indico: wip: create module

Signed-off-by: Jeltz <jeltz@federez.net>
2025-02-22 10:58:08 +01:00 · 2025-02-22 10:58:08 +01:00 · abbafb082d
commit abbafb082d
parent d75eba0b8e
2 changed files with 443 additions and 107 deletions
--- a/profiles/indico.nix
+++ b/profiles/indico.nix
@ -1,116 +1,29 @@
-{ config, lib, pkgs, python3, ... }:
-let
-  # cfg = config.services.indico;
-  # pythonFmt = pkgs.formats.pythonVars { };
-  indico = pkgs.callPackage ../pkgs/indico { };
-  pythonEnv = indico.python.withPackages (ps: [
-    indico
-    # (ps.toPythonModule indico)
-    ps.gunicorn
-  ]);
-in
 {
-  # TODO cProfile; indico is *very* slow (~30s just to print the help)
-
-  # + sudo indico
-  environment.systemPackages = [ indico ];
-
-  services.redis.servers.indico.enable = true;
-
-  systemd.services.indico-web = {
-    description = "Indico web service";
-    after = [
-      "network.target"
-      "redis-indico.service"
-      "postgresql.service"
-    ];
-    wantedBy = [ "multi-user.target" ];
-    # TODO migrations
-    serviceConfig = {
-      User = "indico";
-      Group = "indico";
-      ExecStart = "${lib.getExe' pythonEnv "gunicorn"} --bind unix:/run/indico/indico.sock --name=indico indico.wsgi";
-      Restart = "on-failure";
-    };
-    enable = true;
-  };
-
-  systemd.sockets.gunicorn-web = {
-    socketConfig = {
-      ListenStream = "/run/indico/indico.sock";
-      SocketUser = "nginx";
-    };
-    enable = true;
-  };
-  # preStart = ''
-  #   echo "create extension if not exists pg_trgm" | runuser -u ${config.services.postgresql.superUser} -- ${config.services.postgresql.package}/bin/psql hydra
-  # ''
-
-  services.postgresql = {
-    enable = true;
-    package = pkgs.postgresql_16;
-    ensureDatabases = [ "indico" ];
-    ensureUsers = [
-      {
-        name = "indico";
-        ensureDBOwnership = true;
-      }
-    ];
-  };
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  imports = [
+    ../modules/indico.nix
+  ];

  networking.firewall.allowedTCPPorts = [ 80 443 ];

-  services.nginx = let 
-    indicoBaseDir = "/tmp";
-  in {
+  services.indico = {
    enable = true;
-    recommendedTlsSettings = true;
-    recommendedOptimisation = true;
-    recommendedGzipSettings = true;
-    recommendedProxySettings = true;
-    upstreams.indico.servers."unix:/run/indico/indico.sock" = { };
-    virtualHosts."events.federez.net" = {
-      enableACME = true;
-      forceSSL = true;
-      locations = {
-        "/.xsf/indico/" = {
-          alias = "${indicoBaseDir}/";
-          extraConfig = ''
-            internal;
-          '';
-        };
-        # Order? + too lax?
-        "~ ^/(images|fonts)(.*)/(.+?)(__v[0-9a-f]+)?\\.([^.]+)$" = {
-          alias = "${indicoBaseDir}/web/static/$1$2/$3.$5";
-          extraConfig = ''
-            access_log off;
-          '';
-        };
-        "~ ^/(css|dist|images|fonts)/(.*)$" = {
-          alias = "${indicoBaseDir}/web/static/$1/$2";
-          extraConfig = ''
-            access_log off;
-          '';
-        };
-        "= /robots.txt" = {
-          alias = "${indicoBaseDir}/web/static/robots.txt";
-          extraConfig = ''
-            access_log off;
-          '';
-        "/" = {
-          proxyPass = "http://indico";
-          extraConfig = ''
-            client_max_body_size 1G;
-          '';
-        };
+    nginx.domain = "events.federez.net";
+    email = {
+      noReply = "indico@federez.net";
+      support = "admin@federez.net";
+      publicSupport = "bureau@federez.net";
+      smtp = {
+        host = "dodecagon.federez.net";
+        login = "indico";
+        password = "xxx";
      };
    };
+    secretKey = "lQsViT9292sIkObP9ptQADGJ16bk58n7"; # FIXME: dev only
  };
-
-  users.users.indico = {
-    isSystemUser = true;
-    group = "indico";
-  };
-
-  users.groups.indico = {};
 }