[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / diaspora / diaspora.nix

{ env, fetchedGithub, stdenv, defaultGemConfig, writeText, bundlerEnv, ruby_2_4, pkgs, cacert }:
let
  varDir = "/var/lib/diaspora_immae";
  socketsDir = "/run/diaspora";
  diaspora = stdenv.mkDerivation (fetchedGithub ./diaspora.json // rec {
    buildPhase = ''
      patch -p1 < ${./ldap.patch}
      # FIXME: bundlerEnv below doesn't take postgresql group for some
      # reason
      echo 'gem "pg",     "1.1.3"' >> Gemfile
    '';
    installPhase = ''
      cp -a . $out
    '';
  });
  gems = bundlerEnv {
    name = "diaspora-env";
    # https://git.immae.eu/mantisbt/view.php?id=131
    ruby = ruby_2_4.overrideAttrs(old: {
      postInstall = builtins.replaceStrings [" --destdir $GEM_HOME"] [""] old.postInstall;
    });
    gemfile = "${diaspora}/Gemfile";
    lockfile = "${diaspora}/Gemfile.lock";
    gemset = ./gemset.nix;
    groups = [ "postgresql" "default" "production" ];
    gemConfig = defaultGemConfig // {
      kostya-sigar = attrs: {
        buildInputs = [ pkgs.perl ];
      };
    };
  };
  keys = {
    secret_token = {
      dest = "webapps/tools-diaspora-secret_token";
      user = "diaspora";
      group = "diaspora";
      permissions = "0400";
      text = ''
        Diaspora::Application.config.secret_key_base = '${env.secret_token}'
      '';
    };
    config = {
      dest = "webapps/tools-diaspora-config";
      user = "diaspora";
      group = "diaspora";
      permissions = "0400";
      text = ''
      configuration:
        environment:
          url: "https://diaspora.immae.eu/"
          certificate_authorities: '${cacert}/etc/ssl/certs/ca-bundle.crt'
          redis: '${env.redis_url}'
          sidekiq:
          s3:
          assets:
          logging:
            logrotate:
            debug:
        server:
          listen: '${socketsDir}/diaspora.sock'
          rails_environment: 'production'
        chat:
          server:
            bosh:
            log:
        map:
          mapbox:
        privacy:
          piwik:
          statistics:
          camo:
        settings:
          enable_registrations: false
          welcome_message:
          invitations:
            open: false
          paypal_donations:
          community_spotlight:
          captcha:
            enable: false
          terms:
          maintenance:
            remove_old_users:
          default_metas:
          csp:
        services:
          twitter:
          tumblr:
          wordpress:
        mail:
          enable: true
          sender_address: 'diaspora@tools.immae.eu'
          method: 'sendmail'
          smtp:
          sendmail:
            location: '/run/wrappers/bin/sendmail'
        admins:
          account: "ismael"
          podmin_email: 'diaspora@tools.immae.eu'
        relay:
          outbound:
          inbound:
        ldap:
            enable: true
            host: ldap.immae.eu
            port: 636
            only_ldap: true
            mail_attribute: mail
            skip_email_confirmation: true
            use_bind_dn: true
            bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu"
            bind_pw: "${env.ldap.password}"
            search_base: "dc=immae,dc=eu"
            search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))"
      production:
        environment:
      development:
        environment:
      '';
    };
    database = {
      dest = "webapps/tools-diaspora-database_config";
      user = "diaspora";
      group = "diaspora";
      permissions = "0400";
      text = ''
      postgresql: &postgresql
        adapter: postgresql
        host: "${env.postgresql.socket}"
        port: "${env.postgresql.port}"
        username: "${env.postgresql.user}"
        password: "${env.postgresql.password}"
        encoding: unicode
      common: &common
        <<: *postgresql
      combined: &combined
        <<: *common
      development:
        <<: *combined
        database: diaspora_development
      production:
        <<: *combined
        database: ${env.postgresql.database}
      test:
        <<: *combined
        database: "diaspora_test"
      integration1:
        <<: *combined
        database: diaspora_integration1
      integration2:
        <<: *combined
        database: diaspora_integration2
      '';
    };
  };
    railsRoot = stdenv.mkDerivation {
      name = "diaspora_immae";
      inherit diaspora;
      # FIXME: build machine will contain some passwords in the nix store
      builder = writeText "build_diaspora_immae" ''
        source $stdenv/setup
        cp -a $diaspora $out
        cd $out
        chmod -R u+rwX .
        tar -czf public/source.tar.gz ./{app,db,lib,script,Gemfile,Gemfile.lock,Rakefile,config.ru}
        ln -s ${writeText "database.yml" keys.database.text} config/database.yml
        ln -s ${writeText "diaspora.yml" keys.config.text} config/diaspora.yml
        ln -s ${writeText "secret_token.rb" keys.secret_token.text} config/initializers/secret_token.rb
        ln -sf ${varDir}/schedule.yml config/schedule.yml
        ln -sf ${varDir}/oidc_key.pem config/oidc_key.pem
        ln -sf ${varDir}/uploads public/uploads
        RAILS_ENV=production ${gems}/bin/rake assets:precompile
        ln -sf /var/secrets/webapps/tools-diaspora-database_config config/database.yml
        ln -sf /var/secrets/webapps/tools-diaspora-config config/diaspora.yml
        ln -sf /var/secrets/webapps/tools-diaspora-secret_token config/initializers/secret_token.rb
        rm -rf tmp log
        ln -sf ${varDir}/tmp tmp
        ln -sf ${varDir}/log log
        '';
      propagatedBuildInputs = [ gems pkgs.nodejs pkgs.which pkgs.git ];
    };
in
  {
    inherit railsRoot varDir socketsDir gems;
    keys = builtins.attrValues keys;
    railsSocket = "${socketsDir}/diaspora.sock";
  }
Commit	Line	Data
9d90e7e2	1	{ env, fetchedGithub, stdenv, defaultGemConfig, writeText, bundlerEnv, ruby_2_4, pkgs, cacert }:
a7f7fdae	2	let
a7f7fdae IB	3	varDir = "/var/lib/diaspora_immae";
a7f7fdae IB	4	socketsDir = "/run/diaspora";
a7f7fdae IB	5	diaspora = stdenv.mkDerivation (fetchedGithub ./diaspora.json // rec {
a7f7fdae IB	6	buildPhase = ''
a7f7fdae	7	patch -p1 < ${./ldap.patch}
7ac9bef4 IB	8	# FIXME: bundlerEnv below doesn't take postgresql group for some
	9	# reason
	10	echo 'gem "pg", "1.1.3"' >> Gemfile
a7f7fdae IB	11	'';
	12	installPhase = ''
	13	cp -a . $out
	14	'';
a7f7fdae	15	});
7ac9bef4 IB	16	gems = bundlerEnv {
7ac9bef4 IB	17	name = "diaspora-env";
3345e58d IB	18	# https://git.immae.eu/mantisbt/view.php?id=131
	19	ruby = ruby_2_4.overrideAttrs(old: {
	20	postInstall = builtins.replaceStrings [" --destdir $GEM_HOME"] [""] old.postInstall;
	21	});
7ac9bef4 IB	22	gemfile = "${diaspora}/Gemfile";
	23	lockfile = "${diaspora}/Gemfile.lock";
	24	gemset = ./gemset.nix;
	25	groups = [ "postgresql" "default" "production" ];
	26	gemConfig = defaultGemConfig // {
	27	kostya-sigar = attrs: {
	28	buildInputs = [ pkgs.perl ];
	29	};
	30	};
	31	};
ccdd91a7 IB	32	keys = {
	33	secret_token = {
	34	dest = "webapps/tools-diaspora-secret_token";
	35	user = "diaspora";
	36	group = "diaspora";
	37	permissions = "0400";
	38	text = ''
	39	Diaspora::Application.config.secret_key_base = '${env.secret_token}'
	40	'';
	41	};
	42	config = {
	43	dest = "webapps/tools-diaspora-config";
	44	user = "diaspora";
	45	group = "diaspora";
	46	permissions = "0400";
	47	text = ''
a7f7fdae IB	48	configuration:
	49	environment:
	50	url: "https://diaspora.immae.eu/"
0fa86654	51	certificate_authorities: '${cacert}/etc/ssl/certs/ca-bundle.crt'
b0781dbc	52	redis: '${env.redis_url}'
a7f7fdae IB	53	sidekiq:
	54	s3:
	55	assets:
	56	logging:
	57	logrotate:
	58	debug:
	59	server:
	60	listen: '${socketsDir}/diaspora.sock'
	61	rails_environment: 'production'
	62	chat:
	63	server:
	64	bosh:
	65	log:
	66	map:
	67	mapbox:
	68	privacy:
	69	piwik:
	70	statistics:
	71	camo:
	72	settings:
	73	enable_registrations: false
	74	welcome_message:
	75	invitations:
	76	open: false
	77	paypal_donations:
	78	community_spotlight:
	79	captcha:
	80	enable: false
	81	terms:
	82	maintenance:
	83	remove_old_users:
	84	default_metas:
	85	csp:
	86	services:
	87	twitter:
	88	tumblr:
	89	wordpress:
	90	mail:
	91	enable: true
0f466f6d	92	sender_address: 'diaspora@tools.immae.eu'
591ebd87	93	method: 'sendmail'
a7f7fdae	94	smtp:
a7f7fdae	95	sendmail:
591ebd87	96	location: '/run/wrappers/bin/sendmail'
a7f7fdae IB	97	admins:
a7f7fdae IB	98	account: "ismael"
0f466f6d	99	podmin_email: 'diaspora@tools.immae.eu'
a7f7fdae IB	100	relay:
	101	outbound:
	102	inbound:
	103	ldap:
	104	enable: true
	105	host: ldap.immae.eu
	106	port: 636
	107	only_ldap: true
	108	mail_attribute: mail
	109	skip_email_confirmation: true
	110	use_bind_dn: true
	111	bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu"
9d90e7e2	112	bind_pw: "${env.ldap.password}"
a7f7fdae IB	113	search_base: "dc=immae,dc=eu"
	114	search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))"
	115	production:
	116	environment:
	117	development:
	118	environment:
ccdd91a7 IB	119	'';
	120	};
	121	database = {
	122	dest = "webapps/tools-diaspora-database_config";
	123	user = "diaspora";
	124	group = "diaspora";
	125	permissions = "0400";
	126	text = ''
a7f7fdae IB	127	postgresql: &postgresql
a7f7fdae IB	128	adapter: postgresql
7ebcaad5 IB	129	host: "${env.postgresql.socket}"
	130	port: "${env.postgresql.port}"
	131	username: "${env.postgresql.user}"
9d90e7e2	132	password: "${env.postgresql.password}"
a7f7fdae IB	133	encoding: unicode
	134	common: &common
	135	<<: *postgresql
	136	combined: &combined
	137	<<: *common
	138	development:
	139	<<: *combined
	140	database: diaspora_development
	141	production:
	142	<<: *combined
7ebcaad5	143	database: ${env.postgresql.database}
a7f7fdae IB	144	test:
	145	<<: *combined
	146	database: "diaspora_test"
	147	integration1:
	148	<<: *combined
	149	database: diaspora_integration1
	150	integration2:
	151	<<: *combined
	152	database: diaspora_integration2
ccdd91a7 IB	153	'';
ccdd91a7 IB	154	};
ec2a5ffb	155	};
a7f7fdae IB	156	railsRoot = stdenv.mkDerivation {
	157	name = "diaspora_immae";
	158	inherit diaspora;
ec2a5ffb	159	# FIXME: build machine will contain some passwords in the nix store
a7f7fdae IB	160	builder = writeText "build_diaspora_immae" ''
	161	source $stdenv/setup
	162	cp -a $diaspora $out
	163	cd $out
	164	chmod -R u+rwX .
	165	tar -czf public/source.tar.gz ./{app,db,lib,script,Gemfile,Gemfile.lock,Rakefile,config.ru}
ccdd91a7 IB	166	ln -s ${writeText "database.yml" keys.database.text} config/database.yml
	167	ln -s ${writeText "diaspora.yml" keys.config.text} config/diaspora.yml
	168	ln -s ${writeText "secret_token.rb" keys.secret_token.text} config/initializers/secret_token.rb
3c8d7f87 IB	169	ln -sf ${varDir}/schedule.yml config/schedule.yml
	170	ln -sf ${varDir}/oidc_key.pem config/oidc_key.pem
	171	ln -sf ${varDir}/uploads public/uploads
a7f7fdae	172	RAILS_ENV=production ${gems}/bin/rake assets:precompile
ccdd91a7 IB	173	ln -sf /var/secrets/webapps/tools-diaspora-database_config config/database.yml
	174	ln -sf /var/secrets/webapps/tools-diaspora-config config/diaspora.yml
	175	ln -sf /var/secrets/webapps/tools-diaspora-secret_token config/initializers/secret_token.rb
a7f7fdae	176	rm -rf tmp log
3c8d7f87 IB	177	ln -sf ${varDir}/tmp tmp
3c8d7f87 IB	178	ln -sf ${varDir}/log log
a7f7fdae	179	'';
159d8ff3	180	propagatedBuildInputs = [ gems pkgs.nodejs pkgs.which pkgs.git ];
a7f7fdae IB	181	};
	182	in
	183	{
ccdd91a7 IB	184	inherit railsRoot varDir socketsDir gems;
ccdd91a7 IB	185	keys = builtins.attrValues keys;
a7f7fdae IB	186	railsSocket = "${socketsDir}/diaspora.sock";
a7f7fdae IB	187	}