]>
Commit | Line | Data |
---|---|---|
ab8f306d | 1 | { lib, pkgs, config, ... }: |
a7f7fdae | 2 | let |
ab8f306d | 3 | env = config.myEnv.tools.diaspora; |
a95ab089 | 4 | root = "/run/current-system/webapps/tools_diaspora"; |
4288c2f2 | 5 | cfg = config.myServices.websites.tools.diaspora; |
7009832a | 6 | dcfg = config.services.diaspora; |
a7f7fdae | 7 | in { |
4288c2f2 | 8 | options.myServices.websites.tools.diaspora = { |
a7f7fdae IB |
9 | enable = lib.mkEnableOption "enable diaspora's website"; |
10 | }; | |
11 | ||
12 | config = lib.mkIf cfg.enable { | |
d2e703c5 | 13 | services.duplyBackup.profiles.diaspora = { |
6a8252b1 | 14 | rootDir = dcfg.dataDir; |
546864bc | 15 | remotes = [ "eriomem" "ovh" ]; |
6a8252b1 | 16 | }; |
7009832a | 17 | users.users.diaspora.extraGroups = [ "keys" ]; |
a7f7fdae | 18 | |
1a718805 | 19 | secrets.keys = [ |
da30ae4f IB |
20 | { |
21 | dest = "webapps/diaspora"; | |
22 | isDir = true; | |
23 | user = "diaspora"; | |
24 | group = "diaspora"; | |
25 | permissions = "0500"; | |
26 | } | |
3bb8a82a IB |
27 | { |
28 | dest = "webapps/diaspora/diaspora.yml"; | |
29 | user = "diaspora"; | |
30 | group = "diaspora"; | |
31 | permissions = "0400"; | |
32 | text = '' | |
33 | configuration: | |
34 | environment: | |
35 | url: "https://diaspora.immae.eu/" | |
36 | certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt' | |
ab8f306d | 37 | redis: 'redis://${env.redis.host}:${env.redis.port}/${env.redis.db}' |
3bb8a82a IB |
38 | sidekiq: |
39 | s3: | |
40 | assets: | |
41 | logging: | |
42 | logrotate: | |
43 | debug: | |
44 | server: | |
7009832a | 45 | listen: '${dcfg.sockets.rails}' |
3bb8a82a IB |
46 | rails_environment: 'production' |
47 | chat: | |
48 | server: | |
49 | bosh: | |
50 | log: | |
51 | map: | |
52 | mapbox: | |
53 | privacy: | |
54 | piwik: | |
55 | statistics: | |
56 | camo: | |
57 | settings: | |
58 | enable_registrations: false | |
59 | welcome_message: | |
60 | invitations: | |
61 | open: false | |
62 | paypal_donations: | |
63 | community_spotlight: | |
64 | captcha: | |
65 | enable: false | |
66 | terms: | |
67 | maintenance: | |
68 | remove_old_users: | |
69 | default_metas: | |
70 | csp: | |
71 | services: | |
72 | twitter: | |
73 | tumblr: | |
74 | wordpress: | |
75 | mail: | |
76 | enable: true | |
77 | sender_address: 'diaspora@tools.immae.eu' | |
78 | method: 'sendmail' | |
79 | smtp: | |
80 | sendmail: | |
81 | location: '/run/wrappers/bin/sendmail' | |
82 | admins: | |
83 | account: "ismael" | |
84 | podmin_email: 'diaspora@tools.immae.eu' | |
85 | relay: | |
86 | outbound: | |
87 | inbound: | |
88 | ldap: | |
89 | enable: true | |
ab8f306d | 90 | host: ${env.ldap.host} |
3bb8a82a IB |
91 | port: 636 |
92 | only_ldap: true | |
93 | mail_attribute: mail | |
94 | skip_email_confirmation: true | |
95 | use_bind_dn: true | |
ab8f306d | 96 | bind_dn: "${env.ldap.dn}" |
3bb8a82a | 97 | bind_pw: "${env.ldap.password}" |
ab8f306d IB |
98 | search_base: "${env.ldap.base}" |
99 | search_filter: "${env.ldap.filter}" | |
3bb8a82a IB |
100 | production: |
101 | environment: | |
102 | development: | |
103 | environment: | |
104 | ''; | |
105 | } | |
106 | { | |
107 | dest = "webapps/diaspora/database.yml"; | |
108 | user = "diaspora"; | |
109 | group = "diaspora"; | |
110 | permissions = "0400"; | |
111 | text = '' | |
112 | postgresql: &postgresql | |
113 | adapter: postgresql | |
114 | host: "${env.postgresql.socket}" | |
115 | port: "${env.postgresql.port}" | |
116 | username: "${env.postgresql.user}" | |
117 | password: "${env.postgresql.password}" | |
118 | encoding: unicode | |
119 | common: &common | |
120 | <<: *postgresql | |
121 | combined: &combined | |
122 | <<: *common | |
123 | development: | |
124 | <<: *combined | |
125 | database: diaspora_development | |
126 | production: | |
127 | <<: *combined | |
128 | database: ${env.postgresql.database} | |
129 | test: | |
130 | <<: *combined | |
131 | database: "diaspora_test" | |
132 | integration1: | |
133 | <<: *combined | |
134 | database: diaspora_integration1 | |
135 | integration2: | |
136 | <<: *combined | |
137 | database: diaspora_integration2 | |
138 | ''; | |
139 | } | |
140 | { | |
141 | dest = "webapps/diaspora/secret_token.rb"; | |
142 | user = "diaspora"; | |
143 | group = "diaspora"; | |
144 | permissions = "0400"; | |
145 | text = '' | |
146 | Diaspora::Application.config.secret_key_base = '${env.secret_token}' | |
147 | ''; | |
148 | } | |
149 | ]; | |
a7f7fdae | 150 | |
7009832a IB |
151 | services.diaspora = { |
152 | enable = true; | |
153 | package = pkgs.webapps.diaspora.override { ldap = true; }; | |
154 | dataDir = "/var/lib/diaspora_immae"; | |
155 | adminEmail = "diaspora@tools.immae.eu"; | |
da30ae4f | 156 | configDir = config.secrets.fullPaths."webapps/diaspora"; |
a7f7fdae IB |
157 | }; |
158 | ||
17f6eae9 IB |
159 | services.filesWatcher.diaspora = { |
160 | restart = true; | |
161 | paths = [ dcfg.configDir ]; | |
162 | }; | |
163 | ||
29f8cb85 | 164 | services.websites.env.tools.modules = [ |
a952acc4 | 165 | "headers" "proxy" "proxy_http" |
a7f7fdae | 166 | ]; |
a95ab089 IB |
167 | system.extraSystemBuilderCmds = '' |
168 | mkdir -p $out/webapps | |
7009832a | 169 | ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora |
a95ab089 | 170 | ''; |
29f8cb85 | 171 | services.websites.env.tools.vhostConfs.diaspora = { |
a7f7fdae | 172 | certName = "eldiron"; |
7df420c2 | 173 | addToCerts = true; |
a7f7fdae | 174 | hosts = [ "diaspora.immae.eu" ]; |
a95ab089 | 175 | root = root; |
a7f7fdae IB |
176 | extraConfig = [ '' |
177 | RewriteEngine On | |
178 | RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f | |
7009832a | 179 | RewriteRule ^/(.*)$ unix://${dcfg.sockets.rails}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L] |
a7f7fdae IB |
180 | |
181 | ProxyRequests Off | |
182 | ProxyVia On | |
183 | ProxyPreserveHost On | |
184 | RequestHeader set X_FORWARDED_PROTO https | |
185 | ||
186 | <Proxy *> | |
187 | Require all granted | |
188 | </Proxy> | |
189 | ||
a95ab089 | 190 | <Directory ${root}> |
a7f7fdae IB |
191 | Require all granted |
192 | Options -MultiViews | |
193 | </Directory> | |
194 | '' ]; | |
195 | }; | |
196 | }; | |
197 | } |