[perso/Immae/Config/Nix.git] / virtual / modules / websites / tools / diaspora / diaspora.nix

{ checkEnv, fetchedGithub, stdenv, defaultGemConfig, writeText, bundlerEnv, ruby_2_4, pkgs, cacert }:
let
  gems = bundlerEnv {
    name = "diaspora-env";
    ruby = ruby_2_4;
    gemdir = ./.;
    gemConfig = defaultGemConfig // {
      kostya-sigar = attrs: {
        buildInputs = with pkgs; [ pkgs.perl ];
      };
    };
  };
  varDir = "/var/lib/diaspora_immae";
  socketsDir = "/run/diaspora";
  buildInputs =  [ gems ] ++ (with pkgs; [
    git redis imagemagick libxslt nodejs
    jemalloc cacert ruby_2_4
    openssl postgresql curl libnghttp2
    pkgconfig which
  ]);
  diaspora = stdenv.mkDerivation (fetchedGithub ./diaspora.json // rec {
    buildPhase = ''
      export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
      export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt

      patch -p1 < ${./ldap.patch}
    '';
    installPhase = ''
      cp -a . $out
    '';
    propagatedBuildInputs = buildInputs;
  });
  secret_token = assert checkEnv "NIXOPS_DIASPORA_SECRET_TOKEN";
    writeText "secret_token.rb" ''
    Diaspora::Application.config.secret_key_base = '${builtins.getEnv "NIXOPS_DIASPORA_SECRET_TOKEN"}'
    '';
  config =
    assert checkEnv "NIXOPS_DIASPORA_LDAP_PASSWORD";
    writeText "diaspora.yml" ''
      configuration:
        environment:
          url: "https://diaspora.immae.eu/"
          certificate_authorities: '/etc/ssl/certs/ca-certificates.crt'
          redis: 'redis://localhost:6379/15'
          sidekiq:
          s3:
          assets:
          logging:
            logrotate:
            debug:
        server:
          listen: '${socketsDir}/diaspora.sock'
          rails_environment: 'production'
        chat:
          server:
            bosh:
            log:
        map:
          mapbox:
        privacy:
          piwik:
          statistics:
          camo:
        settings:
          enable_registrations: false
          welcome_message:
          invitations:
            open: false
          paypal_donations:
          community_spotlight:
          captcha:
            enable: false
          terms:
          maintenance:
            remove_old_users:
          default_metas:
          csp:
        services:
          twitter:
          tumblr:
          wordpress:
        mail:
          enable: true
          sender_address: 'diaspora@immae.eu'
          method: 'smtp'
          smtp:
            host: 'mail.immae.eu'
          sendmail:
        admins:
          account: "ismael"
          podmin_email: 'diaspora@immae.eu'
        relay:
          outbound:
          inbound:
        ldap:
            enable: true
            host: ldap.immae.eu
            port: 636
            only_ldap: true
            mail_attribute: mail
            skip_email_confirmation: true
            use_bind_dn: true
            bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu"
            bind_pw: "${builtins.getEnv "NIXOPS_DIASPORA_LDAP_PASSWORD"}"
            search_base: "dc=immae,dc=eu"
            search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))"
      production:
        environment:
      development:
        environment:
    '';
  database_config =
    assert checkEnv "NIXOPS_DIASPORA_SQL_PASSWORD";
    writeText "database.yml" ''
      postgresql: &postgresql
        adapter: postgresql
        host: db-1.immae.eu
        port: 5432
        username: "diaspora"
        password: "${builtins.getEnv "NIXOPS_DIASPORA_SQL_PASSWORD"}"
        encoding: unicode
      common: &common
        <<: *postgresql
      combined: &combined
        <<: *common
      development:
        <<: *combined
        database: diaspora_development
      production:
        <<: *combined
        database: diaspora
      test:
        <<: *combined
        database: "diaspora_test"
      integration1:
        <<: *combined
        database: diaspora_integration1
      integration2:
        <<: *combined
        database: diaspora_integration2
    '';

    railsRoot = stdenv.mkDerivation {
      name = "diaspora_immae";
      inherit diaspora;
      builder = writeText "build_diaspora_immae" ''
        source $stdenv/setup
        cp -a $diaspora $out
        cd $out
        chmod -R u+rwX .
        tar -czf public/source.tar.gz ./{app,db,lib,script,Gemfile,Gemfile.lock,Rakefile,config.ru}
        ln -s ${database_config} config/database.yml
        ln -s ${config} config/diaspora.yml
        ln -s ${secret_token} config/initializers/secret_token.rb
        ln -sf ../../../../../../${varDir}/schedule.yml config/schedule.yml
        ln -sf ../../../../../../${varDir}/oidc_key.pem config/oidc_key.pem
        ln -sf ../../../../../../${varDir}/uploads public/uploads
        RAILS_ENV=production ${gems}/bin/rake assets:precompile
        rm -rf tmp log
        ln -sf ../../../../../${varDir}/tmp tmp
        ln -sf ../../../../../${varDir}/log log
        '';
      propagatedBuildInputs = buildInputs;
    };
in
  {
    inherit railsRoot varDir socketsDir gems;
    railsSocket = "${socketsDir}/diaspora.sock";
  }
Commit	Line	Data
a7f7fdae IB	1	{ checkEnv, fetchedGithub, stdenv, defaultGemConfig, writeText, bundlerEnv, ruby_2_4, pkgs, cacert }:
	2	let
	3	gems = bundlerEnv {
	4	name = "diaspora-env";
	5	ruby = ruby_2_4;
	6	gemdir = ./.;
a7f7fdae IB	7	gemConfig = defaultGemConfig // {
	8	kostya-sigar = attrs: {
	9	buildInputs = with pkgs; [ pkgs.perl ];
	10	};
	11	};
	12	};
	13	varDir = "/var/lib/diaspora_immae";
	14	socketsDir = "/run/diaspora";
	15	buildInputs = [ gems ] ++ (with pkgs; [
	16	git redis imagemagick libxslt nodejs
	17	jemalloc cacert ruby_2_4
	18	openssl postgresql curl libnghttp2
	19	pkgconfig which
	20	]);
	21	diaspora = stdenv.mkDerivation (fetchedGithub ./diaspora.json // rec {
	22	buildPhase = ''
	23	export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
	24	export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
	25
	26	patch -p1 < ${./ldap.patch}
	27	'';
	28	installPhase = ''
	29	cp -a . $out
	30	'';
	31	propagatedBuildInputs = buildInputs;
	32	});
	33	secret_token = assert checkEnv "NIXOPS_DIASPORA_SECRET_TOKEN";
	34	writeText "secret_token.rb" ''
	35	Diaspora::Application.config.secret_key_base = '${builtins.getEnv "NIXOPS_DIASPORA_SECRET_TOKEN"}'
	36	'';
	37	config =
	38	assert checkEnv "NIXOPS_DIASPORA_LDAP_PASSWORD";
	39	writeText "diaspora.yml" ''
	40	configuration:
	41	environment:
	42	url: "https://diaspora.immae.eu/"
	43	certificate_authorities: '/etc/ssl/certs/ca-certificates.crt'
	44	redis: 'redis://localhost:6379/15'
	45	sidekiq:
	46	s3:
	47	assets:
	48	logging:
	49	logrotate:
	50	debug:
	51	server:
	52	listen: '${socketsDir}/diaspora.sock'
	53	rails_environment: 'production'
	54	chat:
	55	server:
	56	bosh:
	57	log:
	58	map:
	59	mapbox:
	60	privacy:
	61	piwik:
	62	statistics:
	63	camo:
	64	settings:
	65	enable_registrations: false
	66	welcome_message:
	67	invitations:
	68	open: false
	69	paypal_donations:
	70	community_spotlight:
71	captcha:
72	enable: false
73	terms:
74	maintenance:
75	remove_old_users:
76	default_metas:
77	csp:
78	services:
79	twitter:
80	tumblr:
81	wordpress:
82	mail:
83	enable: true
84	sender_address: 'diaspora@immae.eu'
85	method: 'smtp'
86	smtp:
87	host: 'mail.immae.eu'
88	sendmail:
89	admins:
90	account: "ismael"
91	podmin_email: 'diaspora@immae.eu'
92	relay:
93	outbound:
94	inbound:
95	ldap:
96	enable: true
97	host: ldap.immae.eu
98	port: 636
99	only_ldap: true
100	mail_attribute: mail
101	skip_email_confirmation: true
102	use_bind_dn: true
103	bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu"
104	bind_pw: "${builtins.getEnv "NIXOPS_DIASPORA_LDAP_PASSWORD"}"
105	search_base: "dc=immae,dc=eu"
106	search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))"
107	production:
108	environment:
109	development:
110	environment:
111	'';
112	database_config =
113	assert checkEnv "NIXOPS_DIASPORA_SQL_PASSWORD";
114	writeText "database.yml" ''
115	postgresql: &postgresql
116	adapter: postgresql
117	host: db-1.immae.eu
118	port: 5432
119	username: "diaspora"
120	password: "${builtins.getEnv "NIXOPS_DIASPORA_SQL_PASSWORD"}"
121	encoding: unicode
122	common: &common
123	<<: *postgresql
124	combined: &combined
125	<<: *common
126	development:
127	<<: *combined
128	database: diaspora_development
129	production:
130	<<: *combined
131	database: diaspora
132	test:
133	<<: *combined
134	database: "diaspora_test"
135	integration1:
136	<<: *combined
137	database: diaspora_integration1
138	integration2:
139	<<: *combined
140	database: diaspora_integration2
141	'';
142
143	railsRoot = stdenv.mkDerivation {
144	name = "diaspora_immae";
145	inherit diaspora;
146	builder = writeText "build_diaspora_immae" ''
147	source $stdenv/setup
148	cp -a $diaspora $out
149	cd $out
150	chmod -R u+rwX .
151	tar -czf public/source.tar.gz ./{app,db,lib,script,Gemfile,Gemfile.lock,Rakefile,config.ru}
152	ln -s ${database_config} config/database.yml
153	ln -s ${config} config/diaspora.yml
154	ln -s ${secret_token} config/initializers/secret_token.rb
155	ln -sf ../../../../../../${varDir}/schedule.yml config/schedule.yml
156	ln -sf ../../../../../../${varDir}/oidc_key.pem config/oidc_key.pem
157	ln -sf ../../../../../../${varDir}/uploads public/uploads
158	RAILS_ENV=production ${gems}/bin/rake assets:precompile
159	rm -rf tmp log
160	ln -sf ../../../../../${varDir}/tmp tmp
161	ln -sf ../../../../../${varDir}/log log
162	'';
163	propagatedBuildInputs = buildInputs;
164	};
165	in
166	{
167	inherit railsRoot varDir socketsDir gems;
168	railsSocket = "${socketsDir}/diaspora.sock";
169	}