116 lines
2.9 KiB
Nix
116 lines
2.9 KiB
Nix
{ config, lib, pkgs, python3, ... }:
|
|
let
|
|
# cfg = config.services.indico;
|
|
# pythonFmt = pkgs.formats.pythonVars { };
|
|
indico = pkgs.callPackage ../pkgs/indico { };
|
|
pythonEnv = indico.python.withPackages (ps: [
|
|
indico
|
|
# (ps.toPythonModule indico)
|
|
ps.gunicorn
|
|
]);
|
|
in
|
|
{
|
|
# TODO cProfile; indico is *very* slow (~30s just to print the help)
|
|
|
|
# + sudo indico
|
|
environment.systemPackages = [ indico ];
|
|
|
|
services.redis.servers.indico.enable = true;
|
|
|
|
systemd.services.indico-web = {
|
|
description = "Indico web service";
|
|
after = [
|
|
"network.target"
|
|
"redis-indico.service"
|
|
"postgresql.service"
|
|
];
|
|
wantedBy = [ "multi-user.target" ];
|
|
# TODO migrations
|
|
serviceConfig = {
|
|
User = "indico";
|
|
Group = "indico";
|
|
ExecStart = "${lib.getExe' pythonEnv "gunicorn"} --bind unix:/run/indico/indico.sock --name=indico indico.wsgi";
|
|
Restart = "on-failure";
|
|
};
|
|
enable = true;
|
|
};
|
|
|
|
systemd.sockets.gunicorn-web = {
|
|
socketConfig = {
|
|
ListenStream = "/run/indico/indico.sock";
|
|
SocketUser = "nginx";
|
|
};
|
|
enable = true;
|
|
};
|
|
# preStart = ''
|
|
# echo "create extension if not exists pg_trgm" | runuser -u ${config.services.postgresql.superUser} -- ${config.services.postgresql.package}/bin/psql hydra
|
|
# ''
|
|
|
|
services.postgresql = {
|
|
enable = true;
|
|
package = pkgs.postgresql_16;
|
|
ensureDatabases = [ "indico" ];
|
|
ensureUsers = [
|
|
{
|
|
name = "indico";
|
|
ensureDBOwnership = true;
|
|
}
|
|
];
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
services.nginx = let
|
|
indicoBaseDir = "/tmp";
|
|
in {
|
|
enable = true;
|
|
recommendedTlsSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedProxySettings = true;
|
|
upstreams.indico.servers."unix:/run/indico/indico.sock" = { };
|
|
virtualHosts."events.federez.net" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations = {
|
|
"/.xsf/indico/" = {
|
|
alias = "${indicoBaseDir}/";
|
|
extraConfig = ''
|
|
internal;
|
|
'';
|
|
};
|
|
# Order? + too lax?
|
|
"~ ^/(images|fonts)(.*)/(.+?)(__v[0-9a-f]+)?\\.([^.]+)$" = {
|
|
alias = "${indicoBaseDir}/web/static/$1$2/$3.$5";
|
|
extraConfig = ''
|
|
access_log off;
|
|
'';
|
|
};
|
|
"~ ^/(css|dist|images|fonts)/(.*)$" = {
|
|
alias = "${indicoBaseDir}/web/static/$1/$2";
|
|
extraConfig = ''
|
|
access_log off;
|
|
'';
|
|
};
|
|
"= /robots.txt" = {
|
|
alias = "${indicoBaseDir}/web/static/robots.txt";
|
|
extraConfig = ''
|
|
access_log off;
|
|
'';
|
|
"/" = {
|
|
proxyPass = "http://indico";
|
|
extraConfig = ''
|
|
client_max_body_size 1G;
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
users.users.indico = {
|
|
isSystemUser = true;
|
|
group = "indico";
|
|
};
|
|
|
|
users.groups.indico = {};
|
|
}
|