]>
Commit | Line | Data |
---|---|---|
ab8f306d | 1 | { lib, pkgs, config, ... }: |
a7f7fdae | 2 | let |
ab8f306d | 3 | env = config.myEnv.tools.diaspora; |
a95ab089 | 4 | root = "/run/current-system/webapps/tools_diaspora"; |
4288c2f2 | 5 | cfg = config.myServices.websites.tools.diaspora; |
7009832a | 6 | dcfg = config.services.diaspora; |
a7f7fdae | 7 | in { |
4288c2f2 | 8 | options.myServices.websites.tools.diaspora = { |
a7f7fdae IB |
9 | enable = lib.mkEnableOption "enable diaspora's website"; |
10 | }; | |
11 | ||
12 | config = lib.mkIf cfg.enable { | |
d2e703c5 | 13 | services.duplyBackup.profiles.diaspora = { |
6a8252b1 | 14 | rootDir = dcfg.dataDir; |
546864bc | 15 | remotes = [ "eriomem" "ovh" ]; |
6a8252b1 | 16 | }; |
7009832a | 17 | users.users.diaspora.extraGroups = [ "keys" ]; |
a7f7fdae | 18 | |
4c4652aa IB |
19 | secrets.keys = { |
20 | "webapps/diaspora" = { | |
da30ae4f IB |
21 | isDir = true; |
22 | user = "diaspora"; | |
23 | group = "diaspora"; | |
24 | permissions = "0500"; | |
4c4652aa IB |
25 | }; |
26 | "webapps/diaspora/diaspora.yml" = { | |
3bb8a82a IB |
27 | user = "diaspora"; |
28 | group = "diaspora"; | |
29 | permissions = "0400"; | |
30 | text = '' | |
31 | configuration: | |
32 | environment: | |
33 | url: "https://diaspora.immae.eu/" | |
34 | certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt' | |
ab8f306d | 35 | redis: 'redis://${env.redis.host}:${env.redis.port}/${env.redis.db}' |
3bb8a82a IB |
36 | sidekiq: |
37 | s3: | |
38 | assets: | |
39 | logging: | |
40 | logrotate: | |
41 | debug: | |
42 | server: | |
7009832a | 43 | listen: '${dcfg.sockets.rails}' |
3bb8a82a IB |
44 | rails_environment: 'production' |
45 | chat: | |
46 | server: | |
47 | bosh: | |
48 | log: | |
49 | map: | |
50 | mapbox: | |
51 | privacy: | |
52 | piwik: | |
53 | statistics: | |
54 | camo: | |
55 | settings: | |
56 | enable_registrations: false | |
57 | welcome_message: | |
58 | invitations: | |
59 | open: false | |
60 | paypal_donations: | |
61 | community_spotlight: | |
62 | captcha: | |
63 | enable: false | |
64 | terms: | |
65 | maintenance: | |
66 | remove_old_users: | |
67 | default_metas: | |
68 | csp: | |
69 | services: | |
70 | twitter: | |
71 | tumblr: | |
72 | wordpress: | |
73 | mail: | |
74 | enable: true | |
75 | sender_address: 'diaspora@tools.immae.eu' | |
76 | method: 'sendmail' | |
77 | smtp: | |
78 | sendmail: | |
79 | location: '/run/wrappers/bin/sendmail' | |
80 | admins: | |
81 | account: "ismael" | |
82 | podmin_email: 'diaspora@tools.immae.eu' | |
83 | relay: | |
84 | outbound: | |
85 | inbound: | |
86 | ldap: | |
87 | enable: true | |
ab8f306d | 88 | host: ${env.ldap.host} |
3bb8a82a IB |
89 | port: 636 |
90 | only_ldap: true | |
91 | mail_attribute: mail | |
92 | skip_email_confirmation: true | |
93 | use_bind_dn: true | |
ab8f306d | 94 | bind_dn: "${env.ldap.dn}" |
3bb8a82a | 95 | bind_pw: "${env.ldap.password}" |
ab8f306d IB |
96 | search_base: "${env.ldap.base}" |
97 | search_filter: "${env.ldap.filter}" | |
3bb8a82a IB |
98 | production: |
99 | environment: | |
100 | development: | |
101 | environment: | |
102 | ''; | |
4c4652aa IB |
103 | }; |
104 | "webapps/diaspora/database.yml" = { | |
3bb8a82a IB |
105 | user = "diaspora"; |
106 | group = "diaspora"; | |
107 | permissions = "0400"; | |
108 | text = '' | |
109 | postgresql: &postgresql | |
110 | adapter: postgresql | |
111 | host: "${env.postgresql.socket}" | |
112 | port: "${env.postgresql.port}" | |
113 | username: "${env.postgresql.user}" | |
114 | password: "${env.postgresql.password}" | |
115 | encoding: unicode | |
116 | common: &common | |
117 | <<: *postgresql | |
118 | combined: &combined | |
119 | <<: *common | |
120 | development: | |
121 | <<: *combined | |
122 | database: diaspora_development | |
123 | production: | |
124 | <<: *combined | |
125 | database: ${env.postgresql.database} | |
126 | test: | |
127 | <<: *combined | |
128 | database: "diaspora_test" | |
129 | integration1: | |
130 | <<: *combined | |
131 | database: diaspora_integration1 | |
132 | integration2: | |
133 | <<: *combined | |
134 | database: diaspora_integration2 | |
135 | ''; | |
4c4652aa IB |
136 | }; |
137 | "webapps/diaspora/secret_token.rb" = { | |
3bb8a82a IB |
138 | user = "diaspora"; |
139 | group = "diaspora"; | |
140 | permissions = "0400"; | |
141 | text = '' | |
142 | Diaspora::Application.config.secret_key_base = '${env.secret_token}' | |
143 | ''; | |
4c4652aa IB |
144 | }; |
145 | }; | |
a7f7fdae | 146 | |
7009832a IB |
147 | services.diaspora = { |
148 | enable = true; | |
149 | package = pkgs.webapps.diaspora.override { ldap = true; }; | |
150 | dataDir = "/var/lib/diaspora_immae"; | |
151 | adminEmail = "diaspora@tools.immae.eu"; | |
da30ae4f | 152 | configDir = config.secrets.fullPaths."webapps/diaspora"; |
a7f7fdae IB |
153 | }; |
154 | ||
17f6eae9 IB |
155 | services.filesWatcher.diaspora = { |
156 | restart = true; | |
157 | paths = [ dcfg.configDir ]; | |
158 | }; | |
159 | ||
29f8cb85 | 160 | services.websites.env.tools.modules = [ |
a952acc4 | 161 | "headers" "proxy" "proxy_http" |
a7f7fdae | 162 | ]; |
a95ab089 IB |
163 | system.extraSystemBuilderCmds = '' |
164 | mkdir -p $out/webapps | |
7009832a | 165 | ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora |
a95ab089 | 166 | ''; |
29f8cb85 | 167 | services.websites.env.tools.vhostConfs.diaspora = { |
a7f7fdae | 168 | certName = "eldiron"; |
7df420c2 | 169 | addToCerts = true; |
a7f7fdae | 170 | hosts = [ "diaspora.immae.eu" ]; |
a95ab089 | 171 | root = root; |
a7f7fdae IB |
172 | extraConfig = [ '' |
173 | RewriteEngine On | |
174 | RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f | |
7009832a | 175 | RewriteRule ^/(.*)$ unix://${dcfg.sockets.rails}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L] |
a7f7fdae IB |
176 | |
177 | ProxyRequests Off | |
178 | ProxyVia On | |
179 | ProxyPreserveHost On | |
180 | RequestHeader set X_FORWARDED_PROTO https | |
181 | ||
182 | <Proxy *> | |
183 | Require all granted | |
184 | </Proxy> | |
185 | ||
a95ab089 | 186 | <Directory ${root}> |
a7f7fdae IB |
187 | Require all granted |
188 | Options -MultiViews | |
189 | </Directory> | |
190 | '' ]; | |
191 | }; | |
192 | }; | |
193 | } |