7 files changed, 138 insertions, 472 deletions

diff --git a/nixops/modules/websites/tools/mediagoblin/bower-packages.nix b/nixops/modules/websites/tools/mediagoblin/bower-packages.nix
deleted file mode 100644
index 03af849..0000000
--- a/nixops/modules/websites/tools/mediagoblin/bower-packages.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-# Generated by bower2nix v3.2.0 (https://github.com/rvl/bower2nix)
-{ fetchbower, buildEnv }:
-buildEnv { name = "bower-env"; ignoreCollisions = true; paths = [
-  (fetchbower "jquery" "2.1.4" "~2.1.3" "1ywrpk2xsr6ghkm3j9gfnl9r3jn6xarfamp99b0bcm57kq9fm2k0")
-  (fetchbower "video.js" "4.11.4" "~4.11.4" "05prdvyk0rxbkh7sdd0d9ns5l5crwvc68wzkyqmrdjw367pcv8sn")
-  (fetchbower "leaflet" "0.7.7" "~0.7.3" "0jim285bljmxxngpm3yx6bnnd10n2whwkgmmhzpcd1rdksnr5nca")
-  (fetchbower "tinymce" "4.1.10" "~4.1.7" "16jyvdb9bq8gjwhs69q8p88vdixalajrz81nsmbrzzxhkih57dyx")
-]; }
diff --git a/nixops/modules/websites/tools/mediagoblin/default.nix b/nixops/modules/websites/tools/mediagoblin/default.nix
index 36329d9..a02af38 100644
--- a/nixops/modules/websites/tools/mediagoblin/default.nix
+++ b/nixops/modules/websites/tools/mediagoblin/default.nix
@@ -1,18 +1,123 @@
 { lib, pkgs, config, myconfig, mylibs, ... }:
 let
-  mediagoblin = pkgs.callPackage ./mediagoblin.nix {
-    inherit (mylibs) fetchedGit fetchedGithub;
-    env = myconfig.env.tools.mediagoblin;
-  };
-
+  env = myconfig.env.tools.mediagoblin;
+  socketsDir = "/run/mediagoblin";
+  varDir = "/var/lib/mediagoblin";
   cfg = config.services.myWebsites.tools.mediagoblin;
+  mediagoblin_init = "/var/secrets/webapps/tools-mediagoblin";
+  paste_local = pkgs.writeText "paste_local.ini" ''
+    [DEFAULT]
+    debug = false
+
+    [pipeline:main]
+    pipeline = mediagoblin
+
+    [app:mediagoblin]
+    use = egg:mediagoblin#app
+    config = ${mediagoblin_init} ${pythonRoot}/mediagoblin.ini
+    /mgoblin_static = ${pythonRoot}/mediagoblin/static
+
+    [loggers]
+    keys = root
+
+    [handlers]
+    keys = console
+
+    [formatters]
+    keys = generic
+
+    [logger_root]
+    level = INFO
+    handlers = console
+
+    [handler_console]
+    class = StreamHandler
+    args = (sys.stderr,)
+    level = NOTSET
+    formatter = generic
+
+    [formatter_generic]
+    format = %(levelname)-7.7s [%(name)s] %(message)s
+
+    [filter:errors]
+    use = egg:mediagoblin#errors
+    debug = false
+
+    [server:main]
+    use = egg:waitress#main
+    unix_socket = ${socketsDir}/mediagoblin.sock
+    unix_socket_perms = 777
+    url_scheme = https
+    '';
+  pythonRoot = pkgs.webapps.mediagoblin-with-plugins;
 in {
   options.services.myWebsites.tools.mediagoblin = {
     enable = lib.mkEnableOption "enable mediagoblin's website";
   };
 
   config = lib.mkIf cfg.enable {
-    mySecrets.keys = mediagoblin.keys;
+    mySecrets.keys = [{
+      dest = "webapps/tools-mediagoblin";
+      user = "mediagoblin";
+      group = "mediagoblin";
+      permissions = "0400";
+      text = ''
+        [DEFAULT]
+        data_basedir = "${varDir}"
+
+        [mediagoblin]
+        direct_remote_path = /mgoblin_static/
+        email_sender_address = "mediagoblin@tools.immae.eu"
+
+        #sql_engine = sqlite:///%(data_basedir)s/mediagoblin.db
+        sql_engine = ${env.psql_url}
+
+        email_debug_mode = false
+        allow_registration = false
+        allow_reporting = true
+
+        theme = airymodified
+
+        user_privilege_scheme = "uploader,commenter,reporter"
+
+        # We need to redefine them here since we override data_basedir
+        # cf /usr/share/webapps/mediagoblin/mediagoblin/config_spec.ini
+        workbench_path = %(data_basedir)s/media/workbench
+        crypto_path = %(data_basedir)s/crypto
+        theme_install_dir = %(data_basedir)s/themes/
+        theme_linked_assets_dir = %(data_basedir)s/theme_static/
+        plugin_linked_assets_dir = %(data_basedir)s/plugin_static/
+
+        [storage:queuestore]
+        base_dir = %(data_basedir)s/media/queue
+
+        [storage:publicstore]
+        base_dir = %(data_basedir)s/media/public
+        base_url = /mgoblin_media/
+
+        [celery]
+        CELERY_RESULT_DBURI = ${env.redis_url}
+        BROKER_URL = ${env.redis_url}
+        CELERYD_CONCURRENCY = 1
+
+        [plugins]
+          [[mediagoblin.plugins.geolocation]]
+          [[mediagoblin.plugins.ldap]]
+            [[[immae.eu]]]
+              LDAP_SERVER_URI = 'ldaps://ldap.immae.eu:636'
+              LDAP_SEARCH_BASE = 'dc=immae,dc=eu'
+              LDAP_BIND_DN = 'cn=mediagoblin,ou=services,dc=immae,dc=eu'
+              LDAP_BIND_PW = '${env.ldap.password}'
+              LDAP_SEARCH_FILTER = '(&(memberOf=cn=users,cn=mediagoblin,ou=services,dc=immae,dc=eu)(uid={username}))'
+              EMAIL_SEARCH_FIELD = 'mail'
+          [[mediagoblin.plugins.basicsearch]]
+          [[mediagoblin.plugins.piwigo]]
+          [[mediagoblin.plugins.processing_info]]
+          [[mediagoblin.media_types.image]]
+          [[mediagoblin.media_types.video]]
+        '';
+    }];
+
     ids.uids.mediagoblin = myconfig.env.tools.mediagoblin.user.uid;
     ids.gids.mediagoblin = myconfig.env.tools.mediagoblin.user.gid;
 
@@ -21,7 +126,7 @@ in {
       uid = config.ids.uids.mediagoblin;
       group = "mediagoblin";
       description = "Mediagoblin user";
-      home = mediagoblin.varDir;
+      home = varDir;
       useDefaultShell = true;
       extraGroups = [ "keys" ];
     };
@@ -38,17 +143,17 @@ in {
 
       script = ''
         exec ./bin/paster serve \
-          ${mediagoblin.pythonRoot}/paste_local.ini \
-          --pid-file=${mediagoblin.socketsDir}/mediagoblin.pid
+          ${paste_local} \
+          --pid-file=${socketsDir}/mediagoblin.pid
       '';
 
       preStop = ''
         exec ./bin/paster serve \
-          --pid-file=${mediagoblin.socketsDir}/mediagoblin.pid \
-          ${mediagoblin.pythonRoot}/paste_local.ini stop
+          --pid-file=${socketsDir}/mediagoblin.pid \
+          ${paste_local} stop
         '';
       preStart = ''
-        ./bin/gmg dbupdate
+        ./bin/gmg -cf ${mediagoblin_init} dbupdate
       '';
 
       serviceConfig = {
@@ -57,11 +162,11 @@ in {
         Restart = "always";
         TimeoutSec = 15;
         Type = "simple";
-        WorkingDirectory = mediagoblin.pythonRoot;
-        PIDFile = "${mediagoblin.socketsDir}/mediagoblin.pid";
+        WorkingDirectory = pythonRoot;
+        PIDFile = "${socketsDir}/mediagoblin.pid";
       };
 
-      unitConfig.RequiresMountsFor = mediagoblin.varDir;
+      unitConfig.RequiresMountsFor = varDir;
     };
 
     systemd.services.mediagoblin-celeryd = {
@@ -69,12 +174,12 @@ in {
       wantedBy = [ "multi-user.target" ];
       after = [ "network.target" "mediagoblin-web.service" ];
 
-      environment.MEDIAGOBLIN_CONFIG = "${mediagoblin.pythonRoot}/mediagoblin_local.ini";
+      environment.MEDIAGOBLIN_CONFIG = "${pythonRoot}/mediagoblin_local.ini";
       environment.CELERY_CONFIG_MODULE = "mediagoblin.init.celery.from_celery";
 
       script = ''
         exec ./bin/celery worker \
-          --logfile=${mediagoblin.varDir}/celery.log \
+          --logfile=${varDir}/celery.log \
           --loglevel=INFO
       '';
 
@@ -84,21 +189,21 @@ in {
         Restart = "always";
         TimeoutSec = 60;
         Type = "simple";
-        WorkingDirectory = mediagoblin.pythonRoot;
-        PIDFile = "${mediagoblin.socketsDir}/mediagoblin-celeryd.pid";
+        WorkingDirectory = pythonRoot;
+        PIDFile = "${socketsDir}/mediagoblin-celeryd.pid";
       };
 
-      unitConfig.RequiresMountsFor = mediagoblin.varDir;
+      unitConfig.RequiresMountsFor = varDir;
     };
 
     system.activationScripts.mediagoblin = {
       deps = [ "users" ];
       text = ''
-      install -m 0755 -o mediagoblin -g mediagoblin -d ${mediagoblin.socketsDir}
-      install -m 0755 -o mediagoblin -g mediagoblin -d ${mediagoblin.varDir}
-      if [ -d ${mediagoblin.varDir}/plugin_static/ ]; then
-        rm ${mediagoblin.varDir}/plugin_static/coreplugin_basic_auth
-        ln -sf ${mediagoblin.pythonRoot}/mediagoblin/plugins/basic_auth/static ${mediagoblin.varDir}/plugin_static/coreplugin_basic_auth
+      install -m 0755 -o mediagoblin -g mediagoblin -d ${socketsDir}
+      install -m 0755 -o mediagoblin -g mediagoblin -d ${varDir}
+      if [ -d ${varDir}/plugin_static/ ]; then
+        rm ${varDir}/plugin_static/coreplugin_basic_auth
+        ln -sf ${pythonRoot}/mediagoblin/plugins/basic_auth/static ${varDir}/plugin_static/coreplugin_basic_auth
       fi
       '';
     };
@@ -113,20 +218,20 @@ in {
       hosts       = ["mgoblin.immae.eu" ];
       root        = null;
       extraConfig = [ ''
-        Alias /mgoblin_media ${mediagoblin.varDir}/media/public
-        <Directory ${mediagoblin.varDir}/media/public>
+        Alias /mgoblin_media ${varDir}/media/public
+        <Directory ${varDir}/media/public>
           Options -Indexes +FollowSymLinks +MultiViews +Includes
           Require all granted
         </Directory>
 
-        Alias /theme_static ${mediagoblin.varDir}/theme_static
-        <Directory ${mediagoblin.varDir}/theme_static>
+        Alias /theme_static ${varDir}/theme_static
+        <Directory ${varDir}/theme_static>
           Options -Indexes +FollowSymLinks +MultiViews +Includes
           Require all granted
         </Directory>
 
-        Alias /plugin_static ${mediagoblin.varDir}/plugin_static
-        <Directory ${mediagoblin.varDir}/plugin_static>
+        Alias /plugin_static ${varDir}/plugin_static
+        <Directory ${varDir}/plugin_static>
           Options -Indexes +FollowSymLinks +MultiViews +Includes
           Require all granted
         </Directory>
@@ -138,8 +243,8 @@ in {
         ProxyPass /theme_static !
         ProxyPass /plugin_static !
         ProxyPassMatch ^/.well-known/acme-challenge !
-        ProxyPass / unix://${mediagoblin.socketsDir}/mediagoblin.sock|http://mgoblin.immae.eu/
-        ProxyPassReverse / unix://${mediagoblin.socketsDir}/mediagoblin.sock|http://mgoblin.immae.eu/
+        ProxyPass / unix://${socketsDir}/mediagoblin.sock|http://mgoblin.immae.eu/
+        ProxyPassReverse / unix://${socketsDir}/mediagoblin.sock|http://mgoblin.immae.eu/
       '' ];
     };
   };
diff --git a/nixops/modules/websites/tools/mediagoblin/ldap_fix.py b/nixops/modules/websites/tools/mediagoblin/ldap_fix.py
deleted file mode 100644
index 10cc375..0000000
--- a/nixops/modules/websites/tools/mediagoblin/ldap_fix.py
+++ /dev/null
@@ -1,93 +0,0 @@
-# GNU MediaGoblin -- federated, autonomous media hosting
-# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-from ldap3 import Server, Connection, SUBTREE
-from ldap3.core.exceptions import LDAPException
-import logging
-
-import six
-
-from mediagoblin.tools import pluginapi
-
-_log = logging.getLogger(__name__)
-
-
-class LDAP(object):
-    def __init__(self):
-        self.ldap_settings = pluginapi.get_config('mediagoblin.plugins.ldap')
-
-    def _connect(self, server):
-        _log.info('Connecting to {0}.'.format(server['LDAP_SERVER_URI']))
-        self.server = Server(server['LDAP_SERVER_URI'])
-
-        if 'LDAP_START_TLS' in server and server['LDAP_START_TLS'] == 'true':
-            _log.info('Initiating TLS')
-            self.server.start_tls()
-
-    def _manager_auth(self, settings, username, password):
-        conn = Connection(self.server,
-                settings['LDAP_BIND_DN'],
-                settings['LDAP_BIND_PW'],
-                auto_bind=True)
-        found = conn.search(
-                search_base=settings['LDAP_SEARCH_BASE'],
-                search_filter=settings['LDAP_SEARCH_FILTER'].format(username=username),
-                search_scope=SUBTREE,
-                attributes=[settings['EMAIL_SEARCH_FIELD']])
-        if (not found) or len(conn.entries) > 1:
-            return False, None
-
-        user = conn.entries[0]
-        user_dn = user.entry_dn
-        try:
-            email = user.entry_attributes_as_dict[settings['EMAIL_SEARCH_FIELD']][0]
-        except KeyError:
-            email = None
-
-        Connection(self.server, user_dn, password, auto_bind=True)
-
-        return username, email
-
-    def _direct_auth(self, settings, username, password):
-        user_dn = settings['LDAP_USER_DN_TEMPLATE'].format(username=username)
-        conn = Connection(self.server, user_dn, password, auto_bind=True)
-        email_found = conn.search(
-                search_base=settings['LDAP_SEARCH_BASE'],
-                search_filter='uid={0}'.format(username),
-                search_scope=SUBTREE,
-                attributes=[settings['EMAIL_SEARCH_FIELD']])
-
-        if email_found:
-            try:
-                email = conn.entries[0].entry_attributes_as_dict[settings['EMAIL_SEARCH_FIELD']][0]
-            except KeyError:
-                email = None
-
-        return username, email
-
-    def login(self, username, password):
-        for k, v in six.iteritems(self.ldap_settings):
-            try:
-                self._connect(v)
-
-                if 'LDAP_BIND_DN' in v:
-                    return self._manager_auth(v, username, password)
-                else:
-                    return self._direct_auth(v, username, password)
-
-            except LDAPException as e:
-                _log.info(e)
-
-        return False, None
diff --git a/nixops/modules/websites/tools/mediagoblin/mediagoblin-plugin-basicsearch.json b/nixops/modules/websites/tools/mediagoblin/mediagoblin-plugin-basicsearch.json
deleted file mode 100644
index 9abd994..0000000
--- a/nixops/modules/websites/tools/mediagoblin/mediagoblin-plugin-basicsearch.json
+++ /dev/null
@@ -1,15 +0,0 @@
-{
-  "tag": "ba0a154-master",
-  "meta": {
-    "name": "mediagoblin-plugin-basicsearch",
-    "url": "https://github.com/ayleph/mediagoblin-basicsearch",
-    "branch": "master"
-  },
-  "github": {
-    "owner": "ayleph",
-    "repo": "mediagoblin-basicsearch",
-    "rev": "ba0a1547bd24ebaf363227fe17644d38c6ce8a6b",
-    "sha256": "0d4r7xkf4gxmgaxlb264l44xbanis77g49frwfhfzsflxmdwgncy",
-    "fetchSubmodules": true
-  }
-}
diff --git a/nixops/modules/websites/tools/mediagoblin/mediagoblin.json b/nixops/modules/websites/tools/mediagoblin/mediagoblin.json
deleted file mode 100644
index 7ea72d1..0000000
--- a/nixops/modules/websites/tools/mediagoblin/mediagoblin.json
+++ /dev/null
@@ -1,14 +0,0 @@
-{
-  "tag": "cd465eb-stable",
-  "meta": {
-    "name": "mediagoblin",
-    "url": "git://git.savannah.gnu.org/mediagoblin.git",
-    "branch": "stable"
-  },
-  "git": {
-    "url": "git://git.savannah.gnu.org/mediagoblin.git",
-    "rev": "cd465ebfec837a75a44c4ebd727dffe2fff6d850",
-    "sha256": "1yz4i4i97z3rxl534a6psaybyjbyp5nnc52v3nvbpzc4pd2s69mx",
-    "fetchSubmodules": true
-  }
-}
diff --git a/nixops/modules/websites/tools/mediagoblin/mediagoblin.nix b/nixops/modules/websites/tools/mediagoblin/mediagoblin.nix
deleted file mode 100644
index bc423db..0000000
--- a/nixops/modules/websites/tools/mediagoblin/mediagoblin.nix
+++ /dev/null
@@ -1,294 +0,0 @@
-{ env, makeWrapper, stdenv, writeText, fetchurl, buildBowerComponents, fetchedGit, fetchedGithub, which, python36, pkgs, automake, autoconf, nodejs, nodePackages, git, cacert }:
-let
-  plugins = {
-    basicsearch = stdenv.mkDerivation (fetchedGithub ./mediagoblin-plugin-basicsearch.json // rec {
-      phases = "unpackPhase installPhase";
-      installPhase = ''
-          cp -R . $out
-      '';
-    });
-  };
-  overridePython = let
-    packageOverrides = self: super: {
-      celery = super.celery.overridePythonAttrs(old: rec {
-        version = "3.1.26.post2";
-        src = self.fetchPypi {
-          inherit version;
-          inherit (old) pname;
-          sha256 = "5493e172ae817b81ba7d09443ada114886765a8ce02f16a56e6fac68d953a9b2";
-        };
-        patches = [];
-        doCheck = false;
-      });
-      billiard = super.billiard.overridePythonAttrs(old: rec {
-        version = "3.3.0.23";
-        src = self.fetchPypi {
-          inherit version;
-          inherit (old) pname;
-          sha256 = "02wxsc6bhqvzh8j6w758kvgqbnj14l796mvmrcms8fgfamd2lak9";
-        };
-      });
-      amqp = super.amqp.overridePythonAttrs(old: rec {
-        version = "1.4.9";
-        src = self.fetchPypi {
-          inherit version;
-          inherit (old) pname;
-          sha256 = "2dea4d16d073c902c3b89d9b96620fb6729ac0f7a923bbc777cb4ad827c0c61a";
-        };
-      });
-      kombu = super.kombu.overridePythonAttrs(old: rec {
-        version = "3.0.37";
-        src = self.fetchPypi {
-          inherit version;
-          inherit (old) pname;
-          sha256 = "e064a00c66b4d1058cd2b0523fb8d98c82c18450244177b6c0f7913016642650";
-        };
-        propagatedBuildInputs = old.propagatedBuildInputs ++ [ self.anyjson ];
-        doCheck = false;
-      });
-      sqlalchemy = super.sqlalchemy.overridePythonAttrs(old: rec {
-        version = "1.1.18";
-        src = self.fetchPypi {
-          inherit version;
-          inherit (old) pname;
-          sha256 = "8b0ec71af9291191ba83a91c03d157b19ab3e7119e27da97932a4773a3f664a9";
-        };
-      });
-      tempita_5_3_dev = super.buildPythonPackage (fetchedGithub ./tempita.json // rec {
-        buildInputs = with self; [ nose ];
-        disabled = false;
-      });
-      sqlalchemy_migrate = super.sqlalchemy_migrate.overridePythonAttrs(old: rec {
-        propagatedBuildInputs = with self; [ pbr tempita_5_3_dev decorator sqlalchemy six sqlparse ];
-      });
-      pasteScript = super.pasteScript.overridePythonAttrs(old: rec {
-        version = "2.0.2";
-        name = "PasteScript-${version}";
-        src = fetchurl {
-          url = "mirror://pypi/P/PasteScript/${name}.tar.gz";
-          sha256 = "1h3nnhn45kf4pbcv669ik4faw04j58k8vbj1hwrc532k0nc28gy0";
-        };
-        propagatedBuildInputs = with self; [ six paste PasteDeploy ];
-      });
-    };
-    in
-      python36.override { inherit packageOverrides; };
-  pythonEnv = python-pkgs: with python-pkgs; [
-    waitress alembic dateutil wtforms pybcrypt
-    pytest pytest_xdist werkzeug celery
-    kombu jinja2 Babel webtest configobj markdown
-    sqlalchemy itsdangerous pytz sphinx six
-    oauthlib unidecode jsonschema PasteDeploy
-    requests PyLD exifread
-    typing pasteScript lxml
-    # For images plugin
-    pillow
-    # For video plugin
-    gst-python
-    # migrations
-    sqlalchemy_migrate
-    # authentication
-    ldap3
-    redis
-    psycopg2
-  ];
-  python = overridePython.withPackages pythonEnv;
-  gmg = writeText "gmg" ''
-    #!${python}/bin/python
-    __requires__ = 'mediagoblin'
-    import sys
-    from pkg_resources import load_entry_point
-
-    if __name__ == '__main__':
-        sys.exit(
-            load_entry_point('mediagoblin', 'console_scripts', 'gmg')()
-        )
-    '';
-in
-  rec {
-    socketsDir = "/run/mediagoblin";
-    varDir = "/var/lib/mediagoblin";
-    bowerComponents = buildBowerComponents {
-      name = "mediagoblin-bower-components";
-      generated = ./bower-packages.nix;
-      src = (fetchedGit ./mediagoblin.json).src;
-    };
-    mediagoblin = stdenv.mkDerivation (fetchedGit ./mediagoblin.json // rec {
-      preConfigure = ''
-        # ./bootstrap.sh
-        aclocal -I m4 --install
-        autoreconf -fvi
-        # end
-        export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
-        export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
-        export HOME=$PWD
-        '';
-      configureFlags = [ "--with-python3" "--without-virtualenv" ];
-      postBuild = ''
-        cp -a ${bowerComponents}/bower_components/* extlib
-        chmod -R u+w extlib
-        make extlib
-        '';
-      installPhase = ''
-        sed -i "s/registry.has_key(current_theme_name)/current_theme_name in registry/" mediagoblin/tools/theme.py
-        sed -i -e "s@\[DEFAULT\]@[DEFAULT]\nhere = $out@" mediagoblin/config_spec.ini
-        cp ${./ldap_fix.py} mediagoblin/plugins/ldap/tools.py
-        ln -s ${plugins.basicsearch}/basicsearch mediagoblin/plugins/basicsearch
-        find . -name '*.pyc' -delete
-        find . -type f -exec sed -i "s|$PWD|$out|g" {} \;
-        python setup.py build
-        cp -a . $out
-        mkdir $out/bin
-        cp ${gmg} $out/bin/gmg
-        chmod a+x $out/bin/gmg
-        '';
-      buildInputs = [ makeWrapper git cacert automake autoconf which nodePackages.bower nodejs python ];
-      propagatedBuildInputs = [ python ];
-    });
-    paste_local = writeText "paste_local.ini" ''
-      [DEFAULT]
-      debug = false
-
-      [pipeline:main]
-      pipeline = mediagoblin
-
-      [app:mediagoblin]
-      use = egg:mediagoblin#app
-      config = %(here)s/mediagoblin_local.ini %(here)s/mediagoblin.ini
-      /mgoblin_static = %(here)s/mediagoblin/static
-
-      [loggers]
-      keys = root
-
-      [handlers]
-      keys = console
-
-      [formatters]
-      keys = generic
-
-      [logger_root]
-      level = INFO
-      handlers = console
-
-      [handler_console]
-      class = StreamHandler
-      args = (sys.stderr,)
-      level = NOTSET
-      formatter = generic
-
-      [formatter_generic]
-      format = %(levelname)-7.7s [%(name)s] %(message)s
-
-      [filter:errors]
-      use = egg:mediagoblin#errors
-      debug = false
-
-      [server:main]
-      use = egg:waitress#main
-      unix_socket = ${socketsDir}/mediagoblin.sock
-      unix_socket_perms = 777
-      url_scheme = https
-      '';
-
-    keys = [{
-      dest = "webapps/tools-mediagoblin";
-      user = "mediagoblin";
-      group = "mediagoblin";
-      permissions = "0400";
-      text = ''
-        [DEFAULT]
-        data_basedir = "${varDir}"
-
-        [mediagoblin]
-        direct_remote_path = /mgoblin_static/
-        email_sender_address = "mediagoblin@tools.immae.eu"
-
-        #sql_engine = sqlite:///%(data_basedir)s/mediagoblin.db
-        sql_engine = ${env.psql_url}
-
-        email_debug_mode = false
-        allow_registration = false
-        allow_reporting = true
-
-        theme = airymodified
-
-        user_privilege_scheme = "uploader,commenter,reporter"
-
-        # We need to redefine them here since we override data_basedir
-        # cf /usr/share/webapps/mediagoblin/mediagoblin/config_spec.ini
-        workbench_path = %(data_basedir)s/media/workbench
-        crypto_path = %(data_basedir)s/crypto
-        theme_install_dir = %(data_basedir)s/themes/
-        theme_linked_assets_dir = %(data_basedir)s/theme_static/
-        plugin_linked_assets_dir = %(data_basedir)s/plugin_static/
-
-        [storage:queuestore]
-        base_dir = %(data_basedir)s/media/queue
-
-        [storage:publicstore]
-        base_dir = %(data_basedir)s/media/public
-        base_url = /mgoblin_media/
-
-        [celery]
-        CELERY_RESULT_DBURI = ${env.redis_url}
-        BROKER_URL = ${env.redis_url}
-        CELERYD_CONCURRENCY = 1
-
-        [plugins]
-          [[mediagoblin.plugins.geolocation]]
-          [[mediagoblin.plugins.ldap]]
-            [[[immae.eu]]]
-              LDAP_SERVER_URI = 'ldaps://ldap.immae.eu:636'
-              LDAP_SEARCH_BASE = 'dc=immae,dc=eu'
-              LDAP_BIND_DN = 'cn=mediagoblin,ou=services,dc=immae,dc=eu'
-              LDAP_BIND_PW = '${env.ldap.password}'
-              LDAP_SEARCH_FILTER = '(&(memberOf=cn=users,cn=mediagoblin,ou=services,dc=immae,dc=eu)(uid={username}))'
-              EMAIL_SEARCH_FIELD = 'mail'
-          [[mediagoblin.plugins.basicsearch]]
-          [[mediagoblin.plugins.piwigo]]
-          [[mediagoblin.plugins.processing_info]]
-          [[mediagoblin.media_types.image]]
-          [[mediagoblin.media_types.video]]
-        '';
-    }];
-    pythonRoot =
-      with pkgs.gst_all_1;
-      stdenv.mkDerivation {
-        name = "mediagoblin_immae";
-        inherit mediagoblin;
-        buildInputs=  [ makeWrapper ];
-        propagatedBuildInputs = [ gst-libav gst-plugins-good gst-plugins-bad gst-plugins-ugly gstreamer ];
-        builder = let
-          libpaths = [
-            python
-            gstreamer
-            gst-plugins-base
-            gst-libav
-            gst-plugins-good
-            gst-plugins-bad
-            gst-plugins-ugly
-          ];
-          plugin_paths = builtins.concatStringsSep ":" (map (x: "${x}/lib") libpaths);
-          typelib_paths = "${gstreamer}/lib/girepository-1.0:${gst-plugins-base}/lib/girepository-1.0";
-        in writeText "build_mediagoblin_immae" ''
-          source $stdenv/setup
-          cp -a $mediagoblin $out
-          cd $out
-          chmod -R u+rwX .
-          sed -i -e "/from gi.repository import GstPbutils/s/^/gi.require_version('GstPbutils', '1.0')\n/" mediagoblin/media_types/video/transcoders.py
-          wrapProgram bin/gmg --prefix PYTHONPATH : "$out:$PYTHONPATH" \
-            --prefix GST_PLUGIN_SYSTEM_PATH : ${plugin_paths} \
-            --prefix GI_TYPELIB_PATH : ${typelib_paths}
-          makeWrapper ${python}/bin/paster bin/paster --prefix PYTHONPATH : "$out:$PYTHONPATH" \
-            --prefix GST_PLUGIN_SYSTEM_PATH : ${plugin_paths} \
-            --prefix GI_TYPELIB_PATH : ${typelib_paths}
-          makeWrapper ${python}/bin/celery bin/celery --prefix PYTHONPATH : "$out:$PYTHONPATH" \
-            --prefix GST_PLUGIN_SYSTEM_PATH : ${plugin_paths} \
-            --prefix GI_TYPELIB_PATH : ${typelib_paths}
-          find . -type f -exec sed -i "s|$mediagoblin|$out|g" {} \;
-          ln -s ${paste_local} ./paste_local.ini
-          ln -s /var/secrets/webapps/tools-mediagoblin ./mediagoblin_local.ini
-          ln -sf ${varDir} ./user_dev
-          '';
-      };
-  }
diff --git a/nixops/modules/websites/tools/mediagoblin/tempita.json b/nixops/modules/websites/tools/mediagoblin/tempita.json
deleted file mode 100644
index 5371e17..0000000
--- a/nixops/modules/websites/tools/mediagoblin/tempita.json
+++ /dev/null
@@ -1,15 +0,0 @@
-{
-  "tag": "47414a7-master",
-  "meta": {
-    "name": "tempita",
-    "url": "https://github.com/gjhiggins/tempita",
-    "branch": "master"
-  },
-  "github": {
-    "owner": "gjhiggins",
-    "repo": "tempita",
-    "rev": "47414a7c6e46a9a9afe78f0bce2ea299fa84d10d",
-    "sha256": "0f33jjjs5rvp7ar2j6ggyfykcrsrn04jaqcq71qfvycf6b7nw3rn",
-    "fetchSubmodules": true
-  }
-}