]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/tools/diaspora/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:


5d2b19f27fa88d7affd70518961155f53ab10161
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / diaspora / default.nix
1 { lib, pkgs, config, ... }:
2 let
3 env = config.myEnv.tools.diaspora;
4 root = "/run/current-system/webapps/tools_diaspora";
5 cfg = config.myServices.websites.tools.diaspora;
6 dcfg = config.services.diaspora;
7 in {
8 options.myServices.websites.tools.diaspora = {
9 enable = lib.mkEnableOption "enable diaspora's website";
10 };
11
12 config = lib.mkIf cfg.enable {
13 services.duplyBackup.profiles.diaspora = {
14 rootDir = dcfg.dataDir;
15 remotes = [ "eriomem" "ovh" ];
16 };
17 users.users.diaspora.extraGroups = [ "keys" ];
18
19 secrets.keys = [
20 {
21 dest = "webapps/diaspora/diaspora.yml";
22 user = "diaspora";
23 group = "diaspora";
24 permissions = "0400";
25 text = ''
26 configuration:
27 environment:
28 url: "https://diaspora.immae.eu/"
29 certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt'
30 redis: 'redis://${env.redis.host}:${env.redis.port}/${env.redis.db}'
31 sidekiq:
32 s3:
33 assets:
34 logging:
35 logrotate:
36 debug:
37 server:
38 listen: '${dcfg.sockets.rails}'
39 rails_environment: 'production'
40 chat:
41 server:
42 bosh:
43 log:
44 map:
45 mapbox:
46 privacy:
47 piwik:
48 statistics:
49 camo:
50 settings:
51 enable_registrations: false
52 welcome_message:
53 invitations:
54 open: false
55 paypal_donations:
56 community_spotlight:
57 captcha:
58 enable: false
59 terms:
60 maintenance:
61 remove_old_users:
62 default_metas:
63 csp:
64 services:
65 twitter:
66 tumblr:
67 wordpress:
68 mail:
69 enable: true
70 sender_address: 'diaspora@tools.immae.eu'
71 method: 'sendmail'
72 smtp:
73 sendmail:
74 location: '/run/wrappers/bin/sendmail'
75 admins:
76 account: "ismael"
77 podmin_email: 'diaspora@tools.immae.eu'
78 relay:
79 outbound:
80 inbound:
81 ldap:
82 enable: true
83 host: ${env.ldap.host}
84 port: 636
85 only_ldap: true
86 mail_attribute: mail
87 skip_email_confirmation: true
88 use_bind_dn: true
89 bind_dn: "${env.ldap.dn}"
90 bind_pw: "${env.ldap.password}"
91 search_base: "${env.ldap.base}"
92 search_filter: "${env.ldap.filter}"
93 production:
94 environment:
95 development:
96 environment:
97 '';
98 }
99 {
100 dest = "webapps/diaspora/database.yml";
101 user = "diaspora";
102 group = "diaspora";
103 permissions = "0400";
104 text = ''
105 postgresql: &postgresql
106 adapter: postgresql
107 host: "${env.postgresql.socket}"
108 port: "${env.postgresql.port}"
109 username: "${env.postgresql.user}"
110 password: "${env.postgresql.password}"
111 encoding: unicode
112 common: &common
113 <<: *postgresql
114 combined: &combined
115 <<: *common
116 development:
117 <<: *combined
118 database: diaspora_development
119 production:
120 <<: *combined
121 database: ${env.postgresql.database}
122 test:
123 <<: *combined
124 database: "diaspora_test"
125 integration1:
126 <<: *combined
127 database: diaspora_integration1
128 integration2:
129 <<: *combined
130 database: diaspora_integration2
131 '';
132 }
133 {
134 dest = "webapps/diaspora/secret_token.rb";
135 user = "diaspora";
136 group = "diaspora";
137 permissions = "0400";
138 text = ''
139 Diaspora::Application.config.secret_key_base = '${env.secret_token}'
140 '';
141 }
142 ];
143
144 services.diaspora = {
145 enable = true;
146 package = pkgs.webapps.diaspora.override { ldap = true; };
147 dataDir = "/var/lib/diaspora_immae";
148 adminEmail = "diaspora@tools.immae.eu";
149 configDir = "/var/secrets/webapps/diaspora";
150 };
151
152 services.filesWatcher.diaspora = {
153 restart = true;
154 paths = [ dcfg.configDir ];
155 };
156
157 services.websites.env.tools.modules = [
158 "headers" "proxy" "proxy_http"
159 ];
160 system.extraSystemBuilderCmds = ''
161 mkdir -p $out/webapps
162 ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora
163 '';
164 services.websites.env.tools.vhostConfs.diaspora = {
165 certName = "eldiron";
166 addToCerts = true;
167 hosts = [ "diaspora.immae.eu" ];
168 root = root;
169 extraConfig = [ ''
170 RewriteEngine On
171 RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
172 RewriteRule ^/(.*)$ unix://${dcfg.sockets.rails}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L]
173
174 ProxyRequests Off
175 ProxyVia On
176 ProxyPreserveHost On
177 RequestHeader set X_FORWARDED_PROTO https
178
179 <Proxy *>
180 Require all granted
181 </Proxy>
182
183 <Directory ${root}>
184 Require all granted
185 Options -MultiViews
186 </Directory>
187 '' ];
188 };
189 };
190 }
My infrastructure configuration