Rename virtual folder to nixops

Fixes https://git.immae.eu/mantisbt/view.php?id=82
author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-01-25 23:15:08 +0100
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-01-25 23:15:08 +0100
commit: 01f21083a897b86bf148f1d2bb9c8edca4d3786a (patch)
tree: 784f04e9b6ef99a49e572c84e4b7ab40b5eb5fde /nixops/modules/websites/tools/mediagoblin
parent: bfe3c9c9df0c5112bc8806483292b55ed0f7e02d (diff)
download: Nix-01f21083a897b86bf148f1d2bb9c8edca4d3786a.tar.gz
Nix-01f21083a897b86bf148f1d2bb9c8edca4d3786a.tar.zst
Nix-01f21083a897b86bf148f1d2bb9c8edca4d3786a.zip
7 files changed, 580 insertions, 0 deletions
diff --git a/nixops/modules/websites/tools/mediagoblin/bower-packages.nix b/nixops/modules/websites/tools/mediagoblin/bower-packages.nix
new file mode 100644
index 0000000..03af849
--- /dev/null
+++ b/nixops/modules/websites/tools/mediagoblin/bower-packages.nix
@@ -0,0 +1,8 @@
+# Generated by bower2nix v3.2.0 (https://github.com/rvl/bower2nix)
+{ fetchbower, buildEnv }:
+buildEnv { name = "bower-env"; ignoreCollisions = true; paths = [
+  (fetchbower "jquery" "2.1.4" "~2.1.3" "1ywrpk2xsr6ghkm3j9gfnl9r3jn6xarfamp99b0bcm57kq9fm2k0")
+  (fetchbower "video.js" "4.11.4" "~4.11.4" "05prdvyk0rxbkh7sdd0d9ns5l5crwvc68wzkyqmrdjw367pcv8sn")
+  (fetchbower "leaflet" "0.7.7" "~0.7.3" "0jim285bljmxxngpm3yx6bnnd10n2whwkgmmhzpcd1rdksnr5nca")
+  (fetchbower "tinymce" "4.1.10" "~4.1.7" "16jyvdb9bq8gjwhs69q8p88vdixalajrz81nsmbrzzxhkih57dyx")
+]; }
diff --git a/nixops/modules/websites/tools/mediagoblin/default.nix b/nixops/modules/websites/tools/mediagoblin/default.nix
new file mode 100644
index 0000000..5f60503
--- /dev/null
+++ b/nixops/modules/websites/tools/mediagoblin/default.nix
@@ -0,0 +1,147 @@
+{ lib, pkgs, config, myconfig, mylibs, ... }:
+let
+  mediagoblin = pkgs.callPackage ./mediagoblin.nix {
+    inherit (mylibs) fetchedGit fetchedGithub;
+    env = myconfig.env.tools.mediagoblin;
+  };
+  cfg = config.services.myWebsites.tools.mediagoblin;
+in {
+  options.services.myWebsites.tools.mediagoblin = {
+    enable = lib.mkEnableOption "enable mediagoblin's website";
+  };
+  config = lib.mkIf cfg.enable {
+    ids.uids.mediagoblin = 397;
+    ids.gids.mediagoblin = 397;
+    users.users.mediagoblin = {
+      name = "mediagoblin";
+      uid = config.ids.uids.mediagoblin;
+      group = "mediagoblin";
+      description = "Mediagoblin user";
+      home = mediagoblin.varDir;
+      useDefaultShell = true;
+    };
+    users.groups.mediagoblin.gid = config.ids.gids.mediagoblin;
+    systemd.services.mediagoblin-web = {
+      description = "Mediagoblin service";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      environment.SCRIPT_NAME = "/mediagoblin/";
+      script = ''
+        exec ./bin/paster serve \
+          ${mediagoblin.pythonRoot}/paste_local.ini \
+          --pid-file=${mediagoblin.socketsDir}/mediagoblin.pid
+      '';
+      preStop = ''
+        exec ./bin/paster serve \
+          --pid-file=${mediagoblin.socketsDir}/mediagoblin.pid \
+          ${mediagoblin.pythonRoot}/paste_local.ini stop
+        '';
+      preStart = ''
+        ./bin/gmg dbupdate
+      '';
+      serviceConfig = {
+        User = "mediagoblin";
+        PrivateTmp = true;
+        Restart = "always";
+        TimeoutSec = 15;
+        Type = "simple";
+        WorkingDirectory = mediagoblin.pythonRoot;
+        PIDFile = "${mediagoblin.socketsDir}/mediagoblin.pid";
+      };
+      unitConfig.RequiresMountsFor = mediagoblin.varDir;
+    };
+    systemd.services.mediagoblin-celeryd = {
+      description = "Mediagoblin service";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" "mediagoblin-web.service" ];
+      environment.MEDIAGOBLIN_CONFIG = "${mediagoblin.pythonRoot}/mediagoblin_local.ini";
+      environment.CELERY_CONFIG_MODULE = "mediagoblin.init.celery.from_celery";
+      script = ''
+        exec ./bin/celery worker \
+          --logfile=${mediagoblin.varDir}/celery.log \
+          --loglevel=INFO
+      '';
+      serviceConfig = {
+        User = "mediagoblin";
+        PrivateTmp = true;
+        Restart = "always";
+        TimeoutSec = 60;
+        Type = "simple";
+        WorkingDirectory = mediagoblin.pythonRoot;
+        PIDFile = "${mediagoblin.socketsDir}/mediagoblin-celeryd.pid";
+      };
+      unitConfig.RequiresMountsFor = mediagoblin.varDir;
+    };
+    system.activationScripts.mediagoblin = {
+      deps = [ "users" ];
+      text = ''
+      install -m 0755 -o mediagoblin -g mediagoblin -d ${mediagoblin.socketsDir}
+      install -m 0755 -o mediagoblin -g mediagoblin -d ${mediagoblin.varDir}
+      if [ -d ${mediagoblin.varDir}/plugin_static/ ]; then
+        rm ${mediagoblin.varDir}/plugin_static/coreplugin_basic_auth
+        ln -sf ${mediagoblin.pythonRoot}/mediagoblin/plugins/basic_auth/static ${mediagoblin.varDir}/plugin_static/coreplugin_basic_auth
+      fi
+      '';
+    };
+    services.myWebsites.tools.modules = [
+      "proxy" "proxy_http" "proxy_balancer"
+      "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat"
+    ];
+    users.users.wwwrun.extraGroups = [ "mediagoblin" ];
+    security.acme.certs."eldiron".extraDomains."mgoblin.immae.eu" = null;
+    services.myWebsites.tools.vhostConfs.mgoblin = {
+      certName    = "eldiron";
+      hosts       = ["mgoblin.immae.eu" ];
+      root        = null;
+      extraConfig = [ ''
+        Alias /mgoblin_media ${mediagoblin.varDir}/media/public
+        <Directory ${mediagoblin.varDir}/media/public>
+          Options -Indexes +FollowSymLinks +MultiViews +Includes
+          Require all granted
+        </Directory>
+        Alias /theme_static ${mediagoblin.varDir}/theme_static
+        <Directory ${mediagoblin.varDir}/theme_static>
+          Options -Indexes +FollowSymLinks +MultiViews +Includes
+          Require all granted
+        </Directory>
+        Alias /plugin_static ${mediagoblin.varDir}/plugin_static
+        <Directory ${mediagoblin.varDir}/plugin_static>
+          Options -Indexes +FollowSymLinks +MultiViews +Includes
+          Require all granted
+        </Directory>
+        ProxyPreserveHost on
+        ProxyVia On
+        ProxyRequests Off
+        ProxyPass /mgoblin_media !
+        ProxyPass /theme_static !
+        ProxyPass /plugin_static !
+        ProxyPassMatch ^/.well-known/acme-challenge !
+        ProxyPass / balancer://paster_server/
+        ProxyPassReverse / balancer://paster_server
+        <Proxy balancer://paster_server>
+          BalancerMember unix://${mediagoblin.socketsDir}/mediagoblin.sock|http://
+        </Proxy>
+      '' ];
+    };
+  };
+}
diff --git a/nixops/modules/websites/tools/mediagoblin/ldap_fix.py b/nixops/modules/websites/tools/mediagoblin/ldap_fix.py
new file mode 100644
index 0000000..10cc375
--- /dev/null
+++ b/nixops/modules/websites/tools/mediagoblin/ldap_fix.py
@@ -0,0 +1,93 @@
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+from ldap3 import Server, Connection, SUBTREE
+from ldap3.core.exceptions import LDAPException
+import logging
+import six
+from mediagoblin.tools import pluginapi
+_log = logging.getLogger(__name__)
+class LDAP(object):
+    def __init__(self):
+        self.ldap_settings = pluginapi.get_config('mediagoblin.plugins.ldap')
+    def _connect(self, server):
+        _log.info('Connecting to {0}.'.format(server['LDAP_SERVER_URI']))
+        self.server = Server(server['LDAP_SERVER_URI'])
+        if 'LDAP_START_TLS' in server and server['LDAP_START_TLS'] == 'true':
+            _log.info('Initiating TLS')
+            self.server.start_tls()
+    def _manager_auth(self, settings, username, password):
+        conn = Connection(self.server,
+                settings['LDAP_BIND_DN'],
+                settings['LDAP_BIND_PW'],
+                auto_bind=True)
+        found = conn.search(
+                search_base=settings['LDAP_SEARCH_BASE'],
+                search_filter=settings['LDAP_SEARCH_FILTER'].format(username=username),
+                search_scope=SUBTREE,
+                attributes=[settings['EMAIL_SEARCH_FIELD']])
+        if (not found) or len(conn.entries) > 1:
+            return False, None
+        user = conn.entries[0]
+        user_dn = user.entry_dn
+        try:
+            email = user.entry_attributes_as_dict[settings['EMAIL_SEARCH_FIELD']][0]
+        except KeyError:
+            email = None
+        Connection(self.server, user_dn, password, auto_bind=True)
+        return username, email
+    def _direct_auth(self, settings, username, password):
+        user_dn = settings['LDAP_USER_DN_TEMPLATE'].format(username=username)
+        conn = Connection(self.server, user_dn, password, auto_bind=True)
+        email_found = conn.search(
+                search_base=settings['LDAP_SEARCH_BASE'],
+                search_filter='uid={0}'.format(username),
+                search_scope=SUBTREE,
+                attributes=[settings['EMAIL_SEARCH_FIELD']])
+        if email_found:
+            try:
+                email = conn.entries[0].entry_attributes_as_dict[settings['EMAIL_SEARCH_FIELD']][0]
+            except KeyError:
+                email = None
+        return username, email
+    def login(self, username, password):
+        for k, v in six.iteritems(self.ldap_settings):
+            try:
+                self._connect(v)
+                if 'LDAP_BIND_DN' in v:
+                    return self._manager_auth(v, username, password)
+                else:
+                    return self._direct_auth(v, username, password)
+            except LDAPException as e:
+                _log.info(e)
+        return False, None
diff --git a/nixops/modules/websites/tools/mediagoblin/mediagoblin-plugin-basicsearch.json b/nixops/modules/websites/tools/mediagoblin/mediagoblin-plugin-basicsearch.json
new file mode 100644
index 0000000..9abd994
--- /dev/null
+++ b/nixops/modules/websites/tools/mediagoblin/mediagoblin-plugin-basicsearch.json
@@ -0,0 +1,15 @@
+{
+  "tag": "ba0a154-master",
+  "meta": {
+    "name": "mediagoblin-plugin-basicsearch",
+    "url": "https://github.com/ayleph/mediagoblin-basicsearch",
+    "branch": "master"
+  },
+  "github": {
+    "owner": "ayleph",
+    "repo": "mediagoblin-basicsearch",
+    "rev": "ba0a1547bd24ebaf363227fe17644d38c6ce8a6b",
+    "sha256": "0d4r7xkf4gxmgaxlb264l44xbanis77g49frwfhfzsflxmdwgncy",
+    "fetchSubmodules": true
+  }
+}
diff --git a/nixops/modules/websites/tools/mediagoblin/mediagoblin.json b/nixops/modules/websites/tools/mediagoblin/mediagoblin.json
new file mode 100644
index 0000000..7ea72d1
--- /dev/null
+++ b/nixops/modules/websites/tools/mediagoblin/mediagoblin.json
@@ -0,0 +1,14 @@
+{
+  "tag": "cd465eb-stable",
+  "meta": {
+    "name": "mediagoblin",
+    "url": "git://git.savannah.gnu.org/mediagoblin.git",
+    "branch": "stable"
+  },
+  "git": {
+    "url": "git://git.savannah.gnu.org/mediagoblin.git",
+    "rev": "cd465ebfec837a75a44c4ebd727dffe2fff6d850",
+    "sha256": "1yz4i4i97z3rxl534a6psaybyjbyp5nnc52v3nvbpzc4pd2s69mx",
+    "fetchSubmodules": true
+  }
+}
diff --git a/nixops/modules/websites/tools/mediagoblin/mediagoblin.nix b/nixops/modules/websites/tools/mediagoblin/mediagoblin.nix
new file mode 100644
index 0000000..cad6225
--- /dev/null
+++ b/nixops/modules/websites/tools/mediagoblin/mediagoblin.nix
@@ -0,0 +1,288 @@
+{ env, makeWrapper, stdenv, writeText, fetchurl, buildBowerComponents, fetchedGit, fetchedGithub, which, python3, pkgs, automake, autoconf, nodejs, nodePackages, git, cacert }:
+let
+  plugins = {
+    basicsearch = stdenv.mkDerivation (fetchedGithub ./mediagoblin-plugin-basicsearch.json // rec {
+      phases = "unpackPhase installPhase";
+      installPhase = ''
+          cp -R . $out
+      '';
+    });
+  };
+  overridePython = let
+    packageOverrides = self: super: {
+      celery = super.celery.overridePythonAttrs(old: rec {
+        version = "3.1.26.post2";
+        src = self.fetchPypi {
+          inherit version;
+          inherit (old) pname;
+          sha256 = "5493e172ae817b81ba7d09443ada114886765a8ce02f16a56e6fac68d953a9b2";
+        };
+        patches = [];
+        doCheck = false;
+      });
+      billiard = super.billiard.overridePythonAttrs(old: rec {
+        version = "3.3.0.23";
+        src = self.fetchPypi {
+          inherit version;
+          inherit (old) pname;
+          sha256 = "02wxsc6bhqvzh8j6w758kvgqbnj14l796mvmrcms8fgfamd2lak9";
+        };
+      });
+      amqp = super.amqp.overridePythonAttrs(old: rec {
+        version = "1.4.9";
+        src = self.fetchPypi {
+          inherit version;
+          inherit (old) pname;
+          sha256 = "2dea4d16d073c902c3b89d9b96620fb6729ac0f7a923bbc777cb4ad827c0c61a";
+        };
+      });
+      kombu = super.kombu.overridePythonAttrs(old: rec {
+        version = "3.0.37";
+        src = self.fetchPypi {
+          inherit version;
+          inherit (old) pname;
+          sha256 = "e064a00c66b4d1058cd2b0523fb8d98c82c18450244177b6c0f7913016642650";
+        };
+        propagatedBuildInputs = old.propagatedBuildInputs ++ [ self.anyjson ];
+        doCheck = false;
+      });
+      sqlalchemy = super.sqlalchemy.overridePythonAttrs(old: rec {
+        version = "1.1.18";
+        src = self.fetchPypi {
+          inherit version;
+          inherit (old) pname;
+          sha256 = "8b0ec71af9291191ba83a91c03d157b19ab3e7119e27da97932a4773a3f664a9";
+        };
+      });
+      tempita_5_3_dev = super.buildPythonPackage (fetchedGithub ./tempita.json // rec {
+        buildInputs = with self; [ nose ];
+        disabled = false;
+      });
+      sqlalchemy_migrate = super.sqlalchemy_migrate.overridePythonAttrs(old: rec {
+        propagatedBuildInputs = with self; [ pbr tempita_5_3_dev decorator sqlalchemy six sqlparse ];
+      });
+      pasteScript = super.pasteScript.overridePythonAttrs(old: rec {
+        version = "2.0.2";
+        name = "PasteScript-${version}";
+        src = fetchurl {
+          url = "mirror://pypi/P/PasteScript/${name}.tar.gz";
+          sha256 = "1h3nnhn45kf4pbcv669ik4faw04j58k8vbj1hwrc532k0nc28gy0";
+        };
+        propagatedBuildInputs = with self; [ six paste PasteDeploy argparse ];
+      });
+    };
+    in
+      python3.override { inherit packageOverrides; };
+  pythonEnv = python-pkgs: with python-pkgs; [
+    waitress alembic dateutil wtforms pybcrypt
+    pytest pytest_xdist werkzeug celery
+    kombu jinja2 Babel webtest configobj markdown
+    sqlalchemy itsdangerous pytz sphinx six
+    oauthlib unidecode jsonschema PasteDeploy
+    requests PyLD exifread
+    typing pasteScript
+    # For images plugin
+    pillow
+    # For video plugin
+    gst-python
+    # migrations
+    sqlalchemy_migrate
+    # authentication
+    ldap3
+    redis
+    psycopg2
+  ];
+  python = overridePython.withPackages pythonEnv;
+  gmg = writeText "gmg" ''
+    #!${python}/bin/python
+    __requires__ = 'mediagoblin'
+    import sys
+    from pkg_resources import load_entry_point
+    if __name__ == '__main__':
+        sys.exit(
+            load_entry_point('mediagoblin', 'console_scripts', 'gmg')()
+        )
+    '';
+in
+  rec {
+    socketsDir = "/run/mediagoblin";
+    varDir = "/var/lib/mediagoblin";
+    bowerComponents = buildBowerComponents {
+      name = "mediagoblin-bower-components";
+      generated = ./bower-packages.nix;
+      src = (fetchedGit ./mediagoblin.json).src;
+    };
+    mediagoblin = stdenv.mkDerivation (fetchedGit ./mediagoblin.json // rec {
+      preConfigure = ''
+        # ./bootstrap.sh
+        aclocal -I m4 --install
+        autoreconf -fvi
+        # end
+        export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
+        export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
+        export HOME=$PWD
+        '';
+      configureFlags = [ "--with-python3" "--without-virtualenv" ];
+      postBuild = ''
+        cp -a ${bowerComponents}/bower_components/* extlib
+        chmod -R u+w extlib
+        make extlib
+        '';
+      installPhase = ''
+        sed -i "s/registry.has_key(current_theme_name)/current_theme_name in registry/" mediagoblin/tools/theme.py
+        sed -i -e "s@\[DEFAULT\]@[DEFAULT]\nhere = $out@" mediagoblin/config_spec.ini
+        cp ${./ldap_fix.py} mediagoblin/plugins/ldap/tools.py
+        ln -s ${plugins.basicsearch}/basicsearch mediagoblin/plugins/basicsearch
+        find . -name '*.pyc' -delete
+        find . -type f -exec sed -i "s|$PWD|$out|g" {} \;
+        python setup.py build
+        cp -a . $out
+        mkdir $out/bin
+        cp ${gmg} $out/bin/gmg
+        chmod a+x $out/bin/gmg
+        '';
+      buildInputs = [ makeWrapper git cacert automake autoconf which nodePackages.bower nodejs python ];
+      propagatedBuildInputs = [ python ];
+    });
+    paste_local = writeText "paste_local.ini" ''
+      [DEFAULT]
+      debug = false
+      [pipeline:main]
+      pipeline = mediagoblin
+      [app:mediagoblin]
+      use = egg:mediagoblin#app
+      config = %(here)s/mediagoblin_local.ini %(here)s/mediagoblin.ini
+      /mgoblin_static = %(here)s/mediagoblin/static
+      [loggers]
+      keys = root
+      [handlers]
+      keys = console
+      [formatters]
+      keys = generic
+      [logger_root]
+      level = INFO
+      handlers = console
+      [handler_console]
+      class = StreamHandler
+      args = (sys.stderr,)
+      level = NOTSET
+      formatter = generic
+      [formatter_generic]
+      format = %(levelname)-7.7s [%(name)s] %(message)s
+      [filter:errors]
+      use = egg:mediagoblin#errors
+      debug = false
+      [server:main]
+      use = egg:waitress#main
+      unix_socket = ${socketsDir}/mediagoblin.sock
+      unix_socket_perms = 777
+      url_scheme = https
+      '';
+    mediagoblin_local = writeText "mediagoblin_local.ini" ''
+      [DEFAULT]
+      data_basedir = "${varDir}"
+      [mediagoblin]
+      direct_remote_path = /mgoblin_static/
+      email_sender_address = "mediagoblin@mail.immae.eu"
+      #sql_engine = sqlite:///%(data_basedir)s/mediagoblin.db
+      sql_engine = ${env.psql_url}
+      email_debug_mode = false
+      allow_registration = false
+      allow_reporting = true
+      theme = airymodified
+      user_privilege_scheme = "uploader,commenter,reporter"
+      # We need to redefine them here since we override data_basedir
+      # cf /usr/share/webapps/mediagoblin/mediagoblin/config_spec.ini
+      workbench_path = %(data_basedir)s/media/workbench
+      crypto_path = %(data_basedir)s/crypto
+      theme_install_dir = %(data_basedir)s/themes/
+      theme_linked_assets_dir = %(data_basedir)s/theme_static/
+      plugin_linked_assets_dir = %(data_basedir)s/plugin_static/
+      [storage:queuestore]
+      base_dir = %(data_basedir)s/media/queue
+      [storage:publicstore]
+      base_dir = %(data_basedir)s/media/public
+      base_url = /mgoblin_media/
+      [celery]
+      CELERY_RESULT_DBURI = ${env.redis_url}
+      BROKER_URL = ${env.redis_url}
+      CELERYD_CONCURRENCY = 1
+      [plugins]
+        [[mediagoblin.plugins.geolocation]]
+        [[mediagoblin.plugins.ldap]]
+          [[[immae.eu]]]
+            LDAP_SERVER_URI = 'ldaps://ldap.immae.eu:636'
+            LDAP_SEARCH_BASE = 'dc=immae,dc=eu'
+            LDAP_BIND_DN = 'cn=mediagoblin,ou=services,dc=immae,dc=eu'
+            LDAP_BIND_PW = '${env.ldap.password}'
+            LDAP_SEARCH_FILTER = '(&(memberOf=cn=users,cn=mediagoblin,ou=services,dc=immae,dc=eu)(uid={username}))'
+            EMAIL_SEARCH_FIELD = 'mail'
+        [[mediagoblin.plugins.basicsearch]]
+        [[mediagoblin.plugins.piwigo]]
+        [[mediagoblin.plugins.processing_info]]
+        [[mediagoblin.media_types.image]]
+        [[mediagoblin.media_types.video]]
+      '';
+    pythonRoot =
+      with pkgs.gst_all_1;
+      stdenv.mkDerivation {
+        name = "mediagoblin_immae";
+        inherit mediagoblin;
+        buildInputs=  [ makeWrapper ];
+        propagatedBuildInputs = [ gst-libav gst-plugins-good gst-plugins-bad gst-plugins-ugly gstreamer ];
+        builder = let
+          libpaths = [
+            python
+            gstreamer
+            gst-plugins-base
+            gst-libav
+            gst-plugins-good
+            gst-plugins-bad
+            gst-plugins-ugly
+          ];
+          plugin_paths = builtins.concatStringsSep ":" (map (x: "${x}/lib") libpaths);
+          typelib_paths = "${gstreamer}/lib/girepository-1.0:${gst-plugins-base}/lib/girepository-1.0";
+        in writeText "build_mediagoblin_immae" ''
+          source $stdenv/setup
+          cp -a $mediagoblin $out
+          cd $out
+          chmod -R u+rwX .
+          sed -i -e "/from gi.repository import GstPbutils/s/^/gi.require_version('GstPbutils', '1.0')\n/" mediagoblin/media_types/video/transcoders.py
+          wrapProgram bin/gmg --prefix PYTHONPATH : "$out:$PYTHONPATH" \
+            --prefix GST_PLUGIN_SYSTEM_PATH : ${plugin_paths} \
+            --prefix GI_TYPELIB_PATH : ${typelib_paths}
+          makeWrapper ${python}/bin/paster bin/paster --prefix PYTHONPATH : "$out:$PYTHONPATH" \
+            --prefix GST_PLUGIN_SYSTEM_PATH : ${plugin_paths} \
+            --prefix GI_TYPELIB_PATH : ${typelib_paths}
+          makeWrapper ${python}/bin/celery bin/celery --prefix PYTHONPATH : "$out:$PYTHONPATH" \
+            --prefix GST_PLUGIN_SYSTEM_PATH : ${plugin_paths} \
+            --prefix GI_TYPELIB_PATH : ${typelib_paths}
+          find . -type f -exec sed -i "s|$mediagoblin|$out|g" {} \;
+          ln -s ${paste_local} ./paste_local.ini
+          ln -s ${mediagoblin_local} ./mediagoblin_local.ini
+          ln -sf ../../../../../${varDir} ./user_dev
+          '';
+      };
+  }
diff --git a/nixops/modules/websites/tools/mediagoblin/tempita.json b/nixops/modules/websites/tools/mediagoblin/tempita.json
new file mode 100644
index 0000000..5371e17
--- /dev/null
+++ b/nixops/modules/websites/tools/mediagoblin/tempita.json
@@ -0,0 +1,15 @@
+{
+  "tag": "47414a7-master",
+  "meta": {
+    "name": "tempita",
+    "url": "https://github.com/gjhiggins/tempita",
+    "branch": "master"
+  },
+  "github": {
+    "owner": "gjhiggins",
+    "repo": "tempita",
+    "rev": "47414a7c6e46a9a9afe78f0bce2ea299fa84d10d",
+    "sha256": "0f33jjjs5rvp7ar2j6ggyfykcrsrn04jaqcq71qfvycf6b7nw3rn",
+    "fetchSubmodules": true
+  }
+}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-01-25 23:15:08 +0100
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-01-25 23:15:08 +0100
commit	01f21083a897b86bf148f1d2bb9c8edca4d3786a (patch)
tree	784f04e9b6ef99a49e572c84e4b7ab40b5eb5fde /nixops/modules/websites/tools/mediagoblin
parent	bfe3c9c9df0c5112bc8806483292b55ed0f7e02d (diff)
download	Nix-01f21083a897b86bf148f1d2bb9c8edca4d3786a.tar.gz Nix-01f21083a897b86bf148f1d2bb9c8edca4d3786a.tar.zst Nix-01f21083a897b86bf148f1d2bb9c8edca4d3786a.zip

diff --git a/nixops/modules/websites/tools/mediagoblin/bower-packages.nix b/nixops/modules/websites/tools/mediagoblin/bower-packages.nix new file mode 100644 index 0000000..03af849 --- /dev/null +++ b/nixops/modules/websites/tools/mediagoblin/bower-packages.nix
@@ -0,0 +1,8 @@
	1	# Generated by bower2nix v3.2.0 (https://github.com/rvl/bower2nix)
	2	{ fetchbower, buildEnv }:
	3	buildEnv { name = "bower-env"; ignoreCollisions = true; paths = [
	4	(fetchbower "jquery" "2.1.4" "~2.1.3" "1ywrpk2xsr6ghkm3j9gfnl9r3jn6xarfamp99b0bcm57kq9fm2k0")
	5	(fetchbower "video.js" "4.11.4" "~4.11.4" "05prdvyk0rxbkh7sdd0d9ns5l5crwvc68wzkyqmrdjw367pcv8sn")
	6	(fetchbower "leaflet" "0.7.7" "~0.7.3" "0jim285bljmxxngpm3yx6bnnd10n2whwkgmmhzpcd1rdksnr5nca")
	7	(fetchbower "tinymce" "4.1.10" "~4.1.7" "16jyvdb9bq8gjwhs69q8p88vdixalajrz81nsmbrzzxhkih57dyx")
	8	]; }


diff --git a/nixops/modules/websites/tools/mediagoblin/default.nix b/nixops/modules/websites/tools/mediagoblin/default.nix new file mode 100644 index 0000000..5f60503 --- /dev/null +++ b/nixops/modules/websites/tools/mediagoblin/default.nix
@@ -0,0 +1,147 @@
	1	{ lib, pkgs, config, myconfig, mylibs, ... }:
	2	let
	3	mediagoblin = pkgs.callPackage ./mediagoblin.nix {
	4	inherit (mylibs) fetchedGit fetchedGithub;
	5	env = myconfig.env.tools.mediagoblin;
	6	};
	7
	8	cfg = config.services.myWebsites.tools.mediagoblin;
	9	in {
	10	options.services.myWebsites.tools.mediagoblin = {
	11	enable = lib.mkEnableOption "enable mediagoblin's website";
	12	};
	13
	14	config = lib.mkIf cfg.enable {
	15	ids.uids.mediagoblin = 397;
	16	ids.gids.mediagoblin = 397;
	17
	18	users.users.mediagoblin = {
	19	name = "mediagoblin";
	20	uid = config.ids.uids.mediagoblin;
	21	group = "mediagoblin";
	22	description = "Mediagoblin user";
	23	home = mediagoblin.varDir;
	24	useDefaultShell = true;
	25	};
	26
	27	users.groups.mediagoblin.gid = config.ids.gids.mediagoblin;
	28
	29	systemd.services.mediagoblin-web = {
	30	description = "Mediagoblin service";
	31	wantedBy = [ "multi-user.target" ];
	32	after = [ "network.target" ];
	33
	34	environment.SCRIPT_NAME = "/mediagoblin/";
	35
	36	script = ''
	37	exec ./bin/paster serve \
	38	${mediagoblin.pythonRoot}/paste_local.ini \
	39	--pid-file=${mediagoblin.socketsDir}/mediagoblin.pid
	40	'';
	41
	42	preStop = ''
	43	exec ./bin/paster serve \
	44	--pid-file=${mediagoblin.socketsDir}/mediagoblin.pid \
	45	${mediagoblin.pythonRoot}/paste_local.ini stop
	46	'';
	47	preStart = ''
	48	./bin/gmg dbupdate
	49	'';
	50
	51	serviceConfig = {
	52	User = "mediagoblin";
	53	PrivateTmp = true;
	54	Restart = "always";
	55	TimeoutSec = 15;
	56	Type = "simple";
	57	WorkingDirectory = mediagoblin.pythonRoot;
	58	PIDFile = "${mediagoblin.socketsDir}/mediagoblin.pid";
	59	};
	60
	61	unitConfig.RequiresMountsFor = mediagoblin.varDir;
	62	};
	63
	64	systemd.services.mediagoblin-celeryd = {
	65	description = "Mediagoblin service";
	66	wantedBy = [ "multi-user.target" ];
	67	after = [ "network.target" "mediagoblin-web.service" ];
	68
	69	environment.MEDIAGOBLIN_CONFIG = "${mediagoblin.pythonRoot}/mediagoblin_local.ini";
	70	environment.CELERY_CONFIG_MODULE = "mediagoblin.init.celery.from_celery";
	71
	72	script = ''
	73	exec ./bin/celery worker \
	74	--logfile=${mediagoblin.varDir}/celery.log \
	75	--loglevel=INFO
	76	'';
	77
	78	serviceConfig = {
	79	User = "mediagoblin";
	80	PrivateTmp = true;
	81	Restart = "always";
	82	TimeoutSec = 60;
	83	Type = "simple";
	84	WorkingDirectory = mediagoblin.pythonRoot;
	85	PIDFile = "${mediagoblin.socketsDir}/mediagoblin-celeryd.pid";
	86	};
	87
	88	unitConfig.RequiresMountsFor = mediagoblin.varDir;
	89	};
	90
	91	system.activationScripts.mediagoblin = {
	92	deps = [ "users" ];
	93	text = ''
	94	install -m 0755 -o mediagoblin -g mediagoblin -d ${mediagoblin.socketsDir}
	95	install -m 0755 -o mediagoblin -g mediagoblin -d ${mediagoblin.varDir}
	96	if [ -d ${mediagoblin.varDir}/plugin_static/ ]; then
	97	rm ${mediagoblin.varDir}/plugin_static/coreplugin_basic_auth
	98	ln -sf ${mediagoblin.pythonRoot}/mediagoblin/plugins/basic_auth/static ${mediagoblin.varDir}/plugin_static/coreplugin_basic_auth
	99	fi
	100	'';
	101	};
	102
	103	services.myWebsites.tools.modules = [
	104	"proxy" "proxy_http" "proxy_balancer"
	105	"lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat"
	106	];
	107	users.users.wwwrun.extraGroups = [ "mediagoblin" ];
	108	security.acme.certs."eldiron".extraDomains."mgoblin.immae.eu" = null;
	109	services.myWebsites.tools.vhostConfs.mgoblin = {
	110	certName = "eldiron";
	111	hosts = ["mgoblin.immae.eu" ];
	112	root = null;
	113	extraConfig = [ ''
	114	Alias /mgoblin_media ${mediagoblin.varDir}/media/public
	115	<Directory ${mediagoblin.varDir}/media/public>
	116	Options -Indexes +FollowSymLinks +MultiViews +Includes
	117	Require all granted
	118	</Directory>
	119
	120	Alias /theme_static ${mediagoblin.varDir}/theme_static
	121	<Directory ${mediagoblin.varDir}/theme_static>
	122	Options -Indexes +FollowSymLinks +MultiViews +Includes
	123	Require all granted
	124	</Directory>
	125
	126	Alias /plugin_static ${mediagoblin.varDir}/plugin_static
	127	<Directory ${mediagoblin.varDir}/plugin_static>
	128	Options -Indexes +FollowSymLinks +MultiViews +Includes
	129	Require all granted
	130	</Directory>
	131
	132	ProxyPreserveHost on
	133	ProxyVia On
	134	ProxyRequests Off
	135	ProxyPass /mgoblin_media !
	136	ProxyPass /theme_static !
	137	ProxyPass /plugin_static !
	138	ProxyPassMatch ^/.well-known/acme-challenge !
	139	ProxyPass / balancer://paster_server/
	140	ProxyPassReverse / balancer://paster_server
	141	<Proxy balancer://paster_server>
	142	BalancerMember unix://${mediagoblin.socketsDir}/mediagoblin.sock\|http://
	143	</Proxy>
	144	'' ];
	145	};
	146	};
	147	}


diff --git a/nixops/modules/websites/tools/mediagoblin/ldap_fix.py b/nixops/modules/websites/tools/mediagoblin/ldap_fix.py new file mode 100644 index 0000000..10cc375 --- /dev/null +++ b/nixops/modules/websites/tools/mediagoblin/ldap_fix.py
@@ -0,0 +1,93 @@
	1	# GNU MediaGoblin -- federated, autonomous media hosting
	2	# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
	3	#
	4	# This program is free software: you can redistribute it and/or modify
	5	# it under the terms of the GNU Affero General Public License as published by
	6	# the Free Software Foundation, either version 3 of the License, or
	7	# (at your option) any later version.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU Affero General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16	from ldap3 import Server, Connection, SUBTREE
	17	from ldap3.core.exceptions import LDAPException
	18	import logging
	19
	20	import six
	21
	22	from mediagoblin.tools import pluginapi
	23
	24	_log = logging.getLogger(__name__)
	25
	26
	27	class LDAP(object):
	28	def __init__(self):
	29	self.ldap_settings = pluginapi.get_config('mediagoblin.plugins.ldap')
	30
	31	def _connect(self, server):
	32	_log.info('Connecting to {0}.'.format(server['LDAP_SERVER_URI']))
	33	self.server = Server(server['LDAP_SERVER_URI'])
	34
	35	if 'LDAP_START_TLS' in server and server['LDAP_START_TLS'] == 'true':
	36	_log.info('Initiating TLS')
	37	self.server.start_tls()
	38
	39	def _manager_auth(self, settings, username, password):
	40	conn = Connection(self.server,
	41	settings['LDAP_BIND_DN'],
	42	settings['LDAP_BIND_PW'],
	43	auto_bind=True)
	44	found = conn.search(
	45	search_base=settings['LDAP_SEARCH_BASE'],
	46	search_filter=settings['LDAP_SEARCH_FILTER'].format(username=username),
	47	search_scope=SUBTREE,
	48	attributes=[settings['EMAIL_SEARCH_FIELD']])
	49	if (not found) or len(conn.entries) > 1:
	50	return False, None
	51
	52	user = conn.entries[0]
	53	user_dn = user.entry_dn
	54	try:
	55	email = user.entry_attributes_as_dict[settings['EMAIL_SEARCH_FIELD']][0]
	56	except KeyError:
	57	email = None
	58
	59	Connection(self.server, user_dn, password, auto_bind=True)
	60
	61	return username, email
	62
	63	def _direct_auth(self, settings, username, password):
	64	user_dn = settings['LDAP_USER_DN_TEMPLATE'].format(username=username)
	65	conn = Connection(self.server, user_dn, password, auto_bind=True)
	66	email_found = conn.search(
	67	search_base=settings['LDAP_SEARCH_BASE'],
	68	search_filter='uid={0}'.format(username),
	69	search_scope=SUBTREE,
	70	attributes=[settings['EMAIL_SEARCH_FIELD']])
	71
	72	if email_found:
	73	try:
	74	email = conn.entries[0].entry_attributes_as_dict[settings['EMAIL_SEARCH_FIELD']][0]
	75	except KeyError:
	76	email = None
	77
	78	return username, email
	79
	80	def login(self, username, password):
	81	for k, v in six.iteritems(self.ldap_settings):
	82	try:
	83	self._connect(v)
	84
	85	if 'LDAP_BIND_DN' in v:
	86	return self._manager_auth(v, username, password)
	87	else:
	88	return self._direct_auth(v, username, password)
	89
	90	except LDAPException as e:
	91	_log.info(e)
	92
	93	return False, None


diff --git a/nixops/modules/websites/tools/mediagoblin/mediagoblin-plugin-basicsearch.json b/nixops/modules/websites/tools/mediagoblin/mediagoblin-plugin-basicsearch.json new file mode 100644 index 0000000..9abd994 --- /dev/null +++ b/nixops/modules/websites/tools/mediagoblin/mediagoblin-plugin-basicsearch.json
@@ -0,0 +1,15 @@
	1	{
	2	"tag": "ba0a154-master",
	3	"meta": {
	4	"name": "mediagoblin-plugin-basicsearch",
	5	"url": "https://github.com/ayleph/mediagoblin-basicsearch",
	6	"branch": "master"
	7	},
	8	"github": {
	9	"owner": "ayleph",
	10	"repo": "mediagoblin-basicsearch",
	11	"rev": "ba0a1547bd24ebaf363227fe17644d38c6ce8a6b",
	12	"sha256": "0d4r7xkf4gxmgaxlb264l44xbanis77g49frwfhfzsflxmdwgncy",
	13	"fetchSubmodules": true
	14	}
	15	}


diff --git a/nixops/modules/websites/tools/mediagoblin/mediagoblin.json b/nixops/modules/websites/tools/mediagoblin/mediagoblin.json new file mode 100644 index 0000000..7ea72d1 --- /dev/null +++ b/nixops/modules/websites/tools/mediagoblin/mediagoblin.json
@@ -0,0 +1,14 @@
	1	{
	2	"tag": "cd465eb-stable",
	3	"meta": {
	4	"name": "mediagoblin",
	5	"url": "git://git.savannah.gnu.org/mediagoblin.git",
	6	"branch": "stable"
	7	},
	8	"git": {
	9	"url": "git://git.savannah.gnu.org/mediagoblin.git",
	10	"rev": "cd465ebfec837a75a44c4ebd727dffe2fff6d850",
	11	"sha256": "1yz4i4i97z3rxl534a6psaybyjbyp5nnc52v3nvbpzc4pd2s69mx",
	12	"fetchSubmodules": true
	13	}
	14	}


diff --git a/nixops/modules/websites/tools/mediagoblin/mediagoblin.nix b/nixops/modules/websites/tools/mediagoblin/mediagoblin.nix new file mode 100644 index 0000000..cad6225 --- /dev/null +++ b/nixops/modules/websites/tools/mediagoblin/mediagoblin.nix
@@ -0,0 +1,288 @@
	1	{ env, makeWrapper, stdenv, writeText, fetchurl, buildBowerComponents, fetchedGit, fetchedGithub, which, python3, pkgs, automake, autoconf, nodejs, nodePackages, git, cacert }:
	2	let
	3	plugins = {
	4	basicsearch = stdenv.mkDerivation (fetchedGithub ./mediagoblin-plugin-basicsearch.json // rec {
	5	phases = "unpackPhase installPhase";
	6	installPhase = ''
	7	cp -R . $out
	8	'';
	9	});
	10	};
	11	overridePython = let
	12	packageOverrides = self: super: {
	13	celery = super.celery.overridePythonAttrs(old: rec {
	14	version = "3.1.26.post2";
	15	src = self.fetchPypi {
	16	inherit version;
	17	inherit (old) pname;
	18	sha256 = "5493e172ae817b81ba7d09443ada114886765a8ce02f16a56e6fac68d953a9b2";
	19	};
	20	patches = [];
	21	doCheck = false;
	22	});
	23	billiard = super.billiard.overridePythonAttrs(old: rec {
	24	version = "3.3.0.23";
	25	src = self.fetchPypi {
	26	inherit version;
	27	inherit (old) pname;
	28	sha256 = "02wxsc6bhqvzh8j6w758kvgqbnj14l796mvmrcms8fgfamd2lak9";
	29	};
	30	});
	31	amqp = super.amqp.overridePythonAttrs(old: rec {
	32	version = "1.4.9";
	33	src = self.fetchPypi {
	34	inherit version;
	35	inherit (old) pname;
	36	sha256 = "2dea4d16d073c902c3b89d9b96620fb6729ac0f7a923bbc777cb4ad827c0c61a";
	37	};
	38	});
	39	kombu = super.kombu.overridePythonAttrs(old: rec {
	40	version = "3.0.37";
	41	src = self.fetchPypi {
	42	inherit version;
	43	inherit (old) pname;
	44	sha256 = "e064a00c66b4d1058cd2b0523fb8d98c82c18450244177b6c0f7913016642650";
	45	};
	46	propagatedBuildInputs = old.propagatedBuildInputs ++ [ self.anyjson ];
	47	doCheck = false;
	48	});
	49	sqlalchemy = super.sqlalchemy.overridePythonAttrs(old: rec {
	50	version = "1.1.18";
	51	src = self.fetchPypi {
	52	inherit version;
	53	inherit (old) pname;
	54	sha256 = "8b0ec71af9291191ba83a91c03d157b19ab3e7119e27da97932a4773a3f664a9";
	55	};
	56	});
	57	tempita_5_3_dev = super.buildPythonPackage (fetchedGithub ./tempita.json // rec {
	58	buildInputs = with self; [ nose ];
	59	disabled = false;
	60	});
	61	sqlalchemy_migrate = super.sqlalchemy_migrate.overridePythonAttrs(old: rec {
	62	propagatedBuildInputs = with self; [ pbr tempita_5_3_dev decorator sqlalchemy six sqlparse ];
	63	});
	64	pasteScript = super.pasteScript.overridePythonAttrs(old: rec {
	65	version = "2.0.2";
	66	name = "PasteScript-${version}";
	67	src = fetchurl {
	68	url = "mirror://pypi/P/PasteScript/${name}.tar.gz";
	69	sha256 = "1h3nnhn45kf4pbcv669ik4faw04j58k8vbj1hwrc532k0nc28gy0";
	70	};
	71	propagatedBuildInputs = with self; [ six paste PasteDeploy argparse ];
	72	});
	73	};
	74	in
	75	python3.override { inherit packageOverrides; };
	76	pythonEnv = python-pkgs: with python-pkgs; [
	77	waitress alembic dateutil wtforms pybcrypt
	78	pytest pytest_xdist werkzeug celery
	79	kombu jinja2 Babel webtest configobj markdown
	80	sqlalchemy itsdangerous pytz sphinx six
	81	oauthlib unidecode jsonschema PasteDeploy
	82	requests PyLD exifread
	83	typing pasteScript
	84	# For images plugin
	85	pillow
	86	# For video plugin
	87	gst-python
	88	# migrations
	89	sqlalchemy_migrate
	90	# authentication
	91	ldap3
	92	redis
	93	psycopg2
	94	];
	95	python = overridePython.withPackages pythonEnv;
	96	gmg = writeText "gmg" ''
	97	#!${python}/bin/python
	98	__requires__ = 'mediagoblin'
	99	import sys
	100	from pkg_resources import load_entry_point
	101
	102	if __name__ == '__main__':
	103	sys.exit(
	104	load_entry_point('mediagoblin', 'console_scripts', 'gmg')()
	105	)
	106	'';
	107	in
	108	rec {
	109	socketsDir = "/run/mediagoblin";
	110	varDir = "/var/lib/mediagoblin";
	111	bowerComponents = buildBowerComponents {
	112	name = "mediagoblin-bower-components";
	113	generated = ./bower-packages.nix;
	114	src = (fetchedGit ./mediagoblin.json).src;
	115	};
	116	mediagoblin = stdenv.mkDerivation (fetchedGit ./mediagoblin.json // rec {
	117	preConfigure = ''
	118	# ./bootstrap.sh
	119	aclocal -I m4 --install
	120	autoreconf -fvi
	121	# end
	122	export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
	123	export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
	124	export HOME=$PWD
	125	'';
	126	configureFlags = [ "--with-python3" "--without-virtualenv" ];
	127	postBuild = ''
	128	cp -a ${bowerComponents}/bower_components/* extlib
	129	chmod -R u+w extlib
	130	make extlib
	131	'';
	132	installPhase = ''
	133	sed -i "s/registry.has_key(current_theme_name)/current_theme_name in registry/" mediagoblin/tools/theme.py
	134	sed -i -e "s@\[DEFAULT\]@[DEFAULT]\nhere = $out@" mediagoblin/config_spec.ini
	135	cp ${./ldap_fix.py} mediagoblin/plugins/ldap/tools.py
	136	ln -s ${plugins.basicsearch}/basicsearch mediagoblin/plugins/basicsearch
	137	find . -name '*.pyc' -delete
	138	find . -type f -exec sed -i "s\|$PWD\|$out\|g" {} \;
	139	python setup.py build
	140	cp -a . $out
	141	mkdir $out/bin
	142	cp ${gmg} $out/bin/gmg
	143	chmod a+x $out/bin/gmg
	144	'';
	145	buildInputs = [ makeWrapper git cacert automake autoconf which nodePackages.bower nodejs python ];
	146	propagatedBuildInputs = [ python ];
	147	});
	148	paste_local = writeText "paste_local.ini" ''
	149	[DEFAULT]
	150	debug = false
	151
	152	[pipeline:main]
	153	pipeline = mediagoblin
	154
	155	[app:mediagoblin]
	156	use = egg:mediagoblin#app
	157	config = %(here)s/mediagoblin_local.ini %(here)s/mediagoblin.ini
	158	/mgoblin_static = %(here)s/mediagoblin/static
	159
	160	[loggers]
	161	keys = root
	162
	163	[handlers]
	164	keys = console
	165
	166	[formatters]
	167	keys = generic
	168
	169	[logger_root]
	170	level = INFO
	171	handlers = console
	172
	173	[handler_console]
	174	class = StreamHandler
	175	args = (sys.stderr,)
	176	level = NOTSET
	177	formatter = generic
	178
	179	[formatter_generic]
	180	format = %(levelname)-7.7s [%(name)s] %(message)s
	181
	182	[filter:errors]
	183	use = egg:mediagoblin#errors
	184	debug = false
	185
	186	[server:main]
	187	use = egg:waitress#main
	188	unix_socket = ${socketsDir}/mediagoblin.sock
	189	unix_socket_perms = 777
	190	url_scheme = https
	191	'';
	192
	193	mediagoblin_local = writeText "mediagoblin_local.ini" ''
	194	[DEFAULT]
	195	data_basedir = "${varDir}"
	196
	197	[mediagoblin]
	198	direct_remote_path = /mgoblin_static/
	199	email_sender_address = "mediagoblin@mail.immae.eu"
	200
	201	#sql_engine = sqlite:///%(data_basedir)s/mediagoblin.db
	202	sql_engine = ${env.psql_url}
	203
	204	email_debug_mode = false
	205	allow_registration = false
	206	allow_reporting = true
	207
	208	theme = airymodified
	209
	210	user_privilege_scheme = "uploader,commenter,reporter"
	211
	212	# We need to redefine them here since we override data_basedir
	213	# cf /usr/share/webapps/mediagoblin/mediagoblin/config_spec.ini
	214	workbench_path = %(data_basedir)s/media/workbench
	215	crypto_path = %(data_basedir)s/crypto
	216	theme_install_dir = %(data_basedir)s/themes/
	217	theme_linked_assets_dir = %(data_basedir)s/theme_static/
	218	plugin_linked_assets_dir = %(data_basedir)s/plugin_static/
	219
	220	[storage:queuestore]
	221	base_dir = %(data_basedir)s/media/queue
	222
	223	[storage:publicstore]
	224	base_dir = %(data_basedir)s/media/public
	225	base_url = /mgoblin_media/
	226
	227	[celery]
	228	CELERY_RESULT_DBURI = ${env.redis_url}
	229	BROKER_URL = ${env.redis_url}
	230	CELERYD_CONCURRENCY = 1
	231
	232	[plugins]
	233	[[mediagoblin.plugins.geolocation]]
	234	[[mediagoblin.plugins.ldap]]
	235	[[[immae.eu]]]
	236	LDAP_SERVER_URI = 'ldaps://ldap.immae.eu:636'
	237	LDAP_SEARCH_BASE = 'dc=immae,dc=eu'
	238	LDAP_BIND_DN = 'cn=mediagoblin,ou=services,dc=immae,dc=eu'
	239	LDAP_BIND_PW = '${env.ldap.password}'
	240	LDAP_SEARCH_FILTER = '(&(memberOf=cn=users,cn=mediagoblin,ou=services,dc=immae,dc=eu)(uid={username}))'
	241	EMAIL_SEARCH_FIELD = 'mail'
	242	[[mediagoblin.plugins.basicsearch]]
	243	[[mediagoblin.plugins.piwigo]]
	244	[[mediagoblin.plugins.processing_info]]
	245	[[mediagoblin.media_types.image]]
	246	[[mediagoblin.media_types.video]]
	247	'';
	248	pythonRoot =
	249	with pkgs.gst_all_1;
	250	stdenv.mkDerivation {
	251	name = "mediagoblin_immae";
	252	inherit mediagoblin;
	253	buildInputs= [ makeWrapper ];
	254	propagatedBuildInputs = [ gst-libav gst-plugins-good gst-plugins-bad gst-plugins-ugly gstreamer ];
	255	builder = let
	256	libpaths = [
	257	python
	258	gstreamer
	259	gst-plugins-base
	260	gst-libav
	261	gst-plugins-good
	262	gst-plugins-bad
	263	gst-plugins-ugly
	264	];
	265	plugin_paths = builtins.concatStringsSep ":" (map (x: "${x}/lib") libpaths);
	266	typelib_paths = "${gstreamer}/lib/girepository-1.0:${gst-plugins-base}/lib/girepository-1.0";
	267	in writeText "build_mediagoblin_immae" ''
	268	source $stdenv/setup
	269	cp -a $mediagoblin $out
	270	cd $out
	271	chmod -R u+rwX .
	272	sed -i -e "/from gi.repository import GstPbutils/s/^/gi.require_version('GstPbutils', '1.0')\n/" mediagoblin/media_types/video/transcoders.py
	273	wrapProgram bin/gmg --prefix PYTHONPATH : "$out:$PYTHONPATH" \
	274	--prefix GST_PLUGIN_SYSTEM_PATH : ${plugin_paths} \
	275	--prefix GI_TYPELIB_PATH : ${typelib_paths}
	276	makeWrapper ${python}/bin/paster bin/paster --prefix PYTHONPATH : "$out:$PYTHONPATH" \
	277	--prefix GST_PLUGIN_SYSTEM_PATH : ${plugin_paths} \
	278	--prefix GI_TYPELIB_PATH : ${typelib_paths}
	279	makeWrapper ${python}/bin/celery bin/celery --prefix PYTHONPATH : "$out:$PYTHONPATH" \
	280	--prefix GST_PLUGIN_SYSTEM_PATH : ${plugin_paths} \
	281	--prefix GI_TYPELIB_PATH : ${typelib_paths}
	282	find . -type f -exec sed -i "s\|$mediagoblin\|$out\|g" {} \;
	283	ln -s ${paste_local} ./paste_local.ini
	284	ln -s ${mediagoblin_local} ./mediagoblin_local.ini
	285	ln -sf ../../../../../${varDir} ./user_dev
	286	'';
	287	};
	288	}


diff --git a/nixops/modules/websites/tools/mediagoblin/tempita.json b/nixops/modules/websites/tools/mediagoblin/tempita.json new file mode 100644 index 0000000..5371e17 --- /dev/null +++ b/nixops/modules/websites/tools/mediagoblin/tempita.json
@@ -0,0 +1,15 @@
	1	{
	2	"tag": "47414a7-master",
	3	"meta": {
	4	"name": "tempita",
	5	"url": "https://github.com/gjhiggins/tempita",
	6	"branch": "master"
	7	},
	8	"github": {
	9	"owner": "gjhiggins",
	10	"repo": "tempita",
	11	"rev": "47414a7c6e46a9a9afe78f0bce2ea299fa84d10d",
	12	"sha256": "0f33jjjs5rvp7ar2j6ggyfykcrsrn04jaqcq71qfvycf6b7nw3rn",
	13	"fetchSubmodules": true
	14	}
	15	}