projects / perso / Immae / Config / Nix.git / blame
| Commit | Line | Data |
|---|---|---|
| 3345e58d | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
| a7f7fdae | 2 | let |
| 3bb8a82a IB |
3 | varDir = "/var/lib/diaspora_immae"; |
| 4 | ||
| 5 | diaspora = pkgs.webapps.diaspora.override { | |
| 6 | ldap = true; | |
| 7 | inherit varDir; | |
| 8 | podmin_email = "diaspora@tools.immae.eu"; | |
| 9 | config_dir = "/var/secrets/webapps/diaspora"; | |
| a7f7fdae IB |
10 | }; |
| 11 | ||
| 3bb8a82a IB |
12 | railsSocket = "${socketsDir}/diaspora.sock"; |
| 13 | socketsDir = "/run/diaspora"; | |
| 14 | env = myconfig.env.tools.diaspora; | |
| a95ab089 | 15 | root = "/run/current-system/webapps/tools_diaspora"; |
| a7f7fdae IB |
16 | cfg = config.services.myWebsites.tools.diaspora; |
| 17 | in { | |
| 18 | options.services.myWebsites.tools.diaspora = { | |
| 19 | enable = lib.mkEnableOption "enable diaspora's website"; | |
| 20 | }; | |
| 21 | ||
| 22 | config = lib.mkIf cfg.enable { | |
| 3bb8a82a IB |
23 | ids.uids.diaspora = env.user.uid; |
| 24 | ids.gids.diaspora = env.user.gid; | |
| a7f7fdae IB |
25 | |
| 26 | users.users.diaspora = { | |
| 27 | name = "diaspora"; | |
| 28 | uid = config.ids.uids.diaspora; | |
| 29 | group = "diaspora"; | |
| 30 | description = "Diaspora user"; | |
| 3bb8a82a | 31 | home = varDir; |
| a7f7fdae IB |
32 | useDefaultShell = true; |
| 33 | packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ]; | |
| ec2a5ffb | 34 | extraGroups = [ "keys" ]; |
| a7f7fdae IB |
35 | }; |
| 36 | ||
| 37 | users.groups.diaspora.gid = config.ids.gids.diaspora; | |
| 1a718805 | 38 | secrets.keys = [ |
| 3bb8a82a IB |
39 | { |
| 40 | dest = "webapps/diaspora/diaspora.yml"; | |
| 41 | user = "diaspora"; | |
| 42 | group = "diaspora"; | |
| 43 | permissions = "0400"; | |
| 44 | text = '' | |
| 45 | configuration: | |
| 46 | environment: | |
| 47 | url: "https://diaspora.immae.eu/" | |
| 48 | certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt' | |
| 49 | redis: '${env.redis_url}' | |
| 50 | sidekiq: | |
| 51 | s3: | |
| 52 | assets: | |
| 53 | logging: | |
| 54 | logrotate: | |
| 55 | debug: | |
| 56 | server: | |
| 57 | listen: '${socketsDir}/diaspora.sock' | |
| 58 | rails_environment: 'production' | |
| 59 | chat: | |
| 60 | server: | |
| 61 | bosh: | |
| 62 | log: | |
| 63 | map: | |
| 64 | mapbox: | |
| 65 | privacy: | |
| 66 | piwik: | |
| 67 | statistics: | |
| 68 | camo: | |
| 69 | settings: | |
| 70 | enable_registrations: false | |
| 71 | welcome_message: | |
| 72 | invitations: | |
| 73 | open: false | |
| 74 | paypal_donations: | |
| 75 | community_spotlight: | |
| 76 | captcha: | |
| 77 | enable: false | |
| 78 | terms: | |
| 79 | maintenance: | |
| 80 | remove_old_users: | |
| 81 | default_metas: | |
| 82 | csp: | |
| 83 | services: | |
| 84 | twitter: | |
| 85 | tumblr: | |
| 86 | wordpress: | |
| 87 | mail: | |
| 88 | enable: true | |
| 89 | sender_address: 'diaspora@tools.immae.eu' | |
| 90 | method: 'sendmail' | |
| 91 | smtp: | |
| 92 | sendmail: | |
| 93 | location: '/run/wrappers/bin/sendmail' | |
| 94 | admins: | |
| 95 | account: "ismael" | |
| 96 | podmin_email: 'diaspora@tools.immae.eu' | |
| 97 | relay: | |
| 98 | outbound: | |
| 99 | inbound: | |
| 100 | ldap: | |
| 101 | enable: true | |
| 102 | host: ldap.immae.eu | |
| 103 | port: 636 | |
| 104 | only_ldap: true | |
| 105 | mail_attribute: mail | |
| 106 | skip_email_confirmation: true | |
| 107 | use_bind_dn: true | |
| 108 | bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu" | |
| 109 | bind_pw: "${env.ldap.password}" | |
| 110 | search_base: "dc=immae,dc=eu" | |
| 111 | search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))" | |
| 112 | production: | |
| 113 | environment: | |
| 114 | development: | |
| 115 | environment: | |
| 116 | ''; | |
| 117 | } | |
| 118 | { | |
| 119 | dest = "webapps/diaspora/database.yml"; | |
| 120 | user = "diaspora"; | |
| 121 | group = "diaspora"; | |
| 122 | permissions = "0400"; | |
| 123 | text = '' | |
| 124 | postgresql: &postgresql | |
| 125 | adapter: postgresql | |
| 126 | host: "${env.postgresql.socket}" | |
| 127 | port: "${env.postgresql.port}" | |
| 128 | username: "${env.postgresql.user}" | |
| 129 | password: "${env.postgresql.password}" | |
| 130 | encoding: unicode | |
| 131 | common: &common | |
| 132 | <<: *postgresql | |
| 133 | combined: &combined | |
| 134 | <<: *common | |
| 135 | development: | |
| 136 | <<: *combined | |
| 137 | database: diaspora_development | |
| 138 | production: | |
| 139 | <<: *combined | |
| 140 | database: ${env.postgresql.database} | |
| 141 | test: | |
| 142 | <<: *combined | |
| 143 | database: "diaspora_test" | |
| 144 | integration1: | |
| 145 | <<: *combined | |
| 146 | database: diaspora_integration1 | |
| 147 | integration2: | |
| 148 | <<: *combined | |
| 149 | database: diaspora_integration2 | |
| 150 | ''; | |
| 151 | } | |
| 152 | { | |
| 153 | dest = "webapps/diaspora/secret_token.rb"; | |
| 154 | user = "diaspora"; | |
| 155 | group = "diaspora"; | |
| 156 | permissions = "0400"; | |
| 157 | text = '' | |
| 158 | Diaspora::Application.config.secret_key_base = '${env.secret_token}' | |
| 159 | ''; | |
| 160 | } | |
| 161 | ]; | |
| a7f7fdae IB |
162 | |
| 163 | systemd.services.diaspora = { | |
| 164 | description = "Diaspora"; | |
| 165 | wantedBy = [ "multi-user.target" ]; | |
| ec2a5ffb IB |
166 | after = [ |
| 167 | "network.target" "redis.service" "postgresql.service" | |
| ec2a5ffb IB |
168 | ]; |
| 169 | wants = [ | |
| 170 | "redis.service" "postgresql.service" | |
| ec2a5ffb | 171 | ]; |
| a7f7fdae IB |
172 | |
| 173 | environment.RAILS_ENV = "production"; | |
| 159d8ff3 | 174 | environment.BUNDLE_PATH = "${diaspora.gems}/${diaspora.gems.ruby.gemPath}"; |
| a7f7fdae | 175 | environment.BUNDLE_GEMFILE = "${diaspora.gems.confFiles}/Gemfile"; |
| 3bb8a82a IB |
176 | environment.EYE_SOCK = "${socketsDir}/eye.sock"; |
| 177 | environment.EYE_PID = "${socketsDir}/eye.pid"; | |
| a7f7fdae IB |
178 | |
| 179 | path = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby pkgs.curl pkgs.which pkgs.gawk ]; | |
| 180 | ||
| 181 | preStart = '' | |
| 182 | ./bin/bundle exec rails db:migrate | |
| 183 | ''; | |
| 184 | ||
| 185 | script = '' | |
| 3bb8a82a | 186 | exec ${diaspora}/script/server |
| a7f7fdae IB |
187 | ''; |
| 188 | ||
| 189 | serviceConfig = { | |
| 190 | User = "diaspora"; | |
| 191 | PrivateTmp = true; | |
| 192 | Restart = "always"; | |
| 193 | Type = "simple"; | |
| 3bb8a82a | 194 | WorkingDirectory = diaspora; |
| a7f7fdae IB |
195 | StandardInput = "null"; |
| 196 | KillMode = "control-group"; | |
| 197 | }; | |
| 198 | ||
| 3bb8a82a | 199 | unitConfig.RequiresMountsFor = varDir; |
| a7f7fdae IB |
200 | }; |
| 201 | ||
| a7f7fdae IB |
202 | system.activationScripts.diaspora = { |
| 203 | deps = [ "users" ]; | |
| 204 | text = '' | |
| 3bb8a82a IB |
205 | install -m 0755 -o diaspora -g diaspora -d ${socketsDir} |
| 206 | install -m 0755 -o diaspora -g diaspora -d ${varDir} \ | |
| 207 | ${varDir}/uploads ${varDir}/tmp \ | |
| 208 | ${varDir}/log | |
| 209 | install -m 0700 -o diaspora -g diaspora -d ${varDir}/tmp/pids | |
| 210 | if [ ! -f ${varDir}/schedule.yml ]; then | |
| 211 | echo "{}" | $wrapperDir/sudo -u diaspora tee ${varDir}/schedule.yml | |
| a7f7fdae IB |
212 | fi |
| 213 | ''; | |
| 214 | }; | |
| 215 | ||
| 216 | services.myWebsites.tools.modules = [ | |
| a952acc4 | 217 | "headers" "proxy" "proxy_http" |
| a7f7fdae IB |
218 | ]; |
| 219 | security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null; | |
| a95ab089 IB |
220 | system.extraSystemBuilderCmds = '' |
| 221 | mkdir -p $out/webapps | |
| 3bb8a82a | 222 | ln -s ${diaspora}/public/ $out/webapps/tools_diaspora |
| a95ab089 | 223 | ''; |
| a7f7fdae IB |
224 | services.myWebsites.tools.vhostConfs.diaspora = { |
| 225 | certName = "eldiron"; | |
| 226 | hosts = [ "diaspora.immae.eu" ]; | |
| a95ab089 | 227 | root = root; |
| a7f7fdae IB |
228 | extraConfig = [ '' |
| 229 | RewriteEngine On | |
| 230 | RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f | |
| 3bb8a82a | 231 | RewriteRule ^/(.*)$ unix://${railsSocket}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L] |
| a7f7fdae IB |
232 | |
| 233 | ProxyRequests Off | |
| 234 | ProxyVia On | |
| 235 | ProxyPreserveHost On | |
| 236 | RequestHeader set X_FORWARDED_PROTO https | |
| 237 | ||
| 238 | <Proxy *> | |
| 239 | Require all granted | |
| 240 | </Proxy> | |
| 241 | ||
| a95ab089 | 242 | <Directory ${root}> |
| a7f7fdae IB |
243 | Require all granted |
| 244 | Options -MultiViews | |
| 245 | </Directory> | |
| 246 | '' ]; | |
| 247 | }; | |
| 248 | }; | |
| 249 | } |