home = diaspora.varDir;
useDefaultShell = true;
packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ];
+ extraGroups = [ "keys" ];
};
users.groups.diaspora.gid = config.ids.gids.diaspora;
+ deployment.keys = diaspora.keys;
systemd.services.diaspora = {
description = "Diaspora";
wantedBy = [ "multi-user.target" ];
- after = [ "network.target" "redis.service" "postgresql.service" ];
- wants = [ "redis.service" "postgresql.service" ];
+ after = [
+ "network.target" "redis.service" "postgresql.service"
+ "tools-diaspora-secret_token.service"
+ "tools-diaspora-config.service"
+ "tools-diaspora-database_config.service"
+ ];
+ wants = [
+ "redis.service" "postgresql.service"
+ "tools-diaspora-secret_token.service"
+ "tools-diaspora-config.service"
+ "tools-diaspora-database_config.service"
+ ];
environment.RAILS_ENV = "production";
environment.BUNDLE_PATH = "${diaspora.gems}/${diaspora.gems.ruby.gemPath}";
};
};
};
- secret_token = writeText "secret_token.rb" ''
- Diaspora::Application.config.secret_key_base = '${env.secret_token}'
+ keys.tools-diaspora-secret_token = {
+ destDir = "/run/keys/webapps";
+ user = "diaspora";
+ group = "diaspora";
+ permissions = "0700";
+ text = ''
+ Diaspora::Application.config.secret_key_base = '${env.secret_token}'
'';
- config = writeText "diaspora.yml" ''
+ };
+ keys.tools-diaspora-config = {
+ destDir = "/run/keys/webapps";
+ user = "diaspora";
+ group = "diaspora";
+ permissions = "0700";
+ text = ''
configuration:
environment:
url: "https://diaspora.immae.eu/"
development:
environment:
'';
- database_config = writeText "database.yml" ''
+ };
+ keys.tools-diaspora-database_config = {
+ destDir = "/run/keys/webapps";
+ user = "diaspora";
+ group = "diaspora";
+ permissions = "0700";
+ text = ''
postgresql: &postgresql
adapter: postgresql
host: "${env.postgresql.socket}"
<<: *combined
database: diaspora_integration2
'';
-
+ };
railsRoot = stdenv.mkDerivation {
name = "diaspora_immae";
inherit diaspora;
+ # FIXME: build machine will contain some passwords in the nix store
builder = writeText "build_diaspora_immae" ''
source $stdenv/setup
cp -a $diaspora $out
cd $out
chmod -R u+rwX .
tar -czf public/source.tar.gz ./{app,db,lib,script,Gemfile,Gemfile.lock,Rakefile,config.ru}
- ln -s ${database_config} config/database.yml
- ln -s ${config} config/diaspora.yml
- ln -s ${secret_token} config/initializers/secret_token.rb
+ ln -s ${writeText "database.yml" keys.tools-diaspora-database_config.text} config/database.yml
+ ln -s ${writeText "diaspora.yml" keys.tools-diaspora-config.text} config/diaspora.yml
+ ln -s ${writeText "secret_token.rb" keys.tools-diaspora-secret_token.text} config/initializers/secret_token.rb
ln -sf ${varDir}/schedule.yml config/schedule.yml
ln -sf ${varDir}/oidc_key.pem config/oidc_key.pem
ln -sf ${varDir}/uploads public/uploads
RAILS_ENV=production ${gems}/bin/rake assets:precompile
+ ln -sf /run/keys/webapps/tools-diaspora-database_config config/database.yml
+ ln -sf /run/keys/webapps/tools-diaspora-config config/diaspora.yml
+ ln -sf /run/keys/webapps/tools-diaspora-secret_token config/initializers/secret_token.rb
rm -rf tmp log
ln -sf ${varDir}/tmp tmp
ln -sf ${varDir}/log log
};
in
{
- inherit railsRoot varDir socketsDir gems;
+ inherit railsRoot varDir socketsDir gems keys;
railsSocket = "${socketsDir}/diaspora.sock";
}
});
};
in rec {
- config =
- writeText "config_inc.php" ''
- <?php
- $g_hostname = '${env.postgresql.socket}';
- $g_db_username = '${env.postgresql.user}';
- $g_db_password = '${env.postgresql.password}';
- $g_database_name = '${env.postgresql.database}';
- $g_db_type = 'pgsql';
- $g_crypto_master_salt = '${env.master_salt}';
- $g_allow_signup = OFF;
- $g_allow_anonymous_login = ON;
- $g_anonymous_account = 'anonymous';
+ keys."tools-mantisbt" = {
+ destDir = "/run/keys/webapps";
+ user = apache.user;
+ group = apache.group;
+ permissions = "0700";
+ text = ''
+ <?php
+ $g_hostname = '${env.postgresql.socket}';
+ $g_db_username = '${env.postgresql.user}';
+ $g_db_password = '${env.postgresql.password}';
+ $g_database_name = '${env.postgresql.database}';
+ $g_db_type = 'pgsql';
+ $g_crypto_master_salt = '${env.master_salt}';
+ $g_allow_signup = OFF;
+ $g_allow_anonymous_login = ON;
+ $g_anonymous_account = 'anonymous';
- $g_phpMailer_method = PHPMAILER_METHOD_SENDMAIL;
- $g_smtp_host = 'localhost';
- $g_smtp_username = ''';
- $g_smtp_password = ''';
- $g_webmaster_email = 'mantisbt@tools.immae.eu';
- $g_from_email = 'mantisbt@tools.immae.eu';
- $g_return_path_email = 'mantisbt@tools.immae.eu';
- $g_from_name = 'Mantis Bug Tracker at git.immae.eu';
- $g_email_receive_own = OFF;
- # --- LDAP ---
- $g_login_method = LDAP;
- $g_ldap_protocol_version = 3;
- $g_ldap_server = 'ldaps://ldap.immae.eu:636';
- $g_ldap_root_dn = 'ou=users,dc=immae,dc=eu';
- $g_ldap_bind_dn = 'cn=mantisbt,ou=services,dc=immae,dc=eu';
- $g_ldap_bind_passwd = '${env.ldap.password}';
- $g_use_ldap_email = ON;
- $g_use_ldap_realname = ON;
- $g_ldap_uid_field = 'uid';
- $g_ldap_realname_field = 'cn';
- $g_ldap_organization = '(memberOf=cn=users,cn=mantisbt,ou=services,dc=immae,dc=eu)';
+ $g_phpMailer_method = PHPMAILER_METHOD_SENDMAIL;
+ $g_smtp_host = 'localhost';
+ $g_smtp_username = ''';
+ $g_smtp_password = ''';
+ $g_webmaster_email = 'mantisbt@tools.immae.eu';
+ $g_from_email = 'mantisbt@tools.immae.eu';
+ $g_return_path_email = 'mantisbt@tools.immae.eu';
+ $g_from_name = 'Mantis Bug Tracker at git.immae.eu';
+ $g_email_receive_own = OFF;
+ # --- LDAP ---
+ $g_login_method = LDAP;
+ $g_ldap_protocol_version = 3;
+ $g_ldap_server = 'ldaps://ldap.immae.eu:636';
+ $g_ldap_root_dn = 'ou=users,dc=immae,dc=eu';
+ $g_ldap_bind_dn = 'cn=mantisbt,ou=services,dc=immae,dc=eu';
+ $g_ldap_bind_passwd = '${env.ldap.password}';
+ $g_use_ldap_email = ON;
+ $g_use_ldap_realname = ON;
+ $g_ldap_uid_field = 'uid';
+ $g_ldap_realname_field = 'cn';
+ $g_ldap_organization = '(memberOf=cn=users,cn=mantisbt,ou=services,dc=immae,dc=eu)';
'';
+ };
webRoot = stdenv.mkDerivation rec {
name = "mantisbt-${version}";
version = "2.11.1";
];
installPhase = ''
cp -a . $out
- ln -s ${config} $out/config/config_inc.php
+ ln -s /run/keys/webapps/tools-mantisbt $out/config/config_inc.php
ln -s ${plugins.slack} $out/plugins/Slack
ln -s ${plugins.source-integration}/Source* $out/plugins/
'';
'';
};
phpFpm = rec {
+ serviceDeps = [ "postgresql.service" "openldap.service" "tools-mantisbt-key.service" ];
basedir = builtins.concatStringsSep ":" (
- [ webRoot config ]
+ [ webRoot "/run/keys/webapps/tools-mantisbt" ]
++ lib.attrsets.mapAttrsToList (name: value: value) plugins);
socket = "/var/run/phpfpm/mantisbt.sock";
pool = ''
'';
};
};
-in
+in
mantisbt
projects / perso / Immae / Config / Nix.git / commitdiff
