krebs 3 bepasty-server: styling
This commit is contained in:
parent
9bb3069f69
commit
be39c6d849
@ -10,7 +10,10 @@ let
|
|||||||
|
|
||||||
out = {
|
out = {
|
||||||
options.krebs.bepasty = api;
|
options.krebs.bepasty = api;
|
||||||
config = mkIf cfg.enable (mkMerge [(mkIf cfg.serveNginx nginx-imp) imp ]) ;
|
config = mkIf cfg.enable (mkMerge [
|
||||||
|
(mkIf cfg.serveNginx nginx-imp)
|
||||||
|
imp
|
||||||
|
]);
|
||||||
};
|
};
|
||||||
|
|
||||||
api = {
|
api = {
|
||||||
@ -25,7 +28,7 @@ let
|
|||||||
type = with types; attrsOf unspecified;
|
type = with types; attrsOf unspecified;
|
||||||
description = ''
|
description = ''
|
||||||
additional nginx configuration. see krebs.nginx for all options
|
additional nginx configuration. see krebs.nginx for all options
|
||||||
'' ;
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
secretKey = mkOption {
|
secretKey = mkOption {
|
||||||
@ -52,7 +55,7 @@ let
|
|||||||
description = ''
|
description = ''
|
||||||
Defaults to the new users home dir which defaults to
|
Defaults to the new users home dir which defaults to
|
||||||
/var/lib/bepasty-server/data
|
/var/lib/bepasty-server/data
|
||||||
'';
|
'';
|
||||||
default = "${config.users.extraUsers.bepasty.home}/data";
|
default = "${config.users.extraUsers.bepasty.home}/data";
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -65,14 +68,14 @@ let
|
|||||||
'myadminsecret': 'admin,list,create,read,delete',
|
'myadminsecret': 'admin,list,create,read,delete',
|
||||||
}
|
}
|
||||||
MAX_ALLOWED_FILE_SIZE = 5 * 1000 * 1000
|
MAX_ALLOWED_FILE_SIZE = 5 * 1000 * 1000
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
defaultPermissions = mkOption {
|
defaultPermissions = mkOption {
|
||||||
# TODO: listOf str
|
# TODO: listOf str
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = ''
|
description = ''
|
||||||
default permissions for all unauthenticated users.
|
default permissions for all unauthenticated users.
|
||||||
'';
|
'';
|
||||||
example = "read,create,delete";
|
example = "read,create,delete";
|
||||||
default = "read";
|
default = "read";
|
||||||
@ -88,42 +91,42 @@ let
|
|||||||
# Configures systemd services for each configured server
|
# Configures systemd services for each configured server
|
||||||
# environment.systemPackages = [ bepasty gunicorn gevent ];
|
# environment.systemPackages = [ bepasty gunicorn gevent ];
|
||||||
systemd.services = mapAttrs' (name: server:
|
systemd.services = mapAttrs' (name: server:
|
||||||
nameValuePair ("bepasty-server-${name}")
|
nameValuePair "bepasty-server-${name}" {
|
||||||
({
|
description = "Bepasty Server ${name}";
|
||||||
description = "Bepasty Server ${name}";
|
wantedBy = [ "multi-user.target" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
after = [ "network.target" ];
|
||||||
after = [ "network.target" ];
|
restartIfChanged = true;
|
||||||
restartIfChanged = true;
|
environment = {
|
||||||
environment = {
|
BEPASTY_CONFIG = "${server.workDir}/bepasty-${name}.conf";
|
||||||
BEPASTY_CONFIG = "${server.workDir}/bepasty-${name}.conf";
|
PYTHONPATH= "${bepasty}/lib/${python.libPrefix}/site-packages:${gevent}/lib/${python.libPrefix}/site-packages";
|
||||||
PYTHONPATH= "${bepasty}/lib/${python.libPrefix}/site-packages:${gevent}/lib/${python.libPrefix}/site-packages";
|
};
|
||||||
};
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "simple";
|
|
||||||
PrivateTmp = true;
|
|
||||||
|
|
||||||
ExecStartPre = assert server.secretKey != ""; pkgs.writeScript "bepasty-server.${name}-init" ''
|
serviceConfig = {
|
||||||
#!/bin/sh
|
Type = "simple";
|
||||||
mkdir -p "${server.dataDir}" "${server.workDir}"
|
PrivateTmp = true;
|
||||||
chown bepasty:bepasty "${server.workDir}" "${server.dataDir}"
|
|
||||||
cat > "${server.workDir}/bepasty-${name}.conf" <<EOF
|
ExecStartPre = assert server.secretKey != ""; pkgs.writeScript "bepasty-server.${name}-init" ''
|
||||||
SITENAME="${name}"
|
#!/bin/sh
|
||||||
STORAGE_FILESYSTEM_DIRECTORY="${server.dataDir}"
|
mkdir -p "${server.dataDir}" "${server.workDir}"
|
||||||
SECRET_KEY="${server.secretKey}"
|
chown bepasty:bepasty "${server.workDir}" "${server.dataDir}"
|
||||||
DEFAULT_PERMISSIONS="${server.defaultPermissions}"
|
cat > "${server.workDir}/bepasty-${name}.conf" <<EOF
|
||||||
${server.extraConfig}
|
SITENAME="${name}"
|
||||||
EOF
|
STORAGE_FILESYSTEM_DIRECTORY="${server.dataDir}"
|
||||||
'';
|
SECRET_KEY="${server.secretKey}"
|
||||||
ExecStart = ''${gunicorn}/bin/gunicorn bepasty.wsgi --name ${name} \
|
DEFAULT_PERMISSIONS="${server.defaultPermissions}"
|
||||||
-u bepasty \
|
${server.extraConfig}
|
||||||
-g bepasty \
|
EOF
|
||||||
--workers 3 --log-level=info \
|
'';
|
||||||
--bind=unix:${server.workDir}/gunicorn-${name}.sock \
|
ExecStart = ''${gunicorn}/bin/gunicorn bepasty.wsgi --name ${name} \
|
||||||
--pid ${server.workDir}/gunicorn-${name}.pid \
|
-u bepasty \
|
||||||
-k gevent
|
-g bepasty \
|
||||||
'';
|
--workers 3 --log-level=info \
|
||||||
};
|
--bind=unix:${server.workDir}/gunicorn-${name}.sock \
|
||||||
})
|
--pid ${server.workDir}/gunicorn-${name}.pid \
|
||||||
|
-k gevent
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
||||||
) cfg.servers;
|
) cfg.servers;
|
||||||
|
|
||||||
users.extraUsers.bepasty = {
|
users.extraUsers.bepasty = {
|
||||||
@ -137,8 +140,8 @@ let
|
|||||||
};
|
};
|
||||||
|
|
||||||
nginx-imp = {
|
nginx-imp = {
|
||||||
assertions = [ { assertion = config.krebs.nginx.enable;
|
assertions = [{ assertion = config.krebs.nginx.enable;
|
||||||
message = "krebs.nginx.enable must be true"; }];
|
message = "krebs.nginx.enable must be true"; }];
|
||||||
|
|
||||||
krebs.nginx.servers = mapAttrs' (name: server:
|
krebs.nginx.servers = mapAttrs' (name: server:
|
||||||
nameValuePair("bepasty-server-${name}")
|
nameValuePair("bepasty-server-${name}")
|
||||||
@ -147,18 +150,15 @@ let
|
|||||||
client_max_body_size 32M;
|
client_max_body_size 32M;
|
||||||
'';
|
'';
|
||||||
locations = [
|
locations = [
|
||||||
(nameValuePair ("/")
|
(nameValuePair "/" ''
|
||||||
(''
|
|
||||||
proxy_set_header Host $http_host;
|
proxy_set_header Host $http_host;
|
||||||
proxy_pass http://unix:${server.workDir}/gunicorn-${name}.sock;
|
proxy_pass http://unix:${server.workDir}/gunicorn-${name}.sock;
|
||||||
''))
|
'')
|
||||||
(nameValuePair ("/static/")
|
(nameValuePair "/static/" ''
|
||||||
(''
|
|
||||||
alias ${bepasty}/lib/${python.libPrefix}/site-packages/bepasty/static/;
|
alias ${bepasty}/lib/${python.libPrefix}/site-packages/bepasty/static/;
|
||||||
''))
|
'')
|
||||||
];
|
];
|
||||||
}])
|
}])) cfg.servers ;
|
||||||
) cfg.servers ;
|
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
out
|
out
|
||||||
|
Loading…
Reference in New Issue
Block a user