]>
Commit | Line | Data |
---|---|---|
9d90e7e2 | 1 | { env, fetchedGithub, stdenv, defaultGemConfig, writeText, bundlerEnv, ruby_2_4, pkgs, cacert }: |
a7f7fdae | 2 | let |
a7f7fdae IB |
3 | varDir = "/var/lib/diaspora_immae"; |
4 | socketsDir = "/run/diaspora"; | |
a7f7fdae IB |
5 | diaspora = stdenv.mkDerivation (fetchedGithub ./diaspora.json // rec { |
6 | buildPhase = '' | |
a7f7fdae | 7 | patch -p1 < ${./ldap.patch} |
7ac9bef4 IB |
8 | # FIXME: bundlerEnv below doesn't take postgresql group for some |
9 | # reason | |
10 | echo 'gem "pg", "1.1.3"' >> Gemfile | |
a7f7fdae IB |
11 | ''; |
12 | installPhase = '' | |
13 | cp -a . $out | |
14 | ''; | |
a7f7fdae | 15 | }); |
7ac9bef4 IB |
16 | gems = bundlerEnv { |
17 | name = "diaspora-env"; | |
3345e58d IB |
18 | # https://git.immae.eu/mantisbt/view.php?id=131 |
19 | ruby = ruby_2_4.overrideAttrs(old: { | |
20 | postInstall = builtins.replaceStrings [" --destdir $GEM_HOME"] [""] old.postInstall; | |
21 | }); | |
7ac9bef4 IB |
22 | gemfile = "${diaspora}/Gemfile"; |
23 | lockfile = "${diaspora}/Gemfile.lock"; | |
24 | gemset = ./gemset.nix; | |
25 | groups = [ "postgresql" "default" "production" ]; | |
26 | gemConfig = defaultGemConfig // { | |
27 | kostya-sigar = attrs: { | |
28 | buildInputs = [ pkgs.perl ]; | |
29 | }; | |
30 | }; | |
31 | }; | |
ccdd91a7 IB |
32 | keys = { |
33 | secret_token = { | |
34 | dest = "webapps/tools-diaspora-secret_token"; | |
35 | user = "diaspora"; | |
36 | group = "diaspora"; | |
37 | permissions = "0400"; | |
38 | text = '' | |
39 | Diaspora::Application.config.secret_key_base = '${env.secret_token}' | |
40 | ''; | |
41 | }; | |
42 | config = { | |
43 | dest = "webapps/tools-diaspora-config"; | |
44 | user = "diaspora"; | |
45 | group = "diaspora"; | |
46 | permissions = "0400"; | |
47 | text = '' | |
a7f7fdae IB |
48 | configuration: |
49 | environment: | |
50 | url: "https://diaspora.immae.eu/" | |
0fa86654 | 51 | certificate_authorities: '${cacert}/etc/ssl/certs/ca-bundle.crt' |
b0781dbc | 52 | redis: '${env.redis_url}' |
a7f7fdae IB |
53 | sidekiq: |
54 | s3: | |
55 | assets: | |
56 | logging: | |
57 | logrotate: | |
58 | debug: | |
59 | server: | |
60 | listen: '${socketsDir}/diaspora.sock' | |
61 | rails_environment: 'production' | |
62 | chat: | |
63 | server: | |
64 | bosh: | |
65 | log: | |
66 | map: | |
67 | mapbox: | |
68 | privacy: | |
69 | piwik: | |
70 | statistics: | |
71 | camo: | |
72 | settings: | |
73 | enable_registrations: false | |
74 | welcome_message: | |
75 | invitations: | |
76 | open: false | |
77 | paypal_donations: | |
78 | community_spotlight: | |
79 | captcha: | |
80 | enable: false | |
81 | terms: | |
82 | maintenance: | |
83 | remove_old_users: | |
84 | default_metas: | |
85 | csp: | |
86 | services: | |
87 | twitter: | |
88 | tumblr: | |
89 | wordpress: | |
90 | mail: | |
91 | enable: true | |
0f466f6d | 92 | sender_address: 'diaspora@tools.immae.eu' |
591ebd87 | 93 | method: 'sendmail' |
a7f7fdae | 94 | smtp: |
a7f7fdae | 95 | sendmail: |
591ebd87 | 96 | location: '/run/wrappers/bin/sendmail' |
a7f7fdae IB |
97 | admins: |
98 | account: "ismael" | |
0f466f6d | 99 | podmin_email: 'diaspora@tools.immae.eu' |
a7f7fdae IB |
100 | relay: |
101 | outbound: | |
102 | inbound: | |
103 | ldap: | |
104 | enable: true | |
105 | host: ldap.immae.eu | |
106 | port: 636 | |
107 | only_ldap: true | |
108 | mail_attribute: mail | |
109 | skip_email_confirmation: true | |
110 | use_bind_dn: true | |
111 | bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu" | |
9d90e7e2 | 112 | bind_pw: "${env.ldap.password}" |
a7f7fdae IB |
113 | search_base: "dc=immae,dc=eu" |
114 | search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))" | |
115 | production: | |
116 | environment: | |
117 | development: | |
118 | environment: | |
ccdd91a7 IB |
119 | ''; |
120 | }; | |
121 | database = { | |
122 | dest = "webapps/tools-diaspora-database_config"; | |
123 | user = "diaspora"; | |
124 | group = "diaspora"; | |
125 | permissions = "0400"; | |
126 | text = '' | |
a7f7fdae IB |
127 | postgresql: &postgresql |
128 | adapter: postgresql | |
7ebcaad5 IB |
129 | host: "${env.postgresql.socket}" |
130 | port: "${env.postgresql.port}" | |
131 | username: "${env.postgresql.user}" | |
9d90e7e2 | 132 | password: "${env.postgresql.password}" |
a7f7fdae IB |
133 | encoding: unicode |
134 | common: &common | |
135 | <<: *postgresql | |
136 | combined: &combined | |
137 | <<: *common | |
138 | development: | |
139 | <<: *combined | |
140 | database: diaspora_development | |
141 | production: | |
142 | <<: *combined | |
7ebcaad5 | 143 | database: ${env.postgresql.database} |
a7f7fdae IB |
144 | test: |
145 | <<: *combined | |
146 | database: "diaspora_test" | |
147 | integration1: | |
148 | <<: *combined | |
149 | database: diaspora_integration1 | |
150 | integration2: | |
151 | <<: *combined | |
152 | database: diaspora_integration2 | |
ccdd91a7 IB |
153 | ''; |
154 | }; | |
ec2a5ffb | 155 | }; |
a7f7fdae IB |
156 | railsRoot = stdenv.mkDerivation { |
157 | name = "diaspora_immae"; | |
158 | inherit diaspora; | |
ec2a5ffb | 159 | # FIXME: build machine will contain some passwords in the nix store |
a7f7fdae IB |
160 | builder = writeText "build_diaspora_immae" '' |
161 | source $stdenv/setup | |
162 | cp -a $diaspora $out | |
163 | cd $out | |
164 | chmod -R u+rwX . | |
165 | tar -czf public/source.tar.gz ./{app,db,lib,script,Gemfile,Gemfile.lock,Rakefile,config.ru} | |
ccdd91a7 IB |
166 | ln -s ${writeText "database.yml" keys.database.text} config/database.yml |
167 | ln -s ${writeText "diaspora.yml" keys.config.text} config/diaspora.yml | |
168 | ln -s ${writeText "secret_token.rb" keys.secret_token.text} config/initializers/secret_token.rb | |
3c8d7f87 IB |
169 | ln -sf ${varDir}/schedule.yml config/schedule.yml |
170 | ln -sf ${varDir}/oidc_key.pem config/oidc_key.pem | |
171 | ln -sf ${varDir}/uploads public/uploads | |
a7f7fdae | 172 | RAILS_ENV=production ${gems}/bin/rake assets:precompile |
ccdd91a7 IB |
173 | ln -sf /var/secrets/webapps/tools-diaspora-database_config config/database.yml |
174 | ln -sf /var/secrets/webapps/tools-diaspora-config config/diaspora.yml | |
175 | ln -sf /var/secrets/webapps/tools-diaspora-secret_token config/initializers/secret_token.rb | |
a7f7fdae | 176 | rm -rf tmp log |
3c8d7f87 IB |
177 | ln -sf ${varDir}/tmp tmp |
178 | ln -sf ${varDir}/log log | |
a7f7fdae | 179 | ''; |
159d8ff3 | 180 | propagatedBuildInputs = [ gems pkgs.nodejs pkgs.which pkgs.git ]; |
a7f7fdae IB |
181 | }; |
182 | in | |
183 | { | |
ccdd91a7 IB |
184 | inherit railsRoot varDir socketsDir gems; |
185 | keys = builtins.attrValues keys; | |
a7f7fdae IB |
186 | railsSocket = "${socketsDir}/diaspora.sock"; |
187 | } |