{ lib, pkgs, config, ... }:
let
env = config.myEnv.tools.mediagoblin;
cfg = config.myServices.websites.tools.mediagoblin;
mcfg = config.services.mediagoblin;
in {
options.myServices.websites.tools.mediagoblin = {
enable = lib.mkEnableOption "enable mediagoblin's website";
};
config = lib.mkIf cfg.enable {
secrets.keys."webapps/tools-mediagoblin" = {
user = "mediagoblin";
group = "mediagoblin";
permissions = "0400";
text =
let
psql_url = with env.postgresql; "postgresql://${user}:${password}@:${port}/${database}?host=${socket}";
redis_url = with env.redis; "redis+socket://${socket}?virtual_host=${db}";
in
''
[DEFAULT]
data_basedir = "${mcfg.dataDir}"
[mediagoblin]
direct_remote_path = /mgoblin_static/
email_sender_address = "mediagoblin@tools.immae.eu"
#sql_engine = sqlite:///%(data_basedir)s/mediagoblin.db
sql_engine = ${psql_url}
email_debug_mode = false
allow_registration = false
allow_reporting = true
theme = airymodified
user_privilege_scheme = "uploader,commenter,reporter"
# We need to redefine them here since we override data_basedir
# cf /usr/share/webapps/mediagoblin/mediagoblin/config_spec.ini
workbench_path = %(data_basedir)s/media/workbench
crypto_path = %(data_basedir)s/crypto
theme_install_dir = %(data_basedir)s/themes/
theme_linked_assets_dir = %(data_basedir)s/theme_static/
plugin_linked_assets_dir = %(data_basedir)s/plugin_static/
[storage:queuestore]
base_dir = %(data_basedir)s/media/queue
[storage:publicstore]
base_dir = %(data_basedir)s/media/public
base_url = /mgoblin_media/
[celery]
CELERY_RESULT_DBURI = ${redis_url}
BROKER_URL = ${redis_url}
CELERYD_CONCURRENCY = 1
[plugins]
[[mediagoblin.plugins.geolocation]]
[[mediagoblin.plugins.ldap]]
[[[immae.eu]]]
LDAP_SERVER_URI = 'ldaps://${env.ldap.host}:636'
LDAP_SEARCH_BASE = '${env.ldap.base}'
LDAP_BIND_DN = '${env.ldap.dn}'
LDAP_BIND_PW = '${env.ldap.password}'
LDAP_SEARCH_FILTER = '${env.ldap.filter}'
EMAIL_SEARCH_FIELD = 'mail'
[[mediagoblin.plugins.basicsearch]]
[[mediagoblin.plugins.piwigo]]
[[mediagoblin.plugins.processing_info]]
[[mediagoblin.media_types.image]]
[[mediagoblin.media_types.video]]
'';
};
users.users.mediagoblin.extraGroups = [ "keys" ];
services.mediagoblin = {
enable = true;
package = pkgs.webapps.mediagoblin.withPlugins (p: [p.basicsearch]);
configFile = config.secrets.fullPaths."webapps/tools-mediagoblin";
};
services.filesWatcher.mediagoblin-web = {
restart = true;
paths = [ mcfg.configFile ];
};
services.filesWatcher.mediagoblin-celeryd = {
restart = true;
paths = [ mcfg.configFile ];
};
services.websites.env.tools.modules = [
"proxy" "proxy_http"
];
users.users.wwwrun.extraGroups = [ "mediagoblin" ];
services.websites.env.tools.vhostConfs.mgoblin = {
certName = "eldiron";
addToCerts = true;
hosts = ["mgoblin.immae.eu" ];
root = null;
extraConfig = [ ''
Alias /mgoblin_media ${mcfg.dataDir}/media/public
Options -Indexes +FollowSymLinks +MultiViews +Includes
Require all granted
Alias /theme_static ${mcfg.dataDir}/theme_static
Options -Indexes +FollowSymLinks +MultiViews +Includes
Require all granted
Alias /plugin_static ${mcfg.dataDir}/plugin_static
Options -Indexes +FollowSymLinks +MultiViews +Includes
Require all granted
ProxyPreserveHost on
ProxyVia On
ProxyRequests Off
ProxyPass /mgoblin_media !
ProxyPass /theme_static !
ProxyPass /plugin_static !
ProxyPassMatch ^/.well-known/acme-challenge !
ProxyPass / unix://${mcfg.sockets.paster}|http://mgoblin.immae.eu/
ProxyPassReverse / unix://${mcfg.sockets.paster}|http://mgoblin.immae.eu/
'' ];
};
};
}