1 { lib, pkgs, config, myconfig, mylibs, ... }:
3 varDir = "/var/lib/diaspora_immae";
5 diaspora = pkgs.webapps.diaspora.override {
8 podmin_email = "diaspora@tools.immae.eu";
9 config_dir = "/var/secrets/webapps/diaspora";
12 railsSocket = "${socketsDir}/diaspora.sock";
13 socketsDir = "/run/diaspora";
14 env = myconfig.env.tools.diaspora;
15 root = "/run/current-system/webapps/tools_diaspora";
16 cfg = config.services.myWebsites.tools.diaspora;
18 options.services.myWebsites.tools.diaspora = {
19 enable = lib.mkEnableOption "enable diaspora's website";
22 config = lib.mkIf cfg.enable {
23 ids.uids.diaspora = env.user.uid;
24 ids.gids.diaspora = env.user.gid;
26 users.users.diaspora = {
28 uid = config.ids.uids.diaspora;
30 description = "Diaspora user";
32 useDefaultShell = true;
33 packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ];
34 extraGroups = [ "keys" ];
37 users.groups.diaspora.gid = config.ids.gids.diaspora;
40 dest = "webapps/diaspora/diaspora.yml";
47 url: "https://diaspora.immae.eu/"
48 certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt'
49 redis: '${env.redis_url}'
57 listen: '${socketsDir}/diaspora.sock'
58 rails_environment: 'production'
70 enable_registrations: false
89 sender_address: 'diaspora@tools.immae.eu'
93 location: '/run/wrappers/bin/sendmail'
96 podmin_email: 'diaspora@tools.immae.eu'
106 skip_email_confirmation: true
108 bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu"
109 bind_pw: "${env.ldap.password}"
110 search_base: "dc=immae,dc=eu"
111 search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))"
119 dest = "webapps/diaspora/database.yml";
122 permissions = "0400";
124 postgresql: &postgresql
126 host: "${env.postgresql.socket}"
127 port: "${env.postgresql.port}"
128 username: "${env.postgresql.user}"
129 password: "${env.postgresql.password}"
137 database: diaspora_development
140 database: ${env.postgresql.database}
143 database: "diaspora_test"
146 database: diaspora_integration1
149 database: diaspora_integration2
153 dest = "webapps/diaspora/secret_token.rb";
156 permissions = "0400";
158 Diaspora::Application.config.secret_key_base = '${env.secret_token}'
163 systemd.services.diaspora = {
164 description = "Diaspora";
165 wantedBy = [ "multi-user.target" ];
167 "network.target" "redis.service" "postgresql.service"
170 "redis.service" "postgresql.service"
173 environment.RAILS_ENV = "production";
174 environment.BUNDLE_PATH = "${diaspora.gems}/${diaspora.gems.ruby.gemPath}";
175 environment.BUNDLE_GEMFILE = "${diaspora.gems.confFiles}/Gemfile";
176 environment.EYE_SOCK = "${socketsDir}/eye.sock";
177 environment.EYE_PID = "${socketsDir}/eye.pid";
179 path = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby pkgs.curl pkgs.which pkgs.gawk ];
182 ./bin/bundle exec rails db:migrate
186 exec ${diaspora}/script/server
194 WorkingDirectory = diaspora;
195 StandardInput = "null";
196 KillMode = "control-group";
199 unitConfig.RequiresMountsFor = varDir;
202 system.activationScripts.diaspora = {
205 install -m 0755 -o diaspora -g diaspora -d ${socketsDir}
206 install -m 0755 -o diaspora -g diaspora -d ${varDir} \
207 ${varDir}/uploads ${varDir}/tmp \
209 install -m 0700 -o diaspora -g diaspora -d ${varDir}/tmp/pids
210 if [ ! -f ${varDir}/schedule.yml ]; then
211 echo "{}" | $wrapperDir/sudo -u diaspora tee ${varDir}/schedule.yml
216 services.myWebsites.tools.modules = [
217 "headers" "proxy" "proxy_http"
219 security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null;
220 system.extraSystemBuilderCmds = ''
221 mkdir -p $out/webapps
222 ln -s ${diaspora}/public/ $out/webapps/tools_diaspora
224 services.myWebsites.tools.vhostConfs.diaspora = {
225 certName = "eldiron";
226 hosts = [ "diaspora.immae.eu" ];
230 RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
231 RewriteRule ^/(.*)$ unix://${railsSocket}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L]
236 RequestHeader set X_FORWARDED_PROTO https