]>
Commit | Line | Data |
---|---|---|
a7f7fdae IB |
1 | { checkEnv, fetchedGithub, stdenv, defaultGemConfig, writeText, bundlerEnv, ruby_2_4, pkgs, cacert }: |
2 | let | |
3 | gems = bundlerEnv { | |
4 | name = "diaspora-env"; | |
5 | ruby = ruby_2_4; | |
6 | gemdir = ./.; | |
7 | # FIXME: it fails if I don’t include all groups | |
8 | #groups = [ "default" "postgresql" "production" "development" "test" ]; | |
9 | # Had to remove them from gemset.nix, and remove mysql2 | |
10 | # Also had to "ungroup" pg in Gemfile | |
11 | gemConfig = defaultGemConfig // { | |
12 | kostya-sigar = attrs: { | |
13 | buildInputs = with pkgs; [ pkgs.perl ]; | |
14 | }; | |
15 | }; | |
16 | }; | |
17 | varDir = "/var/lib/diaspora_immae"; | |
18 | socketsDir = "/run/diaspora"; | |
19 | buildInputs = [ gems ] ++ (with pkgs; [ | |
20 | git redis imagemagick libxslt nodejs | |
21 | jemalloc cacert ruby_2_4 | |
22 | openssl postgresql curl libnghttp2 | |
23 | pkgconfig which | |
24 | ]); | |
25 | diaspora = stdenv.mkDerivation (fetchedGithub ./diaspora.json // rec { | |
26 | buildPhase = '' | |
27 | export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt | |
28 | export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt | |
29 | ||
30 | patch -p1 < ${./ldap.patch} | |
31 | ''; | |
32 | installPhase = '' | |
33 | cp -a . $out | |
34 | ''; | |
35 | propagatedBuildInputs = buildInputs; | |
36 | }); | |
37 | secret_token = assert checkEnv "NIXOPS_DIASPORA_SECRET_TOKEN"; | |
38 | writeText "secret_token.rb" '' | |
39 | Diaspora::Application.config.secret_key_base = '${builtins.getEnv "NIXOPS_DIASPORA_SECRET_TOKEN"}' | |
40 | ''; | |
41 | config = | |
42 | assert checkEnv "NIXOPS_DIASPORA_LDAP_PASSWORD"; | |
43 | writeText "diaspora.yml" '' | |
44 | configuration: | |
45 | environment: | |
46 | url: "https://diaspora.immae.eu/" | |
47 | certificate_authorities: '/etc/ssl/certs/ca-certificates.crt' | |
48 | redis: 'redis://localhost:6379/15' | |
49 | sidekiq: | |
50 | s3: | |
51 | assets: | |
52 | logging: | |
53 | logrotate: | |
54 | debug: | |
55 | server: | |
56 | listen: '${socketsDir}/diaspora.sock' | |
57 | rails_environment: 'production' | |
58 | chat: | |
59 | server: | |
60 | bosh: | |
61 | log: | |
62 | map: | |
63 | mapbox: | |
64 | privacy: | |
65 | piwik: | |
66 | statistics: | |
67 | camo: | |
68 | settings: | |
69 | enable_registrations: false | |
70 | welcome_message: | |
71 | invitations: | |
72 | open: false | |
73 | paypal_donations: | |
74 | community_spotlight: | |
75 | captcha: | |
76 | enable: false | |
77 | terms: | |
78 | maintenance: | |
79 | remove_old_users: | |
80 | default_metas: | |
81 | csp: | |
82 | services: | |
83 | twitter: | |
84 | tumblr: | |
85 | wordpress: | |
86 | mail: | |
87 | enable: true | |
88 | sender_address: 'diaspora@immae.eu' | |
89 | method: 'smtp' | |
90 | smtp: | |
91 | host: 'mail.immae.eu' | |
92 | sendmail: | |
93 | admins: | |
94 | account: "ismael" | |
95 | podmin_email: 'diaspora@immae.eu' | |
96 | relay: | |
97 | outbound: | |
98 | inbound: | |
99 | ldap: | |
100 | enable: true | |
101 | host: ldap.immae.eu | |
102 | port: 636 | |
103 | only_ldap: true | |
104 | mail_attribute: mail | |
105 | skip_email_confirmation: true | |
106 | use_bind_dn: true | |
107 | bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu" | |
108 | bind_pw: "${builtins.getEnv "NIXOPS_DIASPORA_LDAP_PASSWORD"}" | |
109 | search_base: "dc=immae,dc=eu" | |
110 | search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))" | |
111 | production: | |
112 | environment: | |
113 | development: | |
114 | environment: | |
115 | ''; | |
116 | database_config = | |
117 | assert checkEnv "NIXOPS_DIASPORA_SQL_PASSWORD"; | |
118 | writeText "database.yml" '' | |
119 | postgresql: &postgresql | |
120 | adapter: postgresql | |
121 | host: db-1.immae.eu | |
122 | port: 5432 | |
123 | username: "diaspora" | |
124 | password: "${builtins.getEnv "NIXOPS_DIASPORA_SQL_PASSWORD"}" | |
125 | encoding: unicode | |
126 | common: &common | |
127 | <<: *postgresql | |
128 | combined: &combined | |
129 | <<: *common | |
130 | development: | |
131 | <<: *combined | |
132 | database: diaspora_development | |
133 | production: | |
134 | <<: *combined | |
135 | database: diaspora | |
136 | test: | |
137 | <<: *combined | |
138 | database: "diaspora_test" | |
139 | integration1: | |
140 | <<: *combined | |
141 | database: diaspora_integration1 | |
142 | integration2: | |
143 | <<: *combined | |
144 | database: diaspora_integration2 | |
145 | ''; | |
146 | ||
147 | railsRoot = stdenv.mkDerivation { | |
148 | name = "diaspora_immae"; | |
149 | inherit diaspora; | |
150 | builder = writeText "build_diaspora_immae" '' | |
151 | source $stdenv/setup | |
152 | cp -a $diaspora $out | |
153 | cd $out | |
154 | chmod -R u+rwX . | |
155 | tar -czf public/source.tar.gz ./{app,db,lib,script,Gemfile,Gemfile.lock,Rakefile,config.ru} | |
156 | ln -s ${database_config} config/database.yml | |
157 | ln -s ${config} config/diaspora.yml | |
158 | ln -s ${secret_token} config/initializers/secret_token.rb | |
159 | ln -sf ../../../../../../${varDir}/schedule.yml config/schedule.yml | |
160 | ln -sf ../../../../../../${varDir}/oidc_key.pem config/oidc_key.pem | |
161 | ln -sf ../../../../../../${varDir}/uploads public/uploads | |
162 | RAILS_ENV=production ${gems}/bin/rake assets:precompile | |
163 | rm -rf tmp log | |
164 | ln -sf ../../../../../${varDir}/tmp tmp | |
165 | ln -sf ../../../../../${varDir}/log log | |
166 | ''; | |
167 | propagatedBuildInputs = buildInputs; | |
168 | }; | |
169 | in | |
170 | { | |
171 | inherit railsRoot varDir socketsDir gems; | |
172 | railsSocket = "${socketsDir}/diaspora.sock"; | |
173 | } |