diff options
Diffstat (limited to 'virtual')
8 files changed, 575 insertions, 0 deletions
diff --git a/virtual/modules/databases/default.nix b/virtual/modules/databases/default.nix index db85f3c..cb3d5bf 100644 --- a/virtual/modules/databases/default.nix +++ b/virtual/modules/databases/default.nix | |||
@@ -164,6 +164,7 @@ in { | |||
164 | # FIXME: backup | 164 | # FIXME: backup |
165 | # Nextcloud: 14 | 165 | # Nextcloud: 14 |
166 | # Mastodon: 13 | 166 | # Mastodon: 13 |
167 | # Mediagoblin: 12 | ||
167 | services.redis = rec { | 168 | services.redis = rec { |
168 | enable = config.services.myDatabases.redis.enable; | 169 | enable = config.services.myDatabases.redis.enable; |
169 | bind = "127.0.0.1"; | 170 | bind = "127.0.0.1"; |
diff --git a/virtual/modules/websites/default.nix b/virtual/modules/websites/default.nix index cb3f690..5f92b8c 100644 --- a/virtual/modules/websites/default.nix +++ b/virtual/modules/websites/default.nix | |||
@@ -98,6 +98,7 @@ in | |||
98 | ./tools/cloud | 98 | ./tools/cloud |
99 | ./tools/git | 99 | ./tools/git |
100 | ./tools/mastodon | 100 | ./tools/mastodon |
101 | ./tools/mediagoblin | ||
101 | # built using: | 102 | # built using: |
102 | # sed -e "s/services\.httpd/services\.httpdProd/g" .nix-defexpr/channels/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix | 103 | # sed -e "s/services\.httpd/services\.httpdProd/g" .nix-defexpr/channels/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix |
103 | # Removed allGranted | 104 | # Removed allGranted |
@@ -173,6 +174,7 @@ in | |||
173 | services.myWebsites.tools.cloud.enable = true; | 174 | services.myWebsites.tools.cloud.enable = true; |
174 | services.myWebsites.tools.git.enable = true; | 175 | services.myWebsites.tools.git.enable = true; |
175 | services.myWebsites.tools.mastodon.enable = true; | 176 | services.myWebsites.tools.mastodon.enable = true; |
177 | services.myWebsites.tools.mediagoblin.enable = true; | ||
176 | 178 | ||
177 | services.myWebsites.Chloe.production.enable = cfg.production.enable; | 179 | services.myWebsites.Chloe.production.enable = cfg.production.enable; |
178 | services.myWebsites.Ludivine.production.enable = cfg.production.enable; | 180 | services.myWebsites.Ludivine.production.enable = cfg.production.enable; |
diff --git a/virtual/modules/websites/tools/mediagoblin/default.nix b/virtual/modules/websites/tools/mediagoblin/default.nix new file mode 100644 index 0000000..4df7e53 --- /dev/null +++ b/virtual/modules/websites/tools/mediagoblin/default.nix | |||
@@ -0,0 +1,151 @@ | |||
1 | { lib, pkgs, config, mylibs, ... }: | ||
2 | let | ||
3 | mediagoblin = pkgs.callPackage ./mediagoblin.nix { | ||
4 | inherit (mylibs) checkEnv fetchedGit fetchedGithub; | ||
5 | }; | ||
6 | |||
7 | cfg = config.services.myWebsites.tools.mediagoblin; | ||
8 | in { | ||
9 | options.services.myWebsites.tools.mediagoblin = { | ||
10 | enable = lib.mkEnableOption "enable mediagoblin's website"; | ||
11 | }; | ||
12 | |||
13 | config = lib.mkIf cfg.enable { | ||
14 | # FIXME: Can we use dynamic users from systemd? | ||
15 | # nixos/modules/misc/ids.nix | ||
16 | ids.uids.mediagoblin = 397; | ||
17 | ids.gids.mediagoblin = 397; | ||
18 | |||
19 | users.users.mediagoblin = { | ||
20 | name = "mediagoblin"; | ||
21 | uid = config.ids.uids.mediagoblin; | ||
22 | group = "mediagoblin"; | ||
23 | description = "Mediagoblin user"; | ||
24 | home = mediagoblin.varDir; | ||
25 | useDefaultShell = true; | ||
26 | }; | ||
27 | |||
28 | users.groups.mediagoblin.gid = config.ids.gids.mediagoblin; | ||
29 | |||
30 | systemd.services.mediagoblin-web = { | ||
31 | description = "Mediagoblin service"; | ||
32 | wantedBy = [ "multi-user.target" ]; | ||
33 | after = [ "network.target" ]; | ||
34 | |||
35 | environment.SCRIPT_NAME = "/mediagoblin/"; | ||
36 | |||
37 | script = '' | ||
38 | exec ./bin/paster serve \ | ||
39 | ${mediagoblin.pythonRoot}/paste_local.ini \ | ||
40 | --pid-file=${mediagoblin.socketsDir}/mediagoblin.pid | ||
41 | ''; | ||
42 | |||
43 | preStop = '' | ||
44 | exec ./bin/paster serve \ | ||
45 | --pid-file=${mediagoblin.socketsDir}/mediagoblin.pid \ | ||
46 | ${mediagoblin.pythonRoot}/paste_local.ini stop | ||
47 | ''; | ||
48 | preStart = '' | ||
49 | ./bin/gmg dbupdate | ||
50 | ''; | ||
51 | |||
52 | serviceConfig = { | ||
53 | User = "mediagoblin"; | ||
54 | PrivateTmp = true; | ||
55 | Restart = "always"; | ||
56 | TimeoutSec = 15; | ||
57 | Type = "simple"; | ||
58 | WorkingDirectory = mediagoblin.pythonRoot; | ||
59 | PIDFile = "${mediagoblin.socketsDir}/mediagoblin.pid"; | ||
60 | }; | ||
61 | |||
62 | unitConfig.RequiresMountsFor = mediagoblin.varDir; | ||
63 | }; | ||
64 | |||
65 | systemd.services.mediagoblin-celeryd = { | ||
66 | description = "Mediagoblin service"; | ||
67 | wantedBy = [ "multi-user.target" ]; | ||
68 | after = [ "network.target" "mediagoblin-web.service" ]; | ||
69 | |||
70 | environment.MEDIAGOBLIN_CONFIG = "${mediagoblin.pythonRoot}/mediagoblin_local.ini"; | ||
71 | environment.CELERY_CONFIG_MODULE = "mediagoblin.init.celery.from_celery"; | ||
72 | |||
73 | script = '' | ||
74 | exec ./bin/celery worker \ | ||
75 | --logfile=${mediagoblin.varDir}/celery.log \ | ||
76 | --loglevel=INFO | ||
77 | ''; | ||
78 | |||
79 | serviceConfig = { | ||
80 | User = "mediagoblin"; | ||
81 | PrivateTmp = true; | ||
82 | Restart = "always"; | ||
83 | TimeoutSec = 15; | ||
84 | Type = "simple"; | ||
85 | WorkingDirectory = mediagoblin.pythonRoot; | ||
86 | PIDFile = "${mediagoblin.socketsDir}/mediagoblin-celeryd.pid"; | ||
87 | }; | ||
88 | |||
89 | unitConfig.RequiresMountsFor = mediagoblin.varDir; | ||
90 | }; | ||
91 | |||
92 | # FIXME: background jobs and upload | ||
93 | # FIXME: initial sync | ||
94 | system.activationScripts.mediagoblin = { | ||
95 | deps = [ "users" ]; | ||
96 | text = '' | ||
97 | install -m 0755 -o mediagoblin -g mediagoblin -d ${mediagoblin.socketsDir} | ||
98 | install -m 0755 -o mediagoblin -g mediagoblin -d ${mediagoblin.varDir} | ||
99 | if [ -d ${mediagoblin.varDir}/plugin_static/ ]; then | ||
100 | rm ${mediagoblin.varDir}/plugin_static/coreplugin_basic_auth | ||
101 | ln -sf ${mediagoblin.pythonRoot}/mediagoblin/plugins/basic_auth/static ${mediagoblin.varDir}/plugin_static/coreplugin_basic_auth | ||
102 | fi | ||
103 | ''; | ||
104 | }; | ||
105 | |||
106 | services.myWebsites.tools.modules = [ | ||
107 | "proxy" "proxy_http" "proxy_balancer" | ||
108 | # FIXME: probably only one balancer method is needed: | ||
109 | "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat" | ||
110 | ]; | ||
111 | users.users.wwwrun.extraGroups = [ "mediagoblin" ]; | ||
112 | security.acme.certs."eldiron".extraDomains."mgoblin.immae.eu" = null; | ||
113 | services.myWebsites.tools.vhostConfs.mgoblin = { | ||
114 | certName = "eldiron"; | ||
115 | hosts = ["mgoblin.immae.eu" ]; | ||
116 | root = null; | ||
117 | extraConfig = [ '' | ||
118 | Alias /mgoblin_media ${mediagoblin.varDir}/media/public | ||
119 | <Directory ${mediagoblin.varDir}/media/public> | ||
120 | Options -Indexes +FollowSymLinks +MultiViews +Includes | ||
121 | Require all granted | ||
122 | </Directory> | ||
123 | |||
124 | Alias /theme_static ${mediagoblin.varDir}/theme_static | ||
125 | <Directory ${mediagoblin.varDir}/theme_static> | ||
126 | Options -Indexes +FollowSymLinks +MultiViews +Includes | ||
127 | Require all granted | ||
128 | </Directory> | ||
129 | |||
130 | Alias /plugin_static ${mediagoblin.varDir}/plugin_static | ||
131 | <Directory ${mediagoblin.varDir}/plugin_static> | ||
132 | Options -Indexes +FollowSymLinks +MultiViews +Includes | ||
133 | Require all granted | ||
134 | </Directory> | ||
135 | |||
136 | ProxyPreserveHost on | ||
137 | ProxyVia On | ||
138 | ProxyRequests Off | ||
139 | ProxyPass /mgoblin_media ! | ||
140 | ProxyPass /theme_static ! | ||
141 | ProxyPass /plugin_static ! | ||
142 | ProxyPassMatch ^/.well-known/acme-challenge ! | ||
143 | ProxyPass / balancer://paster_server/ | ||
144 | ProxyPassReverse / balancer://paster_server | ||
145 | <Proxy balancer://paster_server> | ||
146 | BalancerMember unix://${mediagoblin.socketsDir}/mediagoblin.sock|http:// | ||
147 | </Proxy> | ||
148 | '' ]; | ||
149 | }; | ||
150 | }; | ||
151 | } | ||
diff --git a/virtual/modules/websites/tools/mediagoblin/ldap_fix.py b/virtual/modules/websites/tools/mediagoblin/ldap_fix.py new file mode 100644 index 0000000..10cc375 --- /dev/null +++ b/virtual/modules/websites/tools/mediagoblin/ldap_fix.py | |||
@@ -0,0 +1,93 @@ | |||
1 | # GNU MediaGoblin -- federated, autonomous media hosting | ||
2 | # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. | ||
3 | # | ||
4 | # This program is free software: you can redistribute it and/or modify | ||
5 | # it under the terms of the GNU Affero General Public License as published by | ||
6 | # the Free Software Foundation, either version 3 of the License, or | ||
7 | # (at your option) any later version. | ||
8 | # | ||
9 | # This program is distributed in the hope that it will be useful, | ||
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
12 | # GNU Affero General Public License for more details. | ||
13 | # | ||
14 | # You should have received a copy of the GNU Affero General Public License | ||
15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
16 | from ldap3 import Server, Connection, SUBTREE | ||
17 | from ldap3.core.exceptions import LDAPException | ||
18 | import logging | ||
19 | |||
20 | import six | ||
21 | |||
22 | from mediagoblin.tools import pluginapi | ||
23 | |||
24 | _log = logging.getLogger(__name__) | ||
25 | |||
26 | |||
27 | class LDAP(object): | ||
28 | def __init__(self): | ||
29 | self.ldap_settings = pluginapi.get_config('mediagoblin.plugins.ldap') | ||
30 | |||
31 | def _connect(self, server): | ||
32 | _log.info('Connecting to {0}.'.format(server['LDAP_SERVER_URI'])) | ||
33 | self.server = Server(server['LDAP_SERVER_URI']) | ||
34 | |||
35 | if 'LDAP_START_TLS' in server and server['LDAP_START_TLS'] == 'true': | ||
36 | _log.info('Initiating TLS') | ||
37 | self.server.start_tls() | ||
38 | |||
39 | def _manager_auth(self, settings, username, password): | ||
40 | conn = Connection(self.server, | ||
41 | settings['LDAP_BIND_DN'], | ||
42 | settings['LDAP_BIND_PW'], | ||
43 | auto_bind=True) | ||
44 | found = conn.search( | ||
45 | search_base=settings['LDAP_SEARCH_BASE'], | ||
46 | search_filter=settings['LDAP_SEARCH_FILTER'].format(username=username), | ||
47 | search_scope=SUBTREE, | ||
48 | attributes=[settings['EMAIL_SEARCH_FIELD']]) | ||
49 | if (not found) or len(conn.entries) > 1: | ||
50 | return False, None | ||
51 | |||
52 | user = conn.entries[0] | ||
53 | user_dn = user.entry_dn | ||
54 | try: | ||
55 | email = user.entry_attributes_as_dict[settings['EMAIL_SEARCH_FIELD']][0] | ||
56 | except KeyError: | ||
57 | email = None | ||
58 | |||
59 | Connection(self.server, user_dn, password, auto_bind=True) | ||
60 | |||
61 | return username, email | ||
62 | |||
63 | def _direct_auth(self, settings, username, password): | ||
64 | user_dn = settings['LDAP_USER_DN_TEMPLATE'].format(username=username) | ||
65 | conn = Connection(self.server, user_dn, password, auto_bind=True) | ||
66 | email_found = conn.search( | ||
67 | search_base=settings['LDAP_SEARCH_BASE'], | ||
68 | search_filter='uid={0}'.format(username), | ||
69 | search_scope=SUBTREE, | ||
70 | attributes=[settings['EMAIL_SEARCH_FIELD']]) | ||
71 | |||
72 | if email_found: | ||
73 | try: | ||
74 | email = conn.entries[0].entry_attributes_as_dict[settings['EMAIL_SEARCH_FIELD']][0] | ||
75 | except KeyError: | ||
76 | email = None | ||
77 | |||
78 | return username, email | ||
79 | |||
80 | def login(self, username, password): | ||
81 | for k, v in six.iteritems(self.ldap_settings): | ||
82 | try: | ||
83 | self._connect(v) | ||
84 | |||
85 | if 'LDAP_BIND_DN' in v: | ||
86 | return self._manager_auth(v, username, password) | ||
87 | else: | ||
88 | return self._direct_auth(v, username, password) | ||
89 | |||
90 | except LDAPException as e: | ||
91 | _log.info(e) | ||
92 | |||
93 | return False, None | ||
diff --git a/virtual/modules/websites/tools/mediagoblin/mediagoblin-plugin-basicsearch.json b/virtual/modules/websites/tools/mediagoblin/mediagoblin-plugin-basicsearch.json new file mode 100644 index 0000000..9abd994 --- /dev/null +++ b/virtual/modules/websites/tools/mediagoblin/mediagoblin-plugin-basicsearch.json | |||
@@ -0,0 +1,15 @@ | |||
1 | { | ||
2 | "tag": "ba0a154-master", | ||
3 | "meta": { | ||
4 | "name": "mediagoblin-plugin-basicsearch", | ||
5 | "url": "https://github.com/ayleph/mediagoblin-basicsearch", | ||
6 | "branch": "master" | ||
7 | }, | ||
8 | "github": { | ||
9 | "owner": "ayleph", | ||
10 | "repo": "mediagoblin-basicsearch", | ||
11 | "rev": "ba0a1547bd24ebaf363227fe17644d38c6ce8a6b", | ||
12 | "sha256": "0d4r7xkf4gxmgaxlb264l44xbanis77g49frwfhfzsflxmdwgncy", | ||
13 | "fetchSubmodules": true | ||
14 | } | ||
15 | } | ||
diff --git a/virtual/modules/websites/tools/mediagoblin/mediagoblin.json b/virtual/modules/websites/tools/mediagoblin/mediagoblin.json new file mode 100644 index 0000000..7ea72d1 --- /dev/null +++ b/virtual/modules/websites/tools/mediagoblin/mediagoblin.json | |||
@@ -0,0 +1,14 @@ | |||
1 | { | ||
2 | "tag": "cd465eb-stable", | ||
3 | "meta": { | ||
4 | "name": "mediagoblin", | ||
5 | "url": "git://git.savannah.gnu.org/mediagoblin.git", | ||
6 | "branch": "stable" | ||
7 | }, | ||
8 | "git": { | ||
9 | "url": "git://git.savannah.gnu.org/mediagoblin.git", | ||
10 | "rev": "cd465ebfec837a75a44c4ebd727dffe2fff6d850", | ||
11 | "sha256": "1yz4i4i97z3rxl534a6psaybyjbyp5nnc52v3nvbpzc4pd2s69mx", | ||
12 | "fetchSubmodules": true | ||
13 | } | ||
14 | } | ||
diff --git a/virtual/modules/websites/tools/mediagoblin/mediagoblin.nix b/virtual/modules/websites/tools/mediagoblin/mediagoblin.nix new file mode 100644 index 0000000..e94d8a6 --- /dev/null +++ b/virtual/modules/websites/tools/mediagoblin/mediagoblin.nix | |||
@@ -0,0 +1,284 @@ | |||
1 | { checkEnv, makeWrapper, stdenv, writeText, fetchurl, fetchedGit, fetchedGithub, which, python3, pkgs, automake, autoconf, nodejs, nodePackages, git, cacert }: | ||
2 | let | ||
3 | plugins = { | ||
4 | basicsearch = stdenv.mkDerivation (fetchedGithub ./mediagoblin-plugin-basicsearch.json // rec { | ||
5 | phases = "unpackPhase installPhase"; | ||
6 | installPhase = '' | ||
7 | cp -R . $out | ||
8 | ''; | ||
9 | }); | ||
10 | }; | ||
11 | overridePython = let | ||
12 | packageOverrides = self: super: { | ||
13 | celery = super.celery.overridePythonAttrs(old: rec { | ||
14 | version = "3.1.26.post2"; | ||
15 | src = self.fetchPypi { | ||
16 | inherit version; | ||
17 | inherit (old) pname; | ||
18 | sha256 = "5493e172ae817b81ba7d09443ada114886765a8ce02f16a56e6fac68d953a9b2"; | ||
19 | }; | ||
20 | patches = []; | ||
21 | doCheck = false; | ||
22 | }); | ||
23 | billiard = super.billiard.overridePythonAttrs(old: rec { | ||
24 | version = "3.3.0.23"; | ||
25 | src = self.fetchPypi { | ||
26 | inherit version; | ||
27 | inherit (old) pname; | ||
28 | sha256 = "02wxsc6bhqvzh8j6w758kvgqbnj14l796mvmrcms8fgfamd2lak9"; | ||
29 | }; | ||
30 | }); | ||
31 | amqp = super.amqp.overridePythonAttrs(old: rec { | ||
32 | version = "1.4.9"; | ||
33 | src = self.fetchPypi { | ||
34 | inherit version; | ||
35 | inherit (old) pname; | ||
36 | sha256 = "2dea4d16d073c902c3b89d9b96620fb6729ac0f7a923bbc777cb4ad827c0c61a"; | ||
37 | }; | ||
38 | }); | ||
39 | kombu = super.kombu.overridePythonAttrs(old: rec { | ||
40 | version = "3.0.37"; | ||
41 | src = self.fetchPypi { | ||
42 | inherit version; | ||
43 | inherit (old) pname; | ||
44 | sha256 = "e064a00c66b4d1058cd2b0523fb8d98c82c18450244177b6c0f7913016642650"; | ||
45 | }; | ||
46 | propagatedBuildInputs = old.propagatedBuildInputs ++ [ self.anyjson ]; | ||
47 | doCheck = false; | ||
48 | }); | ||
49 | sqlalchemy = super.sqlalchemy.overridePythonAttrs(old: rec { | ||
50 | version = "1.1.18"; | ||
51 | src = self.fetchPypi { | ||
52 | inherit version; | ||
53 | inherit (old) pname; | ||
54 | sha256 = "8b0ec71af9291191ba83a91c03d157b19ab3e7119e27da97932a4773a3f664a9"; | ||
55 | }; | ||
56 | }); | ||
57 | tempita_5_3_dev = super.buildPythonPackage (fetchedGithub ./tempita.json // rec { | ||
58 | buildInputs = with self; [ nose ]; | ||
59 | disabled = false; | ||
60 | }); | ||
61 | sqlalchemy_migrate = super.sqlalchemy_migrate.overridePythonAttrs(old: rec { | ||
62 | propagatedBuildInputs = with self; [ pbr tempita_5_3_dev decorator sqlalchemy six sqlparse ]; | ||
63 | }); | ||
64 | pasteScript = super.pasteScript.overridePythonAttrs(old: rec { | ||
65 | version = "2.0.2"; | ||
66 | name = "PasteScript-${version}"; | ||
67 | src = fetchurl { | ||
68 | url = "mirror://pypi/P/PasteScript/${name}.tar.gz"; | ||
69 | sha256 = "1h3nnhn45kf4pbcv669ik4faw04j58k8vbj1hwrc532k0nc28gy0"; | ||
70 | }; | ||
71 | propagatedBuildInputs = with self; [ six paste PasteDeploy argparse ]; | ||
72 | }); | ||
73 | }; | ||
74 | in | ||
75 | python3.override { inherit packageOverrides; }; | ||
76 | pythonEnv = python-pkgs: with python-pkgs; [ | ||
77 | waitress alembic dateutil wtforms pybcrypt | ||
78 | pytest pytest_xdist werkzeug celery | ||
79 | kombu jinja2 Babel webtest configobj markdown | ||
80 | sqlalchemy itsdangerous pytz sphinx six | ||
81 | oauthlib unidecode jsonschema PasteDeploy | ||
82 | requests PyLD exifread | ||
83 | typing pasteScript | ||
84 | # For images plugin | ||
85 | pillow | ||
86 | # For video plugin | ||
87 | gst-python | ||
88 | # migrations | ||
89 | sqlalchemy_migrate | ||
90 | # authentication | ||
91 | ldap3 | ||
92 | redis | ||
93 | psycopg2 | ||
94 | ]; | ||
95 | python = overridePython.withPackages pythonEnv; | ||
96 | gmg = writeText "gmg" '' | ||
97 | #!${python}/bin/python | ||
98 | __requires__ = 'mediagoblin' | ||
99 | import sys | ||
100 | from pkg_resources import load_entry_point | ||
101 | |||
102 | if __name__ == '__main__': | ||
103 | sys.exit( | ||
104 | load_entry_point('mediagoblin', 'console_scripts', 'gmg')() | ||
105 | ) | ||
106 | ''; | ||
107 | in | ||
108 | rec { | ||
109 | socketsDir = "/run/mediagoblin"; | ||
110 | varDir = "/var/lib/mediagoblin"; | ||
111 | mediagoblin = stdenv.mkDerivation (fetchedGit ./mediagoblin.json // rec { | ||
112 | preConfigure = '' | ||
113 | # ./bootstrap.sh | ||
114 | aclocal -I m4 --install | ||
115 | autoreconf -fvi | ||
116 | # end | ||
117 | export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt | ||
118 | export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt | ||
119 | export HOME=$PWD | ||
120 | ''; | ||
121 | configureFlags = [ "--with-python3" "--without-virtualenv" ]; | ||
122 | postBuild = '' | ||
123 | make extlib | ||
124 | ''; | ||
125 | installPhase = '' | ||
126 | sed -i "s/registry.has_key(current_theme_name)/current_theme_name in registry/" mediagoblin/tools/theme.py | ||
127 | sed -i -e "s@\[DEFAULT\]@[DEFAULT]\nhere = $out@" mediagoblin/config_spec.ini | ||
128 | cp ${./ldap_fix.py} mediagoblin/plugins/ldap/tools.py | ||
129 | ln -s ${plugins.basicsearch}/basicsearch mediagoblin/plugins/basicsearch | ||
130 | find . -name '*.pyc' -delete | ||
131 | find . -type f -exec sed -i "s|$PWD|$out|g" {} \; | ||
132 | python setup.py build | ||
133 | cp -a . $out | ||
134 | mkdir $out/bin | ||
135 | cp ${gmg} $out/bin/gmg | ||
136 | chmod a+x $out/bin/gmg | ||
137 | ''; | ||
138 | buildInputs = [ makeWrapper git cacert automake autoconf which nodePackages.bower nodejs python ]; | ||
139 | propagatedBuildInputs = [ python ]; | ||
140 | }); | ||
141 | paste_local = writeText "paste_local.ini" '' | ||
142 | [DEFAULT] | ||
143 | debug = false | ||
144 | |||
145 | [pipeline:main] | ||
146 | pipeline = mediagoblin | ||
147 | |||
148 | [app:mediagoblin] | ||
149 | use = egg:mediagoblin#app | ||
150 | config = %(here)s/mediagoblin_local.ini %(here)s/mediagoblin.ini | ||
151 | /mgoblin_static = %(here)s/mediagoblin/static | ||
152 | |||
153 | [loggers] | ||
154 | keys = root | ||
155 | |||
156 | [handlers] | ||
157 | keys = console | ||
158 | |||
159 | [formatters] | ||
160 | keys = generic | ||
161 | |||
162 | [logger_root] | ||
163 | level = INFO | ||
164 | handlers = console | ||
165 | |||
166 | [handler_console] | ||
167 | class = StreamHandler | ||
168 | args = (sys.stderr,) | ||
169 | level = NOTSET | ||
170 | formatter = generic | ||
171 | |||
172 | [formatter_generic] | ||
173 | format = %(levelname)-7.7s [%(name)s] %(message)s | ||
174 | |||
175 | [filter:errors] | ||
176 | use = egg:mediagoblin#errors | ||
177 | debug = false | ||
178 | |||
179 | [server:main] | ||
180 | use = egg:waitress#main | ||
181 | unix_socket = ${socketsDir}/mediagoblin.sock | ||
182 | unix_socket_perms = 777 | ||
183 | url_scheme = https | ||
184 | ''; | ||
185 | |||
186 | mediagoblin_local = | ||
187 | assert checkEnv "NIXOPS_MEDIAGOBLIN_LDAP_PASSWORD"; | ||
188 | assert checkEnv "NIXOPS_MEDIAGOBLIN_SQL_URI"; | ||
189 | writeText "mediagoblin_local.ini" '' | ||
190 | [DEFAULT] | ||
191 | data_basedir = "${varDir}" | ||
192 | |||
193 | [mediagoblin] | ||
194 | direct_remote_path = /mgoblin_static/ | ||
195 | email_sender_address = "mediagoblin@mail.immae.eu" | ||
196 | |||
197 | #sql_engine = sqlite:///%(data_basedir)s/mediagoblin.db | ||
198 | sql_engine = ${builtins.getEnv "NIXOPS_MEDIAGOBLIN_SQL_URI"} | ||
199 | |||
200 | email_debug_mode = false | ||
201 | allow_registration = false | ||
202 | allow_reporting = true | ||
203 | |||
204 | theme = airymodified | ||
205 | |||
206 | user_privilege_scheme = "uploader,commenter,reporter" | ||
207 | |||
208 | # We need to redefine them here since we override data_basedir | ||
209 | # cf /usr/share/webapps/mediagoblin/mediagoblin/config_spec.ini | ||
210 | workbench_path = %(data_basedir)s/media/workbench | ||
211 | crypto_path = %(data_basedir)s/crypto | ||
212 | theme_install_dir = %(data_basedir)s/themes/ | ||
213 | theme_linked_assets_dir = %(data_basedir)s/theme_static/ | ||
214 | plugin_linked_assets_dir = %(data_basedir)s/plugin_static/ | ||
215 | |||
216 | [storage:queuestore] | ||
217 | base_dir = %(data_basedir)s/media/queue | ||
218 | |||
219 | [storage:publicstore] | ||
220 | base_dir = %(data_basedir)s/media/public | ||
221 | base_url = /mgoblin_media/ | ||
222 | |||
223 | [celery] | ||
224 | CELERY_RESULT_DBURI = redis+socket:///run/redis/redis.sock?virtual_host=12 | ||
225 | BROKER_URL = redis+socket:///run/redis/redis.sock?virtual_host=12 | ||
226 | CELERYD_CONCURRENCY = 1 | ||
227 | |||
228 | [plugins] | ||
229 | [[mediagoblin.plugins.geolocation]] | ||
230 | [[mediagoblin.plugins.ldap]] | ||
231 | [[[immae.eu]]] | ||
232 | LDAP_SERVER_URI = 'ldaps://ldap.immae.eu:636' | ||
233 | LDAP_SEARCH_BASE = 'dc=immae,dc=eu' | ||
234 | LDAP_BIND_DN = 'cn=mediagoblin,ou=services,dc=immae,dc=eu' | ||
235 | LDAP_BIND_PW = '${builtins.getEnv "NIXOPS_MEDIAGOBLIN_LDAP_PASSWORD"}' | ||
236 | LDAP_SEARCH_FILTER = '(&(memberOf=cn=users,cn=mediagoblin,ou=services,dc=immae,dc=eu)(uid={username}))' | ||
237 | EMAIL_SEARCH_FIELD = 'mail' | ||
238 | [[mediagoblin.plugins.basicsearch]] | ||
239 | [[mediagoblin.plugins.piwigo]] | ||
240 | [[mediagoblin.plugins.processing_info]] | ||
241 | [[mediagoblin.media_types.image]] | ||
242 | [[mediagoblin.media_types.video]] | ||
243 | ''; | ||
244 | pythonRoot = | ||
245 | with pkgs.gst_all_1; | ||
246 | stdenv.mkDerivation { | ||
247 | name = "mediagoblin_immae"; | ||
248 | inherit mediagoblin; | ||
249 | buildInputs= [ makeWrapper ]; | ||
250 | propagatedBuildInputs = [ gst-libav gst-plugins-good gst-plugins-bad gst-plugins-ugly gstreamer ]; | ||
251 | builder = let | ||
252 | libpaths = [ | ||
253 | python | ||
254 | gstreamer | ||
255 | gst-plugins-base | ||
256 | gst-libav | ||
257 | gst-plugins-good | ||
258 | gst-plugins-bad | ||
259 | gst-plugins-ugly | ||
260 | ]; | ||
261 | plugin_paths = builtins.concatStringsSep ":" (map (x: "${x}/lib") libpaths); | ||
262 | typelib_paths = "${gstreamer}/lib/girepository-1.0:${gst-plugins-base}/lib/girepository-1.0"; | ||
263 | in writeText "build_mediagoblin_immae" '' | ||
264 | source $stdenv/setup | ||
265 | cp -a $mediagoblin $out | ||
266 | cd $out | ||
267 | chmod -R u+rwX . | ||
268 | sed -i -e "/from gi.repository import GstPbutils/s/^/gi.require_version('GstPbutils', '1.0')\n/" mediagoblin/media_types/video/transcoders.py | ||
269 | wrapProgram bin/gmg --prefix PYTHONPATH : "$out:$PYTHONPATH" \ | ||
270 | --prefix GST_PLUGIN_SYSTEM_PATH : ${plugin_paths} \ | ||
271 | --prefix GI_TYPELIB_PATH : ${typelib_paths} | ||
272 | makeWrapper ${python}/bin/paster bin/paster --prefix PYTHONPATH : "$out:$PYTHONPATH" \ | ||
273 | --prefix GST_PLUGIN_SYSTEM_PATH : ${plugin_paths} \ | ||
274 | --prefix GI_TYPELIB_PATH : ${typelib_paths} | ||
275 | makeWrapper ${python}/bin/celery bin/celery --prefix PYTHONPATH : "$out:$PYTHONPATH" \ | ||
276 | --prefix GST_PLUGIN_SYSTEM_PATH : ${plugin_paths} \ | ||
277 | --prefix GI_TYPELIB_PATH : ${typelib_paths} | ||
278 | find . -type f -exec sed -i "s|$mediagoblin|$out|g" {} \; | ||
279 | ln -s ${paste_local} ./paste_local.ini | ||
280 | ln -s ${mediagoblin_local} ./mediagoblin_local.ini | ||
281 | ln -sf ../../../../../${varDir} ./user_dev | ||
282 | ''; | ||
283 | }; | ||
284 | } | ||
diff --git a/virtual/modules/websites/tools/mediagoblin/tempita.json b/virtual/modules/websites/tools/mediagoblin/tempita.json new file mode 100644 index 0000000..5371e17 --- /dev/null +++ b/virtual/modules/websites/tools/mediagoblin/tempita.json | |||
@@ -0,0 +1,15 @@ | |||
1 | { | ||
2 | "tag": "47414a7-master", | ||
3 | "meta": { | ||
4 | "name": "tempita", | ||
5 | "url": "https://github.com/gjhiggins/tempita", | ||
6 | "branch": "master" | ||
7 | }, | ||
8 | "github": { | ||
9 | "owner": "gjhiggins", | ||
10 | "repo": "tempita", | ||
11 | "rev": "47414a7c6e46a9a9afe78f0bce2ea299fa84d10d", | ||
12 | "sha256": "0f33jjjs5rvp7ar2j6ggyfykcrsrn04jaqcq71qfvycf6b7nw3rn", | ||
13 | "fetchSubmodules": true | ||
14 | } | ||
15 | } | ||