[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / diaspora / default.nix

{ lib, pkgs, config, myconfig, mylibs, ... }:
let
  diaspora = pkgs.callPackage ./diaspora.nix {
    inherit (mylibs) fetchedGithub;
    env = myconfig.env.tools.diaspora;
  };

  root = "/run/current-system/webapps/tools_diaspora";
  cfg = config.services.myWebsites.tools.diaspora;
in {
  options.services.myWebsites.tools.diaspora = {
    enable = lib.mkEnableOption "enable diaspora's website";
  };

  config = lib.mkIf cfg.enable {
    ids.uids.diaspora = myconfig.env.tools.diaspora.user.uid;
    ids.gids.diaspora = myconfig.env.tools.diaspora.user.gid;

    users.users.diaspora = {
      name = "diaspora";
      uid = config.ids.uids.diaspora;
      group = "diaspora";
      description = "Diaspora user";
      home = diaspora.varDir;
      useDefaultShell = true;
      packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ];
      extraGroups = [ "keys" ];
    };

    users.groups.diaspora.gid = config.ids.gids.diaspora;

    deployment.keys = diaspora.keys;
    systemd.services.diaspora = {
      description = "Diaspora";
      wantedBy = [ "multi-user.target" ];
      after = [
        "network.target" "redis.service" "postgresql.service"
        "tools-diaspora-secret_token.service"
        "tools-diaspora-config.service"
        "tools-diaspora-database_config.service"
      ];
      wants = [
        "redis.service" "postgresql.service"
        "tools-diaspora-secret_token.service"
        "tools-diaspora-config.service"
        "tools-diaspora-database_config.service"
      ];

      environment.RAILS_ENV = "production";
      environment.BUNDLE_PATH = "${diaspora.gems}/${diaspora.gems.ruby.gemPath}";
      environment.BUNDLE_GEMFILE = "${diaspora.gems.confFiles}/Gemfile";
      environment.EYE_SOCK = "${diaspora.socketsDir}/eye.sock";
      environment.EYE_PID = "${diaspora.socketsDir}/eye.pid";

      path = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby pkgs.curl pkgs.which pkgs.gawk ];

      preStart = ''
        ./bin/bundle exec rails db:migrate
      '';

      script = ''
        exec ${diaspora.railsRoot}/script/server
      '';

      serviceConfig = {
        User = "diaspora";
        PrivateTmp = true;
        Restart = "always";
        Type = "simple";
        WorkingDirectory = diaspora.railsRoot;
        StandardInput = "null";
        KillMode = "control-group";
      };

      unitConfig.RequiresMountsFor = diaspora.varDir;
    };

    system.activationScripts.diaspora = {
      deps = [ "users" ];
      text = ''
      install -m 0755 -o diaspora -g diaspora -d ${diaspora.socketsDir}
      install -m 0755 -o diaspora -g diaspora -d ${diaspora.varDir} \
        ${diaspora.varDir}/uploads ${diaspora.varDir}/tmp \
        ${diaspora.varDir}/log
      install -m 0700 -o diaspora -g diaspora -d ${diaspora.varDir}/tmp/pids
      if [ ! -f ${diaspora.varDir}/schedule.yml ]; then
        echo "{}" | $wrapperDir/sudo -u diaspora tee ${diaspora.varDir}/schedule.yml
      fi
      '';
    };

    services.myWebsites.tools.modules = [
      "headers" "proxy" "proxy_http"
    ];
    security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null;
    system.extraSystemBuilderCmds = ''
      mkdir -p $out/webapps
      ln -s ${diaspora.railsRoot}/public/ $out/webapps/tools_diaspora
      '';
    services.myWebsites.tools.vhostConfs.diaspora = {
      certName    = "eldiron";
      hosts       = [ "diaspora.immae.eu" ];
      root        = root;
      extraConfig = [ ''
        RewriteEngine On
        RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
        RewriteRule ^/(.*)$ unix://${diaspora.railsSocket}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L]

        ProxyRequests Off
        ProxyVia On
        ProxyPreserveHost On
        RequestHeader set X_FORWARDED_PROTO https

        <Proxy *>
            Require all granted
        </Proxy>

        <Directory ${root}>
            Require all granted
            Options -MultiViews
        </Directory>
      '' ];
    };
  };
}
Commit	Line	Data
3345e58d	1	{ lib, pkgs, config, myconfig, mylibs, ... }:
a7f7fdae	2	let
3345e58d	3	diaspora = pkgs.callPackage ./diaspora.nix {
9d90e7e2 IB	4	inherit (mylibs) fetchedGithub;
9d90e7e2 IB	5	env = myconfig.env.tools.diaspora;
a7f7fdae IB	6	};
a7f7fdae IB	7
a95ab089	8	root = "/run/current-system/webapps/tools_diaspora";
a7f7fdae IB	9	cfg = config.services.myWebsites.tools.diaspora;
	10	in {
	11	options.services.myWebsites.tools.diaspora = {
	12	enable = lib.mkEnableOption "enable diaspora's website";
	13	};
	14
	15	config = lib.mkIf cfg.enable {
3b075825 IB	16	ids.uids.diaspora = myconfig.env.tools.diaspora.user.uid;
3b075825 IB	17	ids.gids.diaspora = myconfig.env.tools.diaspora.user.gid;
a7f7fdae IB	18
	19	users.users.diaspora = {
	20	name = "diaspora";
	21	uid = config.ids.uids.diaspora;
	22	group = "diaspora";
	23	description = "Diaspora user";
fe6f1528	24	home = diaspora.varDir;
a7f7fdae IB	25	useDefaultShell = true;
a7f7fdae IB	26	packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ];
ec2a5ffb	27	extraGroups = [ "keys" ];
a7f7fdae IB	28	};
	29
	30	users.groups.diaspora.gid = config.ids.gids.diaspora;
	31
ec2a5ffb	32	deployment.keys = diaspora.keys;
a7f7fdae IB	33	systemd.services.diaspora = {
	34	description = "Diaspora";
	35	wantedBy = [ "multi-user.target" ];
ec2a5ffb IB	36	after = [
	37	"network.target" "redis.service" "postgresql.service"
	38	"tools-diaspora-secret_token.service"
	39	"tools-diaspora-config.service"
	40	"tools-diaspora-database_config.service"
	41	];
	42	wants = [
	43	"redis.service" "postgresql.service"
	44	"tools-diaspora-secret_token.service"
	45	"tools-diaspora-config.service"
	46	"tools-diaspora-database_config.service"
	47	];
a7f7fdae IB	48
a7f7fdae IB	49	environment.RAILS_ENV = "production";
159d8ff3	50	environment.BUNDLE_PATH = "${diaspora.gems}/${diaspora.gems.ruby.gemPath}";
a7f7fdae IB	51	environment.BUNDLE_GEMFILE = "${diaspora.gems.confFiles}/Gemfile";
	52	environment.EYE_SOCK = "${diaspora.socketsDir}/eye.sock";
	53	environment.EYE_PID = "${diaspora.socketsDir}/eye.pid";
	54
	55	path = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby pkgs.curl pkgs.which pkgs.gawk ];
	56
	57	preStart = ''
	58	./bin/bundle exec rails db:migrate
	59	'';
	60
	61	script = ''
	62	exec ${diaspora.railsRoot}/script/server
	63	'';
	64
	65	serviceConfig = {
	66	User = "diaspora";
	67	PrivateTmp = true;
	68	Restart = "always";
	69	Type = "simple";
	70	WorkingDirectory = diaspora.railsRoot;
	71	StandardInput = "null";
	72	KillMode = "control-group";
	73	};
	74
	75	unitConfig.RequiresMountsFor = diaspora.varDir;
	76	};
	77
a7f7fdae IB	78	system.activationScripts.diaspora = {
	79	deps = [ "users" ];
	80	text = ''
	81	install -m 0755 -o diaspora -g diaspora -d ${diaspora.socketsDir}
	82	install -m 0755 -o diaspora -g diaspora -d ${diaspora.varDir} \
	83	${diaspora.varDir}/uploads ${diaspora.varDir}/tmp \
	84	${diaspora.varDir}/log
	85	install -m 0700 -o diaspora -g diaspora -d ${diaspora.varDir}/tmp/pids
	86	if [ ! -f ${diaspora.varDir}/schedule.yml ]; then
	87	echo "{}" \| $wrapperDir/sudo -u diaspora tee ${diaspora.varDir}/schedule.yml
	88	fi
	89	'';
	90	};
	91
	92	services.myWebsites.tools.modules = [
a952acc4	93	"headers" "proxy" "proxy_http"
a7f7fdae IB	94	];
a7f7fdae IB	95	security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null;
a95ab089 IB	96	system.extraSystemBuilderCmds = ''
	97	mkdir -p $out/webapps
	98	ln -s ${diaspora.railsRoot}/public/ $out/webapps/tools_diaspora
	99	'';
a7f7fdae IB	100	services.myWebsites.tools.vhostConfs.diaspora = {
	101	certName = "eldiron";
	102	hosts = [ "diaspora.immae.eu" ];
a95ab089	103	root = root;
a7f7fdae IB	104	extraConfig = [ ''
	105	RewriteEngine On
	106	RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
a952acc4	107	RewriteRule ^/(.*)$ unix://${diaspora.railsSocket}\|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L]
a7f7fdae IB	108
	109	ProxyRequests Off
	110	ProxyVia On
	111	ProxyPreserveHost On
	112	RequestHeader set X_FORWARDED_PROTO https
	113
	114	<Proxy *>
	115	Require all granted
	116	</Proxy>
	117
a95ab089	118	<Directory ${root}>
a7f7fdae IB	119	Require all granted
	120	Options -MultiViews
	121	</Directory>
	122	'' ];
	123	};
	124	};
	125	}