[perso/Immae/Config/Nix.git] / systems / eldiron / websites / diaspora / default.nix

{ lib, pkgs, config,  ... }:
let
  env = config.myEnv.tools.diaspora;
  root = "${dcfg.workdir}/public/";
  cfg = config.myServices.websites.tools.diaspora;
  dcfg = config.services.diaspora;
in {
  options.myServices.websites.tools.diaspora = {
    enable = lib.mkEnableOption "enable diaspora's website";
  };

  config = lib.mkIf cfg.enable {
    myServices.dns.zones."immae.eu".subdomains.diaspora =
      with config.myServices.dns.helpers; ips servers.eldiron.ips.main;

    myServices.chatonsProperties.services.diaspora = {
      file.datetime = "2022-08-21T01:39:00";
      service = {
        name = "Diaspora";
        description = "The online social world where you are in control";
        website = "https://diaspora.immae.eu";
        logo = "https://diaspora.immae.eu/assets/apple-touch-icon-9f7c9cc3923b4817fbb25bfeb0dd5fd34638827fd9c82b5a03f7b68e6e90806f.png";
        status.level = "OK";
        status.description = "OK";
        registration."" = ["MEMBER" "CLIENT"];
        registration.load = "OPEN";
        install.type = "PACKAGE";
      };
      software = {
        name = "Diaspora*";
        website = "https://diasporafoundation.org/";
        license.url = "https://github.com/diaspora/diaspora/blob/develop/LICENSE";
        license.name = "GNU Affero General Public License v3.0";
        version = dcfg.package.version;
        source.url = "https://github.com/diaspora/diaspora";
      };
    };
    users.users.diaspora.extraGroups = [ "keys" ];

    secrets.keys = {
      "webapps/diaspora" = {
        isDir = true;
        user = "diaspora";
        group = "diaspora";
        permissions = "0500";
      };
      "webapps/diaspora/diaspora.yml" = {
        user = "diaspora";
        group = "diaspora";
        permissions = "0400";
        keyDependencies = [ pkgs.cacert ];
        text = ''
        configuration:
          environment:
            url: "https://diaspora.immae.eu/"
            certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt'
            redis: 'redis://${env.redis.host}:${env.redis.port}/${env.redis.db}'
            sidekiq:
            s3:
            assets:
            logging:
              logrotate:
              debug:
          server:
            listen: '${dcfg.sockets.rails}'
            rails_environment: 'production'
          chat:
            server:
              bosh:
              log:
          map:
            mapbox:
          privacy:
            piwik:
            statistics:
            camo:
          settings:
            enable_registrations: false
            welcome_message:
            invitations:
              open: false
            paypal_donations:
            community_spotlight:
            captcha:
              enable: false
            terms:
            maintenance:
              remove_old_users:
            default_metas:
            csp:
          services:
            twitter:
            tumblr:
            wordpress:
          mail:
            enable: true
            sender_address: 'diaspora@tools.immae.eu'
            method: 'sendmail'
            smtp:
            sendmail:
              location: '/run/wrappers/bin/sendmail'
          admins:
            account: "ismael"
            podmin_email: 'diaspora@tools.immae.eu'
          relay:
            outbound:
            inbound:
          ldap:
              enable: true
              host: ${env.ldap.host}
              port: 636
              only_ldap: true
              mail_attribute: mail
              skip_email_confirmation: true
              use_bind_dn: true
              bind_dn: "${env.ldap.dn}"
              bind_pw: "${env.ldap.password}"
              search_base: "${env.ldap.base}"
              search_filter: "${env.ldap.filter}"
        production:
          environment:
        development:
          environment:
        '';
      };
      "webapps/diaspora/database.yml" = {
        user = "diaspora";
        group = "diaspora";
        permissions = "0400";
        text = ''
        postgresql: &postgresql
          adapter: postgresql
          host: "${env.postgresql.socket}"
          port: "${env.postgresql.port}"
          username: "${env.postgresql.user}"
          password: "${env.postgresql.password}"
          encoding: unicode
        common: &common
          <<: *postgresql
        combined: &combined
          <<: *common
        development:
          <<: *combined
          database: diaspora_development
        production:
          <<: *combined
          database: ${env.postgresql.database}
        test:
          <<: *combined
          database: "diaspora_test"
        integration1:
          <<: *combined
          database: diaspora_integration1
        integration2:
          <<: *combined
          database: diaspora_integration2
        '';
      };
      "webapps/diaspora/secret_token.rb" = {
        user = "diaspora";
        group = "diaspora";
        permissions = "0400";
        text = ''
          Diaspora::Application.config.secret_key_base = '${env.secret_token}'
        '';
      };
    };

    services.diaspora = {
      enable = true;
      withLdap = true;
      dataDir = "/var/lib/diaspora_immae";
      adminEmail = "diaspora@tools.immae.eu";
      configDir = config.secrets.fullPaths."webapps/diaspora";
    };

    services.filesWatcher.diaspora = {
      restart = true;
      paths = [ dcfg.configDir ];
    };

    services.websites.env.tools.modules = [
      "headers" "proxy" "proxy_http"
    ];
    security.acme.certs.eldiron.extraDomainNames = [ "diaspora.immae.eu" ];
    services.websites.env.tools.vhostConfs.diaspora = {
      certName    = "eldiron";
      hosts       = [ "diaspora.immae.eu" ];
      root        = root;
      extraConfig = [ ''
        RewriteEngine On
        RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
        RewriteRule ^/(.*)$ unix://${dcfg.sockets.rails}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L]

        ProxyRequests Off
        ProxyVia On
        ProxyPreserveHost On
        RequestHeader set X_FORWARDED_PROTO https

        <Proxy *>
            Require all granted
        </Proxy>

        <Directory ${root}>
            Require all granted
            Options -MultiViews
        </Directory>
      '' ];
    };
    myServices.monitoring.fromMasterActivatedPlugins = [ "http" ];
    myServices.monitoring.fromMasterObjects.service = [
      {
        service_description = "diaspora website is running on diaspora.immae.eu";
        host_name = config.hostEnv.fqdn;
        use = "external-web-service";
        check_command = ["check_https" "diaspora.immae.eu" "/" "is the online social world where you are in control"];

        servicegroups = "webstatus-webapps";
        _webstatus_name = "Diaspora";
        _webstatus_url = "https://diaspora.immae.eu/";
      }
    ];
  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
a7f7fdae	2	let
ab8f306d	3	env = config.myEnv.tools.diaspora;
750fe5a4	4	root = "${dcfg.workdir}/public/";
4288c2f2	5	cfg = config.myServices.websites.tools.diaspora;
7009832a	6	dcfg = config.services.diaspora;
a7f7fdae	7	in {
4288c2f2	8	options.myServices.websites.tools.diaspora = {
a7f7fdae IB	9	enable = lib.mkEnableOption "enable diaspora's website";
	10	};
	11
	12	config = lib.mkIf cfg.enable {
1a64deeb IB	13	myServices.dns.zones."immae.eu".subdomains.diaspora =
	14	with config.myServices.dns.helpers; ips servers.eldiron.ips.main;
	15
	16	myServices.chatonsProperties.services.diaspora = {
	17	file.datetime = "2022-08-21T01:39:00";
	18	service = {
	19	name = "Diaspora";
	20	description = "The online social world where you are in control";
	21	website = "https://diaspora.immae.eu";
	22	logo = "https://diaspora.immae.eu/assets/apple-touch-icon-9f7c9cc3923b4817fbb25bfeb0dd5fd34638827fd9c82b5a03f7b68e6e90806f.png";
	23	status.level = "OK";
	24	status.description = "OK";
	25	registration."" = ["MEMBER" "CLIENT"];
	26	registration.load = "OPEN";
	27	install.type = "PACKAGE";
	28	};
	29	software = {
	30	name = "Diaspora*";
	31	website = "https://diasporafoundation.org/";
	32	license.url = "https://github.com/diaspora/diaspora/blob/develop/LICENSE";
	33	license.name = "GNU Affero General Public License v3.0";
	34	version = dcfg.package.version;
	35	source.url = "https://github.com/diaspora/diaspora";
	36	};
	37	};
7009832a	38	users.users.diaspora.extraGroups = [ "keys" ];
a7f7fdae	39
4c4652aa IB	40	secrets.keys = {
4c4652aa IB	41	"webapps/diaspora" = {
da30ae4f IB	42	isDir = true;
	43	user = "diaspora";
	44	group = "diaspora";
	45	permissions = "0500";
4c4652aa IB	46	};
4c4652aa IB	47	"webapps/diaspora/diaspora.yml" = {
3bb8a82a IB	48	user = "diaspora";
	49	group = "diaspora";
	50	permissions = "0400";
1a64deeb	51	keyDependencies = [ pkgs.cacert ];
3bb8a82a IB	52	text = ''
	53	configuration:
	54	environment:
	55	url: "https://diaspora.immae.eu/"
	56	certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt'
ab8f306d	57	redis: 'redis://${env.redis.host}:${env.redis.port}/${env.redis.db}'
3bb8a82a IB	58	sidekiq:
	59	s3:
	60	assets:
	61	logging:
	62	logrotate:
	63	debug:
	64	server:
7009832a	65	listen: '${dcfg.sockets.rails}'
3bb8a82a IB	66	rails_environment: 'production'
	67	chat:
	68	server:
	69	bosh:
	70	log:
	71	map:
	72	mapbox:
	73	privacy:
	74	piwik:
	75	statistics:
	76	camo:
	77	settings:
	78	enable_registrations: false
	79	welcome_message:
	80	invitations:
	81	open: false
	82	paypal_donations:
	83	community_spotlight:
	84	captcha:
	85	enable: false
	86	terms:
	87	maintenance:
	88	remove_old_users:
	89	default_metas:
	90	csp:
	91	services:
	92	twitter:
	93	tumblr:
	94	wordpress:
	95	mail:
	96	enable: true
	97	sender_address: 'diaspora@tools.immae.eu'
	98	method: 'sendmail'
	99	smtp:
	100	sendmail:
	101	location: '/run/wrappers/bin/sendmail'
	102	admins:
	103	account: "ismael"
	104	podmin_email: 'diaspora@tools.immae.eu'
	105	relay:
	106	outbound:
	107	inbound:
	108	ldap:
	109	enable: true
ab8f306d	110	host: ${env.ldap.host}
3bb8a82a IB	111	port: 636
	112	only_ldap: true
	113	mail_attribute: mail
	114	skip_email_confirmation: true
	115	use_bind_dn: true
ab8f306d	116	bind_dn: "${env.ldap.dn}"
3bb8a82a	117	bind_pw: "${env.ldap.password}"
ab8f306d IB	118	search_base: "${env.ldap.base}"
ab8f306d IB	119	search_filter: "${env.ldap.filter}"
3bb8a82a IB	120	production:
	121	environment:
	122	development:
	123	environment:
	124	'';
4c4652aa IB	125	};
4c4652aa IB	126	"webapps/diaspora/database.yml" = {
3bb8a82a IB	127	user = "diaspora";
	128	group = "diaspora";
	129	permissions = "0400";
	130	text = ''
	131	postgresql: &postgresql
	132	adapter: postgresql
	133	host: "${env.postgresql.socket}"
	134	port: "${env.postgresql.port}"
	135	username: "${env.postgresql.user}"
	136	password: "${env.postgresql.password}"
	137	encoding: unicode
	138	common: &common
	139	<<: *postgresql
	140	combined: &combined
	141	<<: *common
	142	development:
	143	<<: *combined
	144	database: diaspora_development
	145	production:
	146	<<: *combined
	147	database: ${env.postgresql.database}
	148	test:
	149	<<: *combined
	150	database: "diaspora_test"
	151	integration1:
	152	<<: *combined
	153	database: diaspora_integration1
	154	integration2:
	155	<<: *combined
	156	database: diaspora_integration2
	157	'';
4c4652aa IB	158	};
4c4652aa IB	159	"webapps/diaspora/secret_token.rb" = {
3bb8a82a IB	160	user = "diaspora";
	161	group = "diaspora";
	162	permissions = "0400";
	163	text = ''
	164	Diaspora::Application.config.secret_key_base = '${env.secret_token}'
	165	'';
4c4652aa IB	166	};
4c4652aa IB	167	};
a7f7fdae	168
7009832a IB	169	services.diaspora = {
7009832a IB	170	enable = true;
1a64deeb	171	withLdap = true;
7009832a IB	172	dataDir = "/var/lib/diaspora_immae";
7009832a IB	173	adminEmail = "diaspora@tools.immae.eu";
da30ae4f	174	configDir = config.secrets.fullPaths."webapps/diaspora";
a7f7fdae IB	175	};
a7f7fdae IB	176
17f6eae9 IB	177	services.filesWatcher.diaspora = {
	178	restart = true;
	179	paths = [ dcfg.configDir ];
	180	};
	181
29f8cb85	182	services.websites.env.tools.modules = [
a952acc4	183	"headers" "proxy" "proxy_http"
a7f7fdae	184	];
1a64deeb	185	security.acme.certs.eldiron.extraDomainNames = [ "diaspora.immae.eu" ];
29f8cb85	186	services.websites.env.tools.vhostConfs.diaspora = {
a7f7fdae IB	187	certName = "eldiron";
a7f7fdae IB	188	hosts = [ "diaspora.immae.eu" ];
a95ab089	189	root = root;
a7f7fdae IB	190	extraConfig = [ ''
	191	RewriteEngine On
	192	RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
7009832a	193	RewriteRule ^/(.*)$ unix://${dcfg.sockets.rails}\|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L]
a7f7fdae IB	194
	195	ProxyRequests Off
	196	ProxyVia On
	197	ProxyPreserveHost On
	198	RequestHeader set X_FORWARDED_PROTO https
	199
	200	<Proxy *>
	201	Require all granted
	202	</Proxy>
	203
a95ab089	204	<Directory ${root}>
a7f7fdae IB	205	Require all granted
	206	Options -MultiViews
	207	</Directory>
	208	'' ];
	209	};
1a64deeb IB	210	myServices.monitoring.fromMasterActivatedPlugins = [ "http" ];
	211	myServices.monitoring.fromMasterObjects.service = [
	212	{
	213	service_description = "diaspora website is running on diaspora.immae.eu";
	214	host_name = config.hostEnv.fqdn;
	215	use = "external-web-service";
	216	check_command = ["check_https" "diaspora.immae.eu" "/" "is the online social world where you are in control"];
	217
	218	servicegroups = "webstatus-webapps";
	219	_webstatus_name = "Diaspora";
	220	_webstatus_url = "https://diaspora.immae.eu/";
	221	}
	222	];
a7f7fdae IB	223	};
a7f7fdae IB	224	}