]>
Commit | Line | Data |
---|---|---|
1 | { lib, pkgs, config, myconfig, mylibs, ... }: | |
2 | let | |
3 | varDir = "/var/lib/diaspora_immae"; | |
4 | ||
5 | diaspora = pkgs.webapps.diaspora.override { | |
6 | ldap = true; | |
7 | inherit varDir; | |
8 | podmin_email = "diaspora@tools.immae.eu"; | |
9 | config_dir = "/var/secrets/webapps/diaspora"; | |
10 | }; | |
11 | ||
12 | railsSocket = "${socketsDir}/diaspora.sock"; | |
13 | socketsDir = "/run/diaspora"; | |
14 | env = myconfig.env.tools.diaspora; | |
15 | root = "/run/current-system/webapps/tools_diaspora"; | |
16 | cfg = config.services.myWebsites.tools.diaspora; | |
17 | in { | |
18 | options.services.myWebsites.tools.diaspora = { | |
19 | enable = lib.mkEnableOption "enable diaspora's website"; | |
20 | }; | |
21 | ||
22 | config = lib.mkIf cfg.enable { | |
23 | ids.uids.diaspora = env.user.uid; | |
24 | ids.gids.diaspora = env.user.gid; | |
25 | ||
26 | users.users.diaspora = { | |
27 | name = "diaspora"; | |
28 | uid = config.ids.uids.diaspora; | |
29 | group = "diaspora"; | |
30 | description = "Diaspora user"; | |
31 | home = varDir; | |
32 | useDefaultShell = true; | |
33 | packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ]; | |
34 | extraGroups = [ "keys" ]; | |
35 | }; | |
36 | ||
37 | users.groups.diaspora.gid = config.ids.gids.diaspora; | |
38 | mySecrets.keys = [ | |
39 | { | |
40 | dest = "webapps/diaspora/diaspora.yml"; | |
41 | user = "diaspora"; | |
42 | group = "diaspora"; | |
43 | permissions = "0400"; | |
44 | text = '' | |
45 | configuration: | |
46 | environment: | |
47 | url: "https://diaspora.immae.eu/" | |
48 | certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt' | |
49 | redis: '${env.redis_url}' | |
50 | sidekiq: | |
51 | s3: | |
52 | assets: | |
53 | logging: | |
54 | logrotate: | |
55 | debug: | |
56 | server: | |
57 | listen: '${socketsDir}/diaspora.sock' | |
58 | rails_environment: 'production' | |
59 | chat: | |
60 | server: | |
61 | bosh: | |
62 | log: | |
63 | map: | |
64 | mapbox: | |
65 | privacy: | |
66 | piwik: | |
67 | statistics: | |
68 | camo: | |
69 | settings: | |
70 | enable_registrations: false | |
71 | welcome_message: | |
72 | invitations: | |
73 | open: false | |
74 | paypal_donations: | |
75 | community_spotlight: | |
76 | captcha: | |
77 | enable: false | |
78 | terms: | |
79 | maintenance: | |
80 | remove_old_users: | |
81 | default_metas: | |
82 | csp: | |
83 | services: | |
84 | twitter: | |
85 | tumblr: | |
86 | wordpress: | |
87 | mail: | |
88 | enable: true | |
89 | sender_address: 'diaspora@tools.immae.eu' | |
90 | method: 'sendmail' | |
91 | smtp: | |
92 | sendmail: | |
93 | location: '/run/wrappers/bin/sendmail' | |
94 | admins: | |
95 | account: "ismael" | |
96 | podmin_email: 'diaspora@tools.immae.eu' | |
97 | relay: | |
98 | outbound: | |
99 | inbound: | |
100 | ldap: | |
101 | enable: true | |
102 | host: ldap.immae.eu | |
103 | port: 636 | |
104 | only_ldap: true | |
105 | mail_attribute: mail | |
106 | skip_email_confirmation: true | |
107 | use_bind_dn: true | |
108 | bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu" | |
109 | bind_pw: "${env.ldap.password}" | |
110 | search_base: "dc=immae,dc=eu" | |
111 | search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))" | |
112 | production: | |
113 | environment: | |
114 | development: | |
115 | environment: | |
116 | ''; | |
117 | } | |
118 | { | |
119 | dest = "webapps/diaspora/database.yml"; | |
120 | user = "diaspora"; | |
121 | group = "diaspora"; | |
122 | permissions = "0400"; | |
123 | text = '' | |
124 | postgresql: &postgresql | |
125 | adapter: postgresql | |
126 | host: "${env.postgresql.socket}" | |
127 | port: "${env.postgresql.port}" | |
128 | username: "${env.postgresql.user}" | |
129 | password: "${env.postgresql.password}" | |
130 | encoding: unicode | |
131 | common: &common | |
132 | <<: *postgresql | |
133 | combined: &combined | |
134 | <<: *common | |
135 | development: | |
136 | <<: *combined | |
137 | database: diaspora_development | |
138 | production: | |
139 | <<: *combined | |
140 | database: ${env.postgresql.database} | |
141 | test: | |
142 | <<: *combined | |
143 | database: "diaspora_test" | |
144 | integration1: | |
145 | <<: *combined | |
146 | database: diaspora_integration1 | |
147 | integration2: | |
148 | <<: *combined | |
149 | database: diaspora_integration2 | |
150 | ''; | |
151 | } | |
152 | { | |
153 | dest = "webapps/diaspora/secret_token.rb"; | |
154 | user = "diaspora"; | |
155 | group = "diaspora"; | |
156 | permissions = "0400"; | |
157 | text = '' | |
158 | Diaspora::Application.config.secret_key_base = '${env.secret_token}' | |
159 | ''; | |
160 | } | |
161 | ]; | |
162 | ||
163 | systemd.services.diaspora = { | |
164 | description = "Diaspora"; | |
165 | wantedBy = [ "multi-user.target" ]; | |
166 | after = [ | |
167 | "network.target" "redis.service" "postgresql.service" | |
168 | ]; | |
169 | wants = [ | |
170 | "redis.service" "postgresql.service" | |
171 | ]; | |
172 | ||
173 | environment.RAILS_ENV = "production"; | |
174 | environment.BUNDLE_PATH = "${diaspora.gems}/${diaspora.gems.ruby.gemPath}"; | |
175 | environment.BUNDLE_GEMFILE = "${diaspora.gems.confFiles}/Gemfile"; | |
176 | environment.EYE_SOCK = "${socketsDir}/eye.sock"; | |
177 | environment.EYE_PID = "${socketsDir}/eye.pid"; | |
178 | ||
179 | path = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby pkgs.curl pkgs.which pkgs.gawk ]; | |
180 | ||
181 | preStart = '' | |
182 | ./bin/bundle exec rails db:migrate | |
183 | ''; | |
184 | ||
185 | script = '' | |
186 | exec ${diaspora}/script/server | |
187 | ''; | |
188 | ||
189 | serviceConfig = { | |
190 | User = "diaspora"; | |
191 | PrivateTmp = true; | |
192 | Restart = "always"; | |
193 | Type = "simple"; | |
194 | WorkingDirectory = diaspora; | |
195 | StandardInput = "null"; | |
196 | KillMode = "control-group"; | |
197 | }; | |
198 | ||
199 | unitConfig.RequiresMountsFor = varDir; | |
200 | }; | |
201 | ||
202 | system.activationScripts.diaspora = { | |
203 | deps = [ "users" ]; | |
204 | text = '' | |
205 | install -m 0755 -o diaspora -g diaspora -d ${socketsDir} | |
206 | install -m 0755 -o diaspora -g diaspora -d ${varDir} \ | |
207 | ${varDir}/uploads ${varDir}/tmp \ | |
208 | ${varDir}/log | |
209 | install -m 0700 -o diaspora -g diaspora -d ${varDir}/tmp/pids | |
210 | if [ ! -f ${varDir}/schedule.yml ]; then | |
211 | echo "{}" | $wrapperDir/sudo -u diaspora tee ${varDir}/schedule.yml | |
212 | fi | |
213 | ''; | |
214 | }; | |
215 | ||
216 | services.myWebsites.tools.modules = [ | |
217 | "headers" "proxy" "proxy_http" | |
218 | ]; | |
219 | security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null; | |
220 | system.extraSystemBuilderCmds = '' | |
221 | mkdir -p $out/webapps | |
222 | ln -s ${diaspora}/public/ $out/webapps/tools_diaspora | |
223 | ''; | |
224 | services.myWebsites.tools.vhostConfs.diaspora = { | |
225 | certName = "eldiron"; | |
226 | hosts = [ "diaspora.immae.eu" ]; | |
227 | root = root; | |
228 | extraConfig = [ '' | |
229 | RewriteEngine On | |
230 | RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f | |
231 | RewriteRule ^/(.*)$ unix://${railsSocket}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L] | |
232 | ||
233 | ProxyRequests Off | |
234 | ProxyVia On | |
235 | ProxyPreserveHost On | |
236 | RequestHeader set X_FORWARDED_PROTO https | |
237 | ||
238 | <Proxy *> | |
239 | Require all granted | |
240 | </Proxy> | |
241 | ||
242 | <Directory ${root}> | |
243 | Require all granted | |
244 | Options -MultiViews | |
245 | </Directory> | |
246 | '' ]; | |
247 | }; | |
248 | }; | |
249 | } |