X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Ftools%2Fdiaspora%2Fdefault.nix;h=9119ead35e31e3e9a683c7f9dc1f09661f2479a4;hb=4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0;hp=6742a8108d437ad56c176b7efca1d6749f0d9afe;hpb=17f6eae9907a122d4472da727ae8b1ac1c40c027;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/websites/tools/diaspora/default.nix b/modules/private/websites/tools/diaspora/default.nix index 6742a81..9119ead 100644 --- a/modules/private/websites/tools/diaspora/default.nix +++ b/modules/private/websites/tools/diaspora/default.nix @@ -1,6 +1,6 @@ -{ lib, pkgs, config, myconfig, ... }: +{ lib, pkgs, config, ... }: let - env = myconfig.env.tools.diaspora; + env = config.myEnv.tools.diaspora; root = "/run/current-system/webapps/tools_diaspora"; cfg = config.myServices.websites.tools.diaspora; dcfg = config.services.diaspora; @@ -10,11 +10,20 @@ in { }; config = lib.mkIf cfg.enable { + services.duplyBackup.profiles.diaspora = { + rootDir = dcfg.dataDir; + remotes = [ "eriomem" "ovh" ]; + }; users.users.diaspora.extraGroups = [ "keys" ]; - secrets.keys = [ - { - dest = "webapps/diaspora/diaspora.yml"; + secrets.keys = { + "webapps/diaspora" = { + isDir = true; + user = "diaspora"; + group = "diaspora"; + permissions = "0500"; + }; + "webapps/diaspora/diaspora.yml" = { user = "diaspora"; group = "diaspora"; permissions = "0400"; @@ -23,7 +32,7 @@ in { environment: url: "https://diaspora.immae.eu/" certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt' - redis: '${env.redis_url}' + redis: 'redis://${env.redis.host}:${env.redis.port}/${env.redis.db}' sidekiq: s3: assets: @@ -76,24 +85,23 @@ in { inbound: ldap: enable: true - host: ldap.immae.eu + host: ${env.ldap.host} port: 636 only_ldap: true mail_attribute: mail skip_email_confirmation: true use_bind_dn: true - bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu" + bind_dn: "${env.ldap.dn}" bind_pw: "${env.ldap.password}" - search_base: "dc=immae,dc=eu" - search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))" + search_base: "${env.ldap.base}" + search_filter: "${env.ldap.filter}" production: environment: development: environment: ''; - } - { - dest = "webapps/diaspora/database.yml"; + }; + "webapps/diaspora/database.yml" = { user = "diaspora"; group = "diaspora"; permissions = "0400"; @@ -125,24 +133,23 @@ in { <<: *combined database: diaspora_integration2 ''; - } - { - dest = "webapps/diaspora/secret_token.rb"; + }; + "webapps/diaspora/secret_token.rb" = { user = "diaspora"; group = "diaspora"; permissions = "0400"; text = '' Diaspora::Application.config.secret_key_base = '${env.secret_token}' ''; - } - ]; + }; + }; services.diaspora = { enable = true; package = pkgs.webapps.diaspora.override { ldap = true; }; dataDir = "/var/lib/diaspora_immae"; adminEmail = "diaspora@tools.immae.eu"; - configDir = "/var/secrets/webapps/diaspora"; + configDir = config.secrets.fullPaths."webapps/diaspora"; }; services.filesWatcher.diaspora = { @@ -150,14 +157,14 @@ in { paths = [ dcfg.configDir ]; }; - services.websites.tools.modules = [ + services.websites.env.tools.modules = [ "headers" "proxy" "proxy_http" ]; system.extraSystemBuilderCmds = '' mkdir -p $out/webapps ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora ''; - services.websites.tools.vhostConfs.diaspora = { + services.websites.env.tools.vhostConfs.diaspora = { certName = "eldiron"; addToCerts = true; hosts = [ "diaspora.immae.eu" ];