--- /dev/null
+{ lib, pkgs, config, ... }:
+let
+ name = "diaspora";
+ cfg = config.services.diaspora;
+
+ uid = config.ids.uids.diaspora;
+ gid = config.ids.gids.diaspora;
+in
+{
+ options.services.diaspora = {
+ enable = lib.mkEnableOption "Enable Diaspora’s service";
+ user = lib.mkOption {
+ type = lib.types.str;
+ default = name;
+ description = "User account under which Diaspora runs";
+ };
+ group = lib.mkOption {
+ type = lib.types.str;
+ default = name;
+ description = "Group under which Diaspora runs";
+ };
+ adminEmail = lib.mkOption {
+ type = lib.types.str;
+ example = "admin@example.com";
+ description = "Admin e-mail for Diaspora";
+ };
+ dataDir = lib.mkOption {
+ type = lib.types.path;
+ default = "/var/lib/${name}";
+ description = ''
+ The directory where Diaspora stores its data.
+ '';
+ };
+ socketsDir = lib.mkOption {
+ type = lib.types.path;
+ default = "/run/${name}";
+ description = ''
+ The directory where Diaspora puts runtime files and sockets.
+ '';
+ };
+ configDir = lib.mkOption {
+ type = lib.types.path;
+ description = ''
+ The configuration path for Diaspora.
+ '';
+ };
+ package = lib.mkOption {
+ type = lib.types.package;
+ default = pkgs.webapps.diaspora;
+ description = ''
+ Diaspora package to use.
+ '';
+ };
+ # Output variables
+ workdir = lib.mkOption {
+ type = lib.types.package;
+ default = cfg.package.override {
+ varDir = cfg.dataDir;
+ podmin_email = cfg.adminEmail;
+ config_dir = cfg.configDir;
+ };
+ description = ''
+ Adjusted diaspora package with overriden values
+ '';
+ readOnly = true;
+ };
+ sockets = lib.mkOption {
+ type = lib.types.attrsOf lib.types.path;
+ default = {
+ rails = "${cfg.socketsDir}/diaspora.sock";
+ eye = "${cfg.socketsDir}/eye.sock";
+ };
+ readOnly = true;
+ description = ''
+ Diaspora sockets
+ '';
+ };
+ pids = lib.mkOption {
+ type = lib.types.attrsOf lib.types.path;
+ default = {
+ eye = "${cfg.socketsDir}/eye.pid";
+ };
+ readOnly = true;
+ description = ''
+ Diaspora pids
+ '';
+ };
+ };
+
+ config = lib.mkIf cfg.enable {
+ users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton {
+ inherit name;
+ inherit uid;
+ group = cfg.group;
+ description = "Diaspora user";
+ home = cfg.dataDir;
+ packages = [ cfg.workdir.gems pkgs.nodejs cfg.workdir.gems.ruby ];
+ useDefaultShell = true;
+ });
+ users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton {
+ inherit name;
+ inherit gid;
+ });
+
+ systemd.services.diaspora = {
+ description = "Diaspora";
+ wantedBy = [ "multi-user.target" ];
+ after = [
+ "network.target" "redis.service" "postgresql.service"
+ ];
+ wants = [
+ "redis.service" "postgresql.service"
+ ];
+
+ environment.RAILS_ENV = "production";
+ environment.BUNDLE_PATH = "${cfg.workdir.gems}/${cfg.workdir.gems.ruby.gemPath}";
+ environment.BUNDLE_GEMFILE = "${cfg.workdir.gems.confFiles}/Gemfile";
+ environment.EYE_SOCK = cfg.sockets.eye;
+ environment.EYE_PID = cfg.pids.eye;
+
+ path = [ cfg.workdir.gems pkgs.nodejs cfg.workdir.gems.ruby pkgs.curl pkgs.which pkgs.gawk ];
+
+ preStart = ''
+ ./bin/bundle exec rails db:migrate
+ '';
+
+ script = ''
+ exec ${cfg.workdir}/script/server
+ '';
+
+ serviceConfig = {
+ User = cfg.user;
+ PrivateTmp = true;
+ Restart = "always";
+ Type = "simple";
+ WorkingDirectory = cfg.workdir;
+ StandardInput = "null";
+ KillMode = "control-group";
+ };
+
+ unitConfig.RequiresMountsFor = cfg.dataDir;
+ };
+
+ system.activationScripts.diaspora = {
+ deps = [ "users" ];
+ text = ''
+ install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.socketsDir}
+ install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir} \
+ ${cfg.dataDir}/uploads ${cfg.dataDir}/tmp \
+ ${cfg.dataDir}/log
+ install -m 0700 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}/tmp/pids
+ if [ ! -f ${cfg.dataDir}/schedule.yml ]; then
+ echo "{}" | $wrapperDir/sudo -u ${cfg.user} tee ${cfg.dataDir}/schedule.yml
+ fi
+ '';
+ };
+
+ };
+}
{ lib, pkgs, config, myconfig, mylibs, ... }:
let
- varDir = "/var/lib/diaspora_immae";
-
- diaspora = pkgs.webapps.diaspora.override {
- ldap = true;
- inherit varDir;
- podmin_email = "diaspora@tools.immae.eu";
- config_dir = "/var/secrets/webapps/diaspora";
- };
-
- railsSocket = "${socketsDir}/diaspora.sock";
- socketsDir = "/run/diaspora";
env = myconfig.env.tools.diaspora;
root = "/run/current-system/webapps/tools_diaspora";
cfg = config.services.myWebsites.tools.diaspora;
+ dcfg = config.services.diaspora;
in {
options.services.myWebsites.tools.diaspora = {
enable = lib.mkEnableOption "enable diaspora's website";
};
config = lib.mkIf cfg.enable {
- ids.uids.diaspora = env.user.uid;
- ids.gids.diaspora = env.user.gid;
-
- users.users.diaspora = {
- name = "diaspora";
- uid = config.ids.uids.diaspora;
- group = "diaspora";
- description = "Diaspora user";
- home = varDir;
- useDefaultShell = true;
- packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ];
- extraGroups = [ "keys" ];
- };
+ users.users.diaspora.extraGroups = [ "keys" ];
- users.groups.diaspora.gid = config.ids.gids.diaspora;
secrets.keys = [
{
dest = "webapps/diaspora/diaspora.yml";
logrotate:
debug:
server:
- listen: '${socketsDir}/diaspora.sock'
+ listen: '${dcfg.sockets.rails}'
rails_environment: 'production'
chat:
server:
}
];
- systemd.services.diaspora = {
- description = "Diaspora";
- wantedBy = [ "multi-user.target" ];
- after = [
- "network.target" "redis.service" "postgresql.service"
- ];
- wants = [
- "redis.service" "postgresql.service"
- ];
-
- environment.RAILS_ENV = "production";
- environment.BUNDLE_PATH = "${diaspora.gems}/${diaspora.gems.ruby.gemPath}";
- environment.BUNDLE_GEMFILE = "${diaspora.gems.confFiles}/Gemfile";
- environment.EYE_SOCK = "${socketsDir}/eye.sock";
- environment.EYE_PID = "${socketsDir}/eye.pid";
-
- path = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby pkgs.curl pkgs.which pkgs.gawk ];
-
- preStart = ''
- ./bin/bundle exec rails db:migrate
- '';
-
- script = ''
- exec ${diaspora}/script/server
- '';
-
- serviceConfig = {
- User = "diaspora";
- PrivateTmp = true;
- Restart = "always";
- Type = "simple";
- WorkingDirectory = diaspora;
- StandardInput = "null";
- KillMode = "control-group";
- };
-
- unitConfig.RequiresMountsFor = varDir;
- };
-
- system.activationScripts.diaspora = {
- deps = [ "users" ];
- text = ''
- install -m 0755 -o diaspora -g diaspora -d ${socketsDir}
- install -m 0755 -o diaspora -g diaspora -d ${varDir} \
- ${varDir}/uploads ${varDir}/tmp \
- ${varDir}/log
- install -m 0700 -o diaspora -g diaspora -d ${varDir}/tmp/pids
- if [ ! -f ${varDir}/schedule.yml ]; then
- echo "{}" | $wrapperDir/sudo -u diaspora tee ${varDir}/schedule.yml
- fi
- '';
+ services.diaspora = {
+ enable = true;
+ package = pkgs.webapps.diaspora.override { ldap = true; };
+ dataDir = "/var/lib/diaspora_immae";
+ adminEmail = "diaspora@tools.immae.eu";
+ configDir = "/var/secrets/webapps/diaspora";
};
services.myWebsites.tools.modules = [
security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null;
system.extraSystemBuilderCmds = ''
mkdir -p $out/webapps
- ln -s ${diaspora}/public/ $out/webapps/tools_diaspora
+ ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora
'';
services.myWebsites.tools.vhostConfs.diaspora = {
certName = "eldiron";
extraConfig = [ ''
RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
- RewriteRule ^/(.*)$ unix://${railsSocket}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L]
+ RewriteRule ^/(.*)$ unix://${dcfg.sockets.rails}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L]
ProxyRequests Off
ProxyVia On
projects / perso / Immae / Config / Nix.git / commitdiff
