]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/tools/diaspora/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:


663fe88d143596be0eb9be82ccffa9068d8ee572
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / diaspora / default.nix
1 { lib, pkgs, config, ... }:
2 let
3 env = config.myEnv.tools.diaspora;
4 root = "/run/current-system/webapps/tools_diaspora";
5 cfg = config.myServices.websites.tools.diaspora;
6 dcfg = config.services.diaspora;
7 in {
8 options.myServices.websites.tools.diaspora = {
9 enable = lib.mkEnableOption "enable diaspora's website";
10 };
11
12 config = lib.mkIf cfg.enable {
13 services.duplyBackup.profiles.diaspora = {
14 rootDir = dcfg.dataDir;
15 remotes = [ "eriomem" "ovh" ];
16 };
17 users.users.diaspora.extraGroups = [ "keys" ];
18
19 secrets.keys = [
20 {
21 dest = "webapps/diaspora";
22 isDir = true;
23 user = "diaspora";
24 group = "diaspora";
25 permissions = "0500";
26 }
27 {
28 dest = "webapps/diaspora/diaspora.yml";
29 user = "diaspora";
30 group = "diaspora";
31 permissions = "0400";
32 text = ''
33 configuration:
34 environment:
35 url: "https://diaspora.immae.eu/"
36 certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt'
37 redis: 'redis://${env.redis.host}:${env.redis.port}/${env.redis.db}'
38 sidekiq:
39 s3:
40 assets:
41 logging:
42 logrotate:
43 debug:
44 server:
45 listen: '${dcfg.sockets.rails}'
46 rails_environment: 'production'
47 chat:
48 server:
49 bosh:
50 log:
51 map:
52 mapbox:
53 privacy:
54 piwik:
55 statistics:
56 camo:
57 settings:
58 enable_registrations: false
59 welcome_message:
60 invitations:
61 open: false
62 paypal_donations:
63 community_spotlight:
64 captcha:
65 enable: false
66 terms:
67 maintenance:
68 remove_old_users:
69 default_metas:
70 csp:
71 services:
72 twitter:
73 tumblr:
74 wordpress:
75 mail:
76 enable: true
77 sender_address: 'diaspora@tools.immae.eu'
78 method: 'sendmail'
79 smtp:
80 sendmail:
81 location: '/run/wrappers/bin/sendmail'
82 admins:
83 account: "ismael"
84 podmin_email: 'diaspora@tools.immae.eu'
85 relay:
86 outbound:
87 inbound:
88 ldap:
89 enable: true
90 host: ${env.ldap.host}
91 port: 636
92 only_ldap: true
93 mail_attribute: mail
94 skip_email_confirmation: true
95 use_bind_dn: true
96 bind_dn: "${env.ldap.dn}"
97 bind_pw: "${env.ldap.password}"
98 search_base: "${env.ldap.base}"
99 search_filter: "${env.ldap.filter}"
100 production:
101 environment:
102 development:
103 environment:
104 '';
105 }
106 {
107 dest = "webapps/diaspora/database.yml";
108 user = "diaspora";
109 group = "diaspora";
110 permissions = "0400";
111 text = ''
112 postgresql: &postgresql
113 adapter: postgresql
114 host: "${env.postgresql.socket}"
115 port: "${env.postgresql.port}"
116 username: "${env.postgresql.user}"
117 password: "${env.postgresql.password}"
118 encoding: unicode
119 common: &common
120 <<: *postgresql
121 combined: &combined
122 <<: *common
123 development:
124 <<: *combined
125 database: diaspora_development
126 production:
127 <<: *combined
128 database: ${env.postgresql.database}
129 test:
130 <<: *combined
131 database: "diaspora_test"
132 integration1:
133 <<: *combined
134 database: diaspora_integration1
135 integration2:
136 <<: *combined
137 database: diaspora_integration2
138 '';
139 }
140 {
141 dest = "webapps/diaspora/secret_token.rb";
142 user = "diaspora";
143 group = "diaspora";
144 permissions = "0400";
145 text = ''
146 Diaspora::Application.config.secret_key_base = '${env.secret_token}'
147 '';
148 }
149 ];
150
151 services.diaspora = {
152 enable = true;
153 package = pkgs.webapps.diaspora.override { ldap = true; };
154 dataDir = "/var/lib/diaspora_immae";
155 adminEmail = "diaspora@tools.immae.eu";
156 configDir = config.secrets.fullPaths."webapps/diaspora";
157 };
158
159 services.filesWatcher.diaspora = {
160 restart = true;
161 paths = [ dcfg.configDir ];
162 };
163
164 services.websites.env.tools.modules = [
165 "headers" "proxy" "proxy_http"
166 ];
167 system.extraSystemBuilderCmds = ''
168 mkdir -p $out/webapps
169 ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora
170 '';
171 services.websites.env.tools.vhostConfs.diaspora = {
172 certName = "eldiron";
173 addToCerts = true;
174 hosts = [ "diaspora.immae.eu" ];
175 root = root;
176 extraConfig = [ ''
177 RewriteEngine On
178 RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
179 RewriteRule ^/(.*)$ unix://${dcfg.sockets.rails}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L]
180
181 ProxyRequests Off
182 ProxyVia On
183 ProxyPreserveHost On
184 RequestHeader set X_FORWARDED_PROTO https
185
186 <Proxy *>
187 Require all granted
188 </Proxy>
189
190 <Directory ${root}>
191 Require all granted
192 Options -MultiViews
193 </Directory>
194 '' ];
195 };
196 };
197 }
My infrastructure configuration