[perso/Immae/Config/Nix.git] / modules / private / websites / tools / diaspora / default.nix

{ lib, pkgs, config, myconfig,  ... }:
let
  env = myconfig.env.tools.diaspora;
  root = "/run/current-system/webapps/tools_diaspora";
  cfg = config.myServices.websites.tools.diaspora;
  dcfg = config.services.diaspora;
in {
  options.myServices.websites.tools.diaspora = {
    enable = lib.mkEnableOption "enable diaspora's website";
  };

  config = lib.mkIf cfg.enable {
    users.users.diaspora.extraGroups = [ "keys" ];

    secrets.keys = [
      {
        dest = "webapps/diaspora/diaspora.yml";
        user = "diaspora";
        group = "diaspora";
        permissions = "0400";
        text = ''
        configuration:
          environment:
            url: "https://diaspora.immae.eu/"
            certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt'
            redis: '${env.redis_url}'
            sidekiq:
            s3:
            assets:
            logging:
              logrotate:
              debug:
          server:
            listen: '${dcfg.sockets.rails}'
            rails_environment: 'production'
          chat:
            server:
              bosh:
              log:
          map:
            mapbox:
          privacy:
            piwik:
            statistics:
            camo:
          settings:
            enable_registrations: false
            welcome_message:
            invitations:
              open: false
            paypal_donations:
            community_spotlight:
            captcha:
              enable: false
            terms:
            maintenance:
              remove_old_users:
            default_metas:
            csp:
          services:
            twitter:
            tumblr:
            wordpress:
          mail:
            enable: true
            sender_address: 'diaspora@tools.immae.eu'
            method: 'sendmail'
            smtp:
            sendmail:
              location: '/run/wrappers/bin/sendmail'
          admins:
            account: "ismael"
            podmin_email: 'diaspora@tools.immae.eu'
          relay:
            outbound:
            inbound:
          ldap:
              enable: true
              host: ldap.immae.eu
              port: 636
              only_ldap: true
              mail_attribute: mail
              skip_email_confirmation: true
              use_bind_dn: true
              bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu"
              bind_pw: "${env.ldap.password}"
              search_base: "dc=immae,dc=eu"
              search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))"
        production:
          environment:
        development:
          environment:
        '';
      }
      {
        dest = "webapps/diaspora/database.yml";
        user = "diaspora";
        group = "diaspora";
        permissions = "0400";
        text = ''
        postgresql: &postgresql
          adapter: postgresql
          host: "${env.postgresql.socket}"
          port: "${env.postgresql.port}"
          username: "${env.postgresql.user}"
          password: "${env.postgresql.password}"
          encoding: unicode
        common: &common
          <<: *postgresql
        combined: &combined
          <<: *common
        development:
          <<: *combined
          database: diaspora_development
        production:
          <<: *combined
          database: ${env.postgresql.database}
        test:
          <<: *combined
          database: "diaspora_test"
        integration1:
          <<: *combined
          database: diaspora_integration1
        integration2:
          <<: *combined
          database: diaspora_integration2
        '';
      }
      {
        dest = "webapps/diaspora/secret_token.rb";
        user = "diaspora";
        group = "diaspora";
        permissions = "0400";
        text = ''
          Diaspora::Application.config.secret_key_base = '${env.secret_token}'
        '';
      }
    ];

    services.diaspora = {
      enable = true;
      package = pkgs.webapps.diaspora.override { ldap = true; };
      dataDir = "/var/lib/diaspora_immae";
      adminEmail = "diaspora@tools.immae.eu";
      configDir = "/var/secrets/webapps/diaspora";
    };

    services.filesWatcher.diaspora = {
      restart = true;
      paths = [ dcfg.configDir ];
    };

    services.websites.env.tools.modules = [
      "headers" "proxy" "proxy_http"
    ];
    system.extraSystemBuilderCmds = ''
      mkdir -p $out/webapps
      ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora
      '';
    services.websites.env.tools.vhostConfs.diaspora = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = [ "diaspora.immae.eu" ];
      root        = root;
      extraConfig = [ ''
        RewriteEngine On
        RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
        RewriteRule ^/(.*)$ unix://${dcfg.sockets.rails}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L]

        ProxyRequests Off
        ProxyVia On
        ProxyPreserveHost On
        RequestHeader set X_FORWARDED_PROTO https

        <Proxy *>
            Require all granted
        </Proxy>

        <Directory ${root}>
            Require all granted
            Options -MultiViews
        </Directory>
      '' ];
    };
  };
}
Commit	Line	Data
8a964143	1	{ lib, pkgs, config, myconfig, ... }:
a7f7fdae	2	let
3bb8a82a	3	env = myconfig.env.tools.diaspora;
a95ab089	4	root = "/run/current-system/webapps/tools_diaspora";
4288c2f2	5	cfg = config.myServices.websites.tools.diaspora;
7009832a	6	dcfg = config.services.diaspora;
a7f7fdae	7	in {
4288c2f2	8	options.myServices.websites.tools.diaspora = {
a7f7fdae IB	9	enable = lib.mkEnableOption "enable diaspora's website";
	10	};
	11
	12	config = lib.mkIf cfg.enable {
7009832a	13	users.users.diaspora.extraGroups = [ "keys" ];
a7f7fdae	14
1a718805	15	secrets.keys = [
3bb8a82a IB	16	{
	17	dest = "webapps/diaspora/diaspora.yml";
	18	user = "diaspora";
	19	group = "diaspora";
	20	permissions = "0400";
	21	text = ''
	22	configuration:
	23	environment:
	24	url: "https://diaspora.immae.eu/"
	25	certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt'
	26	redis: '${env.redis_url}'
	27	sidekiq:
	28	s3:
	29	assets:
	30	logging:
	31	logrotate:
	32	debug:
	33	server:
7009832a	34	listen: '${dcfg.sockets.rails}'
3bb8a82a IB	35	rails_environment: 'production'
	36	chat:
	37	server:
	38	bosh:
	39	log:
	40	map:
	41	mapbox:
	42	privacy:
	43	piwik:
	44	statistics:
	45	camo:
	46	settings:
	47	enable_registrations: false
	48	welcome_message:
	49	invitations:
	50	open: false
	51	paypal_donations:
	52	community_spotlight:
	53	captcha:
	54	enable: false
	55	terms:
	56	maintenance:
	57	remove_old_users:
	58	default_metas:
	59	csp:
	60	services:
	61	twitter:
	62	tumblr:
	63	wordpress:
	64	mail:
	65	enable: true
	66	sender_address: 'diaspora@tools.immae.eu'
	67	method: 'sendmail'
	68	smtp:
	69	sendmail:
	70	location: '/run/wrappers/bin/sendmail'
	71	admins:
	72	account: "ismael"
	73	podmin_email: 'diaspora@tools.immae.eu'
	74	relay:
	75	outbound:
	76	inbound:
	77	ldap:
	78	enable: true
	79	host: ldap.immae.eu
	80	port: 636
	81	only_ldap: true
	82	mail_attribute: mail
	83	skip_email_confirmation: true
	84	use_bind_dn: true
	85	bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu"
	86	bind_pw: "${env.ldap.password}"
	87	search_base: "dc=immae,dc=eu"
	88	search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))"
	89	production:
	90	environment:
	91	development:
	92	environment:
	93	'';
	94	}
	95	{
	96	dest = "webapps/diaspora/database.yml";
	97	user = "diaspora";
	98	group = "diaspora";
99	permissions = "0400";
100	text = ''
101	postgresql: &postgresql
102	adapter: postgresql
103	host: "${env.postgresql.socket}"
104	port: "${env.postgresql.port}"
105	username: "${env.postgresql.user}"
106	password: "${env.postgresql.password}"
107	encoding: unicode
108	common: &common
109	<<: *postgresql
110	combined: &combined
111	<<: *common
112	development:
113	<<: *combined
114	database: diaspora_development
115	production:
116	<<: *combined
117	database: ${env.postgresql.database}
118	test:
119	<<: *combined
120	database: "diaspora_test"
121	integration1:
122	<<: *combined
123	database: diaspora_integration1
124	integration2:
125	<<: *combined
126	database: diaspora_integration2
127	'';
128	}
129	{
130	dest = "webapps/diaspora/secret_token.rb";
131	user = "diaspora";
132	group = "diaspora";
133	permissions = "0400";
134	text = ''
135	Diaspora::Application.config.secret_key_base = '${env.secret_token}'
136	'';
137	}
138	];
a7f7fdae	139
7009832a IB	140	services.diaspora = {
	141	enable = true;
	142	package = pkgs.webapps.diaspora.override { ldap = true; };
	143	dataDir = "/var/lib/diaspora_immae";
	144	adminEmail = "diaspora@tools.immae.eu";
	145	configDir = "/var/secrets/webapps/diaspora";
a7f7fdae IB	146	};
a7f7fdae IB	147
17f6eae9 IB	148	services.filesWatcher.diaspora = {
	149	restart = true;
	150	paths = [ dcfg.configDir ];
	151	};
	152
29f8cb85	153	services.websites.env.tools.modules = [
a952acc4	154	"headers" "proxy" "proxy_http"
a7f7fdae	155	];
a95ab089 IB	156	system.extraSystemBuilderCmds = ''
a95ab089 IB	157	mkdir -p $out/webapps
7009832a	158	ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora
a95ab089	159	'';
29f8cb85	160	services.websites.env.tools.vhostConfs.diaspora = {
a7f7fdae	161	certName = "eldiron";
7df420c2	162	addToCerts = true;
a7f7fdae	163	hosts = [ "diaspora.immae.eu" ];
a95ab089	164	root = root;
a7f7fdae IB	165	extraConfig = [ ''
	166	RewriteEngine On
	167	RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
7009832a	168	RewriteRule ^/(.*)$ unix://${dcfg.sockets.rails}\|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L]
a7f7fdae IB	169
	170	ProxyRequests Off
	171	ProxyVia On
	172	ProxyPreserveHost On
	173	RequestHeader set X_FORWARDED_PROTO https
	174
	175	<Proxy *>
	176	Require all granted
	177	</Proxy>
	178
a95ab089	179	<Directory ${root}>
a7f7fdae IB	180	Require all granted
	181	Options -MultiViews
	182	</Directory>
	183	'' ];
	184	};
	185	};
	186	}