]>
Commit | Line | Data |
---|---|---|
9d90e7e2 | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
a7f7fdae IB |
2 | let |
3 | diaspora = pkgs.callPackage ./diaspora.nix { | |
9d90e7e2 IB |
4 | inherit (mylibs) fetchedGithub; |
5 | env = myconfig.env.tools.diaspora; | |
a7f7fdae IB |
6 | }; |
7 | ||
a95ab089 | 8 | root = "/run/current-system/webapps/tools_diaspora"; |
a7f7fdae IB |
9 | cfg = config.services.myWebsites.tools.diaspora; |
10 | in { | |
11 | options.services.myWebsites.tools.diaspora = { | |
12 | enable = lib.mkEnableOption "enable diaspora's website"; | |
13 | }; | |
14 | ||
15 | config = lib.mkIf cfg.enable { | |
3b075825 IB |
16 | ids.uids.diaspora = myconfig.env.tools.diaspora.user.uid; |
17 | ids.gids.diaspora = myconfig.env.tools.diaspora.user.gid; | |
a7f7fdae IB |
18 | |
19 | users.users.diaspora = { | |
20 | name = "diaspora"; | |
21 | uid = config.ids.uids.diaspora; | |
22 | group = "diaspora"; | |
23 | description = "Diaspora user"; | |
fe6f1528 | 24 | home = diaspora.varDir; |
a7f7fdae IB |
25 | useDefaultShell = true; |
26 | packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ]; | |
27 | }; | |
28 | ||
29 | users.groups.diaspora.gid = config.ids.gids.diaspora; | |
30 | ||
31 | systemd.services.diaspora = { | |
32 | description = "Diaspora"; | |
33 | wantedBy = [ "multi-user.target" ]; | |
34 | after = [ "network.target" "redis.service" "postgresql.service" ]; | |
35 | wants = [ "redis.service" "postgresql.service" ]; | |
36 | ||
37 | environment.RAILS_ENV = "production"; | |
159d8ff3 | 38 | environment.BUNDLE_PATH = "${diaspora.gems}/${diaspora.gems.ruby.gemPath}"; |
a7f7fdae IB |
39 | environment.BUNDLE_GEMFILE = "${diaspora.gems.confFiles}/Gemfile"; |
40 | environment.EYE_SOCK = "${diaspora.socketsDir}/eye.sock"; | |
41 | environment.EYE_PID = "${diaspora.socketsDir}/eye.pid"; | |
42 | ||
43 | path = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby pkgs.curl pkgs.which pkgs.gawk ]; | |
44 | ||
45 | preStart = '' | |
46 | ./bin/bundle exec rails db:migrate | |
47 | ''; | |
48 | ||
49 | script = '' | |
50 | exec ${diaspora.railsRoot}/script/server | |
51 | ''; | |
52 | ||
53 | serviceConfig = { | |
54 | User = "diaspora"; | |
55 | PrivateTmp = true; | |
56 | Restart = "always"; | |
57 | Type = "simple"; | |
58 | WorkingDirectory = diaspora.railsRoot; | |
59 | StandardInput = "null"; | |
60 | KillMode = "control-group"; | |
61 | }; | |
62 | ||
63 | unitConfig.RequiresMountsFor = diaspora.varDir; | |
64 | }; | |
65 | ||
a7f7fdae IB |
66 | system.activationScripts.diaspora = { |
67 | deps = [ "users" ]; | |
68 | text = '' | |
69 | install -m 0755 -o diaspora -g diaspora -d ${diaspora.socketsDir} | |
70 | install -m 0755 -o diaspora -g diaspora -d ${diaspora.varDir} \ | |
71 | ${diaspora.varDir}/uploads ${diaspora.varDir}/tmp \ | |
72 | ${diaspora.varDir}/log | |
73 | install -m 0700 -o diaspora -g diaspora -d ${diaspora.varDir}/tmp/pids | |
74 | if [ ! -f ${diaspora.varDir}/schedule.yml ]; then | |
75 | echo "{}" | $wrapperDir/sudo -u diaspora tee ${diaspora.varDir}/schedule.yml | |
76 | fi | |
77 | ''; | |
78 | }; | |
79 | ||
80 | services.myWebsites.tools.modules = [ | |
a952acc4 | 81 | "headers" "proxy" "proxy_http" |
a7f7fdae IB |
82 | ]; |
83 | security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null; | |
a95ab089 IB |
84 | system.extraSystemBuilderCmds = '' |
85 | mkdir -p $out/webapps | |
86 | ln -s ${diaspora.railsRoot}/public/ $out/webapps/tools_diaspora | |
87 | ''; | |
a7f7fdae IB |
88 | services.myWebsites.tools.vhostConfs.diaspora = { |
89 | certName = "eldiron"; | |
90 | hosts = [ "diaspora.immae.eu" ]; | |
a95ab089 | 91 | root = root; |
a7f7fdae IB |
92 | extraConfig = [ '' |
93 | RewriteEngine On | |
94 | RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f | |
a952acc4 | 95 | RewriteRule ^/(.*)$ unix://${diaspora.railsSocket}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L] |
a7f7fdae IB |
96 | |
97 | ProxyRequests Off | |
98 | ProxyVia On | |
99 | ProxyPreserveHost On | |
100 | RequestHeader set X_FORWARDED_PROTO https | |
101 | ||
102 | <Proxy *> | |
103 | Require all granted | |
104 | </Proxy> | |
105 | ||
a95ab089 | 106 | <Directory ${root}> |
a7f7fdae IB |
107 | Require all granted |
108 | Options -MultiViews | |
109 | </Directory> | |
110 | '' ]; | |
111 | }; | |
112 | }; | |
113 | } |