X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Ftools%2Fdiaspora%2Fdefault.nix;h=53989b7fa31b526fd8f718dadf820f37c3f29268;hb=3bb8a82ab2d07c82682885ee6f8f08ad8170ebc0;hp=0a05daf4bfe20a84f3949486abba137c591caa25;hpb=ccdd91a78b1a6ae757db20d757ba8674dd25e0cc;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/nixops/modules/websites/tools/diaspora/default.nix b/nixops/modules/websites/tools/diaspora/default.nix index 0a05daf..53989b7 100644 --- a/nixops/modules/websites/tools/diaspora/default.nix +++ b/nixops/modules/websites/tools/diaspora/default.nix @@ -1,10 +1,17 @@ { lib, pkgs, config, myconfig, mylibs, ... }: let - diaspora = pkgs.callPackage ./diaspora.nix { - inherit (mylibs) fetchedGithub; - env = myconfig.env.tools.diaspora; + varDir = "/var/lib/diaspora_immae"; + + diaspora = pkgs.webapps.diaspora.override { + ldap = true; + inherit varDir; + podmin_email = "diaspora@tools.immae.eu"; + config_dir = "/var/secrets/webapps/diaspora"; }; + railsSocket = "${socketsDir}/diaspora.sock"; + socketsDir = "/run/diaspora"; + env = myconfig.env.tools.diaspora; root = "/run/current-system/webapps/tools_diaspora"; cfg = config.services.myWebsites.tools.diaspora; in { @@ -13,23 +20,146 @@ in { }; config = lib.mkIf cfg.enable { - ids.uids.diaspora = myconfig.env.tools.diaspora.user.uid; - ids.gids.diaspora = myconfig.env.tools.diaspora.user.gid; + ids.uids.diaspora = env.user.uid; + ids.gids.diaspora = env.user.gid; users.users.diaspora = { name = "diaspora"; uid = config.ids.uids.diaspora; group = "diaspora"; description = "Diaspora user"; - home = diaspora.varDir; + home = varDir; useDefaultShell = true; packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ]; extraGroups = [ "keys" ]; }; users.groups.diaspora.gid = config.ids.gids.diaspora; + mySecrets.keys = [ + { + dest = "webapps/diaspora/diaspora.yml"; + user = "diaspora"; + group = "diaspora"; + permissions = "0400"; + text = '' + configuration: + environment: + url: "https://diaspora.immae.eu/" + certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt' + redis: '${env.redis_url}' + sidekiq: + s3: + assets: + logging: + logrotate: + debug: + server: + listen: '${socketsDir}/diaspora.sock' + rails_environment: 'production' + chat: + server: + bosh: + log: + map: + mapbox: + privacy: + piwik: + statistics: + camo: + settings: + enable_registrations: false + welcome_message: + invitations: + open: false + paypal_donations: + community_spotlight: + captcha: + enable: false + terms: + maintenance: + remove_old_users: + default_metas: + csp: + services: + twitter: + tumblr: + wordpress: + mail: + enable: true + sender_address: 'diaspora@tools.immae.eu' + method: 'sendmail' + smtp: + sendmail: + location: '/run/wrappers/bin/sendmail' + admins: + account: "ismael" + podmin_email: 'diaspora@tools.immae.eu' + relay: + outbound: + inbound: + ldap: + enable: true + host: ldap.immae.eu + port: 636 + only_ldap: true + mail_attribute: mail + skip_email_confirmation: true + use_bind_dn: true + bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu" + bind_pw: "${env.ldap.password}" + search_base: "dc=immae,dc=eu" + search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))" + production: + environment: + development: + environment: + ''; + } + { + dest = "webapps/diaspora/database.yml"; + user = "diaspora"; + group = "diaspora"; + permissions = "0400"; + text = '' + postgresql: &postgresql + adapter: postgresql + host: "${env.postgresql.socket}" + port: "${env.postgresql.port}" + username: "${env.postgresql.user}" + password: "${env.postgresql.password}" + encoding: unicode + common: &common + <<: *postgresql + combined: &combined + <<: *common + development: + <<: *combined + database: diaspora_development + production: + <<: *combined + database: ${env.postgresql.database} + test: + <<: *combined + database: "diaspora_test" + integration1: + <<: *combined + database: diaspora_integration1 + integration2: + <<: *combined + database: diaspora_integration2 + ''; + } + { + dest = "webapps/diaspora/secret_token.rb"; + user = "diaspora"; + group = "diaspora"; + permissions = "0400"; + text = '' + Diaspora::Application.config.secret_key_base = '${env.secret_token}' + ''; + } + ]; - mySecrets.keys = diaspora.keys; systemd.services.diaspora = { description = "Diaspora"; wantedBy = [ "multi-user.target" ]; @@ -43,8 +173,8 @@ in { environment.RAILS_ENV = "production"; environment.BUNDLE_PATH = "${diaspora.gems}/${diaspora.gems.ruby.gemPath}"; environment.BUNDLE_GEMFILE = "${diaspora.gems.confFiles}/Gemfile"; - environment.EYE_SOCK = "${diaspora.socketsDir}/eye.sock"; - environment.EYE_PID = "${diaspora.socketsDir}/eye.pid"; + environment.EYE_SOCK = "${socketsDir}/eye.sock"; + environment.EYE_PID = "${socketsDir}/eye.pid"; path = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby pkgs.curl pkgs.which pkgs.gawk ]; @@ -53,7 +183,7 @@ in { ''; script = '' - exec ${diaspora.railsRoot}/script/server + exec ${diaspora}/script/server ''; serviceConfig = { @@ -61,24 +191,24 @@ in { PrivateTmp = true; Restart = "always"; Type = "simple"; - WorkingDirectory = diaspora.railsRoot; + WorkingDirectory = diaspora; StandardInput = "null"; KillMode = "control-group"; }; - unitConfig.RequiresMountsFor = diaspora.varDir; + unitConfig.RequiresMountsFor = varDir; }; system.activationScripts.diaspora = { deps = [ "users" ]; text = '' - install -m 0755 -o diaspora -g diaspora -d ${diaspora.socketsDir} - install -m 0755 -o diaspora -g diaspora -d ${diaspora.varDir} \ - ${diaspora.varDir}/uploads ${diaspora.varDir}/tmp \ - ${diaspora.varDir}/log - install -m 0700 -o diaspora -g diaspora -d ${diaspora.varDir}/tmp/pids - if [ ! -f ${diaspora.varDir}/schedule.yml ]; then - echo "{}" | $wrapperDir/sudo -u diaspora tee ${diaspora.varDir}/schedule.yml + install -m 0755 -o diaspora -g diaspora -d ${socketsDir} + install -m 0755 -o diaspora -g diaspora -d ${varDir} \ + ${varDir}/uploads ${varDir}/tmp \ + ${varDir}/log + install -m 0700 -o diaspora -g diaspora -d ${varDir}/tmp/pids + if [ ! -f ${varDir}/schedule.yml ]; then + echo "{}" | $wrapperDir/sudo -u diaspora tee ${varDir}/schedule.yml fi ''; }; @@ -89,7 +219,7 @@ in { security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null; system.extraSystemBuilderCmds = '' mkdir -p $out/webapps - ln -s ${diaspora.railsRoot}/public/ $out/webapps/tools_diaspora + ln -s ${diaspora}/public/ $out/webapps/tools_diaspora ''; services.myWebsites.tools.vhostConfs.diaspora = { certName = "eldiron"; @@ -98,7 +228,7 @@ in { extraConfig = [ '' RewriteEngine On RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f - RewriteRule ^/(.*)$ unix://${diaspora.railsSocket}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L] + RewriteRule ^/(.*)$ unix://${railsSocket}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L] ProxyRequests Off ProxyVia On