aboutsummaryrefslogtreecommitdiff
path: root/systems/eldiron/websites/mgoblin
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2023-10-04 01:35:06 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2023-10-04 02:11:48 +0200
commit1a64deeb894dc95e2645a75771732c6cc53a79ad (patch)
tree1b9df4838f894577a09b9b260151756272efeb53 /systems/eldiron/websites/mgoblin
parentfa25ffd4583cc362075cd5e1b4130f33306103f0 (diff)
downloadNix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz
Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst
Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip
Squash changes containing private information
There were a lot of changes since the previous commit, but a lot of them contained personnal information about users. All thos changes got stashed into a single commit (history is kept in a different place) and private information was moved in a separate private repository
Diffstat (limited to 'systems/eldiron/websites/mgoblin')
-rw-r--r--systems/eldiron/websites/mgoblin/default.nix173
1 files changed, 173 insertions, 0 deletions
diff --git a/systems/eldiron/websites/mgoblin/default.nix b/systems/eldiron/websites/mgoblin/default.nix
new file mode 100644
index 0000000..f276c62
--- /dev/null
+++ b/systems/eldiron/websites/mgoblin/default.nix
@@ -0,0 +1,173 @@
1{ lib, pkgs, config, mediagoblin, ... }:
2let
3 env = config.myEnv.tools.mediagoblin;
4 cfg = config.myServices.websites.tools.mediagoblin;
5 mcfg = config.services.mediagoblin;
6in {
7 options.myServices.websites.tools.mediagoblin = {
8 enable = lib.mkEnableOption "enable mediagoblin's website";
9 };
10
11 config = lib.mkIf cfg.enable {
12 myServices.dns.zones."immae.eu".subdomains.mgoblin =
13 with config.myServices.dns.helpers; ips servers.eldiron.ips.main;
14
15 myServices.chatonsProperties.services.mediagoblin = {
16 file.datetime = "2022-08-21T20:00:00";
17 service = {
18 name = "Mediagoblin";
19 description = "MediaGoblin is a free software media publishing platform that anyone can run";
20 website = "https://mgoblin.immae.eu/";
21 logo = "https://mgoblin.immae.eu/mgoblin_static/images/goblin.ico";
22 status.level = "OK";
23 status.description = "OK";
24 registration."" = ["MEMBER" "CLIENT"];
25 registration.load = "OPEN";
26 install.type = "PACKAGE";
27 };
28 software = {
29 name = "Mediagoblin";
30 website = "https://mediagoblin.org/";
31 license.url = "http://www.gnu.org/licenses/agpl.html";
32 license.name = "GNU Affero General Public License";
33 version = mcfg.package.version;
34 source.url = "https://git.savannah.gnu.org/git/mediagoblin.git";
35 modules = map (a: a.pluginName) mcfg.package.plugins;
36 };
37 };
38 secrets.keys."webapps/tools-mediagoblin" = {
39 user = "mediagoblin";
40 group = "mediagoblin";
41 permissions = "0400";
42 text =
43 let
44 psql_url = with env.postgresql; "postgresql://${user}:${password}@:${port}/${database}?host=${socket}";
45 redis_url = with env.redis; "redis+socket://${socket}?virtual_host=${db}";
46 in
47 ''
48 [DEFAULT]
49 data_basedir = "${mcfg.dataDir}"
50
51 [mediagoblin]
52 direct_remote_path = /mgoblin_static/
53 email_sender_address = "mediagoblin@tools.immae.eu"
54
55 #sql_engine = sqlite:///%(data_basedir)s/mediagoblin.db
56 sql_engine = ${psql_url}
57
58 email_debug_mode = false
59 allow_registration = false
60 allow_reporting = true
61
62 theme = airymodified
63
64 user_privilege_scheme = "uploader,commenter,reporter"
65
66 # We need to redefine them here since we override data_basedir
67 # cf /usr/share/webapps/mediagoblin/mediagoblin/config_spec.ini
68 workbench_path = %(data_basedir)s/media/workbench
69 crypto_path = %(data_basedir)s/crypto
70 theme_install_dir = %(data_basedir)s/themes/
71 theme_linked_assets_dir = %(data_basedir)s/theme_static/
72 plugin_linked_assets_dir = %(data_basedir)s/plugin_static/
73
74 [storage:queuestore]
75 base_dir = %(data_basedir)s/media/queue
76
77 [storage:publicstore]
78 base_dir = %(data_basedir)s/media/public
79 base_url = /mgoblin_media/
80
81 [celery]
82 CELERY_RESULT_DBURI = ${redis_url}
83 BROKER_URL = ${redis_url}
84 CELERYD_CONCURRENCY = 1
85
86 [plugins]
87 [[mediagoblin.plugins.geolocation]]
88 [[mediagoblin.plugins.ldap]]
89 [[[immae.eu]]]
90 LDAP_SERVER_URI = 'ldaps://${env.ldap.host}:636'
91 LDAP_SEARCH_BASE = '${env.ldap.base}'
92 LDAP_BIND_DN = '${env.ldap.dn}'
93 LDAP_BIND_PW = '${env.ldap.password}'
94 LDAP_SEARCH_FILTER = '${env.ldap.filter}'
95 EMAIL_SEARCH_FIELD = 'mail'
96 [[mediagoblin.plugins.basicsearch]]
97 [[mediagoblin.plugins.piwigo]]
98 [[mediagoblin.plugins.processing_info]]
99 [[mediagoblin.media_types.image]]
100 [[mediagoblin.media_types.video]]
101 '';
102 };
103
104 users.users.mediagoblin.extraGroups = [ "keys" ];
105
106 services.mediagoblin = {
107 enable = true;
108 package = mediagoblin.withPlugins (p: [p.basicsearch]);
109 configFile = config.secrets.fullPaths."webapps/tools-mediagoblin";
110 };
111 services.filesWatcher.mediagoblin-web = {
112 restart = true;
113 paths = [ mcfg.configFile ];
114 };
115 services.filesWatcher.mediagoblin-celeryd = {
116 restart = true;
117 paths = [ mcfg.configFile ];
118 };
119
120 services.websites.env.tools.modules = [
121 "proxy" "proxy_http"
122 ];
123 users.users.wwwrun.extraGroups = [ "mediagoblin" ];
124 security.acme.certs.eldiron.extraDomainNames = [ "mgoblin.immae.eu" ];
125 services.websites.env.tools.vhostConfs.mgoblin = {
126 certName = "eldiron";
127 hosts = ["mgoblin.immae.eu" ];
128 root = null;
129 extraConfig = [ ''
130 Alias /mgoblin_media ${mcfg.dataDir}/media/public
131 <Directory ${mcfg.dataDir}/media/public>
132 Options -Indexes +FollowSymLinks +MultiViews +Includes
133 Require all granted
134 </Directory>
135
136 Alias /theme_static ${mcfg.dataDir}/theme_static
137 <Directory ${mcfg.dataDir}/theme_static>
138 Options -Indexes +FollowSymLinks +MultiViews +Includes
139 Require all granted
140 </Directory>
141
142 Alias /plugin_static ${mcfg.dataDir}/plugin_static
143 <Directory ${mcfg.dataDir}/plugin_static>
144 Options -Indexes +FollowSymLinks +MultiViews +Includes
145 Require all granted
146 </Directory>
147
148 ProxyPreserveHost on
149 ProxyVia On
150 ProxyRequests Off
151 ProxyPass /mgoblin_media !
152 ProxyPass /theme_static !
153 ProxyPass /plugin_static !
154 ProxyPassMatch ^/.well-known/acme-challenge !
155 ProxyPass / unix://${mcfg.sockets.paster}|http://mgoblin.immae.eu/
156 ProxyPassReverse / unix://${mcfg.sockets.paster}|http://mgoblin.immae.eu/
157 '' ];
158 };
159 myServices.monitoring.fromMasterActivatedPlugins = [ "http" ];
160 myServices.monitoring.fromMasterObjects.service = [
161 {
162 service_description = "mediagoblin website is running on mgoblin.immae.eu";
163 host_name = config.hostEnv.fqdn;
164 use = "external-web-service";
165 check_command = ["check_https" "mgoblin.immae.eu" "/" "<title>GNU MediaGoblin"];
166
167 servicegroups = "webstatus-webapps";
168 _webstatus_name = "Mediagoblin";
169 _webstatus_url = "https://mgoblin.immae.eu/";
170 }
171 ];
172 };
173}