From ecd9a3060bdcc4309e4fad6c046b72b880618774 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Sat, 26 Jun 2021 10:07:40 +0200
Subject: Make wwwrun run the python application

---
 modules/private/websites/denise/oms.nix | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'modules/private/websites/denise')

diff --git a/modules/private/websites/denise/oms.nix b/modules/private/websites/denise/oms.nix
index 18773ae..2f18037 100644
--- a/modules/private/websites/denise/oms.nix
+++ b/modules/private/websites/denise/oms.nix
@@ -38,7 +38,7 @@ in {
           python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]);
         in
           "${python}/bin/gunicorn -w4 -p /run/denise_oms/gunicorn.pid --bind unix:${socket} app:app";
-        User = "buildbot";
+        User = "wwwrun";
         Restart = "always";
         RestartSec = "5s";
         PIDFile = "/run/denise_oms/gunicorn.pid";
@@ -48,6 +48,16 @@ in {
       };
     };
 
+    security.sudo.extraRules = [
+      {
+        commands = [
+          { options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-oms-beta.service"; }
+          { options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-oms.service"; }
+        ];
+        users = ["buildbot"];
+        runAs = "root";
+      }
+    ];
     services.websites.env.integration.vhostConfs.denise_oms_beta = {
       certName     = "denise";
       addToCerts   = true;
@@ -77,7 +87,7 @@ in {
           python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]);
         in
           "${python}/bin/gunicorn -w4 -p /run/denise_oms_beta/gunicorn.pid --bind unix:${socket_beta} app:app";
-        User = "buildbot";
+        User = "wwwrun";
         Restart = "always";
         RestartSec = "5s";
         PIDFile = "/run/denise_oms_beta/gunicorn.pid";
-- 
cgit v1.2.3