]>
Commit | Line | Data |
---|---|---|
1 | { lib, pkgs, config, ... }: | |
2 | let | |
3 | env = config.myEnv.tools.diaspora; | |
4 | root = "${dcfg.workdir}/public/"; | |
5 | cfg = config.myServices.websites.tools.diaspora; | |
6 | dcfg = config.services.diaspora; | |
7 | in { | |
8 | options.myServices.websites.tools.diaspora = { | |
9 | enable = lib.mkEnableOption "enable diaspora's website"; | |
10 | }; | |
11 | ||
12 | config = lib.mkIf cfg.enable { | |
13 | myServices.dns.zones."immae.eu".subdomains.diaspora = | |
14 | with config.myServices.dns.helpers; ips servers.eldiron.ips.main; | |
15 | ||
16 | myServices.chatonsProperties.services.diaspora = { | |
17 | file.datetime = "2022-08-21T01:39:00"; | |
18 | service = { | |
19 | name = "Diaspora"; | |
20 | description = "The online social world where you are in control"; | |
21 | website = "https://diaspora.immae.eu"; | |
22 | logo = "https://diaspora.immae.eu/assets/apple-touch-icon-9f7c9cc3923b4817fbb25bfeb0dd5fd34638827fd9c82b5a03f7b68e6e90806f.png"; | |
23 | status.level = "OK"; | |
24 | status.description = "OK"; | |
25 | registration."" = ["MEMBER" "CLIENT"]; | |
26 | registration.load = "OPEN"; | |
27 | install.type = "PACKAGE"; | |
28 | }; | |
29 | software = { | |
30 | name = "Diaspora*"; | |
31 | website = "https://diasporafoundation.org/"; | |
32 | license.url = "https://github.com/diaspora/diaspora/blob/develop/LICENSE"; | |
33 | license.name = "GNU Affero General Public License v3.0"; | |
34 | version = dcfg.package.version; | |
35 | source.url = "https://github.com/diaspora/diaspora"; | |
36 | }; | |
37 | }; | |
38 | users.users.diaspora.extraGroups = [ "keys" ]; | |
39 | ||
40 | secrets.keys = { | |
41 | "webapps/diaspora" = { | |
42 | isDir = true; | |
43 | user = "diaspora"; | |
44 | group = "diaspora"; | |
45 | permissions = "0500"; | |
46 | }; | |
47 | "webapps/diaspora/diaspora.yml" = { | |
48 | user = "diaspora"; | |
49 | group = "diaspora"; | |
50 | permissions = "0400"; | |
51 | keyDependencies = [ pkgs.cacert ]; | |
52 | text = '' | |
53 | configuration: | |
54 | environment: | |
55 | url: "https://diaspora.immae.eu/" | |
56 | certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt' | |
57 | redis: 'redis://${env.redis.host}:${env.redis.port}/${env.redis.db}' | |
58 | sidekiq: | |
59 | s3: | |
60 | assets: | |
61 | logging: | |
62 | logrotate: | |
63 | debug: | |
64 | server: | |
65 | listen: '${dcfg.sockets.rails}' | |
66 | rails_environment: 'production' | |
67 | chat: | |
68 | server: | |
69 | bosh: | |
70 | log: | |
71 | map: | |
72 | mapbox: | |
73 | privacy: | |
74 | piwik: | |
75 | statistics: | |
76 | camo: | |
77 | settings: | |
78 | enable_registrations: false | |
79 | welcome_message: | |
80 | invitations: | |
81 | open: false | |
82 | paypal_donations: | |
83 | community_spotlight: | |
84 | captcha: | |
85 | enable: false | |
86 | terms: | |
87 | maintenance: | |
88 | remove_old_users: | |
89 | default_metas: | |
90 | csp: | |
91 | services: | |
92 | twitter: | |
93 | tumblr: | |
94 | wordpress: | |
95 | mail: | |
96 | enable: true | |
97 | sender_address: 'diaspora@tools.immae.eu' | |
98 | method: 'sendmail' | |
99 | smtp: | |
100 | sendmail: | |
101 | location: '/run/wrappers/bin/sendmail' | |
102 | admins: | |
103 | account: "ismael" | |
104 | podmin_email: 'diaspora@tools.immae.eu' | |
105 | relay: | |
106 | outbound: | |
107 | inbound: | |
108 | ldap: | |
109 | enable: true | |
110 | host: ${env.ldap.host} | |
111 | port: 636 | |
112 | only_ldap: true | |
113 | mail_attribute: mail | |
114 | skip_email_confirmation: true | |
115 | use_bind_dn: true | |
116 | bind_dn: "${env.ldap.dn}" | |
117 | bind_pw: "${env.ldap.password}" | |
118 | search_base: "${env.ldap.base}" | |
119 | search_filter: "${env.ldap.filter}" | |
120 | production: | |
121 | environment: | |
122 | development: | |
123 | environment: | |
124 | ''; | |
125 | }; | |
126 | "webapps/diaspora/database.yml" = { | |
127 | user = "diaspora"; | |
128 | group = "diaspora"; | |
129 | permissions = "0400"; | |
130 | text = '' | |
131 | postgresql: &postgresql | |
132 | adapter: postgresql | |
133 | host: "${env.postgresql.socket}" | |
134 | port: "${env.postgresql.port}" | |
135 | username: "${env.postgresql.user}" | |
136 | password: "${env.postgresql.password}" | |
137 | encoding: unicode | |
138 | common: &common | |
139 | <<: *postgresql | |
140 | combined: &combined | |
141 | <<: *common | |
142 | development: | |
143 | <<: *combined | |
144 | database: diaspora_development | |
145 | production: | |
146 | <<: *combined | |
147 | database: ${env.postgresql.database} | |
148 | test: | |
149 | <<: *combined | |
150 | database: "diaspora_test" | |
151 | integration1: | |
152 | <<: *combined | |
153 | database: diaspora_integration1 | |
154 | integration2: | |
155 | <<: *combined | |
156 | database: diaspora_integration2 | |
157 | ''; | |
158 | }; | |
159 | "webapps/diaspora/secret_token.rb" = { | |
160 | user = "diaspora"; | |
161 | group = "diaspora"; | |
162 | permissions = "0400"; | |
163 | text = '' | |
164 | Diaspora::Application.config.secret_key_base = '${env.secret_token}' | |
165 | ''; | |
166 | }; | |
167 | }; | |
168 | ||
169 | services.diaspora = { | |
170 | enable = true; | |
171 | withLdap = true; | |
172 | dataDir = "/var/lib/diaspora_immae"; | |
173 | adminEmail = "diaspora@tools.immae.eu"; | |
174 | configDir = config.secrets.fullPaths."webapps/diaspora"; | |
175 | }; | |
176 | ||
177 | services.filesWatcher.diaspora = { | |
178 | restart = true; | |
179 | paths = [ dcfg.configDir ]; | |
180 | }; | |
181 | ||
182 | services.websites.env.tools.modules = [ | |
183 | "headers" "proxy" "proxy_http" | |
184 | ]; | |
185 | security.acme.certs.eldiron.extraDomainNames = [ "diaspora.immae.eu" ]; | |
186 | services.websites.env.tools.vhostConfs.diaspora = { | |
187 | certName = "eldiron"; | |
188 | hosts = [ "diaspora.immae.eu" ]; | |
189 | root = root; | |
190 | extraConfig = [ '' | |
191 | RewriteEngine On | |
192 | RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f | |
193 | RewriteRule ^/(.*)$ unix://${dcfg.sockets.rails}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L] | |
194 | ||
195 | ProxyRequests Off | |
196 | ProxyVia On | |
197 | ProxyPreserveHost On | |
198 | RequestHeader set X_FORWARDED_PROTO https | |
199 | ||
200 | <Proxy *> | |
201 | Require all granted | |
202 | </Proxy> | |
203 | ||
204 | <Directory ${root}> | |
205 | Require all granted | |
206 | Options -MultiViews | |
207 | </Directory> | |
208 | '' ]; | |
209 | }; | |
210 | myServices.monitoring.fromMasterActivatedPlugins = [ "http" ]; | |
211 | myServices.monitoring.fromMasterObjects.service = [ | |
212 | { | |
213 | service_description = "diaspora website is running on diaspora.immae.eu"; | |
214 | host_name = config.hostEnv.fqdn; | |
215 | use = "external-web-service"; | |
216 | check_command = ["check_https" "diaspora.immae.eu" "/" "is the online social world where you are in control"]; | |
217 | ||
218 | servicegroups = "webstatus-webapps"; | |
219 | _webstatus_name = "Diaspora"; | |
220 | _webstatus_url = "https://diaspora.immae.eu/"; | |
221 | } | |
222 | ]; | |
223 | }; | |
224 | } |