X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Ftools%2Fdiaspora%2Fdefault.nix;h=663fe88d143596be0eb9be82ccffa9068d8ee572;hb=da30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2;hp=efa1fabbdb6e793d43f1cb65c5831a49e7047b67;hpb=4288c2f2431fb782b0d512b1b3749187f2374b6a;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/websites/tools/diaspora/default.nix b/modules/private/websites/tools/diaspora/default.nix
index efa1fab..663fe88 100644
--- a/modules/private/websites/tools/diaspora/default.nix
+++ b/modules/private/websites/tools/diaspora/default.nix
@@ -1,6 +1,6 @@
-{ lib, pkgs, config, myconfig,  ... }:
+{ lib, pkgs, config,  ... }:
 let
-  env = myconfig.env.tools.diaspora;
+  env = config.myEnv.tools.diaspora;
   root = "/run/current-system/webapps/tools_diaspora";
   cfg = config.myServices.websites.tools.diaspora;
   dcfg = config.services.diaspora;
@@ -10,9 +10,20 @@ in {
   };
 
   config = lib.mkIf cfg.enable {
+    services.duplyBackup.profiles.diaspora = {
+      rootDir = dcfg.dataDir;
+      remotes = [ "eriomem" "ovh" ];
+    };
     users.users.diaspora.extraGroups = [ "keys" ];
 
     secrets.keys = [
+      {
+        dest = "webapps/diaspora";
+        isDir = true;
+        user = "diaspora";
+        group = "diaspora";
+        permissions = "0500";
+      }
       {
         dest = "webapps/diaspora/diaspora.yml";
         user = "diaspora";
@@ -23,7 +34,7 @@ in {
           environment:
             url: "https://diaspora.immae.eu/"
             certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt'
-            redis: '${env.redis_url}'
+            redis: 'redis://${env.redis.host}:${env.redis.port}/${env.redis.db}'
             sidekiq:
             s3:
             assets:
@@ -76,16 +87,16 @@ in {
             inbound:
           ldap:
               enable: true
-              host: ldap.immae.eu
+              host: ${env.ldap.host}
               port: 636
               only_ldap: true
               mail_attribute: mail
               skip_email_confirmation: true
               use_bind_dn: true
-              bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu"
+              bind_dn: "${env.ldap.dn}"
               bind_pw: "${env.ldap.password}"
-              search_base: "dc=immae,dc=eu"
-              search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))"
+              search_base: "${env.ldap.base}"
+              search_filter: "${env.ldap.filter}"
         production:
           environment:
         development:
@@ -142,17 +153,22 @@ in {
       package = pkgs.webapps.diaspora.override { ldap = true; };
       dataDir = "/var/lib/diaspora_immae";
       adminEmail = "diaspora@tools.immae.eu";
-      configDir = "/var/secrets/webapps/diaspora";
+      configDir = config.secrets.fullPaths."webapps/diaspora";
+    };
+
+    services.filesWatcher.diaspora = {
+      restart = true;
+      paths = [ dcfg.configDir ];
     };
 
-    services.websites.tools.modules = [
+    services.websites.env.tools.modules = [
       "headers" "proxy" "proxy_http"
     ];
     system.extraSystemBuilderCmds = ''
       mkdir -p $out/webapps
       ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora
       '';
-    services.websites.tools.vhostConfs.diaspora = {
+    services.websites.env.tools.vhostConfs.diaspora = {
       certName    = "eldiron";
       addToCerts  = true;
       hosts       = [ "diaspora.immae.eu" ];