/mgoblin/default.nix
@@ -0,0 +1,122 @@
+{ lib, pkgs, config, myconfig,  ... }:
+let
+  env = myconfig.env.tools.mediagoblin;
+  cfg = config.myServices.websites.tools.mediagoblin;
+  mcfg = config.services.mediagoblin;
+in {
+  options.myServices.websites.tools.mediagoblin = {
+    enable = lib.mkEnableOption "enable mediagoblin's website";
+  };
+  config = lib.mkIf cfg.enable {
+    secrets.keys = [{
+      dest = "webapps/tools-mediagoblin";
+      user = "mediagoblin";
+      group = "mediagoblin";
+      permissions = "0400";
+      text = ''
+        [DEFAULT]
+        data_basedir = "${mcfg.dataDir}"
+        [mediagoblin]
+        direct_remote_path = /mgoblin_static/
+        email_sender_address = "mediagoblin@tools.immae.eu"
+        #sql_engine = sqlite:///%(data_basedir)s/mediagoblin.db
+        sql_engine = ${env.psql_url}
+        email_debug_mode = false
+        allow_registration = false
+        allow_reporting = true
+        theme = airymodified
+        user_privilege_scheme = "uploader,commenter,reporter"
+        # We need to redefine them here since we override data_basedir
+        # cf /usr/share/webapps/mediagoblin/mediagoblin/config_spec.ini
+        workbench_path = %(data_basedir)s/media/workbench
+        crypto_path = %(data_basedir)s/crypto
+        theme_install_dir = %(data_basedir)s/themes/
+        theme_linked_assets_dir = %(data_basedir)s/theme_static/
+        plugin_linked_assets_dir = %(data_basedir)s/plugin_static/
+        [storage:queuestore]
+        base_dir = %(data_basedir)s/media/queue
+        [storage:publicstore]
+        base_dir = %(data_basedir)s/media/public
+        base_url = /mgoblin_media/
+        [celery]
+        CELERY_RESULT_DBURI = ${env.redis_url}
+        BROKER_URL = ${env.redis_url}
+        CELERYD_CONCURRENCY = 1
+        [plugins]
+          [[mediagoblin.plugins.geolocation]]
+          [[mediagoblin.plugins.ldap]]
+            [[[immae.eu]]]
+              LDAP_SERVER_URI = 'ldaps://ldap.immae.eu:636'
+              LDAP_SEARCH_BASE = 'dc=immae,dc=eu'
+              LDAP_BIND_DN = 'cn=mediagoblin,ou=services,dc=immae,dc=eu'
+              LDAP_BIND_PW = '${env.ldap.password}'
+              LDAP_SEARCH_FILTER = '(&(memberOf=cn=users,cn=mediagoblin,ou=services,dc=immae,dc=eu)(uid={username}))'
+              EMAIL_SEARCH_FIELD = 'mail'
+          [[mediagoblin.plugins.basicsearch]]
+          [[mediagoblin.plugins.piwigo]]
+          [[mediagoblin.plugins.processing_info]]
+          [[mediagoblin.media_types.image]]
+          [[mediagoblin.media_types.video]]
+        '';
+    }];
+    users.users.mediagoblin.extraGroups = [ "keys" ];
+    services.mediagoblin = {
+      enable     = true;
+      plugins    = builtins.attrValues pkgs.webapps.mediagoblin-plugins;
+      configFile = "/var/secrets/webapps/tools-mediagoblin";
+    };
+    services.websites.tools.modules = [
+      "proxy" "proxy_http"
+    ];
+    users.users.wwwrun.extraGroups = [ "mediagoblin" ];
+    services.websites.tools.vhostConfs.mgoblin = {
+      certName    = "eldiron";
+      addToCerts  = true;
+      hosts       = ["mgoblin.immae.eu" ];
+      root        = null;
+      extraConfig = [ ''
+        Alias /mgoblin_media ${mcfg.dataDir}/media/public
+        <Directory ${mcfg.dataDir}/media/public>
+          Options -Indexes +FollowSymLinks +MultiViews +Includes
+          Require all granted
+        </Directory>
+        Alias /theme_static ${mcfg.dataDir}/theme_static
+        <Directory ${mcfg.dataDir}/theme_static>
+          Options -Indexes +FollowSymLinks +MultiViews +Includes
+          Require all granted
+        </Directory>
+        Alias /plugin_static ${mcfg.dataDir}/plugin_static
+        <Directory ${mcfg.dataDir}/plugin_static>
+          Options -Indexes +FollowSymLinks +MultiViews +Includes
+          Require all granted
+        </Directory>
+        ProxyPreserveHost on
+        ProxyVia On
+        ProxyRequests Off
+        ProxyPass /mgoblin_media !
+        ProxyPass /theme_static !
+        ProxyPass /plugin_static !
+        ProxyPassMatch ^/.well-known/acme-challenge !
+        ProxyPass / unix://${mcfg.sockets.paster}|http://mgoblin.immae.eu/
+        ProxyPassReverse / unix://${mcfg.sockets.paster}|http://mgoblin.immae.eu/
+      '' ];
+    };
+  };
+}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-22 20:01:33 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-22 20:01:33 +0200
commit	4288c2f2431fb782b0d512b1b3749187f2374b6a (patch)
tree	aaf812414f91d6b695a7507265e7572de8dc477c /modules/private/websites/tools/mgoblin
parent	f40f5b235b890f46770a22f005f8a0f664cf0562 (diff)
download	Nix-4288c2f2431fb782b0d512b1b3749187f2374b6a.tar.gz Nix-4288c2f2431fb782b0d512b1b3749187f2374b6a.tar.zst Nix-4288c2f2431fb782b0d512b1b3749187f2374b6a.zip

diff --git a/modules/private/websites/tools/mgoblin/default.nix b/modules/private/websites/tools/mgoblin/default.nix new file mode 100644 index 0000000..5da81f6 --- /dev/null +++ b/modules/private/websites/tools/mgoblin/default.nix
@@ -0,0 +1,122 @@
	1	{ lib, pkgs, config, myconfig, ... }:
	2	let
	3	env = myconfig.env.tools.mediagoblin;
	4	cfg = config.myServices.websites.tools.mediagoblin;
	5	mcfg = config.services.mediagoblin;
	6	in {
	7	options.myServices.websites.tools.mediagoblin = {
	8	enable = lib.mkEnableOption "enable mediagoblin's website";
	9	};
	10
	11	config = lib.mkIf cfg.enable {
	12	secrets.keys = [{
	13	dest = "webapps/tools-mediagoblin";
	14	user = "mediagoblin";
	15	group = "mediagoblin";
	16	permissions = "0400";
	17	text = ''
	18	[DEFAULT]
	19	data_basedir = "${mcfg.dataDir}"
	20
	21	[mediagoblin]
	22	direct_remote_path = /mgoblin_static/
	23	email_sender_address = "mediagoblin@tools.immae.eu"
	24
	25	#sql_engine = sqlite:///%(data_basedir)s/mediagoblin.db
	26	sql_engine = ${env.psql_url}
	27
	28	email_debug_mode = false
	29	allow_registration = false
	30	allow_reporting = true
	31
	32	theme = airymodified
	33
	34	user_privilege_scheme = "uploader,commenter,reporter"
	35
	36	# We need to redefine them here since we override data_basedir
	37	# cf /usr/share/webapps/mediagoblin/mediagoblin/config_spec.ini
	38	workbench_path = %(data_basedir)s/media/workbench
	39	crypto_path = %(data_basedir)s/crypto
	40	theme_install_dir = %(data_basedir)s/themes/
	41	theme_linked_assets_dir = %(data_basedir)s/theme_static/
	42	plugin_linked_assets_dir = %(data_basedir)s/plugin_static/
	43
	44	[storage:queuestore]
	45	base_dir = %(data_basedir)s/media/queue
	46
	47	[storage:publicstore]
	48	base_dir = %(data_basedir)s/media/public
	49	base_url = /mgoblin_media/
	50
	51	[celery]
	52	CELERY_RESULT_DBURI = ${env.redis_url}
	53	BROKER_URL = ${env.redis_url}
	54	CELERYD_CONCURRENCY = 1
	55
	56	[plugins]
	57	[[mediagoblin.plugins.geolocation]]
	58	[[mediagoblin.plugins.ldap]]
	59	[[[immae.eu]]]
	60	LDAP_SERVER_URI = 'ldaps://ldap.immae.eu:636'
	61	LDAP_SEARCH_BASE = 'dc=immae,dc=eu'
	62	LDAP_BIND_DN = 'cn=mediagoblin,ou=services,dc=immae,dc=eu'
	63	LDAP_BIND_PW = '${env.ldap.password}'
	64	LDAP_SEARCH_FILTER = '(&(memberOf=cn=users,cn=mediagoblin,ou=services,dc=immae,dc=eu)(uid={username}))'
	65	EMAIL_SEARCH_FIELD = 'mail'
	66	[[mediagoblin.plugins.basicsearch]]
	67	[[mediagoblin.plugins.piwigo]]
	68	[[mediagoblin.plugins.processing_info]]
	69	[[mediagoblin.media_types.image]]
	70	[[mediagoblin.media_types.video]]
	71	'';
	72	}];
	73
	74	users.users.mediagoblin.extraGroups = [ "keys" ];
	75
	76	services.mediagoblin = {
	77	enable = true;
	78	plugins = builtins.attrValues pkgs.webapps.mediagoblin-plugins;
	79	configFile = "/var/secrets/webapps/tools-mediagoblin";
	80	};
	81
	82	services.websites.tools.modules = [
	83	"proxy" "proxy_http"
	84	];
	85	users.users.wwwrun.extraGroups = [ "mediagoblin" ];
	86	services.websites.tools.vhostConfs.mgoblin = {
	87	certName = "eldiron";
	88	addToCerts = true;
	89	hosts = ["mgoblin.immae.eu" ];
	90	root = null;
	91	extraConfig = [ ''
	92	Alias /mgoblin_media ${mcfg.dataDir}/media/public
	93	<Directory ${mcfg.dataDir}/media/public>
	94	Options -Indexes +FollowSymLinks +MultiViews +Includes
	95	Require all granted
	96	</Directory>
	97
	98	Alias /theme_static ${mcfg.dataDir}/theme_static
	99	<Directory ${mcfg.dataDir}/theme_static>
	100	Options -Indexes +FollowSymLinks +MultiViews +Includes
	101	Require all granted
	102	</Directory>
	103
	104	Alias /plugin_static ${mcfg.dataDir}/plugin_static
	105	<Directory ${mcfg.dataDir}/plugin_static>
	106	Options -Indexes +FollowSymLinks +MultiViews +Includes
	107	Require all granted
	108	</Directory>
	109
	110	ProxyPreserveHost on
	111	ProxyVia On
	112	ProxyRequests Off
	113	ProxyPass /mgoblin_media !
	114	ProxyPass /theme_static !
	115	ProxyPass /plugin_static !
	116	ProxyPassMatch ^/.well-known/acme-challenge !
	117	ProxyPass / unix://${mcfg.sockets.paster}\|http://mgoblin.immae.eu/
	118	ProxyPassReverse / unix://${mcfg.sockets.paster}\|http://mgoblin.immae.eu/
	119	'' ];
	120	};
	121	};
	122	}