From 56eba41617f405624330aa755fcbfc0af68cf64f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Fri, 18 Jan 2019 07:32:59 +0100
Subject: Add mediagoblin

---
 .../modules/websites/tools/mediagoblin/default.nix | 151 +++++++++++++++++++++
 1 file changed, 151 insertions(+)
 create mode 100644 virtual/modules/websites/tools/mediagoblin/default.nix

(limited to 'virtual/modules/websites/tools/mediagoblin/default.nix')

diff --git a/virtual/modules/websites/tools/mediagoblin/default.nix b/virtual/modules/websites/tools/mediagoblin/default.nix
new file mode 100644
index 0000000..4df7e53
--- /dev/null
+++ b/virtual/modules/websites/tools/mediagoblin/default.nix
@@ -0,0 +1,151 @@
+{ lib, pkgs, config, mylibs, ... }:
+let
+  mediagoblin = pkgs.callPackage ./mediagoblin.nix {
+    inherit (mylibs) checkEnv fetchedGit fetchedGithub;
+  };
+
+  cfg = config.services.myWebsites.tools.mediagoblin;
+in {
+  options.services.myWebsites.tools.mediagoblin = {
+    enable = lib.mkEnableOption "enable mediagoblin's website";
+  };
+
+  config = lib.mkIf cfg.enable {
+    # FIXME: Can we use dynamic users from systemd?
+    # nixos/modules/misc/ids.nix
+    ids.uids.mediagoblin = 397;
+    ids.gids.mediagoblin = 397;
+
+    users.users.mediagoblin = {
+      name = "mediagoblin";
+      uid = config.ids.uids.mediagoblin;
+      group = "mediagoblin";
+      description = "Mediagoblin user";
+      home = mediagoblin.varDir;
+      useDefaultShell = true;
+    };
+
+    users.groups.mediagoblin.gid = config.ids.gids.mediagoblin;
+
+    systemd.services.mediagoblin-web = {
+      description = "Mediagoblin service";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+
+      environment.SCRIPT_NAME = "/mediagoblin/";
+
+      script = ''
+        exec ./bin/paster serve \
+          ${mediagoblin.pythonRoot}/paste_local.ini \
+          --pid-file=${mediagoblin.socketsDir}/mediagoblin.pid
+      '';
+
+      preStop = ''
+        exec ./bin/paster serve \
+          --pid-file=${mediagoblin.socketsDir}/mediagoblin.pid \
+          ${mediagoblin.pythonRoot}/paste_local.ini stop
+        '';
+      preStart = ''
+        ./bin/gmg dbupdate
+      '';
+
+      serviceConfig = {
+        User = "mediagoblin";
+        PrivateTmp = true;
+        Restart = "always";
+        TimeoutSec = 15;
+        Type = "simple";
+        WorkingDirectory = mediagoblin.pythonRoot;
+        PIDFile = "${mediagoblin.socketsDir}/mediagoblin.pid";
+      };
+
+      unitConfig.RequiresMountsFor = mediagoblin.varDir;
+    };
+
+    systemd.services.mediagoblin-celeryd = {
+      description = "Mediagoblin service";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" "mediagoblin-web.service" ];
+
+      environment.MEDIAGOBLIN_CONFIG = "${mediagoblin.pythonRoot}/mediagoblin_local.ini";
+      environment.CELERY_CONFIG_MODULE = "mediagoblin.init.celery.from_celery";
+
+      script = ''
+        exec ./bin/celery worker \
+          --logfile=${mediagoblin.varDir}/celery.log \
+          --loglevel=INFO
+      '';
+
+      serviceConfig = {
+        User = "mediagoblin";
+        PrivateTmp = true;
+        Restart = "always";
+        TimeoutSec = 15;
+        Type = "simple";
+        WorkingDirectory = mediagoblin.pythonRoot;
+        PIDFile = "${mediagoblin.socketsDir}/mediagoblin-celeryd.pid";
+      };
+
+      unitConfig.RequiresMountsFor = mediagoblin.varDir;
+    };
+
+    # FIXME: background jobs and upload
+    # FIXME: initial sync
+    system.activationScripts.mediagoblin = {
+      deps = [ "users" ];
+      text = ''
+      install -m 0755 -o mediagoblin -g mediagoblin -d ${mediagoblin.socketsDir}
+      install -m 0755 -o mediagoblin -g mediagoblin -d ${mediagoblin.varDir}
+      if [ -d ${mediagoblin.varDir}/plugin_static/ ]; then
+        rm ${mediagoblin.varDir}/plugin_static/coreplugin_basic_auth
+        ln -sf ${mediagoblin.pythonRoot}/mediagoblin/plugins/basic_auth/static ${mediagoblin.varDir}/plugin_static/coreplugin_basic_auth
+      fi
+      '';
+    };
+
+    services.myWebsites.tools.modules = [
+      "proxy" "proxy_http" "proxy_balancer"
+      # FIXME: probably only one balancer method is needed:
+      "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat"
+    ];
+    users.users.wwwrun.extraGroups = [ "mediagoblin" ];
+    security.acme.certs."eldiron".extraDomains."mgoblin.immae.eu" = null;
+    services.myWebsites.tools.vhostConfs.mgoblin = {
+      certName    = "eldiron";
+      hosts       = ["mgoblin.immae.eu" ];
+      root        = null;
+      extraConfig = [ ''
+        Alias /mgoblin_media ${mediagoblin.varDir}/media/public
+        <Directory ${mediagoblin.varDir}/media/public>
+          Options -Indexes +FollowSymLinks +MultiViews +Includes
+          Require all granted
+        </Directory>
+
+        Alias /theme_static ${mediagoblin.varDir}/theme_static
+        <Directory ${mediagoblin.varDir}/theme_static>
+          Options -Indexes +FollowSymLinks +MultiViews +Includes
+          Require all granted
+        </Directory>
+
+        Alias /plugin_static ${mediagoblin.varDir}/plugin_static
+        <Directory ${mediagoblin.varDir}/plugin_static>
+          Options -Indexes +FollowSymLinks +MultiViews +Includes
+          Require all granted
+        </Directory>
+
+        ProxyPreserveHost on
+        ProxyVia On
+        ProxyRequests Off
+        ProxyPass /mgoblin_media !
+        ProxyPass /theme_static !
+        ProxyPass /plugin_static !
+        ProxyPassMatch ^/.well-known/acme-challenge !
+        ProxyPass / balancer://paster_server/
+        ProxyPassReverse / balancer://paster_server
+        <Proxy balancer://paster_server>
+          BalancerMember unix://${mediagoblin.socketsDir}/mediagoblin.sock|http://
+        </Proxy>
+      '' ];
+    };
+  };
+}
-- 
cgit v1.2.3