From 7009832ab635a664e26c73cdc0ca0f8689a57774 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Fri, 10 May 2019 19:39:51 +0200 Subject: [PATCH] Move diaspora module outside of nixops --- modules/default.nix | 1 + modules/myids.nix | 2 + modules/webapps/diaspora.nix | 159 +++++++++++++++++++++ nixops/modules/websites/tools/diaspora.nix | 90 ++---------- 4 files changed, 173 insertions(+), 79 deletions(-) create mode 100644 modules/webapps/diaspora.nix diff --git a/modules/default.nix b/modules/default.nix index 7db0cc2..20386af 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -2,6 +2,7 @@ myids = ./myids.nix; secrets = ./secrets.nix; + diaspora = ./webapps/diaspora.nix; mastodon = ./webapps/mastodon.nix; mediagoblin = ./webapps/mediagoblin.nix; peertube = ./webapps/peertube.nix; diff --git a/modules/myids.nix b/modules/myids.nix index 24d853b..17270af 100644 --- a/modules/myids.nix +++ b/modules/myids.nix @@ -6,12 +6,14 @@ peertube = 394; nullmailer = 396; mediagoblin = 397; + diaspora = 398; mastodon = 399; }; ids.gids = { peertube = 394; nullmailer = 396; mediagoblin = 397; + diaspora = 398; mastodon = 399; }; }; diff --git a/modules/webapps/diaspora.nix b/modules/webapps/diaspora.nix new file mode 100644 index 0000000..8451c6d --- /dev/null +++ b/modules/webapps/diaspora.nix @@ -0,0 +1,159 @@ +{ lib, pkgs, config, ... }: +let + name = "diaspora"; + cfg = config.services.diaspora; + + uid = config.ids.uids.diaspora; + gid = config.ids.gids.diaspora; +in +{ + options.services.diaspora = { + enable = lib.mkEnableOption "Enable Diaspora’s service"; + user = lib.mkOption { + type = lib.types.str; + default = name; + description = "User account under which Diaspora runs"; + }; + group = lib.mkOption { + type = lib.types.str; + default = name; + description = "Group under which Diaspora runs"; + }; + adminEmail = lib.mkOption { + type = lib.types.str; + example = "admin@example.com"; + description = "Admin e-mail for Diaspora"; + }; + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/${name}"; + description = '' + The directory where Diaspora stores its data. + ''; + }; + socketsDir = lib.mkOption { + type = lib.types.path; + default = "/run/${name}"; + description = '' + The directory where Diaspora puts runtime files and sockets. + ''; + }; + configDir = lib.mkOption { + type = lib.types.path; + description = '' + The configuration path for Diaspora. + ''; + }; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.webapps.diaspora; + description = '' + Diaspora package to use. + ''; + }; + # Output variables + workdir = lib.mkOption { + type = lib.types.package; + default = cfg.package.override { + varDir = cfg.dataDir; + podmin_email = cfg.adminEmail; + config_dir = cfg.configDir; + }; + description = '' + Adjusted diaspora package with overriden values + ''; + readOnly = true; + }; + sockets = lib.mkOption { + type = lib.types.attrsOf lib.types.path; + default = { + rails = "${cfg.socketsDir}/diaspora.sock"; + eye = "${cfg.socketsDir}/eye.sock"; + }; + readOnly = true; + description = '' + Diaspora sockets + ''; + }; + pids = lib.mkOption { + type = lib.types.attrsOf lib.types.path; + default = { + eye = "${cfg.socketsDir}/eye.pid"; + }; + readOnly = true; + description = '' + Diaspora pids + ''; + }; + }; + + config = lib.mkIf cfg.enable { + users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton { + inherit name; + inherit uid; + group = cfg.group; + description = "Diaspora user"; + home = cfg.dataDir; + packages = [ cfg.workdir.gems pkgs.nodejs cfg.workdir.gems.ruby ]; + useDefaultShell = true; + }); + users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton { + inherit name; + inherit gid; + }); + + systemd.services.diaspora = { + description = "Diaspora"; + wantedBy = [ "multi-user.target" ]; + after = [ + "network.target" "redis.service" "postgresql.service" + ]; + wants = [ + "redis.service" "postgresql.service" + ]; + + environment.RAILS_ENV = "production"; + environment.BUNDLE_PATH = "${cfg.workdir.gems}/${cfg.workdir.gems.ruby.gemPath}"; + environment.BUNDLE_GEMFILE = "${cfg.workdir.gems.confFiles}/Gemfile"; + environment.EYE_SOCK = cfg.sockets.eye; + environment.EYE_PID = cfg.pids.eye; + + path = [ cfg.workdir.gems pkgs.nodejs cfg.workdir.gems.ruby pkgs.curl pkgs.which pkgs.gawk ]; + + preStart = '' + ./bin/bundle exec rails db:migrate + ''; + + script = '' + exec ${cfg.workdir}/script/server + ''; + + serviceConfig = { + User = cfg.user; + PrivateTmp = true; + Restart = "always"; + Type = "simple"; + WorkingDirectory = cfg.workdir; + StandardInput = "null"; + KillMode = "control-group"; + }; + + unitConfig.RequiresMountsFor = cfg.dataDir; + }; + + system.activationScripts.diaspora = { + deps = [ "users" ]; + text = '' + install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.socketsDir} + install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir} \ + ${cfg.dataDir}/uploads ${cfg.dataDir}/tmp \ + ${cfg.dataDir}/log + install -m 0700 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}/tmp/pids + if [ ! -f ${cfg.dataDir}/schedule.yml ]; then + echo "{}" | $wrapperDir/sudo -u ${cfg.user} tee ${cfg.dataDir}/schedule.yml + fi + ''; + }; + + }; +} diff --git a/nixops/modules/websites/tools/diaspora.nix b/nixops/modules/websites/tools/diaspora.nix index 1088e71..ebb7612 100644 --- a/nixops/modules/websites/tools/diaspora.nix +++ b/nixops/modules/websites/tools/diaspora.nix @@ -1,40 +1,17 @@ { lib, pkgs, config, myconfig, mylibs, ... }: let - varDir = "/var/lib/diaspora_immae"; - - diaspora = pkgs.webapps.diaspora.override { - ldap = true; - inherit varDir; - podmin_email = "diaspora@tools.immae.eu"; - config_dir = "/var/secrets/webapps/diaspora"; - }; - - railsSocket = "${socketsDir}/diaspora.sock"; - socketsDir = "/run/diaspora"; env = myconfig.env.tools.diaspora; root = "/run/current-system/webapps/tools_diaspora"; cfg = config.services.myWebsites.tools.diaspora; + dcfg = config.services.diaspora; in { options.services.myWebsites.tools.diaspora = { enable = lib.mkEnableOption "enable diaspora's website"; }; config = lib.mkIf cfg.enable { - ids.uids.diaspora = env.user.uid; - ids.gids.diaspora = env.user.gid; - - users.users.diaspora = { - name = "diaspora"; - uid = config.ids.uids.diaspora; - group = "diaspora"; - description = "Diaspora user"; - home = varDir; - useDefaultShell = true; - packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ]; - extraGroups = [ "keys" ]; - }; + users.users.diaspora.extraGroups = [ "keys" ]; - users.groups.diaspora.gid = config.ids.gids.diaspora; secrets.keys = [ { dest = "webapps/diaspora/diaspora.yml"; @@ -54,7 +31,7 @@ in { logrotate: debug: server: - listen: '${socketsDir}/diaspora.sock' + listen: '${dcfg.sockets.rails}' rails_environment: 'production' chat: server: @@ -160,57 +137,12 @@ in { } ]; - systemd.services.diaspora = { - description = "Diaspora"; - wantedBy = [ "multi-user.target" ]; - after = [ - "network.target" "redis.service" "postgresql.service" - ]; - wants = [ - "redis.service" "postgresql.service" - ]; - - environment.RAILS_ENV = "production"; - environment.BUNDLE_PATH = "${diaspora.gems}/${diaspora.gems.ruby.gemPath}"; - environment.BUNDLE_GEMFILE = "${diaspora.gems.confFiles}/Gemfile"; - environment.EYE_SOCK = "${socketsDir}/eye.sock"; - environment.EYE_PID = "${socketsDir}/eye.pid"; - - path = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby pkgs.curl pkgs.which pkgs.gawk ]; - - preStart = '' - ./bin/bundle exec rails db:migrate - ''; - - script = '' - exec ${diaspora}/script/server - ''; - - serviceConfig = { - User = "diaspora"; - PrivateTmp = true; - Restart = "always"; - Type = "simple"; - WorkingDirectory = diaspora; - StandardInput = "null"; - KillMode = "control-group"; - }; - - unitConfig.RequiresMountsFor = varDir; - }; - - system.activationScripts.diaspora = { - deps = [ "users" ]; - text = '' - install -m 0755 -o diaspora -g diaspora -d ${socketsDir} - install -m 0755 -o diaspora -g diaspora -d ${varDir} \ - ${varDir}/uploads ${varDir}/tmp \ - ${varDir}/log - install -m 0700 -o diaspora -g diaspora -d ${varDir}/tmp/pids - if [ ! -f ${varDir}/schedule.yml ]; then - echo "{}" | $wrapperDir/sudo -u diaspora tee ${varDir}/schedule.yml - fi - ''; + services.diaspora = { + enable = true; + package = pkgs.webapps.diaspora.override { ldap = true; }; + dataDir = "/var/lib/diaspora_immae"; + adminEmail = "diaspora@tools.immae.eu"; + configDir = "/var/secrets/webapps/diaspora"; }; services.myWebsites.tools.modules = [ @@ -219,7 +151,7 @@ in { security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null; system.extraSystemBuilderCmds = '' mkdir -p $out/webapps - ln -s ${diaspora}/public/ $out/webapps/tools_diaspora + ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora ''; services.myWebsites.tools.vhostConfs.diaspora = { certName = "eldiron"; @@ -228,7 +160,7 @@ in { extraConfig = [ '' RewriteEngine On RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f - RewriteRule ^/(.*)$ unix://${railsSocket}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L] + RewriteRule ^/(.*)$ unix://${dcfg.sockets.rails}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L] ProxyRequests Off ProxyVia On -- 2.41.0