+++ /dev/null
-{ lib, pkgs, config, myconfig, mylibs, ... }:
-let
- varDir = "/var/lib/diaspora_immae";
-
- diaspora = pkgs.webapps.diaspora.override {
- ldap = true;
- inherit varDir;
- podmin_email = "diaspora@tools.immae.eu";
- config_dir = "/var/secrets/webapps/diaspora";
- };
-
- railsSocket = "${socketsDir}/diaspora.sock";
- socketsDir = "/run/diaspora";
- env = myconfig.env.tools.diaspora;
- root = "/run/current-system/webapps/tools_diaspora";
- cfg = config.services.myWebsites.tools.diaspora;
-in {
- options.services.myWebsites.tools.diaspora = {
- enable = lib.mkEnableOption "enable diaspora's website";
- };
-
- config = lib.mkIf cfg.enable {
- ids.uids.diaspora = env.user.uid;
- ids.gids.diaspora = env.user.gid;
-
- users.users.diaspora = {
- name = "diaspora";
- uid = config.ids.uids.diaspora;
- group = "diaspora";
- description = "Diaspora user";
- home = varDir;
- useDefaultShell = true;
- packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ];
- extraGroups = [ "keys" ];
- };
-
- users.groups.diaspora.gid = config.ids.gids.diaspora;
- mySecrets.keys = [
- {
- dest = "webapps/diaspora/diaspora.yml";
- user = "diaspora";
- group = "diaspora";
- permissions = "0400";
- text = ''
- configuration:
- environment:
- url: "https://diaspora.immae.eu/"
- certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt'
- redis: '${env.redis_url}'
- sidekiq:
- s3:
- assets:
- logging:
- logrotate:
- debug:
- server:
- listen: '${socketsDir}/diaspora.sock'
- rails_environment: 'production'
- chat:
- server:
- bosh:
- log:
- map:
- mapbox:
- privacy:
- piwik:
- statistics:
- camo:
- settings:
- enable_registrations: false
- welcome_message:
- invitations:
- open: false
- paypal_donations:
- community_spotlight:
- captcha:
- enable: false
- terms:
- maintenance:
- remove_old_users:
- default_metas:
- csp:
- services:
- twitter:
- tumblr:
- wordpress:
- mail:
- enable: true
- sender_address: 'diaspora@tools.immae.eu'
- method: 'sendmail'
- smtp:
- sendmail:
- location: '/run/wrappers/bin/sendmail'
- admins:
- account: "ismael"
- podmin_email: 'diaspora@tools.immae.eu'
- relay:
- outbound:
- inbound:
- ldap:
- enable: true
- host: ldap.immae.eu
- port: 636
- only_ldap: true
- mail_attribute: mail
- skip_email_confirmation: true
- use_bind_dn: true
- bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu"
- bind_pw: "${env.ldap.password}"
- search_base: "dc=immae,dc=eu"
- search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))"
- production:
- environment:
- development:
- environment:
- '';
- }
- {
- dest = "webapps/diaspora/database.yml";
- user = "diaspora";
- group = "diaspora";
- permissions = "0400";
- text = ''
- postgresql: &postgresql
- adapter: postgresql
- host: "${env.postgresql.socket}"
- port: "${env.postgresql.port}"
- username: "${env.postgresql.user}"
- password: "${env.postgresql.password}"
- encoding: unicode
- common: &common
- <<: *postgresql
- combined: &combined
- <<: *common
- development:
- <<: *combined
- database: diaspora_development
- production:
- <<: *combined
- database: ${env.postgresql.database}
- test:
- <<: *combined
- database: "diaspora_test"
- integration1:
- <<: *combined
- database: diaspora_integration1
- integration2:
- <<: *combined
- database: diaspora_integration2
- '';
- }
- {
- dest = "webapps/diaspora/secret_token.rb";
- user = "diaspora";
- group = "diaspora";
- permissions = "0400";
- text = ''
- Diaspora::Application.config.secret_key_base = '${env.secret_token}'
- '';
- }
- ];
-
- systemd.services.diaspora = {
- description = "Diaspora";
- wantedBy = [ "multi-user.target" ];
- after = [
- "network.target" "redis.service" "postgresql.service"
- ];
- wants = [
- "redis.service" "postgresql.service"
- ];
-
- environment.RAILS_ENV = "production";
- environment.BUNDLE_PATH = "${diaspora.gems}/${diaspora.gems.ruby.gemPath}";
- environment.BUNDLE_GEMFILE = "${diaspora.gems.confFiles}/Gemfile";
- environment.EYE_SOCK = "${socketsDir}/eye.sock";
- environment.EYE_PID = "${socketsDir}/eye.pid";
-
- path = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby pkgs.curl pkgs.which pkgs.gawk ];
-
- preStart = ''
- ./bin/bundle exec rails db:migrate
- '';
-
- script = ''
- exec ${diaspora}/script/server
- '';
-
- serviceConfig = {
- User = "diaspora";
- PrivateTmp = true;
- Restart = "always";
- Type = "simple";
- WorkingDirectory = diaspora;
- StandardInput = "null";
- KillMode = "control-group";
- };
-
- unitConfig.RequiresMountsFor = varDir;
- };
-
- system.activationScripts.diaspora = {
- deps = [ "users" ];
- text = ''
- install -m 0755 -o diaspora -g diaspora -d ${socketsDir}
- install -m 0755 -o diaspora -g diaspora -d ${varDir} \
- ${varDir}/uploads ${varDir}/tmp \
- ${varDir}/log
- install -m 0700 -o diaspora -g diaspora -d ${varDir}/tmp/pids
- if [ ! -f ${varDir}/schedule.yml ]; then
- echo "{}" | $wrapperDir/sudo -u diaspora tee ${varDir}/schedule.yml
- fi
- '';
- };
-
- services.myWebsites.tools.modules = [
- "headers" "proxy" "proxy_http"
- ];
- security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null;
- system.extraSystemBuilderCmds = ''
- mkdir -p $out/webapps
- ln -s ${diaspora}/public/ $out/webapps/tools_diaspora
- '';
- services.myWebsites.tools.vhostConfs.diaspora = {
- certName = "eldiron";
- hosts = [ "diaspora.immae.eu" ];
- root = root;
- extraConfig = [ ''
- RewriteEngine On
- RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
- RewriteRule ^/(.*)$ unix://${railsSocket}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L]
-
- ProxyRequests Off
- ProxyVia On
- ProxyPreserveHost On
- RequestHeader set X_FORWARDED_PROTO https
-
- <Proxy *>
- Require all granted
- </Proxy>
-
- <Directory ${root}>
- Require all granted
- Options -MultiViews
- </Directory>
- '' ];
- };
- };
-}