X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=virtual%2Fmodules%2Fwebsites%2Ftools%2Fmastodon%2Fmastodon.nix;fp=virtual%2Fmodules%2Fwebsites%2Ftools%2Fmastodon%2Fmastodon.nix;h=e948852bec98c5a50902fb625c3fa3339687f3e1;hb=35a397cd22e6c8dd7dec471f09416441b64deee4;hp=0000000000000000000000000000000000000000;hpb=108891744eaa7410e305871212d5b81c1b67a095;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/virtual/modules/websites/tools/mastodon/mastodon.nix b/virtual/modules/websites/tools/mastodon/mastodon.nix new file mode 100644 index 0000000..e948852 --- /dev/null +++ b/virtual/modules/websites/tools/mastodon/mastodon.nix @@ -0,0 +1,100 @@ +{ checkEnv, fetchedGithub, stdenv, writeText, pkgs, cacert }: +let + varDir = "/var/lib/mastodon_immae"; + socketsDir = "/run/mastodon"; + mastodon = stdenv.mkDerivation (fetchedGithub ./mastodon.json // rec { + buildPhase = '' + export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt + export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt + + bundle install --deployment --without development test + yarn install --pure-lockfile + ''; + installPhase = '' + cp -a . $out + ''; + propagatedBuildInputs = with pkgs; [ + zlib icu libchardet git bundler yarn + protobuf protobufc libidn libpqxx nodejs + imagemagick ffmpeg libxml2 libxslt pkgconfig + autoconf bison libyaml readline ncurses libffi gdbm + jemalloc which postgresql python3 cacert + ]; + }); + config = + assert checkEnv "NIXOPS_MASTODON_DB_PASS"; + assert checkEnv "NIXOPS_MASTODON_PAPERCLIP_SECRET"; + assert checkEnv "NIXOPS_MASTODON_SECRET_KEY_BASE"; + assert checkEnv "NIXOPS_MASTODON_OTP_SECRET"; + assert checkEnv "NIXOPS_MASTODON_VAPID_PRIVATE_KEY"; + assert checkEnv "NIXOPS_MASTODON_VAPID_PUBLIC_KEY"; + assert checkEnv "NIXOPS_MASTODON_OTP_SECRET"; + assert checkEnv "NIXOPS_MASTODON_LDAP_PASSWORD"; + writeText "mastodon_environment" '' + REDIS_HOST=localhost + REDIS_PORT=6379 + REDIS_DB=13 + DB_HOST=/run/postgresql + DB_USER=mastodon + DB_NAME=mastodon + DB_PASS=${builtins.getEnv "NIXOPS_MASTODON_DB_PASS"} + DB_PORT=5432 + + LOCAL_DOMAIN=mastodon.immae.eu + LOCAL_HTTPS=true + ALTERNATE_DOMAINS=immae.eu + + PAPERCLIP_SECRET=${builtins.getEnv "NIXOPS_MASTODON_PAPERCLIP_SECRET"} + SECRET_KEY_BASE=${builtins.getEnv "NIXOPS_MASTODON_SECRET_KEY_BASE"} + OTP_SECRET=${builtins.getEnv "NIXOPS_MASTODON_OTP_SECRET"} + + VAPID_PRIVATE_KEY=${builtins.getEnv "NIXOPS_MASTODON_VAPID_PRIVATE_KEY"} + VAPID_PUBLIC_KEY=${builtins.getEnv "NIXOPS_MASTODON_VAPID_PUBLIC_KEY"} + + SMTP_SERVER=mail.immae.eu + SMTP_PORT=587 + SMTP_FROM_ADDRESS=notifications@mastodon.immae.eu + SMTP_DELIVERY_METHOD=smtp + PAPERCLIP_ROOT_PATH=${varDir} + + STREAMING_CLUSTER_NUM=1 + + # LDAP authentication (optional) + LDAP_ENABLED=true + LDAP_HOST=ldap.immae.eu + LDAP_PORT=636 + LDAP_METHOD=simple_tls + LDAP_BASE="dc=immae,dc=eu" + LDAP_BIND_DN="cn=mastodon,ou=services,dc=immae,dc=eu" + LDAP_PASSWORD="${builtins.getEnv "NIXOPS_MASTODON_LDAP_PASSWORD"}" + LDAP_UID="uid" + LDAP_SEARCH_FILTER="(&(%{uid}=%{email})(memberOf=cn=users,cn=mastodon,ou=services,dc=immae,dc=eu))" + ''; + + railsRoot = stdenv.mkDerivation { + name = "mastodon_immae"; + inherit config mastodon; + builder = writeText "build_mastodon_immae" '' + source $stdenv/setup + set -a + source $config + set +a + cp -a $mastodon $out + cd $out + chmod u+rwX . node_modules public + RAILS_ENV=production bundle exec rails assets:precompile + ''; + propagatedBuildInputs = with pkgs; [ + zlib icu libchardet git bundler yarn + protobuf protobufc libidn libpqxx nodejs + imagemagick ffmpeg libxml2 libxslt pkgconfig + autoconf bison libyaml readline ncurses libffi gdbm + jemalloc which postgresql python3 cacert + ]; + }; +in + { + inherit railsRoot config varDir socketsDir; + nodeSocket = "${socketsDir}/live_immae_node.sock"; + railsSocket = "${socketsDir}/live_immae_puma.sock"; + }