1 { checkEnv, fetchedGithub, stdenv, writeText, pkgs, cacert }:
3 varDir = "/var/lib/mastodon_immae";
4 socketsDir = "/run/mastodon";
5 mastodon = stdenv.mkDerivation (fetchedGithub ./mastodon.json // rec {
7 export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
8 export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
10 bundle install --deployment --without development test
11 yarn install --pure-lockfile
16 propagatedBuildInputs = with pkgs; [
17 zlib icu libchardet git bundler yarn
18 protobuf protobufc libidn libpqxx nodejs
19 imagemagick ffmpeg libxml2 libxslt pkgconfig
20 autoconf bison libyaml readline ncurses libffi gdbm
21 jemalloc which postgresql python3 cacert
25 assert checkEnv "NIXOPS_MASTODON_DB_PASS";
26 assert checkEnv "NIXOPS_MASTODON_PAPERCLIP_SECRET";
27 assert checkEnv "NIXOPS_MASTODON_SECRET_KEY_BASE";
28 assert checkEnv "NIXOPS_MASTODON_OTP_SECRET";
29 assert checkEnv "NIXOPS_MASTODON_VAPID_PRIVATE_KEY";
30 assert checkEnv "NIXOPS_MASTODON_VAPID_PUBLIC_KEY";
31 assert checkEnv "NIXOPS_MASTODON_OTP_SECRET";
32 assert checkEnv "NIXOPS_MASTODON_LDAP_PASSWORD";
33 writeText "mastodon_environment" ''
37 DB_HOST=/run/postgresql
40 DB_PASS=${builtins.getEnv "NIXOPS_MASTODON_DB_PASS"}
43 LOCAL_DOMAIN=mastodon.immae.eu
45 ALTERNATE_DOMAINS=immae.eu
47 PAPERCLIP_SECRET=${builtins.getEnv "NIXOPS_MASTODON_PAPERCLIP_SECRET"}
48 SECRET_KEY_BASE=${builtins.getEnv "NIXOPS_MASTODON_SECRET_KEY_BASE"}
49 OTP_SECRET=${builtins.getEnv "NIXOPS_MASTODON_OTP_SECRET"}
51 VAPID_PRIVATE_KEY=${builtins.getEnv "NIXOPS_MASTODON_VAPID_PRIVATE_KEY"}
52 VAPID_PUBLIC_KEY=${builtins.getEnv "NIXOPS_MASTODON_VAPID_PUBLIC_KEY"}
54 SMTP_SERVER=mail.immae.eu
56 SMTP_FROM_ADDRESS=notifications@mastodon.immae.eu
57 SMTP_DELIVERY_METHOD=smtp
58 PAPERCLIP_ROOT_PATH=${varDir}
60 STREAMING_CLUSTER_NUM=1
62 # LDAP authentication (optional)
64 LDAP_HOST=ldap.immae.eu
66 LDAP_METHOD=simple_tls
67 LDAP_BASE="dc=immae,dc=eu"
68 LDAP_BIND_DN="cn=mastodon,ou=services,dc=immae,dc=eu"
69 LDAP_PASSWORD="${builtins.getEnv "NIXOPS_MASTODON_LDAP_PASSWORD"}"
71 LDAP_SEARCH_FILTER="(&(%{uid}=%{email})(memberOf=cn=users,cn=mastodon,ou=services,dc=immae,dc=eu))"
74 railsRoot = stdenv.mkDerivation {
75 name = "mastodon_immae";
76 inherit config mastodon;
77 builder = writeText "build_mastodon_immae" ''
84 chmod u+rwX . node_modules public
85 RAILS_ENV=production bundle exec rails assets:precompile
87 propagatedBuildInputs = with pkgs; [
88 zlib icu libchardet git bundler yarn
89 protobuf protobufc libidn libpqxx nodejs
90 imagemagick ffmpeg libxml2 libxslt pkgconfig
91 autoconf bison libyaml readline ncurses libffi gdbm
92 jemalloc which postgresql python3 cacert
97 inherit railsRoot config varDir socketsDir;
98 nodeSocket = "${socketsDir}/live_immae_node.sock";
99 railsSocket = "${socketsDir}/live_immae_puma.sock";