6 files changed, 226 insertions, 145 deletions
diff --git a/default.nix b/default.nix
index e092c33..c7f515b 100644
--- a/default.nix
+++ b/default.nix
@@ -5,6 +5,7 @@ let
 in
 {
  lib = import ./libs.nix { pkgs = pkgs_; };
+  modules = import ./modules;
  overlays = import ./overlays;
  pkgs = mypkgs;
 } // mypkgs
diff --git a/modules/default.nix b/modules/default.nix
new file mode 100644
index 0000000..3cc4149
--- /dev/null
+++ b/modules/default.nix
@@ -0,0 +1,5 @@
+{
+  myids = ./myids.nix;
+  mediagoblin = ./webapps/mediagoblin.nix;
+}
diff --git a/modules/myids.nix b/modules/myids.nix
new file mode 100644
index 0000000..a3e5879
--- /dev/null
+++ b/modules/myids.nix
@@ -0,0 +1,11 @@
+{ ... }:
+{
+  config = {
+    ids.uids = {
+      mediagoblin = 397;
+    };
+    ids.gids = {
+      mediagoblin = 397;
+    };
+  };
+}
diff --git a/modules/webapps/mediagoblin.nix b/modules/webapps/mediagoblin.nix
new file mode 100644
index 0000000..6808c82
--- /dev/null
+++ b/modules/webapps/mediagoblin.nix
@@ -0,0 +1,193 @@
+{ lib, pkgs, config, ... }:
+let
+  name = "mediagoblin";
+  cfg = config.services.mediagoblin;
+  uid = config.ids.uids.mediagoblin;
+  gid = config.ids.gids.mediagoblin;
+  fullPackage = cfg.package.withPlugins cfg.plugins;
+  paste_local = pkgs.writeText "paste_local.ini" ''
+    [DEFAULT]
+    debug = false
+    [pipeline:main]
+    pipeline = mediagoblin
+    [app:mediagoblin]
+    use = egg:mediagoblin#app
+    config = ${cfg.configFile} ${fullPackage}/mediagoblin.ini
+    /mgoblin_static = ${fullPackage}/mediagoblin/static
+    [loggers]
+    keys = root
+    [handlers]
+    keys = console
+    [formatters]
+    keys = generic
+    [logger_root]
+    level = INFO
+    handlers = console
+    [handler_console]
+    class = StreamHandler
+    args = (sys.stderr,)
+    level = NOTSET
+    formatter = generic
+    [formatter_generic]
+    format = %(levelname)-7.7s [%(name)s] %(message)s
+    [filter:errors]
+    use = egg:mediagoblin#errors
+    debug = false
+    [server:main]
+    use = egg:waitress#main
+    unix_socket = ${cfg.socketsDir}/mediagoblin.sock
+    unix_socket_perms = 777
+    url_scheme = https
+    '';
+in
+{
+  options.services.mediagoblin = {
+    enable = lib.mkEnableOption "Enable Mediagoblin’s service";
+    user = lib.mkOption {
+      type = lib.types.str;
+      default = name;
+      description = "User account under which Mediagoblin runs";
+    };
+    group = lib.mkOption {
+      type = lib.types.str;
+      default = name;
+      description = "Group under which Mediagoblin runs";
+    };
+    dataDir = lib.mkOption {
+      type = lib.types.path;
+      default = "/var/lib/${name}";
+      description = ''
+        The directory where Mediagoblin stores its data.
+      '';
+    };
+    socketsDir = lib.mkOption {
+      type = lib.types.path;
+      default = "/run/${name}";
+      description = ''
+        The directory where Mediagoblin puts runtime files and sockets.
+        '';
+    };
+    configFile = lib.mkOption {
+      type = lib.types.path;
+      description = ''
+        The configuration file path for Mediagoblin.
+        '';
+    };
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.webapps.mediagoblin;
+      description = ''
+        Mediagoblin package to use.
+        '';
+    };
+    plugins = lib.mkOption {
+      type = lib.types.listOf lib.types.package;
+      default = [];
+      description = ''
+        Mediagoblin plugins to use.
+        '';
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton {
+      inherit name;
+      inherit uid;
+      group = cfg.group;
+      description = "Mediagoblin user";
+      home = cfg.dataDir;
+      useDefaultShell = true;
+    });
+    users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton {
+      inherit name;
+      inherit gid;
+    });
+    systemd.services.mediagoblin-web = {
+      description = "Mediagoblin service";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      wants = [ "postgresql.service" "redis.service" ];
+      environment.SCRIPT_NAME = "/mediagoblin/";
+      script = ''
+        exec ./bin/paster serve \
+          ${paste_local} \
+          --pid-file=${cfg.socketsDir}/mediagoblin.pid
+        '';
+      preStop = ''
+        exec ./bin/paster serve \
+          --pid-file=${cfg.socketsDir}/mediagoblin.pid \
+          ${paste_local} stop
+        '';
+      preStart = ''
+        ./bin/gmg -cf ${cfg.configFile} dbupdate
+        '';
+      serviceConfig = {
+        User = cfg.user;
+        PrivateTmp = true;
+        Restart = "always";
+        TimeoutSec = 15;
+        Type = "simple";
+        WorkingDirectory = fullPackage;
+        PIDFile = "${cfg.socketsDir}/mediagoblin.pid";
+      };
+      unitConfig.RequiresMountsFor = cfg.dataDir;
+    };
+    systemd.services.mediagoblin-celeryd = {
+      description = "Mediagoblin service";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" "mediagoblin-web.service" ];
+      environment.MEDIAGOBLIN_CONFIG = cfg.configFile;
+      environment.CELERY_CONFIG_MODULE = "mediagoblin.init.celery.from_celery";
+      script = ''
+        exec ./bin/celery worker \
+          --logfile=${cfg.dataDir}/celery.log \
+          --loglevel=INFO
+        '';
+      serviceConfig = {
+        User = cfg.user;
+        PrivateTmp = true;
+        Restart = "always";
+        TimeoutSec = 60;
+        Type = "simple";
+        WorkingDirectory = fullPackage;
+        PIDFile = "${cfg.socketsDir}/mediagoblin-celeryd.pid";
+      };
+      unitConfig.RequiresMountsFor = cfg.dataDir;
+    };
+    system.activationScripts.mediagoblin = {
+      deps = [ "users" ];
+      text = ''
+      install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.socketsDir}
+      install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}
+      if [ -d ${cfg.dataDir}/plugin_static/ ]; then
+        rm ${cfg.dataDir}/plugin_static/coreplugin_basic_auth
+        ln -sf ${fullPackage}/mediagoblin/plugins/basic_auth/static ${cfg.dataDir}/plugin_static/coreplugin_basic_auth
+      fi
+      '';
+    };
+  };
+}
diff --git a/nixops/eldiron.nix b/nixops/eldiron.nix
index 239e065..71615fa 100644
--- a/nixops/eldiron.nix
+++ b/nixops/eldiron.nix
@@ -46,7 +46,7 @@
      ./modules/buildbot
      ./modules/dns.nix
      ./modules/secrets.nix
-    ];
+    ] ++ (builtins.attrValues (import ../modules));
    services.myGitolite.enable = true;
    services.myDatabases.enable = true;
    services.myWebsites.production.enable = true;
diff --git a/nixops/modules/websites/tools/mediagoblin.nix b/nixops/modules/websites/tools/mediagoblin.nix
index 2b56007..bdb8323 100644
--- a/nixops/modules/websites/tools/mediagoblin.nix
+++ b/nixops/modules/websites/tools/mediagoblin.nix
@@ -1,55 +1,8 @@
 { lib, pkgs, config, myconfig, mylibs, ... }:
 let
  env = myconfig.env.tools.mediagoblin;
-  socketsDir = "/run/mediagoblin";
-  varDir = "/var/lib/mediagoblin";
  cfg = config.services.myWebsites.tools.mediagoblin;
-  mediagoblin_init = "/var/secrets/webapps/tools-mediagoblin";
+  mcfg = config.services.mediagoblin;
-  paste_local = pkgs.writeText "paste_local.ini" ''
-    [DEFAULT]
-    debug = false
-    [pipeline:main]
-    pipeline = mediagoblin
-    [app:mediagoblin]
-    use = egg:mediagoblin#app
-    config = ${mediagoblin_init} ${pythonRoot}/mediagoblin.ini
-    /mgoblin_static = ${pythonRoot}/mediagoblin/static
-    [loggers]
-    keys = root
-    [handlers]
-    keys = console
-    [formatters]
-    keys = generic
-    [logger_root]
-    level = INFO
-    handlers = console
-    [handler_console]
-    class = StreamHandler
-    args = (sys.stderr,)
-    level = NOTSET
-    formatter = generic
-    [formatter_generic]
-    format = %(levelname)-7.7s [%(name)s] %(message)s
-    [filter:errors]
-    use = egg:mediagoblin#errors
-    debug = false
-    [server:main]
-    use = egg:waitress#main
-    unix_socket = ${socketsDir}/mediagoblin.sock
-    unix_socket_perms = 777
-    url_scheme = https
-    '';
-  pythonRoot = pkgs.webapps.mediagoblin-with-plugins;
 in {
  options.services.myWebsites.tools.mediagoblin = {
    enable = lib.mkEnableOption "enable mediagoblin's website";
@@ -63,7 +16,7 @@ in {
      permissions = "0400";
      text = ''
        [DEFAULT]
-        data_basedir = "${varDir}"
+        data_basedir = "${mcfg.dataDir}"
        [mediagoblin]
        direct_remote_path = /mgoblin_static/
@@ -118,94 +71,12 @@ in {
        '';
    }];
-    ids.uids.mediagoblin = myconfig.env.tools.mediagoblin.user.uid;
+    users.users.mediagoblin.extraGroups = [ "keys" ];
-    ids.gids.mediagoblin = myconfig.env.tools.mediagoblin.user.gid;
-    users.users.mediagoblin = {
+    services.mediagoblin = {
-      name = "mediagoblin";
+      enable     = true;
-      uid = config.ids.uids.mediagoblin;
+      plugins    = builtins.attrValues pkgs.webapps.mediagoblin-plugins;
-      group = "mediagoblin";
+      configFile = "/var/secrets/webapps/tools-mediagoblin";
-      description = "Mediagoblin user";
-      home = varDir;
-      useDefaultShell = true;
-      extraGroups = [ "keys" ];
-    };
-    users.groups.mediagoblin.gid = config.ids.gids.mediagoblin;
-    systemd.services.mediagoblin-web = {
-      description = "Mediagoblin service";
-      wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" ];
-      wants = [ "postgresql.service" "redis.service" ];
-      environment.SCRIPT_NAME = "/mediagoblin/";
-      script = ''
-        exec ./bin/paster serve \
-          ${paste_local} \
-          --pid-file=${socketsDir}/mediagoblin.pid
-      '';
-      preStop = ''
-        exec ./bin/paster serve \
-          --pid-file=${socketsDir}/mediagoblin.pid \
-          ${paste_local} stop
-        '';
-      preStart = ''
-        ./bin/gmg -cf ${mediagoblin_init} dbupdate
-      '';
-      serviceConfig = {
-        User = "mediagoblin";
-        PrivateTmp = true;
-        Restart = "always";
-        TimeoutSec = 15;
-        Type = "simple";
-        WorkingDirectory = pythonRoot;
-        PIDFile = "${socketsDir}/mediagoblin.pid";
-      };
-      unitConfig.RequiresMountsFor = varDir;
-    };
-    systemd.services.mediagoblin-celeryd = {
-      description = "Mediagoblin service";
-      wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" "mediagoblin-web.service" ];
-      environment.MEDIAGOBLIN_CONFIG = mediagoblin_init;
-      environment.CELERY_CONFIG_MODULE = "mediagoblin.init.celery.from_celery";
-      script = ''
-        exec ./bin/celery worker \
-          --logfile=${varDir}/celery.log \
-          --loglevel=INFO
-      '';
-      serviceConfig = {
-        User = "mediagoblin";
-        PrivateTmp = true;
-        Restart = "always";
-        TimeoutSec = 60;
-        Type = "simple";
-        WorkingDirectory = pythonRoot;
-        PIDFile = "${socketsDir}/mediagoblin-celeryd.pid";
-      };
-      unitConfig.RequiresMountsFor = varDir;
-    };
-    system.activationScripts.mediagoblin = {
-      deps = [ "users" ];
-      text = ''
-      install -m 0755 -o mediagoblin -g mediagoblin -d ${socketsDir}
-      install -m 0755 -o mediagoblin -g mediagoblin -d ${varDir}
-      if [ -d ${varDir}/plugin_static/ ]; then
-        rm ${varDir}/plugin_static/coreplugin_basic_auth
-        ln -sf ${pythonRoot}/mediagoblin/plugins/basic_auth/static ${varDir}/plugin_static/coreplugin_basic_auth
-      fi
-      '';
    };
    services.myWebsites.tools.modules = [
@@ -218,20 +89,20 @@ in {
      hosts       = ["mgoblin.immae.eu" ];
      root        = null;
      extraConfig = [ ''
-        Alias /mgoblin_media ${varDir}/media/public
+        Alias /mgoblin_media ${mcfg.dataDir}/media/public
-        <Directory ${varDir}/media/public>
+        <Directory ${mcfg.dataDir}/media/public>
          Options -Indexes +FollowSymLinks +MultiViews +Includes
          Require all granted
        </Directory>
-        Alias /theme_static ${varDir}/theme_static
+        Alias /theme_static ${mcfg.dataDir}/theme_static
-        <Directory ${varDir}/theme_static>
+        <Directory ${mcfg.dataDir}/theme_static>
          Options -Indexes +FollowSymLinks +MultiViews +Includes
          Require all granted
        </Directory>
-        Alias /plugin_static ${varDir}/plugin_static
+        Alias /plugin_static ${mcfg.dataDir}/plugin_static
-        <Directory ${varDir}/plugin_static>
+        <Directory ${mcfg.dataDir}/plugin_static>
          Options -Indexes +FollowSymLinks +MultiViews +Includes
          Require all granted
        </Directory>
@@ -243,8 +114,8 @@ in {
        ProxyPass /theme_static !
        ProxyPass /plugin_static !
        ProxyPassMatch ^/.well-known/acme-challenge !
-        ProxyPass / unix://${socketsDir}/mediagoblin.sock|http://mgoblin.immae.eu/
+        ProxyPass / unix://${mcfg.socketsDir}/mediagoblin.sock|http://mgoblin.immae.eu/
-        ProxyPassReverse / unix://${socketsDir}/mediagoblin.sock|http://mgoblin.immae.eu/
+        ProxyPassReverse / unix://${mcfg.socketsDir}/mediagoblin.sock|http://mgoblin.immae.eu/
      '' ];
    };
  };

diff --git a/default.nix b/default.nix index e092c33..c7f515b 100644 --- a/default.nix +++ b/default.nix
@@ -5,6 +5,7 @@ let
5	in	5	in
6	{	6	{
7	lib = import ./libs.nix { pkgs = pkgs_; };	7	lib = import ./libs.nix { pkgs = pkgs_; };
		8	modules = import ./modules;
8	overlays = import ./overlays;	9	overlays = import ./overlays;
9	pkgs = mypkgs;	10	pkgs = mypkgs;
10	} // mypkgs	11	} // mypkgs


diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..3cc4149 --- /dev/null +++ b/modules/default.nix
@@ -0,0 +1,5 @@
		1	{
		2	myids = ./myids.nix;
		3
		4	mediagoblin = ./webapps/mediagoblin.nix;
		5	}


diff --git a/modules/myids.nix b/modules/myids.nix new file mode 100644 index 0000000..a3e5879 --- /dev/null +++ b/modules/myids.nix
@@ -0,0 +1,11 @@
		1	{ ... }:
		2	{
		3	config = {
		4	ids.uids = {
		5	mediagoblin = 397;
		6	};
		7	ids.gids = {
		8	mediagoblin = 397;
		9	};
		10	};
		11	}


diff --git a/modules/webapps/mediagoblin.nix b/modules/webapps/mediagoblin.nix new file mode 100644 index 0000000..6808c82 --- /dev/null +++ b/modules/webapps/mediagoblin.nix
@@ -0,0 +1,193 @@
		1	{ lib, pkgs, config, ... }:
		2	let
		3	name = "mediagoblin";
		4	cfg = config.services.mediagoblin;
		5
		6	uid = config.ids.uids.mediagoblin;
		7	gid = config.ids.gids.mediagoblin;
		8
		9	fullPackage = cfg.package.withPlugins cfg.plugins;
		10	paste_local = pkgs.writeText "paste_local.ini" ''
		11	[DEFAULT]
		12	debug = false
		13
		14	[pipeline:main]
		15	pipeline = mediagoblin
		16
		17	[app:mediagoblin]
		18	use = egg:mediagoblin#app
		19	config = ${cfg.configFile} ${fullPackage}/mediagoblin.ini
		20	/mgoblin_static = ${fullPackage}/mediagoblin/static
		21
		22	[loggers]
		23	keys = root
		24
		25	[handlers]
		26	keys = console
		27
		28	[formatters]
		29	keys = generic
		30
		31	[logger_root]
		32	level = INFO
		33	handlers = console
		34
		35	[handler_console]
		36	class = StreamHandler
		37	args = (sys.stderr,)
		38	level = NOTSET
		39	formatter = generic
		40
		41	[formatter_generic]
		42	format = %(levelname)-7.7s [%(name)s] %(message)s
		43
		44	[filter:errors]
		45	use = egg:mediagoblin#errors
		46	debug = false
		47
		48	[server:main]
		49	use = egg:waitress#main
		50	unix_socket = ${cfg.socketsDir}/mediagoblin.sock
		51	unix_socket_perms = 777
		52	url_scheme = https
		53	'';
		54	in
		55	{
		56	options.services.mediagoblin = {
		57	enable = lib.mkEnableOption "Enable Mediagoblin’s service";
		58	user = lib.mkOption {
		59	type = lib.types.str;
		60	default = name;
		61	description = "User account under which Mediagoblin runs";
		62	};
		63	group = lib.mkOption {
		64	type = lib.types.str;
		65	default = name;
		66	description = "Group under which Mediagoblin runs";
		67	};
		68	dataDir = lib.mkOption {
		69	type = lib.types.path;
		70	default = "/var/lib/${name}";
		71	description = ''
		72	The directory where Mediagoblin stores its data.
		73	'';
		74	};
		75	socketsDir = lib.mkOption {
		76	type = lib.types.path;
		77	default = "/run/${name}";
		78	description = ''
		79	The directory where Mediagoblin puts runtime files and sockets.
		80	'';
		81	};
		82	configFile = lib.mkOption {
		83	type = lib.types.path;
		84	description = ''
		85	The configuration file path for Mediagoblin.
		86	'';
		87	};
		88	package = lib.mkOption {
		89	type = lib.types.package;
		90	default = pkgs.webapps.mediagoblin;
		91	description = ''
		92	Mediagoblin package to use.
		93	'';
		94	};
		95	plugins = lib.mkOption {
		96	type = lib.types.listOf lib.types.package;
		97	default = [];
		98	description = ''
		99	Mediagoblin plugins to use.
		100	'';
		101	};
		102	};
		103
		104	config = lib.mkIf cfg.enable {
		105	users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton {
		106	inherit name;
		107	inherit uid;
		108	group = cfg.group;
		109	description = "Mediagoblin user";
		110	home = cfg.dataDir;
		111	useDefaultShell = true;
		112	});
		113	users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton {
		114	inherit name;
		115	inherit gid;
		116	});
		117
		118	systemd.services.mediagoblin-web = {
		119	description = "Mediagoblin service";
		120	wantedBy = [ "multi-user.target" ];
		121	after = [ "network.target" ];
		122	wants = [ "postgresql.service" "redis.service" ];
		123
		124	environment.SCRIPT_NAME = "/mediagoblin/";
		125
		126	script = ''
		127	exec ./bin/paster serve \
		128	${paste_local} \
		129	--pid-file=${cfg.socketsDir}/mediagoblin.pid
		130	'';
		131	preStop = ''
		132	exec ./bin/paster serve \
		133	--pid-file=${cfg.socketsDir}/mediagoblin.pid \
		134	${paste_local} stop
		135	'';
		136	preStart = ''
		137	./bin/gmg -cf ${cfg.configFile} dbupdate
		138	'';
		139
		140	serviceConfig = {
		141	User = cfg.user;
		142	PrivateTmp = true;
		143	Restart = "always";
		144	TimeoutSec = 15;
		145	Type = "simple";
		146	WorkingDirectory = fullPackage;
		147	PIDFile = "${cfg.socketsDir}/mediagoblin.pid";
		148	};
		149
		150	unitConfig.RequiresMountsFor = cfg.dataDir;
		151	};
		152
		153	systemd.services.mediagoblin-celeryd = {
		154	description = "Mediagoblin service";
		155	wantedBy = [ "multi-user.target" ];
		156	after = [ "network.target" "mediagoblin-web.service" ];
		157
		158	environment.MEDIAGOBLIN_CONFIG = cfg.configFile;
		159	environment.CELERY_CONFIG_MODULE = "mediagoblin.init.celery.from_celery";
		160
		161	script = ''
		162	exec ./bin/celery worker \
		163	--logfile=${cfg.dataDir}/celery.log \
		164	--loglevel=INFO
		165	'';
		166
		167	serviceConfig = {
		168	User = cfg.user;
		169	PrivateTmp = true;
		170	Restart = "always";
		171	TimeoutSec = 60;
		172	Type = "simple";
		173	WorkingDirectory = fullPackage;
		174	PIDFile = "${cfg.socketsDir}/mediagoblin-celeryd.pid";
		175	};
		176
		177	unitConfig.RequiresMountsFor = cfg.dataDir;
		178	};
		179
		180	system.activationScripts.mediagoblin = {
		181	deps = [ "users" ];
		182	text = ''
		183	install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.socketsDir}
		184	install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}
		185	if [ -d ${cfg.dataDir}/plugin_static/ ]; then
		186	rm ${cfg.dataDir}/plugin_static/coreplugin_basic_auth
		187	ln -sf ${fullPackage}/mediagoblin/plugins/basic_auth/static ${cfg.dataDir}/plugin_static/coreplugin_basic_auth
		188	fi
		189	'';
		190	};
		191
		192	};
		193	}


diff --git a/nixops/eldiron.nix b/nixops/eldiron.nix index 239e065..71615fa 100644 --- a/nixops/eldiron.nix +++ b/nixops/eldiron.nix
@@ -46,7 +46,7 @@
46	./modules/buildbot	46	./modules/buildbot
47	./modules/dns.nix	47	./modules/dns.nix
48	./modules/secrets.nix	48	./modules/secrets.nix
49	];	49	] ++ (builtins.attrValues (import ../modules));
50	services.myGitolite.enable = true;	50	services.myGitolite.enable = true;
51	services.myDatabases.enable = true;	51	services.myDatabases.enable = true;
52	services.myWebsites.production.enable = true;	52	services.myWebsites.production.enable = true;


diff --git a/nixops/modules/websites/tools/mediagoblin.nix b/nixops/modules/websites/tools/mediagoblin.nix index 2b56007..bdb8323 100644 --- a/nixops/modules/websites/tools/mediagoblin.nix +++ b/nixops/modules/websites/tools/mediagoblin.nix
@@ -1,55 +1,8 @@
1	{ lib, pkgs, config, myconfig, mylibs, ... }:	1	{ lib, pkgs, config, myconfig, mylibs, ... }:
2	let	2	let
3	env = myconfig.env.tools.mediagoblin;	3	env = myconfig.env.tools.mediagoblin;
4	socketsDir = "/run/mediagoblin";
5	varDir = "/var/lib/mediagoblin";
6	cfg = config.services.myWebsites.tools.mediagoblin;	4	cfg = config.services.myWebsites.tools.mediagoblin;
7	mediagoblin_init = "/var/secrets/webapps/tools-mediagoblin";	5	mcfg = config.services.mediagoblin;
8	paste_local = pkgs.writeText "paste_local.ini" ''
9	[DEFAULT]
10	debug = false
11
12	[pipeline:main]
13	pipeline = mediagoblin
14
15	[app:mediagoblin]
16	use = egg:mediagoblin#app
17	config = ${mediagoblin_init} ${pythonRoot}/mediagoblin.ini
18	/mgoblin_static = ${pythonRoot}/mediagoblin/static
19
20	[loggers]
21	keys = root
22
23	[handlers]
24	keys = console
25
26	[formatters]
27	keys = generic
28
29	[logger_root]
30	level = INFO
31	handlers = console
32
33	[handler_console]
34	class = StreamHandler
35	args = (sys.stderr,)
36	level = NOTSET
37	formatter = generic
38
39	[formatter_generic]
40	format = %(levelname)-7.7s [%(name)s] %(message)s
41
42	[filter:errors]
43	use = egg:mediagoblin#errors
44	debug = false
45
46	[server:main]
47	use = egg:waitress#main
48	unix_socket = ${socketsDir}/mediagoblin.sock
49	unix_socket_perms = 777
50	url_scheme = https
51	'';
52	pythonRoot = pkgs.webapps.mediagoblin-with-plugins;
53	in {	6	in {
54	options.services.myWebsites.tools.mediagoblin = {	7	options.services.myWebsites.tools.mediagoblin = {
55	enable = lib.mkEnableOption "enable mediagoblin's website";	8	enable = lib.mkEnableOption "enable mediagoblin's website";
@@ -63,7 +16,7 @@ in {
63	permissions = "0400";	16	permissions = "0400";
64	text = ''	17	text = ''
65	[DEFAULT]	18	[DEFAULT]
66	data_basedir = "${varDir}"	19	data_basedir = "${mcfg.dataDir}"
67		20
68	[mediagoblin]	21	[mediagoblin]
69	direct_remote_path = /mgoblin_static/	22	direct_remote_path = /mgoblin_static/
@@ -118,94 +71,12 @@ in {
118	'';	71	'';
119	}];	72	}];
120		73
121	ids.uids.mediagoblin = myconfig.env.tools.mediagoblin.user.uid;	74	users.users.mediagoblin.extraGroups = [ "keys" ];
122	ids.gids.mediagoblin = myconfig.env.tools.mediagoblin.user.gid;
123		75
124	users.users.mediagoblin = {	76	services.mediagoblin = {
125	name = "mediagoblin";	77	enable = true;
126	uid = config.ids.uids.mediagoblin;	78	plugins = builtins.attrValues pkgs.webapps.mediagoblin-plugins;
127	group = "mediagoblin";	79	configFile = "/var/secrets/webapps/tools-mediagoblin";
128	description = "Mediagoblin user";
129	home = varDir;
130	useDefaultShell = true;
131	extraGroups = [ "keys" ];
132	};
133
134	users.groups.mediagoblin.gid = config.ids.gids.mediagoblin;
135
136	systemd.services.mediagoblin-web = {
137	description = "Mediagoblin service";
138	wantedBy = [ "multi-user.target" ];
139	after = [ "network.target" ];
140	wants = [ "postgresql.service" "redis.service" ];
141
142	environment.SCRIPT_NAME = "/mediagoblin/";
143
144	script = ''
145	exec ./bin/paster serve \
146	${paste_local} \
147	--pid-file=${socketsDir}/mediagoblin.pid
148	'';
149
150	preStop = ''
151	exec ./bin/paster serve \
152	--pid-file=${socketsDir}/mediagoblin.pid \
153	${paste_local} stop
154	'';
155	preStart = ''
156	./bin/gmg -cf ${mediagoblin_init} dbupdate
157	'';
158
159	serviceConfig = {
160	User = "mediagoblin";
161	PrivateTmp = true;
162	Restart = "always";
163	TimeoutSec = 15;
164	Type = "simple";
165	WorkingDirectory = pythonRoot;
166	PIDFile = "${socketsDir}/mediagoblin.pid";
167	};
168
169	unitConfig.RequiresMountsFor = varDir;
170	};
171
172	systemd.services.mediagoblin-celeryd = {
173	description = "Mediagoblin service";
174	wantedBy = [ "multi-user.target" ];
175	after = [ "network.target" "mediagoblin-web.service" ];
176
177	environment.MEDIAGOBLIN_CONFIG = mediagoblin_init;
178	environment.CELERY_CONFIG_MODULE = "mediagoblin.init.celery.from_celery";
179
180	script = ''
181	exec ./bin/celery worker \
182	--logfile=${varDir}/celery.log \
183	--loglevel=INFO
184	'';
185
186	serviceConfig = {
187	User = "mediagoblin";
188	PrivateTmp = true;
189	Restart = "always";
190	TimeoutSec = 60;
191	Type = "simple";
192	WorkingDirectory = pythonRoot;
193	PIDFile = "${socketsDir}/mediagoblin-celeryd.pid";
194	};
195
196	unitConfig.RequiresMountsFor = varDir;
197	};
198
199	system.activationScripts.mediagoblin = {
200	deps = [ "users" ];
201	text = ''
202	install -m 0755 -o mediagoblin -g mediagoblin -d ${socketsDir}
203	install -m 0755 -o mediagoblin -g mediagoblin -d ${varDir}
204	if [ -d ${varDir}/plugin_static/ ]; then
205	rm ${varDir}/plugin_static/coreplugin_basic_auth
206	ln -sf ${pythonRoot}/mediagoblin/plugins/basic_auth/static ${varDir}/plugin_static/coreplugin_basic_auth
207	fi
208	'';
209	};	80	};
210		81
211	services.myWebsites.tools.modules = [	82	services.myWebsites.tools.modules = [
@@ -218,20 +89,20 @@ in {
218	hosts = ["mgoblin.immae.eu" ];	89	hosts = ["mgoblin.immae.eu" ];
219	root = null;	90	root = null;
220	extraConfig = [ ''	91	extraConfig = [ ''
221	Alias /mgoblin_media ${varDir}/media/public	92	Alias /mgoblin_media ${mcfg.dataDir}/media/public
222	<Directory ${varDir}/media/public>	93	<Directory ${mcfg.dataDir}/media/public>
223	Options -Indexes +FollowSymLinks +MultiViews +Includes	94	Options -Indexes +FollowSymLinks +MultiViews +Includes
224	Require all granted	95	Require all granted
225	</Directory>	96	</Directory>
226		97
227	Alias /theme_static ${varDir}/theme_static	98	Alias /theme_static ${mcfg.dataDir}/theme_static
228	<Directory ${varDir}/theme_static>	99	<Directory ${mcfg.dataDir}/theme_static>
229	Options -Indexes +FollowSymLinks +MultiViews +Includes	100	Options -Indexes +FollowSymLinks +MultiViews +Includes
230	Require all granted	101	Require all granted
231	</Directory>	102	</Directory>
232		103
233	Alias /plugin_static ${varDir}/plugin_static	104	Alias /plugin_static ${mcfg.dataDir}/plugin_static
234	<Directory ${varDir}/plugin_static>	105	<Directory ${mcfg.dataDir}/plugin_static>
235	Options -Indexes +FollowSymLinks +MultiViews +Includes	106	Options -Indexes +FollowSymLinks +MultiViews +Includes
236	Require all granted	107	Require all granted
237	</Directory>	108	</Directory>
@@ -243,8 +114,8 @@ in {
243	ProxyPass /theme_static !	114	ProxyPass /theme_static !
244	ProxyPass /plugin_static !	115	ProxyPass /plugin_static !
245	ProxyPassMatch ^/.well-known/acme-challenge !	116	ProxyPassMatch ^/.well-known/acme-challenge !
246	ProxyPass / unix://${socketsDir}/mediagoblin.sock\|http://mgoblin.immae.eu/	117	ProxyPass / unix://${mcfg.socketsDir}/mediagoblin.sock\|http://mgoblin.immae.eu/
247	ProxyPassReverse / unix://${socketsDir}/mediagoblin.sock\|http://mgoblin.immae.eu/	118	ProxyPassReverse / unix://${mcfg.socketsDir}/mediagoblin.sock\|http://mgoblin.immae.eu/
248	'' ];	119	'' ];
249	};	120	};
250	};	121	};