LoutreOS: migration site musique Django

2019-11-01 22:23:20 +01:00 · 2019-11-01 22:23:20 +01:00 · 3254dc0468
commit 3254dc0468
parent cfff6af12e
3 changed files with 55 additions and 74 deletions
--- a/services/site-musique.nix
+++ b/services/site-musique.nix
@ -1,67 +0,0 @@
-{ lib, config, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.services.site-musique;
-in
-{
-  options.services.site-musique = {
-    enable = mkEnableOption "Site musique";
-
-    port = mkOption {
-      type = types.int;
-      example = 54321;
-      description = "Local listening port";
-    };
-
-    domaine = mkOption {
-      type = types.str;
-      example = "example.com";
-      description = "Domaine à utiliser";
-    };
-  };
-
-  config = mkIf cfg.enable {
-
-    services.haproxy-acme.services = {
-      ${cfg.domaine} = { ip = "127.0.0.1"; port = cfg.port; auth = false; };
-    };
-
-    services.nginx.virtualHosts = {
-      "musique" = {
-        listen = [ { addr = "127.0.0.1"; port = cfg.port; } ];
-        locations."/" = {
-          root = "/run/python-ci/nyanloutre/site-musique";
-          index = "index.php";
-          extraConfig = ''
-            location ~* \.php$ {
-              fastcgi_split_path_info ^(.+\.php)(/.+)$;
-              fastcgi_pass unix:${config.services.phpfpm.pools.musique.socket};
-              include ${pkgs.nginx}/conf/fastcgi_params;
-              include ${pkgs.nginx}/conf/fastcgi.conf;
-            }
-          '';
-        };
-      };
-    };
-
-    services.phpfpm.pools.musique = {
-      user = "nginx";
-      settings = {
-        "listen.owner" = "nginx";
-        "listen.group" = "nginx";
-        "listen.mode" = "0660";
-        "pm" = "dynamic";
-        "pm.max_children" = 75;
-        "pm.start_servers" = 2;
-        "pm.min_spare_servers" = 1;
-        "pm.max_spare_servers" = 20;
-        "pm.max_requests" = 500;
-        "php_admin_value[error_log]" = "stderr";
-        "php_admin_flag[log_errors]" = "on";
-        "catch_workers_output" = "yes";
-      };
-    };
-  };
-}
--- a/systems/LoutreOS/services.nix
+++ b/systems/LoutreOS/services.nix
@ -26,7 +26,6 @@ in
  imports = [
    ../../services/haproxy-acme.nix
    ../../services/mail-server.nix
-    ../../services/site-musique.nix
    ../../services/site-max.nix
    ../../services/auto-pr.nix
    ../../services/python-ci.nix
--- a/systems/LoutreOS/web.nix
+++ b/systems/LoutreOS/web.nix
@ -40,6 +40,7 @@ in
        "factorio.${domaine}" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "factorio"; auth = false; };
        "airsonic.${domaine}" = { ip = "127.0.0.1"; port = 4040; auth = false; };
        "${domaine}" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "wkd"; auth = false; };
+        "musique-meyenheim.fr" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "musique-meyenheim.fr"; auth = false; };
      };
    };

@ -65,6 +66,24 @@ in
            '';
          }; };
        };
+        "musique-meyenheim.fr" = {
+          listen = [ { addr = "127.0.0.1"; port = 52353; } ];
+          locations = {
+            "/" = {
+              proxyPass = "http://unix:/run/site-musique.sock";
+              extraConfig = ''
+                proxy_set_header Host            $host;
+                proxy_set_header X-Forwarded-For $remote_addr;
+              '';
+            };
+            "/static/" = {
+              alias = "/var/www/site-musique/staticfiles/";
+            };
+            "/media/" = {
+              alias = "/var/www/site-musique/media/";
+            };
+          };
+        };
      };
    };

@ -100,16 +119,46 @@ in

    python-ci.enable = true;

-    site-musique = {
-      enable = true;
-      port = 52349;
-      domaine = "musique-meyenheim.fr";
-    };
-
    site-max = {
      enable = true;
      port = 52348;
      domaine = "maxspiegel.fr";
    };
  };
+
+  systemd.services.site-musique = let
+    djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_2_2 pillow setuptools ]));
+  in {
+    description = "Site Django de la musique de Meyenheim";
+    after = [ "network.target" ];
+    requires = [ "site-musique.socket" ];
+    preStart = ''
+      ${djangoEnv}/bin/python manage.py migrate;
+      ${djangoEnv}/bin/python manage.py collectstatic --no-input;
+    '';
+    environment = {
+      DJANGO_SETTINGS_MODULE = "site_musique.settings.prod";
+      NGINX_DIRECTORY = "/var/www/site-musique";
+    };
+    serviceConfig = {
+      DynamicUser = true;
+      Group = "nginx";
+      StateDirectory = "site-musique";
+      WorkingDirectory = "/var/www/site-musique/";
+      ReadWritePaths = [ "/var/www/site-musique/staticfiles" "/var/www/site-musique/media" ];
+      EnvironmentFile = "/mnt/secrets/site-musique.env";
+      ExecStart = ''${djangoEnv}/bin/gunicorn \
+        --access-logfile - \
+        --bind unix:/run/site-musique.sock \
+        site_musique.wsgi:application
+      '';
+      PrivateTmp = true;
+    };
+  };
+
+  systemd.sockets.site-musique = {
+    description = "Site Musique socket";
+    wantedBy = [ "sockets.target" ];
+    listenStreams = [ "/run/site-musique.sock" ];
+  };
 }