[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / diaspora / diaspora.nix

{ env, fetchedGithub, stdenv, defaultGemConfig, writeText, bundlerEnv, ruby_2_4, pkgs, cacert }:
let
  varDir = "/var/lib/diaspora_immae";
  socketsDir = "/run/diaspora";
  diaspora = stdenv.mkDerivation (fetchedGithub ./diaspora.json // rec {
    buildPhase = ''
      patch -p1 < ${./ldap.patch}
      # FIXME: bundlerEnv below doesn't take postgresql group for some
      # reason
      echo 'gem "pg",     "1.1.3"' >> Gemfile
    '';
    installPhase = ''
      cp -a . $out
    '';
  });
  gems = bundlerEnv {
    name = "diaspora-env";
    # https://git.immae.eu/mantisbt/view.php?id=131
    ruby = ruby_2_4.overrideAttrs(old: {
      postInstall = builtins.replaceStrings [" --destdir $GEM_HOME"] [""] old.postInstall;
    });
    gemfile = "${diaspora}/Gemfile";
    lockfile = "${diaspora}/Gemfile.lock";
    gemset = ./gemset.nix;
    groups = [ "postgresql" "default" "production" ];
    gemConfig = defaultGemConfig // {
      kostya-sigar = attrs: {
        buildInputs = [ pkgs.perl ];
      };
    };
  };
  keys.tools-diaspora-secret_token = {
    destDir = "/run/keys/webapps";
    user = "diaspora";
    group = "diaspora";
    permissions = "0400";
    text = ''
      Diaspora::Application.config.secret_key_base = '${env.secret_token}'
    '';
  };
  keys.tools-diaspora-config = {
    destDir = "/run/keys/webapps";
    user = "diaspora";
    group = "diaspora";
    permissions = "0400";
    text = ''
      configuration:
        environment:
          url: "https://diaspora.immae.eu/"
          certificate_authorities: '${cacert}/etc/ssl/certs/ca-bundle.crt'
          redis: '${env.redis_url}'
          sidekiq:
          s3:
          assets:
          logging:
            logrotate:
            debug:
        server:
          listen: '${socketsDir}/diaspora.sock'
          rails_environment: 'production'
        chat:
          server:
            bosh:
            log:
        map:
          mapbox:
        privacy:
          piwik:
          statistics:
          camo:
        settings:
          enable_registrations: false
          welcome_message:
          invitations:
            open: false
          paypal_donations:
          community_spotlight:
          captcha:
            enable: false
          terms:
          maintenance:
            remove_old_users:
          default_metas:
          csp:
        services:
          twitter:
          tumblr:
          wordpress:
        mail:
          enable: true
          sender_address: 'diaspora@tools.immae.eu'
          method: 'sendmail'
          smtp:
          sendmail:
            location: '/run/wrappers/bin/sendmail'
        admins:
          account: "ismael"
          podmin_email: 'diaspora@tools.immae.eu'
        relay:
          outbound:
          inbound:
        ldap:
            enable: true
            host: ldap.immae.eu
            port: 636
            only_ldap: true
            mail_attribute: mail
            skip_email_confirmation: true
            use_bind_dn: true
            bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu"
            bind_pw: "${env.ldap.password}"
            search_base: "dc=immae,dc=eu"
            search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))"
      production:
        environment:
      development:
        environment:
    '';
  };
  keys.tools-diaspora-database_config = {
    destDir = "/run/keys/webapps";
    user = "diaspora";
    group = "diaspora";
    permissions = "0400";
    text = ''
      postgresql: &postgresql
        adapter: postgresql
        host: "${env.postgresql.socket}"
        port: "${env.postgresql.port}"
        username: "${env.postgresql.user}"
        password: "${env.postgresql.password}"
        encoding: unicode
      common: &common
        <<: *postgresql
      combined: &combined
        <<: *common
      development:
        <<: *combined
        database: diaspora_development
      production:
        <<: *combined
        database: ${env.postgresql.database}
      test:
        <<: *combined
        database: "diaspora_test"
      integration1:
        <<: *combined
        database: diaspora_integration1
      integration2:
        <<: *combined
        database: diaspora_integration2
    '';
  };
    railsRoot = stdenv.mkDerivation {
      name = "diaspora_immae";
      inherit diaspora;
      # FIXME: build machine will contain some passwords in the nix store
      builder = writeText "build_diaspora_immae" ''
        source $stdenv/setup
        cp -a $diaspora $out
        cd $out
        chmod -R u+rwX .
        tar -czf public/source.tar.gz ./{app,db,lib,script,Gemfile,Gemfile.lock,Rakefile,config.ru}
        ln -s ${writeText "database.yml" keys.tools-diaspora-database_config.text} config/database.yml
        ln -s ${writeText "diaspora.yml" keys.tools-diaspora-config.text} config/diaspora.yml
        ln -s ${writeText "secret_token.rb" keys.tools-diaspora-secret_token.text} config/initializers/secret_token.rb
        ln -sf ${varDir}/schedule.yml config/schedule.yml
        ln -sf ${varDir}/oidc_key.pem config/oidc_key.pem
        ln -sf ${varDir}/uploads public/uploads
        RAILS_ENV=production ${gems}/bin/rake assets:precompile
        ln -sf /run/keys/webapps/tools-diaspora-database_config config/database.yml
        ln -sf /run/keys/webapps/tools-diaspora-config config/diaspora.yml
        ln -sf /run/keys/webapps/tools-diaspora-secret_token config/initializers/secret_token.rb
        rm -rf tmp log
        ln -sf ${varDir}/tmp tmp
        ln -sf ${varDir}/log log
        '';
      propagatedBuildInputs = [ gems pkgs.nodejs pkgs.which pkgs.git ];
    };
in
  {
    inherit railsRoot varDir socketsDir gems keys;
    railsSocket = "${socketsDir}/diaspora.sock";
  }
Commit	Line	Data
9d90e7e2	1	{ env, fetchedGithub, stdenv, defaultGemConfig, writeText, bundlerEnv, ruby_2_4, pkgs, cacert }:
a7f7fdae	2	let
a7f7fdae IB	3	varDir = "/var/lib/diaspora_immae";
a7f7fdae IB	4	socketsDir = "/run/diaspora";
a7f7fdae IB	5	diaspora = stdenv.mkDerivation (fetchedGithub ./diaspora.json // rec {
a7f7fdae IB	6	buildPhase = ''
a7f7fdae	7	patch -p1 < ${./ldap.patch}
7ac9bef4 IB	8	# FIXME: bundlerEnv below doesn't take postgresql group for some
	9	# reason
	10	echo 'gem "pg", "1.1.3"' >> Gemfile
a7f7fdae IB	11	'';
	12	installPhase = ''
	13	cp -a . $out
	14	'';
a7f7fdae	15	});
7ac9bef4 IB	16	gems = bundlerEnv {
7ac9bef4 IB	17	name = "diaspora-env";
3345e58d IB	18	# https://git.immae.eu/mantisbt/view.php?id=131
	19	ruby = ruby_2_4.overrideAttrs(old: {
	20	postInstall = builtins.replaceStrings [" --destdir $GEM_HOME"] [""] old.postInstall;
	21	});
7ac9bef4 IB	22	gemfile = "${diaspora}/Gemfile";
	23	lockfile = "${diaspora}/Gemfile.lock";
	24	gemset = ./gemset.nix;
	25	groups = [ "postgresql" "default" "production" ];
	26	gemConfig = defaultGemConfig // {
	27	kostya-sigar = attrs: {
	28	buildInputs = [ pkgs.perl ];
	29	};
	30	};
	31	};
ec2a5ffb IB	32	keys.tools-diaspora-secret_token = {
	33	destDir = "/run/keys/webapps";
	34	user = "diaspora";
	35	group = "diaspora";
85f5ed68	36	permissions = "0400";
ec2a5ffb IB	37	text = ''
ec2a5ffb IB	38	Diaspora::Application.config.secret_key_base = '${env.secret_token}'
a7f7fdae	39	'';
ec2a5ffb IB	40	};
	41	keys.tools-diaspora-config = {
	42	destDir = "/run/keys/webapps";
	43	user = "diaspora";
	44	group = "diaspora";
85f5ed68	45	permissions = "0400";
ec2a5ffb	46	text = ''
a7f7fdae IB	47	configuration:
	48	environment:
	49	url: "https://diaspora.immae.eu/"
0fa86654	50	certificate_authorities: '${cacert}/etc/ssl/certs/ca-bundle.crt'
b0781dbc	51	redis: '${env.redis_url}'
a7f7fdae IB	52	sidekiq:
	53	s3:
	54	assets:
	55	logging:
	56	logrotate:
	57	debug:
	58	server:
	59	listen: '${socketsDir}/diaspora.sock'
	60	rails_environment: 'production'
	61	chat:
	62	server:
	63	bosh:
	64	log:
	65	map:
	66	mapbox:
	67	privacy:
	68	piwik:
	69	statistics:
	70	camo:
	71	settings:
	72	enable_registrations: false
	73	welcome_message:
	74	invitations:
	75	open: false
	76	paypal_donations:
	77	community_spotlight:
	78	captcha:
	79	enable: false
	80	terms:
	81	maintenance:
	82	remove_old_users:
	83	default_metas:
	84	csp:
	85	services:
	86	twitter:
	87	tumblr:
	88	wordpress:
	89	mail:
	90	enable: true
0f466f6d	91	sender_address: 'diaspora@tools.immae.eu'
591ebd87	92	method: 'sendmail'
a7f7fdae	93	smtp:
a7f7fdae	94	sendmail:
591ebd87	95	location: '/run/wrappers/bin/sendmail'
a7f7fdae IB	96	admins:
a7f7fdae IB	97	account: "ismael"
0f466f6d	98	podmin_email: 'diaspora@tools.immae.eu'
a7f7fdae IB	99	relay:
	100	outbound:
	101	inbound:
	102	ldap:
	103	enable: true
	104	host: ldap.immae.eu
	105	port: 636
	106	only_ldap: true
	107	mail_attribute: mail
	108	skip_email_confirmation: true
	109	use_bind_dn: true
	110	bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu"
9d90e7e2	111	bind_pw: "${env.ldap.password}"
a7f7fdae IB	112	search_base: "dc=immae,dc=eu"
	113	search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))"
	114	production:
	115	environment:
	116	development:
	117	environment:
	118	'';
ec2a5ffb IB	119	};
	120	keys.tools-diaspora-database_config = {
	121	destDir = "/run/keys/webapps";
	122	user = "diaspora";
	123	group = "diaspora";
85f5ed68	124	permissions = "0400";
ec2a5ffb	125	text = ''
a7f7fdae IB	126	postgresql: &postgresql
a7f7fdae IB	127	adapter: postgresql
7ebcaad5 IB	128	host: "${env.postgresql.socket}"
	129	port: "${env.postgresql.port}"
	130	username: "${env.postgresql.user}"
9d90e7e2	131	password: "${env.postgresql.password}"
a7f7fdae IB	132	encoding: unicode
	133	common: &common
	134	<<: *postgresql
	135	combined: &combined
	136	<<: *common
	137	development:
	138	<<: *combined
	139	database: diaspora_development
	140	production:
	141	<<: *combined
7ebcaad5	142	database: ${env.postgresql.database}
a7f7fdae IB	143	test:
	144	<<: *combined
	145	database: "diaspora_test"
	146	integration1:
	147	<<: *combined
	148	database: diaspora_integration1
	149	integration2:
	150	<<: *combined
	151	database: diaspora_integration2
	152	'';
ec2a5ffb	153	};
a7f7fdae IB	154	railsRoot = stdenv.mkDerivation {
	155	name = "diaspora_immae";
	156	inherit diaspora;
ec2a5ffb	157	# FIXME: build machine will contain some passwords in the nix store
a7f7fdae IB	158	builder = writeText "build_diaspora_immae" ''
	159	source $stdenv/setup
	160	cp -a $diaspora $out
	161	cd $out
	162	chmod -R u+rwX .
	163	tar -czf public/source.tar.gz ./{app,db,lib,script,Gemfile,Gemfile.lock,Rakefile,config.ru}
ec2a5ffb IB	164	ln -s ${writeText "database.yml" keys.tools-diaspora-database_config.text} config/database.yml
	165	ln -s ${writeText "diaspora.yml" keys.tools-diaspora-config.text} config/diaspora.yml
	166	ln -s ${writeText "secret_token.rb" keys.tools-diaspora-secret_token.text} config/initializers/secret_token.rb
3c8d7f87 IB	167	ln -sf ${varDir}/schedule.yml config/schedule.yml
	168	ln -sf ${varDir}/oidc_key.pem config/oidc_key.pem
	169	ln -sf ${varDir}/uploads public/uploads
a7f7fdae	170	RAILS_ENV=production ${gems}/bin/rake assets:precompile
ec2a5ffb IB	171	ln -sf /run/keys/webapps/tools-diaspora-database_config config/database.yml
	172	ln -sf /run/keys/webapps/tools-diaspora-config config/diaspora.yml
	173	ln -sf /run/keys/webapps/tools-diaspora-secret_token config/initializers/secret_token.rb
a7f7fdae	174	rm -rf tmp log
3c8d7f87 IB	175	ln -sf ${varDir}/tmp tmp
3c8d7f87 IB	176	ln -sf ${varDir}/log log
a7f7fdae	177	'';
159d8ff3	178	propagatedBuildInputs = [ gems pkgs.nodejs pkgs.which pkgs.git ];
a7f7fdae IB	179	};
	180	in
	181	{
ec2a5ffb	182	inherit railsRoot varDir socketsDir gems keys;
a7f7fdae IB	183	railsSocket = "${socketsDir}/diaspora.sock";
a7f7fdae IB	184	}