1 { env, fetchedGithub, stdenv, defaultGemConfig, writeText, bundlerEnv, ruby_2_4, pkgs, cacert }:
3 varDir = "/var/lib/diaspora_immae";
4 socketsDir = "/run/diaspora";
5 diaspora = stdenv.mkDerivation (fetchedGithub ./diaspora.json // rec {
7 patch -p1 < ${./ldap.patch}
8 # FIXME: bundlerEnv below doesn't take postgresql group for some
10 echo 'gem "pg", "1.1.3"' >> Gemfile
17 name = "diaspora-env";
18 # https://git.immae.eu/mantisbt/view.php?id=131
19 ruby = ruby_2_4.overrideAttrs(old: {
20 postInstall = builtins.replaceStrings [" --destdir $GEM_HOME"] [""] old.postInstall;
22 gemfile = "${diaspora}/Gemfile";
23 lockfile = "${diaspora}/Gemfile.lock";
24 gemset = ./gemset.nix;
25 groups = [ "postgresql" "default" "production" ];
26 gemConfig = defaultGemConfig // {
27 kostya-sigar = attrs: {
28 buildInputs = [ pkgs.perl ];
34 dest = "webapps/tools-diaspora-secret_token";
39 Diaspora::Application.config.secret_key_base = '${env.secret_token}'
43 dest = "webapps/tools-diaspora-config";
50 url: "https://diaspora.immae.eu/"
51 certificate_authorities: '${cacert}/etc/ssl/certs/ca-bundle.crt'
52 redis: '${env.redis_url}'
60 listen: '${socketsDir}/diaspora.sock'
61 rails_environment: 'production'
73 enable_registrations: false
92 sender_address: 'diaspora@tools.immae.eu'
96 location: '/run/wrappers/bin/sendmail'
99 podmin_email: 'diaspora@tools.immae.eu'
109 skip_email_confirmation: true
111 bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu"
112 bind_pw: "${env.ldap.password}"
113 search_base: "dc=immae,dc=eu"
114 search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))"
122 dest = "webapps/tools-diaspora-database_config";
125 permissions = "0400";
127 postgresql: &postgresql
129 host: "${env.postgresql.socket}"
130 port: "${env.postgresql.port}"
131 username: "${env.postgresql.user}"
132 password: "${env.postgresql.password}"
140 database: diaspora_development
143 database: ${env.postgresql.database}
146 database: "diaspora_test"
149 database: diaspora_integration1
152 database: diaspora_integration2
156 railsRoot = stdenv.mkDerivation {
157 name = "diaspora_immae";
159 # FIXME: build machine will contain some passwords in the nix store
160 builder = writeText "build_diaspora_immae" ''
165 tar -czf public/source.tar.gz ./{app,db,lib,script,Gemfile,Gemfile.lock,Rakefile,config.ru}
166 ln -s ${writeText "database.yml" keys.database.text} config/database.yml
167 ln -s ${writeText "diaspora.yml" keys.config.text} config/diaspora.yml
168 ln -s ${writeText "secret_token.rb" keys.secret_token.text} config/initializers/secret_token.rb
169 ln -sf ${varDir}/schedule.yml config/schedule.yml
170 ln -sf ${varDir}/oidc_key.pem config/oidc_key.pem
171 ln -sf ${varDir}/uploads public/uploads
172 RAILS_ENV=production ${gems}/bin/rake assets:precompile
173 ln -sf /var/secrets/webapps/tools-diaspora-database_config config/database.yml
174 ln -sf /var/secrets/webapps/tools-diaspora-config config/diaspora.yml
175 ln -sf /var/secrets/webapps/tools-diaspora-secret_token config/initializers/secret_token.rb
177 ln -sf ${varDir}/tmp tmp
178 ln -sf ${varDir}/log log
180 propagatedBuildInputs = [ gems pkgs.nodejs pkgs.which pkgs.git ];
184 inherit railsRoot varDir socketsDir gems;
185 keys = builtins.attrValues keys;
186 railsSocket = "${socketsDir}/diaspora.sock";