]>
Commit | Line | Data |
---|---|---|
a7f7fdae IB |
1 | { lib, pkgs, config, mylibs, ... }: |
2 | let | |
3 | diaspora = pkgs.callPackage ./diaspora.nix { | |
4 | inherit (mylibs) fetchedGithub checkEnv; | |
5 | }; | |
6 | ||
7 | cfg = config.services.myWebsites.tools.diaspora; | |
8 | in { | |
9 | options.services.myWebsites.tools.diaspora = { | |
10 | enable = lib.mkEnableOption "enable diaspora's website"; | |
11 | }; | |
12 | ||
13 | config = lib.mkIf cfg.enable { | |
a7f7fdae IB |
14 | ids.uids.diaspora = 398; |
15 | ids.gids.diaspora = 398; | |
16 | ||
17 | users.users.diaspora = { | |
18 | name = "diaspora"; | |
19 | uid = config.ids.uids.diaspora; | |
20 | group = "diaspora"; | |
21 | description = "Diaspora user"; | |
22 | home = diaspora.railsRoot; | |
23 | useDefaultShell = true; | |
24 | packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ]; | |
25 | }; | |
26 | ||
27 | users.groups.diaspora.gid = config.ids.gids.diaspora; | |
28 | ||
29 | systemd.services.diaspora = { | |
30 | description = "Diaspora"; | |
31 | wantedBy = [ "multi-user.target" ]; | |
32 | after = [ "network.target" "redis.service" "postgresql.service" ]; | |
33 | wants = [ "redis.service" "postgresql.service" ]; | |
34 | ||
35 | environment.RAILS_ENV = "production"; | |
36 | environment.BUNDLE_PATH = "${diaspora.gems}/lib/ruby/gems/2.4.0"; | |
37 | environment.BUNDLE_GEMFILE = "${diaspora.gems.confFiles}/Gemfile"; | |
38 | environment.EYE_SOCK = "${diaspora.socketsDir}/eye.sock"; | |
39 | environment.EYE_PID = "${diaspora.socketsDir}/eye.pid"; | |
40 | ||
41 | path = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby pkgs.curl pkgs.which pkgs.gawk ]; | |
42 | ||
43 | preStart = '' | |
44 | ./bin/bundle exec rails db:migrate | |
45 | ''; | |
46 | ||
47 | script = '' | |
48 | exec ${diaspora.railsRoot}/script/server | |
49 | ''; | |
50 | ||
51 | serviceConfig = { | |
52 | User = "diaspora"; | |
53 | PrivateTmp = true; | |
54 | Restart = "always"; | |
55 | Type = "simple"; | |
56 | WorkingDirectory = diaspora.railsRoot; | |
57 | StandardInput = "null"; | |
58 | KillMode = "control-group"; | |
59 | }; | |
60 | ||
61 | unitConfig.RequiresMountsFor = diaspora.varDir; | |
62 | }; | |
63 | ||
a7f7fdae IB |
64 | system.activationScripts.diaspora = { |
65 | deps = [ "users" ]; | |
66 | text = '' | |
67 | install -m 0755 -o diaspora -g diaspora -d ${diaspora.socketsDir} | |
68 | install -m 0755 -o diaspora -g diaspora -d ${diaspora.varDir} \ | |
69 | ${diaspora.varDir}/uploads ${diaspora.varDir}/tmp \ | |
70 | ${diaspora.varDir}/log | |
71 | install -m 0700 -o diaspora -g diaspora -d ${diaspora.varDir}/tmp/pids | |
72 | if [ ! -f ${diaspora.varDir}/schedule.yml ]; then | |
73 | echo "{}" | $wrapperDir/sudo -u diaspora tee ${diaspora.varDir}/schedule.yml | |
74 | fi | |
75 | ''; | |
76 | }; | |
77 | ||
78 | services.myWebsites.tools.modules = [ | |
79 | "headers" "proxy" "proxy_http" "proxy_balancer" | |
a7f7fdae IB |
80 | "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat" |
81 | ]; | |
82 | security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null; | |
83 | services.myWebsites.tools.vhostConfs.diaspora = { | |
84 | certName = "eldiron"; | |
85 | hosts = [ "diaspora.immae.eu" ]; | |
86 | root = "${diaspora.railsRoot}/public/"; | |
87 | extraConfig = [ '' | |
88 | RewriteEngine On | |
89 | RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f | |
90 | RewriteRule ^/(.*)$ balancer://thinservers%{REQUEST_URI} [P,QSA,L] | |
91 | ||
92 | <Proxy balancer://thinservers> | |
93 | BalancerMember unix://${diaspora.railsSocket}|http:// | |
94 | </Proxy> | |
95 | ||
96 | ProxyRequests Off | |
97 | ProxyVia On | |
98 | ProxyPreserveHost On | |
99 | RequestHeader set X_FORWARDED_PROTO https | |
100 | ||
101 | <Proxy *> | |
102 | Require all granted | |
103 | </Proxy> | |
104 | ||
105 | <Directory ${diaspora.railsRoot}/public> | |
106 | Require all granted | |
107 | Options -MultiViews | |
108 | </Directory> | |
109 | '' ]; | |
110 | }; | |
111 | }; | |
112 | } |