[perso/Immae/Config/Nix.git] / modules / private / websites / tools / diaspora / default.nix

{ lib, pkgs, config,  ... }:
let
  env = config.myEnv.tools.diaspora;
  root = "/run/current-system/webapps/tools_diaspora";
  cfg = config.myServices.websites.tools.diaspora;
  dcfg = config.services.diaspora;
in {
  options.myServices.websites.tools.diaspora = {
    enable = lib.mkEnableOption "enable diaspora's website";
  };

  config = lib.mkIf cfg.enable {
    services.duplyBackup.profiles.diaspora = {
      rootDir = dcfg.dataDir;
      remotes = [ "eriomem" "ovh" ];
    };
    users.users.diaspora.extraGroups = [ "keys" ];

    secrets.keys = {
      "webapps/diaspora" = {
        isDir = true;
        user = "diaspora";
        group = "diaspora";
        permissions = "0500";
      };
      "webapps/diaspora/diaspora.yml" = {
        user = "diaspora";
        group = "diaspora";
        permissions = "0400";
        text = ''
        configuration:
          environment:
            url: "https://diaspora.immae.eu/"
            certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt'
            redis: 'redis://${env.redis.host}:${env.redis.port}/${env.redis.db}'
            sidekiq:
            s3:
            assets:
            logging:
              logrotate:
              debug:
          server:
            listen: '${dcfg.sockets.rails}'
            rails_environment: 'production'
          chat:
            server:
              bosh:
              log:
          map:
            mapbox:
          privacy:
            piwik:
            statistics:
            camo:
          settings:
            enable_registrations: false
            welcome_message:
            invitations:
              open: false
            paypal_donations:
            community_spotlight:
            captcha:
              enable: false
            terms:
            maintenance:
              remove_old_users:
            default_metas:
            csp:
          services:
            twitter:
            tumblr:
            wordpress:
          mail:
            enable: true
            sender_address: 'diaspora@tools.immae.eu'
            method: 'sendmail'
            smtp:
            sendmail:
              location: '/run/wrappers/bin/sendmail'
          admins:
            account: "ismael"
            podmin_email: 'diaspora@tools.immae.eu'
          relay:
            outbound:
            inbound:
          ldap:
              enable: true
              host: ${env.ldap.host}
              port: 636
              only_ldap: true
              mail_attribute: mail
              skip_email_confirmation: true
              use_bind_dn: true
              bind_dn: "${env.ldap.dn}"
              bind_pw: "${env.ldap.password}"
              search_base: "${env.ldap.base}"
              search_filter: "${env.ldap.filter}"
        production:
          environment:
        development:
          environment:
        '';
      };
      "webapps/diaspora/database.yml" = {
        user = "diaspora";
        group = "diaspora";
        permissions = "0400";
        text = ''
        postgresql: &postgresql
          adapter: postgresql
          host: "${env.postgresql.socket}"
          port: "${env.postgresql.port}"
          username: "${env.postgresql.user}"
          password: "${env.postgresql.password}"
          encoding: unicode
        common: &common
          <<: *postgresql
        combined: &combined
          <<: *common
        development:
          <<: *combined
          database: diaspora_development
        production:
          <<: *combined
          database: ${env.postgresql.database}
        test:
          <<: *combined
          database: "diaspora_test"
        integration1:
          <<: *combined
          database: diaspora_integration1
        integration2:
          <<: *combined
          database: diaspora_integration2
        '';
      };
      "webapps/diaspora/secret_token.rb" = {
        user = "diaspora";
        group = "diaspora";
        permissions = "0400";
        text = ''
          Diaspora::Application.config.secret_key_base = '${env.secret_token}'
        '';
      };
    };

    services.diaspora = {
      enable = true;
      package = pkgs.webapps.diaspora.override { ldap = true; };
      dataDir = "/var/lib/diaspora_immae";
      adminEmail = "diaspora@tools.immae.eu";
      configDir = config.secrets.fullPaths."webapps/diaspora";
    };

    services.filesWatcher.diaspora = {
      restart = true;
      paths = [ dcfg.configDir ];
    };

    services.websites.env.tools.modules = [
      "headers" "proxy" "proxy_http"
    ];
    system.extraSystemBuilderCmds = ''
      mkdir -p $out/webapps
      ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora
      '';
    services.websites.env.tools.vhostConfs.diaspora = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = [ "diaspora.immae.eu" ];
      root        = root;
      extraConfig = [ ''
        RewriteEngine On
        RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
        RewriteRule ^/(.*)$ unix://${dcfg.sockets.rails}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L]

        ProxyRequests Off
        ProxyVia On
        ProxyPreserveHost On
        RequestHeader set X_FORWARDED_PROTO https

        <Proxy *>
            Require all granted
        </Proxy>

        <Directory ${root}>
            Require all granted
            Options -MultiViews
        </Directory>
      '' ];
    };
  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
a7f7fdae	2	let
ab8f306d	3	env = config.myEnv.tools.diaspora;
a95ab089	4	root = "/run/current-system/webapps/tools_diaspora";
4288c2f2	5	cfg = config.myServices.websites.tools.diaspora;
7009832a	6	dcfg = config.services.diaspora;
a7f7fdae	7	in {
4288c2f2	8	options.myServices.websites.tools.diaspora = {
a7f7fdae IB	9	enable = lib.mkEnableOption "enable diaspora's website";
	10	};
	11
	12	config = lib.mkIf cfg.enable {
d2e703c5	13	services.duplyBackup.profiles.diaspora = {
6a8252b1	14	rootDir = dcfg.dataDir;
546864bc	15	remotes = [ "eriomem" "ovh" ];
6a8252b1	16	};
7009832a	17	users.users.diaspora.extraGroups = [ "keys" ];
a7f7fdae	18
4c4652aa IB	19	secrets.keys = {
4c4652aa IB	20	"webapps/diaspora" = {
da30ae4f IB	21	isDir = true;
	22	user = "diaspora";
	23	group = "diaspora";
	24	permissions = "0500";
4c4652aa IB	25	};
4c4652aa IB	26	"webapps/diaspora/diaspora.yml" = {
3bb8a82a IB	27	user = "diaspora";
	28	group = "diaspora";
	29	permissions = "0400";
	30	text = ''
	31	configuration:
	32	environment:
	33	url: "https://diaspora.immae.eu/"
	34	certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt'
ab8f306d	35	redis: 'redis://${env.redis.host}:${env.redis.port}/${env.redis.db}'
3bb8a82a IB	36	sidekiq:
	37	s3:
	38	assets:
	39	logging:
	40	logrotate:
	41	debug:
	42	server:
7009832a	43	listen: '${dcfg.sockets.rails}'
3bb8a82a IB	44	rails_environment: 'production'
	45	chat:
	46	server:
	47	bosh:
	48	log:
	49	map:
	50	mapbox:
	51	privacy:
	52	piwik:
	53	statistics:
	54	camo:
	55	settings:
	56	enable_registrations: false
	57	welcome_message:
	58	invitations:
	59	open: false
	60	paypal_donations:
	61	community_spotlight:
	62	captcha:
	63	enable: false
	64	terms:
	65	maintenance:
	66	remove_old_users:
	67	default_metas:
	68	csp:
	69	services:
	70	twitter:
	71	tumblr:
	72	wordpress:
	73	mail:
	74	enable: true
	75	sender_address: 'diaspora@tools.immae.eu'
	76	method: 'sendmail'
	77	smtp:
	78	sendmail:
	79	location: '/run/wrappers/bin/sendmail'
	80	admins:
	81	account: "ismael"
	82	podmin_email: 'diaspora@tools.immae.eu'
	83	relay:
	84	outbound:
	85	inbound:
	86	ldap:
	87	enable: true
ab8f306d	88	host: ${env.ldap.host}
3bb8a82a IB	89	port: 636
	90	only_ldap: true
	91	mail_attribute: mail
	92	skip_email_confirmation: true
	93	use_bind_dn: true
ab8f306d	94	bind_dn: "${env.ldap.dn}"
3bb8a82a	95	bind_pw: "${env.ldap.password}"
ab8f306d IB	96	search_base: "${env.ldap.base}"
ab8f306d IB	97	search_filter: "${env.ldap.filter}"
3bb8a82a IB	98	production:
	99	environment:
	100	development:
	101	environment:
	102	'';
4c4652aa IB	103	};
4c4652aa IB	104	"webapps/diaspora/database.yml" = {
3bb8a82a IB	105	user = "diaspora";
	106	group = "diaspora";
	107	permissions = "0400";
	108	text = ''
	109	postgresql: &postgresql
	110	adapter: postgresql
	111	host: "${env.postgresql.socket}"
	112	port: "${env.postgresql.port}"
	113	username: "${env.postgresql.user}"
	114	password: "${env.postgresql.password}"
	115	encoding: unicode
	116	common: &common
	117	<<: *postgresql
	118	combined: &combined
	119	<<: *common
	120	development:
	121	<<: *combined
	122	database: diaspora_development
	123	production:
	124	<<: *combined
	125	database: ${env.postgresql.database}
	126	test:
	127	<<: *combined
	128	database: "diaspora_test"
	129	integration1:
	130	<<: *combined
	131	database: diaspora_integration1
	132	integration2:
	133	<<: *combined
	134	database: diaspora_integration2
	135	'';
4c4652aa IB	136	};
4c4652aa IB	137	"webapps/diaspora/secret_token.rb" = {
3bb8a82a IB	138	user = "diaspora";
	139	group = "diaspora";
	140	permissions = "0400";
	141	text = ''
	142	Diaspora::Application.config.secret_key_base = '${env.secret_token}'
	143	'';
4c4652aa IB	144	};
4c4652aa IB	145	};
a7f7fdae	146
7009832a IB	147	services.diaspora = {
	148	enable = true;
	149	package = pkgs.webapps.diaspora.override { ldap = true; };
	150	dataDir = "/var/lib/diaspora_immae";
	151	adminEmail = "diaspora@tools.immae.eu";
da30ae4f	152	configDir = config.secrets.fullPaths."webapps/diaspora";
a7f7fdae IB	153	};
a7f7fdae IB	154
17f6eae9 IB	155	services.filesWatcher.diaspora = {
	156	restart = true;
	157	paths = [ dcfg.configDir ];
	158	};
	159
29f8cb85	160	services.websites.env.tools.modules = [
a952acc4	161	"headers" "proxy" "proxy_http"
a7f7fdae	162	];
a95ab089 IB	163	system.extraSystemBuilderCmds = ''
a95ab089 IB	164	mkdir -p $out/webapps
7009832a	165	ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora
a95ab089	166	'';
29f8cb85	167	services.websites.env.tools.vhostConfs.diaspora = {
a7f7fdae	168	certName = "eldiron";
7df420c2	169	addToCerts = true;
a7f7fdae	170	hosts = [ "diaspora.immae.eu" ];
a95ab089	171	root = root;
a7f7fdae IB	172	extraConfig = [ ''
	173	RewriteEngine On
	174	RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
7009832a	175	RewriteRule ^/(.*)$ unix://${dcfg.sockets.rails}\|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L]
a7f7fdae IB	176
	177	ProxyRequests Off
	178	ProxyVia On
	179	ProxyPreserveHost On
	180	RequestHeader set X_FORWARDED_PROTO https
	181
	182	<Proxy *>
	183	Require all granted
	184	</Proxy>
	185
a95ab089	186	<Directory ${root}>
a7f7fdae IB	187	Require all granted
	188	Options -MultiViews
	189	</Directory>
	190	'' ];
	191	};
	192	};
	193	}