X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Ftools%2Fdiaspora%2Fdefault.nix;h=53989b7fa31b526fd8f718dadf820f37c3f29268;hb=86663f1789aecdb62e44a4be46e0ed111b795a09;hp=8d62c7e3f798830faf963d250475c2802a7c87ba;hpb=3b075825f1f2fc3578024454a8970e3797248209;p=perso%2FImmae%2FConfig%2FNix.git
diff --git a/nixops/modules/websites/tools/diaspora/default.nix b/nixops/modules/websites/tools/diaspora/default.nix
index 8d62c7e..53989b7 100644
--- a/nixops/modules/websites/tools/diaspora/default.nix
+++ b/nixops/modules/websites/tools/diaspora/default.nix
@@ -1,10 +1,18 @@
{ lib, pkgs, config, myconfig, mylibs, ... }:
let
- diaspora = pkgs.callPackage ./diaspora.nix {
- inherit (mylibs) fetchedGithub;
- env = myconfig.env.tools.diaspora;
+ varDir = "/var/lib/diaspora_immae";
+
+ diaspora = pkgs.webapps.diaspora.override {
+ ldap = true;
+ inherit varDir;
+ podmin_email = "diaspora@tools.immae.eu";
+ config_dir = "/var/secrets/webapps/diaspora";
};
+ railsSocket = "${socketsDir}/diaspora.sock";
+ socketsDir = "/run/diaspora";
+ env = myconfig.env.tools.diaspora;
+ root = "/run/current-system/webapps/tools_diaspora";
cfg = config.services.myWebsites.tools.diaspora;
in {
options.services.myWebsites.tools.diaspora = {
@@ -12,32 +20,161 @@ in {
};
config = lib.mkIf cfg.enable {
- ids.uids.diaspora = myconfig.env.tools.diaspora.user.uid;
- ids.gids.diaspora = myconfig.env.tools.diaspora.user.gid;
+ ids.uids.diaspora = env.user.uid;
+ ids.gids.diaspora = env.user.gid;
users.users.diaspora = {
name = "diaspora";
uid = config.ids.uids.diaspora;
group = "diaspora";
description = "Diaspora user";
- home = diaspora.railsRoot;
+ home = varDir;
useDefaultShell = true;
packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ];
+ extraGroups = [ "keys" ];
};
users.groups.diaspora.gid = config.ids.gids.diaspora;
+ mySecrets.keys = [
+ {
+ dest = "webapps/diaspora/diaspora.yml";
+ user = "diaspora";
+ group = "diaspora";
+ permissions = "0400";
+ text = ''
+ configuration:
+ environment:
+ url: "https://diaspora.immae.eu/"
+ certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt'
+ redis: '${env.redis_url}'
+ sidekiq:
+ s3:
+ assets:
+ logging:
+ logrotate:
+ debug:
+ server:
+ listen: '${socketsDir}/diaspora.sock'
+ rails_environment: 'production'
+ chat:
+ server:
+ bosh:
+ log:
+ map:
+ mapbox:
+ privacy:
+ piwik:
+ statistics:
+ camo:
+ settings:
+ enable_registrations: false
+ welcome_message:
+ invitations:
+ open: false
+ paypal_donations:
+ community_spotlight:
+ captcha:
+ enable: false
+ terms:
+ maintenance:
+ remove_old_users:
+ default_metas:
+ csp:
+ services:
+ twitter:
+ tumblr:
+ wordpress:
+ mail:
+ enable: true
+ sender_address: 'diaspora@tools.immae.eu'
+ method: 'sendmail'
+ smtp:
+ sendmail:
+ location: '/run/wrappers/bin/sendmail'
+ admins:
+ account: "ismael"
+ podmin_email: 'diaspora@tools.immae.eu'
+ relay:
+ outbound:
+ inbound:
+ ldap:
+ enable: true
+ host: ldap.immae.eu
+ port: 636
+ only_ldap: true
+ mail_attribute: mail
+ skip_email_confirmation: true
+ use_bind_dn: true
+ bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu"
+ bind_pw: "${env.ldap.password}"
+ search_base: "dc=immae,dc=eu"
+ search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))"
+ production:
+ environment:
+ development:
+ environment:
+ '';
+ }
+ {
+ dest = "webapps/diaspora/database.yml";
+ user = "diaspora";
+ group = "diaspora";
+ permissions = "0400";
+ text = ''
+ postgresql: &postgresql
+ adapter: postgresql
+ host: "${env.postgresql.socket}"
+ port: "${env.postgresql.port}"
+ username: "${env.postgresql.user}"
+ password: "${env.postgresql.password}"
+ encoding: unicode
+ common: &common
+ <<: *postgresql
+ combined: &combined
+ <<: *common
+ development:
+ <<: *combined
+ database: diaspora_development
+ production:
+ <<: *combined
+ database: ${env.postgresql.database}
+ test:
+ <<: *combined
+ database: "diaspora_test"
+ integration1:
+ <<: *combined
+ database: diaspora_integration1
+ integration2:
+ <<: *combined
+ database: diaspora_integration2
+ '';
+ }
+ {
+ dest = "webapps/diaspora/secret_token.rb";
+ user = "diaspora";
+ group = "diaspora";
+ permissions = "0400";
+ text = ''
+ Diaspora::Application.config.secret_key_base = '${env.secret_token}'
+ '';
+ }
+ ];
systemd.services.diaspora = {
description = "Diaspora";
wantedBy = [ "multi-user.target" ];
- after = [ "network.target" "redis.service" "postgresql.service" ];
- wants = [ "redis.service" "postgresql.service" ];
+ after = [
+ "network.target" "redis.service" "postgresql.service"
+ ];
+ wants = [
+ "redis.service" "postgresql.service"
+ ];
environment.RAILS_ENV = "production";
environment.BUNDLE_PATH = "${diaspora.gems}/${diaspora.gems.ruby.gemPath}";
environment.BUNDLE_GEMFILE = "${diaspora.gems.confFiles}/Gemfile";
- environment.EYE_SOCK = "${diaspora.socketsDir}/eye.sock";
- environment.EYE_PID = "${diaspora.socketsDir}/eye.pid";
+ environment.EYE_SOCK = "${socketsDir}/eye.sock";
+ environment.EYE_PID = "${socketsDir}/eye.pid";
path = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby pkgs.curl pkgs.which pkgs.gawk ];
@@ -46,7 +183,7 @@ in {
'';
script = ''
- exec ${diaspora.railsRoot}/script/server
+ exec ${diaspora}/script/server
'';
serviceConfig = {
@@ -54,45 +191,44 @@ in {
PrivateTmp = true;
Restart = "always";
Type = "simple";
- WorkingDirectory = diaspora.railsRoot;
+ WorkingDirectory = diaspora;
StandardInput = "null";
KillMode = "control-group";
};
- unitConfig.RequiresMountsFor = diaspora.varDir;
+ unitConfig.RequiresMountsFor = varDir;
};
system.activationScripts.diaspora = {
deps = [ "users" ];
text = ''
- install -m 0755 -o diaspora -g diaspora -d ${diaspora.socketsDir}
- install -m 0755 -o diaspora -g diaspora -d ${diaspora.varDir} \
- ${diaspora.varDir}/uploads ${diaspora.varDir}/tmp \
- ${diaspora.varDir}/log
- install -m 0700 -o diaspora -g diaspora -d ${diaspora.varDir}/tmp/pids
- if [ ! -f ${diaspora.varDir}/schedule.yml ]; then
- echo "{}" | $wrapperDir/sudo -u diaspora tee ${diaspora.varDir}/schedule.yml
+ install -m 0755 -o diaspora -g diaspora -d ${socketsDir}
+ install -m 0755 -o diaspora -g diaspora -d ${varDir} \
+ ${varDir}/uploads ${varDir}/tmp \
+ ${varDir}/log
+ install -m 0700 -o diaspora -g diaspora -d ${varDir}/tmp/pids
+ if [ ! -f ${varDir}/schedule.yml ]; then
+ echo "{}" | $wrapperDir/sudo -u diaspora tee ${varDir}/schedule.yml
fi
'';
};
services.myWebsites.tools.modules = [
- "headers" "proxy" "proxy_http" "proxy_balancer"
- "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat"
+ "headers" "proxy" "proxy_http"
];
security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null;
+ system.extraSystemBuilderCmds = ''
+ mkdir -p $out/webapps
+ ln -s ${diaspora}/public/ $out/webapps/tools_diaspora
+ '';
services.myWebsites.tools.vhostConfs.diaspora = {
certName = "eldiron";
hosts = [ "diaspora.immae.eu" ];
- root = "${diaspora.railsRoot}/public/";
+ root = root;
extraConfig = [ ''
RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
- RewriteRule ^/(.*)$ balancer://thinservers%{REQUEST_URI} [P,QSA,L]
-
-
- BalancerMember unix://${diaspora.railsSocket}|http://
-
+ RewriteRule ^/(.*)$ unix://${railsSocket}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L]
ProxyRequests Off
ProxyVia On
@@ -103,7 +239,7 @@ in {
Require all granted
-
+
Require all granted
Options -MultiViews