]>
Commit | Line | Data |
---|---|---|
3345e58d | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
a7f7fdae | 2 | let |
3bb8a82a IB |
3 | varDir = "/var/lib/diaspora_immae"; |
4 | ||
5 | diaspora = pkgs.webapps.diaspora.override { | |
6 | ldap = true; | |
7 | inherit varDir; | |
8 | podmin_email = "diaspora@tools.immae.eu"; | |
9 | config_dir = "/var/secrets/webapps/diaspora"; | |
a7f7fdae IB |
10 | }; |
11 | ||
3bb8a82a IB |
12 | railsSocket = "${socketsDir}/diaspora.sock"; |
13 | socketsDir = "/run/diaspora"; | |
14 | env = myconfig.env.tools.diaspora; | |
a95ab089 | 15 | root = "/run/current-system/webapps/tools_diaspora"; |
a7f7fdae IB |
16 | cfg = config.services.myWebsites.tools.diaspora; |
17 | in { | |
18 | options.services.myWebsites.tools.diaspora = { | |
19 | enable = lib.mkEnableOption "enable diaspora's website"; | |
20 | }; | |
21 | ||
22 | config = lib.mkIf cfg.enable { | |
3bb8a82a IB |
23 | ids.uids.diaspora = env.user.uid; |
24 | ids.gids.diaspora = env.user.gid; | |
a7f7fdae IB |
25 | |
26 | users.users.diaspora = { | |
27 | name = "diaspora"; | |
28 | uid = config.ids.uids.diaspora; | |
29 | group = "diaspora"; | |
30 | description = "Diaspora user"; | |
3bb8a82a | 31 | home = varDir; |
a7f7fdae IB |
32 | useDefaultShell = true; |
33 | packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ]; | |
ec2a5ffb | 34 | extraGroups = [ "keys" ]; |
a7f7fdae IB |
35 | }; |
36 | ||
37 | users.groups.diaspora.gid = config.ids.gids.diaspora; | |
3bb8a82a IB |
38 | mySecrets.keys = [ |
39 | { | |
40 | dest = "webapps/diaspora/diaspora.yml"; | |
41 | user = "diaspora"; | |
42 | group = "diaspora"; | |
43 | permissions = "0400"; | |
44 | text = '' | |
45 | configuration: | |
46 | environment: | |
47 | url: "https://diaspora.immae.eu/" | |
48 | certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt' | |
49 | redis: '${env.redis_url}' | |
50 | sidekiq: | |
51 | s3: | |
52 | assets: | |
53 | logging: | |
54 | logrotate: | |
55 | debug: | |
56 | server: | |
57 | listen: '${socketsDir}/diaspora.sock' | |
58 | rails_environment: 'production' | |
59 | chat: | |
60 | server: | |
61 | bosh: | |
62 | log: | |
63 | map: | |
64 | mapbox: | |
65 | privacy: | |
66 | piwik: | |
67 | statistics: | |
68 | camo: | |
69 | settings: | |
70 | enable_registrations: false | |
71 | welcome_message: | |
72 | invitations: | |
73 | open: false | |
74 | paypal_donations: | |
75 | community_spotlight: | |
76 | captcha: | |
77 | enable: false | |
78 | terms: | |
79 | maintenance: | |
80 | remove_old_users: | |
81 | default_metas: | |
82 | csp: | |
83 | services: | |
84 | twitter: | |
85 | tumblr: | |
86 | wordpress: | |
87 | mail: | |
88 | enable: true | |
89 | sender_address: 'diaspora@tools.immae.eu' | |
90 | method: 'sendmail' | |
91 | smtp: | |
92 | sendmail: | |
93 | location: '/run/wrappers/bin/sendmail' | |
94 | admins: | |
95 | account: "ismael" | |
96 | podmin_email: 'diaspora@tools.immae.eu' | |
97 | relay: | |
98 | outbound: | |
99 | inbound: | |
100 | ldap: | |
101 | enable: true | |
102 | host: ldap.immae.eu | |
103 | port: 636 | |
104 | only_ldap: true | |
105 | mail_attribute: mail | |
106 | skip_email_confirmation: true | |
107 | use_bind_dn: true | |
108 | bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu" | |
109 | bind_pw: "${env.ldap.password}" | |
110 | search_base: "dc=immae,dc=eu" | |
111 | search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))" | |
112 | production: | |
113 | environment: | |
114 | development: | |
115 | environment: | |
116 | ''; | |
117 | } | |
118 | { | |
119 | dest = "webapps/diaspora/database.yml"; | |
120 | user = "diaspora"; | |
121 | group = "diaspora"; | |
122 | permissions = "0400"; | |
123 | text = '' | |
124 | postgresql: &postgresql | |
125 | adapter: postgresql | |
126 | host: "${env.postgresql.socket}" | |
127 | port: "${env.postgresql.port}" | |
128 | username: "${env.postgresql.user}" | |
129 | password: "${env.postgresql.password}" | |
130 | encoding: unicode | |
131 | common: &common | |
132 | <<: *postgresql | |
133 | combined: &combined | |
134 | <<: *common | |
135 | development: | |
136 | <<: *combined | |
137 | database: diaspora_development | |
138 | production: | |
139 | <<: *combined | |
140 | database: ${env.postgresql.database} | |
141 | test: | |
142 | <<: *combined | |
143 | database: "diaspora_test" | |
144 | integration1: | |
145 | <<: *combined | |
146 | database: diaspora_integration1 | |
147 | integration2: | |
148 | <<: *combined | |
149 | database: diaspora_integration2 | |
150 | ''; | |
151 | } | |
152 | { | |
153 | dest = "webapps/diaspora/secret_token.rb"; | |
154 | user = "diaspora"; | |
155 | group = "diaspora"; | |
156 | permissions = "0400"; | |
157 | text = '' | |
158 | Diaspora::Application.config.secret_key_base = '${env.secret_token}' | |
159 | ''; | |
160 | } | |
161 | ]; | |
a7f7fdae IB |
162 | |
163 | systemd.services.diaspora = { | |
164 | description = "Diaspora"; | |
165 | wantedBy = [ "multi-user.target" ]; | |
ec2a5ffb IB |
166 | after = [ |
167 | "network.target" "redis.service" "postgresql.service" | |
ec2a5ffb IB |
168 | ]; |
169 | wants = [ | |
170 | "redis.service" "postgresql.service" | |
ec2a5ffb | 171 | ]; |
a7f7fdae IB |
172 | |
173 | environment.RAILS_ENV = "production"; | |
159d8ff3 | 174 | environment.BUNDLE_PATH = "${diaspora.gems}/${diaspora.gems.ruby.gemPath}"; |
a7f7fdae | 175 | environment.BUNDLE_GEMFILE = "${diaspora.gems.confFiles}/Gemfile"; |
3bb8a82a IB |
176 | environment.EYE_SOCK = "${socketsDir}/eye.sock"; |
177 | environment.EYE_PID = "${socketsDir}/eye.pid"; | |
a7f7fdae IB |
178 | |
179 | path = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby pkgs.curl pkgs.which pkgs.gawk ]; | |
180 | ||
181 | preStart = '' | |
182 | ./bin/bundle exec rails db:migrate | |
183 | ''; | |
184 | ||
185 | script = '' | |
3bb8a82a | 186 | exec ${diaspora}/script/server |
a7f7fdae IB |
187 | ''; |
188 | ||
189 | serviceConfig = { | |
190 | User = "diaspora"; | |
191 | PrivateTmp = true; | |
192 | Restart = "always"; | |
193 | Type = "simple"; | |
3bb8a82a | 194 | WorkingDirectory = diaspora; |
a7f7fdae IB |
195 | StandardInput = "null"; |
196 | KillMode = "control-group"; | |
197 | }; | |
198 | ||
3bb8a82a | 199 | unitConfig.RequiresMountsFor = varDir; |
a7f7fdae IB |
200 | }; |
201 | ||
a7f7fdae IB |
202 | system.activationScripts.diaspora = { |
203 | deps = [ "users" ]; | |
204 | text = '' | |
3bb8a82a IB |
205 | install -m 0755 -o diaspora -g diaspora -d ${socketsDir} |
206 | install -m 0755 -o diaspora -g diaspora -d ${varDir} \ | |
207 | ${varDir}/uploads ${varDir}/tmp \ | |
208 | ${varDir}/log | |
209 | install -m 0700 -o diaspora -g diaspora -d ${varDir}/tmp/pids | |
210 | if [ ! -f ${varDir}/schedule.yml ]; then | |
211 | echo "{}" | $wrapperDir/sudo -u diaspora tee ${varDir}/schedule.yml | |
a7f7fdae IB |
212 | fi |
213 | ''; | |
214 | }; | |
215 | ||
216 | services.myWebsites.tools.modules = [ | |
a952acc4 | 217 | "headers" "proxy" "proxy_http" |
a7f7fdae IB |
218 | ]; |
219 | security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null; | |
a95ab089 IB |
220 | system.extraSystemBuilderCmds = '' |
221 | mkdir -p $out/webapps | |
3bb8a82a | 222 | ln -s ${diaspora}/public/ $out/webapps/tools_diaspora |
a95ab089 | 223 | ''; |
a7f7fdae IB |
224 | services.myWebsites.tools.vhostConfs.diaspora = { |
225 | certName = "eldiron"; | |
226 | hosts = [ "diaspora.immae.eu" ]; | |
a95ab089 | 227 | root = root; |
a7f7fdae IB |
228 | extraConfig = [ '' |
229 | RewriteEngine On | |
230 | RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f | |
3bb8a82a | 231 | RewriteRule ^/(.*)$ unix://${railsSocket}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L] |
a7f7fdae IB |
232 | |
233 | ProxyRequests Off | |
234 | ProxyVia On | |
235 | ProxyPreserveHost On | |
236 | RequestHeader set X_FORWARDED_PROTO https | |
237 | ||
238 | <Proxy *> | |
239 | Require all granted | |
240 | </Proxy> | |
241 | ||
a95ab089 | 242 | <Directory ${root}> |
a7f7fdae IB |
243 | Require all granted |
244 | Options -MultiViews | |
245 | </Directory> | |
246 | '' ]; | |
247 | }; | |
248 | }; | |
249 | } |