]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - systems/eldiron/websites/diaspora/default.nix
Squash changes containing private information
[perso/Immae/Config/Nix.git] / systems / eldiron / websites / diaspora / default.nix
diff --git a/systems/eldiron/websites/diaspora/default.nix b/systems/eldiron/websites/diaspora/default.nix
new file mode 100644 (file)
index 0000000..c536446
--- /dev/null
@@ -0,0 +1,224 @@
+{ lib, pkgs, config,  ... }:
+let
+  env = config.myEnv.tools.diaspora;
+  root = "${dcfg.workdir}/public/";
+  cfg = config.myServices.websites.tools.diaspora;
+  dcfg = config.services.diaspora;
+in {
+  options.myServices.websites.tools.diaspora = {
+    enable = lib.mkEnableOption "enable diaspora's website";
+  };
+
+  config = lib.mkIf cfg.enable {
+    myServices.dns.zones."immae.eu".subdomains.diaspora =
+      with config.myServices.dns.helpers; ips servers.eldiron.ips.main;
+
+    myServices.chatonsProperties.services.diaspora = {
+      file.datetime = "2022-08-21T01:39:00";
+      service = {
+        name = "Diaspora";
+        description = "The online social world where you are in control";
+        website = "https://diaspora.immae.eu";
+        logo = "https://diaspora.immae.eu/assets/apple-touch-icon-9f7c9cc3923b4817fbb25bfeb0dd5fd34638827fd9c82b5a03f7b68e6e90806f.png";
+        status.level = "OK";
+        status.description = "OK";
+        registration."" = ["MEMBER" "CLIENT"];
+        registration.load = "OPEN";
+        install.type = "PACKAGE";
+      };
+      software = {
+        name = "Diaspora*";
+        website = "https://diasporafoundation.org/";
+        license.url = "https://github.com/diaspora/diaspora/blob/develop/LICENSE";
+        license.name = "GNU Affero General Public License v3.0";
+        version = dcfg.package.version;
+        source.url = "https://github.com/diaspora/diaspora";
+      };
+    };
+    users.users.diaspora.extraGroups = [ "keys" ];
+
+    secrets.keys = {
+      "webapps/diaspora" = {
+        isDir = true;
+        user = "diaspora";
+        group = "diaspora";
+        permissions = "0500";
+      };
+      "webapps/diaspora/diaspora.yml" = {
+        user = "diaspora";
+        group = "diaspora";
+        permissions = "0400";
+        keyDependencies = [ pkgs.cacert ];
+        text = ''
+        configuration:
+          environment:
+            url: "https://diaspora.immae.eu/"
+            certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt'
+            redis: 'redis://${env.redis.host}:${env.redis.port}/${env.redis.db}'
+            sidekiq:
+            s3:
+            assets:
+            logging:
+              logrotate:
+              debug:
+          server:
+            listen: '${dcfg.sockets.rails}'
+            rails_environment: 'production'
+          chat:
+            server:
+              bosh:
+              log:
+          map:
+            mapbox:
+          privacy:
+            piwik:
+            statistics:
+            camo:
+          settings:
+            enable_registrations: false
+            welcome_message:
+            invitations:
+              open: false
+            paypal_donations:
+            community_spotlight:
+            captcha:
+              enable: false
+            terms:
+            maintenance:
+              remove_old_users:
+            default_metas:
+            csp:
+          services:
+            twitter:
+            tumblr:
+            wordpress:
+          mail:
+            enable: true
+            sender_address: 'diaspora@tools.immae.eu'
+            method: 'sendmail'
+            smtp:
+            sendmail:
+              location: '/run/wrappers/bin/sendmail'
+          admins:
+            account: "ismael"
+            podmin_email: 'diaspora@tools.immae.eu'
+          relay:
+            outbound:
+            inbound:
+          ldap:
+              enable: true
+              host: ${env.ldap.host}
+              port: 636
+              only_ldap: true
+              mail_attribute: mail
+              skip_email_confirmation: true
+              use_bind_dn: true
+              bind_dn: "${env.ldap.dn}"
+              bind_pw: "${env.ldap.password}"
+              search_base: "${env.ldap.base}"
+              search_filter: "${env.ldap.filter}"
+        production:
+          environment:
+        development:
+          environment:
+        '';
+      };
+      "webapps/diaspora/database.yml" = {
+        user = "diaspora";
+        group = "diaspora";
+        permissions = "0400";
+        text = ''
+        postgresql: &postgresql
+          adapter: postgresql
+          host: "${env.postgresql.socket}"
+          port: "${env.postgresql.port}"
+          username: "${env.postgresql.user}"
+          password: "${env.postgresql.password}"
+          encoding: unicode
+        common: &common
+          <<: *postgresql
+        combined: &combined
+          <<: *common
+        development:
+          <<: *combined
+          database: diaspora_development
+        production:
+          <<: *combined
+          database: ${env.postgresql.database}
+        test:
+          <<: *combined
+          database: "diaspora_test"
+        integration1:
+          <<: *combined
+          database: diaspora_integration1
+        integration2:
+          <<: *combined
+          database: diaspora_integration2
+        '';
+      };
+      "webapps/diaspora/secret_token.rb" = {
+        user = "diaspora";
+        group = "diaspora";
+        permissions = "0400";
+        text = ''
+          Diaspora::Application.config.secret_key_base = '${env.secret_token}'
+        '';
+      };
+    };
+
+    services.diaspora = {
+      enable = true;
+      withLdap = true;
+      dataDir = "/var/lib/diaspora_immae";
+      adminEmail = "diaspora@tools.immae.eu";
+      configDir = config.secrets.fullPaths."webapps/diaspora";
+    };
+
+    services.filesWatcher.diaspora = {
+      restart = true;
+      paths = [ dcfg.configDir ];
+    };
+
+    services.websites.env.tools.modules = [
+      "headers" "proxy" "proxy_http"
+    ];
+    security.acme.certs.eldiron.extraDomainNames = [ "diaspora.immae.eu" ];
+    services.websites.env.tools.vhostConfs.diaspora = {
+      certName    = "eldiron";
+      hosts       = [ "diaspora.immae.eu" ];
+      root        = root;
+      extraConfig = [ ''
+        RewriteEngine On
+        RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
+        RewriteRule ^/(.*)$ unix://${dcfg.sockets.rails}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L]
+
+        ProxyRequests Off
+        ProxyVia On
+        ProxyPreserveHost On
+        RequestHeader set X_FORWARDED_PROTO https
+
+        <Proxy *>
+            Require all granted
+        </Proxy>
+
+        <Directory ${root}>
+            Require all granted
+            Options -MultiViews
+        </Directory>
+      '' ];
+    };
+    myServices.monitoring.fromMasterActivatedPlugins = [ "http" ];
+    myServices.monitoring.fromMasterObjects.service = [
+      {
+        service_description = "diaspora website is running on diaspora.immae.eu";
+        host_name = config.hostEnv.fqdn;
+        use = "external-web-service";
+        check_command = ["check_https" "diaspora.immae.eu" "/" "is the online social world where you are in control"];
+
+        servicegroups = "webstatus-webapps";
+        _webstatus_name = "Diaspora";
+        _webstatus_url = "https://diaspora.immae.eu/";
+      }
+    ];
+  };
+}