-{ checkEnv, fetchedGithub, stdenv, writeText, pkgs, cacert }:
+{ env, ruby_2_5, bundlerEnv, defaultGemConfig, fetchedGithub, stdenv, writeText, pkgs, cacert }:
let
varDir = "/var/lib/mastodon_immae";
socketsDir = "/run/mastodon";
+ gems = bundlerEnv {
+ name = "mastodon-env";
+ ruby = ruby_2_5;
+ gemset = ./gemset.nix;
+ gemdir = (fetchedGithub ./mastodon.json).src;
+ groups = [ "default" "production" "test" "development" ];
+ gemConfig = defaultGemConfig // {
+ cld3 = attrs: {
+ buildInputs = with pkgs; [ protobuf protobufc pkgconfig ];
+ };
+ idn-ruby = attrs: {
+ buildInputs = with pkgs; [ libidn ];
+ };
+ rpam2 = attrs: {
+ buildInputs = with pkgs; [ pam ];
+ };
+ };
+ };
mastodon = stdenv.mkDerivation (fetchedGithub ./mastodon.json // rec {
+ __noChroot = true;
buildPhase = ''
- export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
- export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
-
- bundle install --deployment --without development test
yarn install --pure-lockfile
+ patchShebangs node_modules
'';
installPhase = ''
cp -a . $out
'';
- propagatedBuildInputs = with pkgs; [
- zlib icu libchardet git bundler yarn
- protobuf protobufc libidn libpqxx nodejs
- imagemagick ffmpeg libxml2 libxslt pkgconfig
- autoconf bison libyaml readline ncurses libffi gdbm
- jemalloc which postgresql python3 cacert
- ];
+ propagatedBuildInputs = [ gems pkgs.yarn pkgs.python2 pkgs.nodejs ];
});
- config =
- assert checkEnv "NIXOPS_MASTODON_DB_PASS";
- assert checkEnv "NIXOPS_MASTODON_PAPERCLIP_SECRET";
- assert checkEnv "NIXOPS_MASTODON_SECRET_KEY_BASE";
- assert checkEnv "NIXOPS_MASTODON_OTP_SECRET";
- assert checkEnv "NIXOPS_MASTODON_VAPID_PRIVATE_KEY";
- assert checkEnv "NIXOPS_MASTODON_VAPID_PUBLIC_KEY";
- assert checkEnv "NIXOPS_MASTODON_OTP_SECRET";
- assert checkEnv "NIXOPS_MASTODON_LDAP_PASSWORD";
- writeText "mastodon_environment" ''
+ config = writeText "mastodon_environment" ''
REDIS_HOST=localhost
REDIS_PORT=6379
REDIS_DB=13
DB_HOST=/run/postgresql
DB_USER=mastodon
DB_NAME=mastodon
- DB_PASS=${builtins.getEnv "NIXOPS_MASTODON_DB_PASS"}
+ DB_PASS=${env.postgresql.password}
DB_PORT=5432
LOCAL_DOMAIN=mastodon.immae.eu
LOCAL_HTTPS=true
ALTERNATE_DOMAINS=immae.eu
- PAPERCLIP_SECRET=${builtins.getEnv "NIXOPS_MASTODON_PAPERCLIP_SECRET"}
- SECRET_KEY_BASE=${builtins.getEnv "NIXOPS_MASTODON_SECRET_KEY_BASE"}
- OTP_SECRET=${builtins.getEnv "NIXOPS_MASTODON_OTP_SECRET"}
+ PAPERCLIP_SECRET=${env.paperclip_secret}
+ SECRET_KEY_BASE=${env.secret_key_base}
+ OTP_SECRET=${env.otp_secret}
- VAPID_PRIVATE_KEY=${builtins.getEnv "NIXOPS_MASTODON_VAPID_PRIVATE_KEY"}
- VAPID_PUBLIC_KEY=${builtins.getEnv "NIXOPS_MASTODON_VAPID_PUBLIC_KEY"}
+ VAPID_PRIVATE_KEY=${env.vapid.private}
+ VAPID_PUBLIC_KEY=${env.vapid.public}
SMTP_SERVER=mail.immae.eu
SMTP_PORT=587
LDAP_METHOD=simple_tls
LDAP_BASE="dc=immae,dc=eu"
LDAP_BIND_DN="cn=mastodon,ou=services,dc=immae,dc=eu"
- LDAP_PASSWORD="${builtins.getEnv "NIXOPS_MASTODON_LDAP_PASSWORD"}"
+ LDAP_PASSWORD="${env.ldap.password}"
LDAP_UID="uid"
LDAP_SEARCH_FILTER="(&(%{uid}=%{email})(memberOf=cn=users,cn=mastodon,ou=services,dc=immae,dc=eu))"
'';
cp -a $mastodon $out
cd $out
chmod u+rwX . node_modules public
- RAILS_ENV=production bundle exec rails assets:precompile
+ RAILS_ENV=production ${gems}/bin/rails assets:precompile
+ rm -rf tmp/cache
+ ln -sf ../../../../../../../${varDir}/tmp/cache tmp
'';
- propagatedBuildInputs = with pkgs; [
- zlib icu libchardet git bundler yarn
- protobuf protobufc libidn libpqxx nodejs
- imagemagick ffmpeg libxml2 libxslt pkgconfig
- autoconf bison libyaml readline ncurses libffi gdbm
- jemalloc which postgresql python3 cacert
- ];
+ buildInputs = [ gems pkgs.nodejs pkgs.yarn ];
};
in
{
- inherit railsRoot config varDir socketsDir;
+ inherit railsRoot config varDir socketsDir gems;
nodeSocket = "${socketsDir}/live_immae_node.sock";
railsSocket = "${socketsDir}/live_immae_puma.sock";
}