{ lib, pkgs, config, myconfig, mylibs, ... }:
let
env = myconfig.env.tools.diaspora;
root = "/run/current-system/webapps/tools_diaspora";
cfg = config.services.myWebsites.tools.diaspora;
dcfg = config.services.diaspora;
in {
options.services.myWebsites.tools.diaspora = {
enable = lib.mkEnableOption "enable diaspora's website";
};
config = lib.mkIf cfg.enable {
users.users.diaspora.extraGroups = [ "keys" ];
secrets.keys = [
{
dest = "webapps/diaspora/diaspora.yml";
user = "diaspora";
group = "diaspora";
permissions = "0400";
text = ''
configuration:
environment:
url: "https://diaspora.immae.eu/"
certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt'
redis: '${env.redis_url}'
sidekiq:
s3:
assets:
logging:
logrotate:
debug:
server:
listen: '${dcfg.sockets.rails}'
rails_environment: 'production'
chat:
server:
bosh:
log:
map:
mapbox:
privacy:
piwik:
statistics:
camo:
settings:
enable_registrations: false
welcome_message:
invitations:
open: false
paypal_donations:
community_spotlight:
captcha:
enable: false
terms:
maintenance:
remove_old_users:
default_metas:
csp:
services:
twitter:
tumblr:
wordpress:
mail:
enable: true
sender_address: 'diaspora@tools.immae.eu'
method: 'sendmail'
smtp:
sendmail:
location: '/run/wrappers/bin/sendmail'
admins:
account: "ismael"
podmin_email: 'diaspora@tools.immae.eu'
relay:
outbound:
inbound:
ldap:
enable: true
host: ldap.immae.eu
port: 636
only_ldap: true
mail_attribute: mail
skip_email_confirmation: true
use_bind_dn: true
bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu"
bind_pw: "${env.ldap.password}"
search_base: "dc=immae,dc=eu"
search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))"
production:
environment:
development:
environment:
'';
}
{
dest = "webapps/diaspora/database.yml";
user = "diaspora";
group = "diaspora";
permissions = "0400";
text = ''
postgresql: &postgresql
adapter: postgresql
host: "${env.postgresql.socket}"
port: "${env.postgresql.port}"
username: "${env.postgresql.user}"
password: "${env.postgresql.password}"
encoding: unicode
common: &common
<<: *postgresql
combined: &combined
<<: *common
development:
<<: *combined
database: diaspora_development
production:
<<: *combined
database: ${env.postgresql.database}
test:
<<: *combined
database: "diaspora_test"
integration1:
<<: *combined
database: diaspora_integration1
integration2:
<<: *combined
database: diaspora_integration2
'';
}
{
dest = "webapps/diaspora/secret_token.rb";
user = "diaspora";
group = "diaspora";
permissions = "0400";
text = ''
Diaspora::Application.config.secret_key_base = '${env.secret_token}'
'';
}
];
services.diaspora = {
enable = true;
package = pkgs.webapps.diaspora.override { ldap = true; };
dataDir = "/var/lib/diaspora_immae";
adminEmail = "diaspora@tools.immae.eu";
configDir = "/var/secrets/webapps/diaspora";
};
services.myWebsites.tools.modules = [
"headers" "proxy" "proxy_http"
];
security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null;
system.extraSystemBuilderCmds = ''
mkdir -p $out/webapps
ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora
'';
services.myWebsites.tools.vhostConfs.diaspora = {
certName = "eldiron";
hosts = [ "diaspora.immae.eu" ];
root = root;
extraConfig = [ ''
RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ unix://${dcfg.sockets.rails}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L]
ProxyRequests Off
ProxyVia On
ProxyPreserveHost On
RequestHeader set X_FORWARDED_PROTO https
Require all granted
Require all granted
Options -MultiViews
'' ];
};
};
}