Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

krebs 3 bepasty-server: styling

Browse Source
This commit is contained in:
makefu 2015-10-22 16:14:37 +02:00
parent 9bb3069f69
commit be39c6d849
1 changed files with 50 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
krebs/3modules/bepasty-server.nix
View File

@ -10,7 +10,10 @@ let
out = { out = {
options.krebs.bepasty = api; options.krebs.bepasty = api;
config = mkIf cfg.enable (mkMerge [(mkIf cfg.serveNginx nginx-imp) imp ]) ; config = mkIf cfg.enable (mkMerge [
(mkIf cfg.serveNginx nginx-imp)
imp
]);
}; };
api = { api = {
@ -25,7 +28,7 @@ let
type = with types; attrsOf unspecified; type = with types; attrsOf unspecified;
description = '' description = ''
additional nginx configuration. see krebs.nginx for all options additional nginx configuration. see krebs.nginx for all options
'' ; '';
}; };
secretKey = mkOption { secretKey = mkOption {
@ -52,7 +55,7 @@ let
description = '' description = ''
Defaults to the new users home dir which defaults to Defaults to the new users home dir which defaults to
/var/lib/bepasty-server/data /var/lib/bepasty-server/data
''; '';
default = "${config.users.extraUsers.bepasty.home}/data"; default = "${config.users.extraUsers.bepasty.home}/data";
}; };
@ -65,14 +68,14 @@ let
'myadminsecret': 'admin,list,create,read,delete', 'myadminsecret': 'admin,list,create,read,delete',
} }
MAX_ALLOWED_FILE_SIZE = 5 * 1000 * 1000 MAX_ALLOWED_FILE_SIZE = 5 * 1000 * 1000
''; '';
}; };
defaultPermissions = mkOption { defaultPermissions = mkOption {
# TODO: listOf str # TODO: listOf str
type = types.str; type = types.str;
description = '' description = ''
default permissions for all unauthenticated users. default permissions for all unauthenticated users.
''; '';
example = "read,create,delete"; example = "read,create,delete";
default = "read"; default = "read";
@ -88,42 +91,42 @@ let
# Configures systemd services for each configured server # Configures systemd services for each configured server
# environment.systemPackages = [ bepasty gunicorn gevent ]; # environment.systemPackages = [ bepasty gunicorn gevent ];
systemd.services = mapAttrs' (name: server: systemd.services = mapAttrs' (name: server:
nameValuePair ("bepasty-server-${name}") nameValuePair "bepasty-server-${name}" {
({ description = "Bepasty Server ${name}";
description = "Bepasty Server ${name}"; wantedBy = [ "multi-user.target" ];
wantedBy = [ "multi-user.target" ]; after = [ "network.target" ];
after = [ "network.target" ]; restartIfChanged = true;
restartIfChanged = true; environment = {
environment = { BEPASTY_CONFIG = "${server.workDir}/bepasty-${name}.conf";
BEPASTY_CONFIG = "${server.workDir}/bepasty-${name}.conf"; PYTHONPATH= "${bepasty}/lib/${python.libPrefix}/site-packages:${gevent}/lib/${python.libPrefix}/site-packages";
PYTHONPATH= "${bepasty}/lib/${python.libPrefix}/site-packages:${gevent}/lib/${python.libPrefix}/site-packages"; };
};
serviceConfig = {
Type = "simple";
PrivateTmp = true;
ExecStartPre = assert server.secretKey != ""; pkgs.writeScript "bepasty-server.${name}-init" '' serviceConfig = {
#!/bin/sh Type = "simple";
mkdir -p "${server.dataDir}" "${server.workDir}" PrivateTmp = true;
chown bepasty:bepasty "${server.workDir}" "${server.dataDir}"
cat > "${server.workDir}/bepasty-${name}.conf" <<EOF ExecStartPre = assert server.secretKey != ""; pkgs.writeScript "bepasty-server.${name}-init" ''
SITENAME="${name}" #!/bin/sh
STORAGE_FILESYSTEM_DIRECTORY="${server.dataDir}" mkdir -p "${server.dataDir}" "${server.workDir}"
SECRET_KEY="${server.secretKey}" chown bepasty:bepasty "${server.workDir}" "${server.dataDir}"
DEFAULT_PERMISSIONS="${server.defaultPermissions}" cat > "${server.workDir}/bepasty-${name}.conf" <<EOF
${server.extraConfig} SITENAME="${name}"
EOF STORAGE_FILESYSTEM_DIRECTORY="${server.dataDir}"
''; SECRET_KEY="${server.secretKey}"
ExecStart = ''${gunicorn}/bin/gunicorn bepasty.wsgi --name ${name} \ DEFAULT_PERMISSIONS="${server.defaultPermissions}"
-u bepasty \ ${server.extraConfig}
-g bepasty \ EOF
--workers 3 --log-level=info \ '';
--bind=unix:${server.workDir}/gunicorn-${name}.sock \ ExecStart = ''${gunicorn}/bin/gunicorn bepasty.wsgi --name ${name} \
--pid ${server.workDir}/gunicorn-${name}.pid \ -u bepasty \
-k gevent -g bepasty \
''; --workers 3 --log-level=info \
}; --bind=unix:${server.workDir}/gunicorn-${name}.sock \
}) --pid ${server.workDir}/gunicorn-${name}.pid \
-k gevent
'';
};
}
) cfg.servers; ) cfg.servers;
users.extraUsers.bepasty = { users.extraUsers.bepasty = {
@ -137,8 +140,8 @@ let
}; };
nginx-imp = { nginx-imp = {
assertions = [ { assertion = config.krebs.nginx.enable; assertions = [{ assertion = config.krebs.nginx.enable;
message = "krebs.nginx.enable must be true"; }]; message = "krebs.nginx.enable must be true"; }];
krebs.nginx.servers = mapAttrs' (name: server: krebs.nginx.servers = mapAttrs' (name: server:
nameValuePair("bepasty-server-${name}") nameValuePair("bepasty-server-${name}")
@ -147,18 +150,15 @@ let
client_max_body_size 32M; client_max_body_size 32M;
''; '';
locations = [ locations = [
(nameValuePair ("/") (nameValuePair "/" ''
(''
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_pass http://unix:${server.workDir}/gunicorn-${name}.sock; proxy_pass http://unix:${server.workDir}/gunicorn-${name}.sock;
'')) '')
(nameValuePair ("/static/") (nameValuePair "/static/" ''
(''
alias ${bepasty}/lib/${python.libPrefix}/site-packages/bepasty/static/; alias ${bepasty}/lib/${python.libPrefix}/site-packages/bepasty/static/;
'')) '')
]; ];
}]) }])) cfg.servers ;
) cfg.servers ;
}; };
in in
out out