]>
Commit | Line | Data |
---|---|---|
1 | { lib, pkgs, config, ... }: | |
2 | let | |
3 | env = config.myEnv.tools.diaspora; | |
4 | root = "${dcfg.workdir}/public/"; | |
5 | cfg = config.myServices.websites.tools.diaspora; | |
6 | dcfg = config.services.diaspora; | |
7 | in { | |
8 | options.myServices.websites.tools.diaspora = { | |
9 | enable = lib.mkEnableOption "enable diaspora's website"; | |
10 | }; | |
11 | ||
12 | config = lib.mkIf cfg.enable { | |
13 | myServices.chatonsProperties.services.diaspora = { | |
14 | file.datetime = "2022-08-21T01:39:00"; | |
15 | service = { | |
16 | name = "Diaspora"; | |
17 | description = "The online social world where you are in control"; | |
18 | website = "https://diaspora.immae.eu"; | |
19 | logo = "https://diaspora.immae.eu/assets/apple-touch-icon-9f7c9cc3923b4817fbb25bfeb0dd5fd34638827fd9c82b5a03f7b68e6e90806f.png"; | |
20 | status.level = "OK"; | |
21 | status.description = "OK"; | |
22 | registration."" = ["MEMBER" "CLIENT"]; | |
23 | registration.load = "OPEN"; | |
24 | install.type = "PACKAGE"; | |
25 | }; | |
26 | software = { | |
27 | name = "Diaspora*"; | |
28 | website = "https://diasporafoundation.org/"; | |
29 | license.url = "https://github.com/diaspora/diaspora/blob/develop/LICENSE"; | |
30 | license.name = "GNU Affero General Public License v3.0"; | |
31 | version = dcfg.package.version; | |
32 | source.url = "https://github.com/diaspora/diaspora"; | |
33 | }; | |
34 | }; | |
35 | users.users.diaspora.extraGroups = [ "keys" ]; | |
36 | ||
37 | secrets.keys = { | |
38 | "webapps/diaspora" = { | |
39 | isDir = true; | |
40 | user = "diaspora"; | |
41 | group = "diaspora"; | |
42 | permissions = "0500"; | |
43 | }; | |
44 | "webapps/diaspora/diaspora.yml" = { | |
45 | user = "diaspora"; | |
46 | group = "diaspora"; | |
47 | permissions = "0400"; | |
48 | text = '' | |
49 | configuration: | |
50 | environment: | |
51 | url: "https://diaspora.immae.eu/" | |
52 | certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt' | |
53 | redis: 'redis://${env.redis.host}:${env.redis.port}/${env.redis.db}' | |
54 | sidekiq: | |
55 | s3: | |
56 | assets: | |
57 | logging: | |
58 | logrotate: | |
59 | debug: | |
60 | server: | |
61 | listen: '${dcfg.sockets.rails}' | |
62 | rails_environment: 'production' | |
63 | chat: | |
64 | server: | |
65 | bosh: | |
66 | log: | |
67 | map: | |
68 | mapbox: | |
69 | privacy: | |
70 | piwik: | |
71 | statistics: | |
72 | camo: | |
73 | settings: | |
74 | enable_registrations: false | |
75 | welcome_message: | |
76 | invitations: | |
77 | open: false | |
78 | paypal_donations: | |
79 | community_spotlight: | |
80 | captcha: | |
81 | enable: false | |
82 | terms: | |
83 | maintenance: | |
84 | remove_old_users: | |
85 | default_metas: | |
86 | csp: | |
87 | services: | |
88 | twitter: | |
89 | tumblr: | |
90 | wordpress: | |
91 | mail: | |
92 | enable: true | |
93 | sender_address: 'diaspora@tools.immae.eu' | |
94 | method: 'sendmail' | |
95 | smtp: | |
96 | sendmail: | |
97 | location: '/run/wrappers/bin/sendmail' | |
98 | admins: | |
99 | account: "ismael" | |
100 | podmin_email: 'diaspora@tools.immae.eu' | |
101 | relay: | |
102 | outbound: | |
103 | inbound: | |
104 | ldap: | |
105 | enable: true | |
106 | host: ${env.ldap.host} | |
107 | port: 636 | |
108 | only_ldap: true | |
109 | mail_attribute: mail | |
110 | skip_email_confirmation: true | |
111 | use_bind_dn: true | |
112 | bind_dn: "${env.ldap.dn}" | |
113 | bind_pw: "${env.ldap.password}" | |
114 | search_base: "${env.ldap.base}" | |
115 | search_filter: "${env.ldap.filter}" | |
116 | production: | |
117 | environment: | |
118 | development: | |
119 | environment: | |
120 | ''; | |
121 | }; | |
122 | "webapps/diaspora/database.yml" = { | |
123 | user = "diaspora"; | |
124 | group = "diaspora"; | |
125 | permissions = "0400"; | |
126 | text = '' | |
127 | postgresql: &postgresql | |
128 | adapter: postgresql | |
129 | host: "${env.postgresql.socket}" | |
130 | port: "${env.postgresql.port}" | |
131 | username: "${env.postgresql.user}" | |
132 | password: "${env.postgresql.password}" | |
133 | encoding: unicode | |
134 | common: &common | |
135 | <<: *postgresql | |
136 | combined: &combined | |
137 | <<: *common | |
138 | development: | |
139 | <<: *combined | |
140 | database: diaspora_development | |
141 | production: | |
142 | <<: *combined | |
143 | database: ${env.postgresql.database} | |
144 | test: | |
145 | <<: *combined | |
146 | database: "diaspora_test" | |
147 | integration1: | |
148 | <<: *combined | |
149 | database: diaspora_integration1 | |
150 | integration2: | |
151 | <<: *combined | |
152 | database: diaspora_integration2 | |
153 | ''; | |
154 | }; | |
155 | "webapps/diaspora/secret_token.rb" = { | |
156 | user = "diaspora"; | |
157 | group = "diaspora"; | |
158 | permissions = "0400"; | |
159 | text = '' | |
160 | Diaspora::Application.config.secret_key_base = '${env.secret_token}' | |
161 | ''; | |
162 | }; | |
163 | }; | |
164 | ||
165 | services.diaspora = { | |
166 | enable = true; | |
167 | withLdap = true; | |
168 | dataDir = "/var/lib/diaspora_immae"; | |
169 | adminEmail = "diaspora@tools.immae.eu"; | |
170 | configDir = config.secrets.fullPaths."webapps/diaspora"; | |
171 | }; | |
172 | ||
173 | services.filesWatcher.diaspora = { | |
174 | restart = true; | |
175 | paths = [ dcfg.configDir ]; | |
176 | }; | |
177 | ||
178 | services.websites.env.tools.modules = [ | |
179 | "headers" "proxy" "proxy_http" | |
180 | ]; | |
181 | services.websites.env.tools.vhostConfs.diaspora = { | |
182 | certName = "eldiron"; | |
183 | addToCerts = true; | |
184 | hosts = [ "diaspora.immae.eu" ]; | |
185 | root = root; | |
186 | extraConfig = [ '' | |
187 | RewriteEngine On | |
188 | RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f | |
189 | RewriteRule ^/(.*)$ unix://${dcfg.sockets.rails}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L] | |
190 | ||
191 | ProxyRequests Off | |
192 | ProxyVia On | |
193 | ProxyPreserveHost On | |
194 | RequestHeader set X_FORWARDED_PROTO https | |
195 | ||
196 | <Proxy *> | |
197 | Require all granted | |
198 | </Proxy> | |
199 | ||
200 | <Directory ${root}> | |
201 | Require all granted | |
202 | Options -MultiViews | |
203 | </Directory> | |
204 | '' ]; | |
205 | }; | |
206 | }; | |
207 | } |