diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-01-18 07:32:59 +0100 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-01-18 07:32:59 +0100 |
commit | 56eba41617f405624330aa755fcbfc0af68cf64f (patch) | |
tree | faf894df64a45421e473fb311a336c37fdbfec87 /virtual/modules/websites/tools/mediagoblin/default.nix | |
parent | 6de72a20634f01a13932b9c89a275e54ca66ab65 (diff) | |
download | Nix-56eba41617f405624330aa755fcbfc0af68cf64f.tar.gz Nix-56eba41617f405624330aa755fcbfc0af68cf64f.tar.zst Nix-56eba41617f405624330aa755fcbfc0af68cf64f.zip |
Add mediagoblin
Diffstat (limited to 'virtual/modules/websites/tools/mediagoblin/default.nix')
-rw-r--r-- | virtual/modules/websites/tools/mediagoblin/default.nix | 151 |
1 files changed, 151 insertions, 0 deletions
diff --git a/virtual/modules/websites/tools/mediagoblin/default.nix b/virtual/modules/websites/tools/mediagoblin/default.nix new file mode 100644 index 0000000..4df7e53 --- /dev/null +++ b/virtual/modules/websites/tools/mediagoblin/default.nix | |||
@@ -0,0 +1,151 @@ | |||
1 | { lib, pkgs, config, mylibs, ... }: | ||
2 | let | ||
3 | mediagoblin = pkgs.callPackage ./mediagoblin.nix { | ||
4 | inherit (mylibs) checkEnv fetchedGit fetchedGithub; | ||
5 | }; | ||
6 | |||
7 | cfg = config.services.myWebsites.tools.mediagoblin; | ||
8 | in { | ||
9 | options.services.myWebsites.tools.mediagoblin = { | ||
10 | enable = lib.mkEnableOption "enable mediagoblin's website"; | ||
11 | }; | ||
12 | |||
13 | config = lib.mkIf cfg.enable { | ||
14 | # FIXME: Can we use dynamic users from systemd? | ||
15 | # nixos/modules/misc/ids.nix | ||
16 | ids.uids.mediagoblin = 397; | ||
17 | ids.gids.mediagoblin = 397; | ||
18 | |||
19 | users.users.mediagoblin = { | ||
20 | name = "mediagoblin"; | ||
21 | uid = config.ids.uids.mediagoblin; | ||
22 | group = "mediagoblin"; | ||
23 | description = "Mediagoblin user"; | ||
24 | home = mediagoblin.varDir; | ||
25 | useDefaultShell = true; | ||
26 | }; | ||
27 | |||
28 | users.groups.mediagoblin.gid = config.ids.gids.mediagoblin; | ||
29 | |||
30 | systemd.services.mediagoblin-web = { | ||
31 | description = "Mediagoblin service"; | ||
32 | wantedBy = [ "multi-user.target" ]; | ||
33 | after = [ "network.target" ]; | ||
34 | |||
35 | environment.SCRIPT_NAME = "/mediagoblin/"; | ||
36 | |||
37 | script = '' | ||
38 | exec ./bin/paster serve \ | ||
39 | ${mediagoblin.pythonRoot}/paste_local.ini \ | ||
40 | --pid-file=${mediagoblin.socketsDir}/mediagoblin.pid | ||
41 | ''; | ||
42 | |||
43 | preStop = '' | ||
44 | exec ./bin/paster serve \ | ||
45 | --pid-file=${mediagoblin.socketsDir}/mediagoblin.pid \ | ||
46 | ${mediagoblin.pythonRoot}/paste_local.ini stop | ||
47 | ''; | ||
48 | preStart = '' | ||
49 | ./bin/gmg dbupdate | ||
50 | ''; | ||
51 | |||
52 | serviceConfig = { | ||
53 | User = "mediagoblin"; | ||
54 | PrivateTmp = true; | ||
55 | Restart = "always"; | ||
56 | TimeoutSec = 15; | ||
57 | Type = "simple"; | ||
58 | WorkingDirectory = mediagoblin.pythonRoot; | ||
59 | PIDFile = "${mediagoblin.socketsDir}/mediagoblin.pid"; | ||
60 | }; | ||
61 | |||
62 | unitConfig.RequiresMountsFor = mediagoblin.varDir; | ||
63 | }; | ||
64 | |||
65 | systemd.services.mediagoblin-celeryd = { | ||
66 | description = "Mediagoblin service"; | ||
67 | wantedBy = [ "multi-user.target" ]; | ||
68 | after = [ "network.target" "mediagoblin-web.service" ]; | ||
69 | |||
70 | environment.MEDIAGOBLIN_CONFIG = "${mediagoblin.pythonRoot}/mediagoblin_local.ini"; | ||
71 | environment.CELERY_CONFIG_MODULE = "mediagoblin.init.celery.from_celery"; | ||
72 | |||
73 | script = '' | ||
74 | exec ./bin/celery worker \ | ||
75 | --logfile=${mediagoblin.varDir}/celery.log \ | ||
76 | --loglevel=INFO | ||
77 | ''; | ||
78 | |||
79 | serviceConfig = { | ||
80 | User = "mediagoblin"; | ||
81 | PrivateTmp = true; | ||
82 | Restart = "always"; | ||
83 | TimeoutSec = 15; | ||
84 | Type = "simple"; | ||
85 | WorkingDirectory = mediagoblin.pythonRoot; | ||
86 | PIDFile = "${mediagoblin.socketsDir}/mediagoblin-celeryd.pid"; | ||
87 | }; | ||
88 | |||
89 | unitConfig.RequiresMountsFor = mediagoblin.varDir; | ||
90 | }; | ||
91 | |||
92 | # FIXME: background jobs and upload | ||
93 | # FIXME: initial sync | ||
94 | system.activationScripts.mediagoblin = { | ||
95 | deps = [ "users" ]; | ||
96 | text = '' | ||
97 | install -m 0755 -o mediagoblin -g mediagoblin -d ${mediagoblin.socketsDir} | ||
98 | install -m 0755 -o mediagoblin -g mediagoblin -d ${mediagoblin.varDir} | ||
99 | if [ -d ${mediagoblin.varDir}/plugin_static/ ]; then | ||
100 | rm ${mediagoblin.varDir}/plugin_static/coreplugin_basic_auth | ||
101 | ln -sf ${mediagoblin.pythonRoot}/mediagoblin/plugins/basic_auth/static ${mediagoblin.varDir}/plugin_static/coreplugin_basic_auth | ||
102 | fi | ||
103 | ''; | ||
104 | }; | ||
105 | |||
106 | services.myWebsites.tools.modules = [ | ||
107 | "proxy" "proxy_http" "proxy_balancer" | ||
108 | # FIXME: probably only one balancer method is needed: | ||
109 | "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat" | ||
110 | ]; | ||
111 | users.users.wwwrun.extraGroups = [ "mediagoblin" ]; | ||
112 | security.acme.certs."eldiron".extraDomains."mgoblin.immae.eu" = null; | ||
113 | services.myWebsites.tools.vhostConfs.mgoblin = { | ||
114 | certName = "eldiron"; | ||
115 | hosts = ["mgoblin.immae.eu" ]; | ||
116 | root = null; | ||
117 | extraConfig = [ '' | ||
118 | Alias /mgoblin_media ${mediagoblin.varDir}/media/public | ||
119 | <Directory ${mediagoblin.varDir}/media/public> | ||
120 | Options -Indexes +FollowSymLinks +MultiViews +Includes | ||
121 | Require all granted | ||
122 | </Directory> | ||
123 | |||
124 | Alias /theme_static ${mediagoblin.varDir}/theme_static | ||
125 | <Directory ${mediagoblin.varDir}/theme_static> | ||
126 | Options -Indexes +FollowSymLinks +MultiViews +Includes | ||
127 | Require all granted | ||
128 | </Directory> | ||
129 | |||
130 | Alias /plugin_static ${mediagoblin.varDir}/plugin_static | ||
131 | <Directory ${mediagoblin.varDir}/plugin_static> | ||
132 | Options -Indexes +FollowSymLinks +MultiViews +Includes | ||
133 | Require all granted | ||
134 | </Directory> | ||
135 | |||
136 | ProxyPreserveHost on | ||
137 | ProxyVia On | ||
138 | ProxyRequests Off | ||
139 | ProxyPass /mgoblin_media ! | ||
140 | ProxyPass /theme_static ! | ||
141 | ProxyPass /plugin_static ! | ||
142 | ProxyPassMatch ^/.well-known/acme-challenge ! | ||
143 | ProxyPass / balancer://paster_server/ | ||
144 | ProxyPassReverse / balancer://paster_server | ||
145 | <Proxy balancer://paster_server> | ||
146 | BalancerMember unix://${mediagoblin.socketsDir}/mediagoblin.sock|http:// | ||
147 | </Proxy> | ||
148 | '' ]; | ||
149 | }; | ||
150 | }; | ||
151 | } | ||