]>
Commit | Line | Data |
---|---|---|
9d90e7e2 | 1 | { env, fetchedGithub, stdenv, defaultGemConfig, writeText, bundlerEnv, ruby_2_4, pkgs, cacert }: |
a7f7fdae | 2 | let |
a7f7fdae IB |
3 | varDir = "/var/lib/diaspora_immae"; |
4 | socketsDir = "/run/diaspora"; | |
a7f7fdae IB |
5 | diaspora = stdenv.mkDerivation (fetchedGithub ./diaspora.json // rec { |
6 | buildPhase = '' | |
a7f7fdae | 7 | patch -p1 < ${./ldap.patch} |
7ac9bef4 IB |
8 | # FIXME: bundlerEnv below doesn't take postgresql group for some |
9 | # reason | |
10 | echo 'gem "pg", "1.1.3"' >> Gemfile | |
a7f7fdae IB |
11 | ''; |
12 | installPhase = '' | |
13 | cp -a . $out | |
14 | ''; | |
a7f7fdae | 15 | }); |
7ac9bef4 IB |
16 | gems = bundlerEnv { |
17 | name = "diaspora-env"; | |
3345e58d IB |
18 | # https://git.immae.eu/mantisbt/view.php?id=131 |
19 | ruby = ruby_2_4.overrideAttrs(old: { | |
20 | postInstall = builtins.replaceStrings [" --destdir $GEM_HOME"] [""] old.postInstall; | |
21 | }); | |
7ac9bef4 IB |
22 | gemfile = "${diaspora}/Gemfile"; |
23 | lockfile = "${diaspora}/Gemfile.lock"; | |
24 | gemset = ./gemset.nix; | |
25 | groups = [ "postgresql" "default" "production" ]; | |
26 | gemConfig = defaultGemConfig // { | |
27 | kostya-sigar = attrs: { | |
28 | buildInputs = [ pkgs.perl ]; | |
29 | }; | |
30 | }; | |
31 | }; | |
ec2a5ffb IB |
32 | keys.tools-diaspora-secret_token = { |
33 | destDir = "/run/keys/webapps"; | |
34 | user = "diaspora"; | |
35 | group = "diaspora"; | |
85f5ed68 | 36 | permissions = "0400"; |
ec2a5ffb IB |
37 | text = '' |
38 | Diaspora::Application.config.secret_key_base = '${env.secret_token}' | |
a7f7fdae | 39 | ''; |
ec2a5ffb IB |
40 | }; |
41 | keys.tools-diaspora-config = { | |
42 | destDir = "/run/keys/webapps"; | |
43 | user = "diaspora"; | |
44 | group = "diaspora"; | |
85f5ed68 | 45 | permissions = "0400"; |
ec2a5ffb | 46 | text = '' |
a7f7fdae IB |
47 | configuration: |
48 | environment: | |
49 | url: "https://diaspora.immae.eu/" | |
0fa86654 | 50 | certificate_authorities: '${cacert}/etc/ssl/certs/ca-bundle.crt' |
b0781dbc | 51 | redis: '${env.redis_url}' |
a7f7fdae IB |
52 | sidekiq: |
53 | s3: | |
54 | assets: | |
55 | logging: | |
56 | logrotate: | |
57 | debug: | |
58 | server: | |
59 | listen: '${socketsDir}/diaspora.sock' | |
60 | rails_environment: 'production' | |
61 | chat: | |
62 | server: | |
63 | bosh: | |
64 | log: | |
65 | map: | |
66 | mapbox: | |
67 | privacy: | |
68 | piwik: | |
69 | statistics: | |
70 | camo: | |
71 | settings: | |
72 | enable_registrations: false | |
73 | welcome_message: | |
74 | invitations: | |
75 | open: false | |
76 | paypal_donations: | |
77 | community_spotlight: | |
78 | captcha: | |
79 | enable: false | |
80 | terms: | |
81 | maintenance: | |
82 | remove_old_users: | |
83 | default_metas: | |
84 | csp: | |
85 | services: | |
86 | twitter: | |
87 | tumblr: | |
88 | wordpress: | |
89 | mail: | |
90 | enable: true | |
0f466f6d | 91 | sender_address: 'diaspora@tools.immae.eu' |
591ebd87 | 92 | method: 'sendmail' |
a7f7fdae | 93 | smtp: |
a7f7fdae | 94 | sendmail: |
591ebd87 | 95 | location: '/run/wrappers/bin/sendmail' |
a7f7fdae IB |
96 | admins: |
97 | account: "ismael" | |
0f466f6d | 98 | podmin_email: 'diaspora@tools.immae.eu' |
a7f7fdae IB |
99 | relay: |
100 | outbound: | |
101 | inbound: | |
102 | ldap: | |
103 | enable: true | |
104 | host: ldap.immae.eu | |
105 | port: 636 | |
106 | only_ldap: true | |
107 | mail_attribute: mail | |
108 | skip_email_confirmation: true | |
109 | use_bind_dn: true | |
110 | bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu" | |
9d90e7e2 | 111 | bind_pw: "${env.ldap.password}" |
a7f7fdae IB |
112 | search_base: "dc=immae,dc=eu" |
113 | search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))" | |
114 | production: | |
115 | environment: | |
116 | development: | |
117 | environment: | |
118 | ''; | |
ec2a5ffb IB |
119 | }; |
120 | keys.tools-diaspora-database_config = { | |
121 | destDir = "/run/keys/webapps"; | |
122 | user = "diaspora"; | |
123 | group = "diaspora"; | |
85f5ed68 | 124 | permissions = "0400"; |
ec2a5ffb | 125 | text = '' |
a7f7fdae IB |
126 | postgresql: &postgresql |
127 | adapter: postgresql | |
7ebcaad5 IB |
128 | host: "${env.postgresql.socket}" |
129 | port: "${env.postgresql.port}" | |
130 | username: "${env.postgresql.user}" | |
9d90e7e2 | 131 | password: "${env.postgresql.password}" |
a7f7fdae IB |
132 | encoding: unicode |
133 | common: &common | |
134 | <<: *postgresql | |
135 | combined: &combined | |
136 | <<: *common | |
137 | development: | |
138 | <<: *combined | |
139 | database: diaspora_development | |
140 | production: | |
141 | <<: *combined | |
7ebcaad5 | 142 | database: ${env.postgresql.database} |
a7f7fdae IB |
143 | test: |
144 | <<: *combined | |
145 | database: "diaspora_test" | |
146 | integration1: | |
147 | <<: *combined | |
148 | database: diaspora_integration1 | |
149 | integration2: | |
150 | <<: *combined | |
151 | database: diaspora_integration2 | |
152 | ''; | |
ec2a5ffb | 153 | }; |
a7f7fdae IB |
154 | railsRoot = stdenv.mkDerivation { |
155 | name = "diaspora_immae"; | |
156 | inherit diaspora; | |
ec2a5ffb | 157 | # FIXME: build machine will contain some passwords in the nix store |
a7f7fdae IB |
158 | builder = writeText "build_diaspora_immae" '' |
159 | source $stdenv/setup | |
160 | cp -a $diaspora $out | |
161 | cd $out | |
162 | chmod -R u+rwX . | |
163 | tar -czf public/source.tar.gz ./{app,db,lib,script,Gemfile,Gemfile.lock,Rakefile,config.ru} | |
ec2a5ffb IB |
164 | ln -s ${writeText "database.yml" keys.tools-diaspora-database_config.text} config/database.yml |
165 | ln -s ${writeText "diaspora.yml" keys.tools-diaspora-config.text} config/diaspora.yml | |
166 | ln -s ${writeText "secret_token.rb" keys.tools-diaspora-secret_token.text} config/initializers/secret_token.rb | |
3c8d7f87 IB |
167 | ln -sf ${varDir}/schedule.yml config/schedule.yml |
168 | ln -sf ${varDir}/oidc_key.pem config/oidc_key.pem | |
169 | ln -sf ${varDir}/uploads public/uploads | |
a7f7fdae | 170 | RAILS_ENV=production ${gems}/bin/rake assets:precompile |
ec2a5ffb IB |
171 | ln -sf /run/keys/webapps/tools-diaspora-database_config config/database.yml |
172 | ln -sf /run/keys/webapps/tools-diaspora-config config/diaspora.yml | |
173 | ln -sf /run/keys/webapps/tools-diaspora-secret_token config/initializers/secret_token.rb | |
a7f7fdae | 174 | rm -rf tmp log |
3c8d7f87 IB |
175 | ln -sf ${varDir}/tmp tmp |
176 | ln -sf ${varDir}/log log | |
a7f7fdae | 177 | ''; |
159d8ff3 | 178 | propagatedBuildInputs = [ gems pkgs.nodejs pkgs.which pkgs.git ]; |
a7f7fdae IB |
179 | }; |
180 | in | |
181 | { | |
ec2a5ffb | 182 | inherit railsRoot varDir socketsDir gems keys; |
a7f7fdae IB |
183 | railsSocket = "${socketsDir}/diaspora.sock"; |
184 | } |