[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / diaspora / default.nix

{ lib, pkgs, config, myconfig, mylibs, ... }:
let
  diaspora = pkgs.callPackage ./diaspora.nix {
    inherit (mylibs) fetchedGithub;
    env = myconfig.env.tools.diaspora;
  };

  root = "/run/current-system/webapps/tools_diaspora";
  cfg = config.services.myWebsites.tools.diaspora;
in {
  options.services.myWebsites.tools.diaspora = {
    enable = lib.mkEnableOption "enable diaspora's website";
  };

  config = lib.mkIf cfg.enable {
    ids.uids.diaspora = myconfig.env.tools.diaspora.user.uid;
    ids.gids.diaspora = myconfig.env.tools.diaspora.user.gid;

    users.users.diaspora = {
      name = "diaspora";
      uid = config.ids.uids.diaspora;
      group = "diaspora";
      description = "Diaspora user";
      home = diaspora.varDir;
      useDefaultShell = true;
      packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ];
      extraGroups = [ "keys" ];
    };

    users.groups.diaspora.gid = config.ids.gids.diaspora;

    mySecrets.keys = diaspora.keys;
    systemd.services.diaspora = {
      description = "Diaspora";
      wantedBy = [ "multi-user.target" ];
      after = [
        "network.target" "redis.service" "postgresql.service"
      ];
      wants = [
        "redis.service" "postgresql.service"
      ];

      environment.RAILS_ENV = "production";
      environment.BUNDLE_PATH = "${diaspora.gems}/${diaspora.gems.ruby.gemPath}";
      environment.BUNDLE_GEMFILE = "${diaspora.gems.confFiles}/Gemfile";
      environment.EYE_SOCK = "${diaspora.socketsDir}/eye.sock";
      environment.EYE_PID = "${diaspora.socketsDir}/eye.pid";

      path = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby pkgs.curl pkgs.which pkgs.gawk ];

      preStart = ''
        ./bin/bundle exec rails db:migrate
      '';

      script = ''
        exec ${diaspora.railsRoot}/script/server
      '';

      serviceConfig = {
        User = "diaspora";
        PrivateTmp = true;
        Restart = "always";
        Type = "simple";
        WorkingDirectory = diaspora.railsRoot;
        StandardInput = "null";
        KillMode = "control-group";
      };

      unitConfig.RequiresMountsFor = diaspora.varDir;
    };

    system.activationScripts.diaspora = {
      deps = [ "users" ];
      text = ''
      install -m 0755 -o diaspora -g diaspora -d ${diaspora.socketsDir}
      install -m 0755 -o diaspora -g diaspora -d ${diaspora.varDir} \
        ${diaspora.varDir}/uploads ${diaspora.varDir}/tmp \
        ${diaspora.varDir}/log
      install -m 0700 -o diaspora -g diaspora -d ${diaspora.varDir}/tmp/pids
      if [ ! -f ${diaspora.varDir}/schedule.yml ]; then
        echo "{}" | $wrapperDir/sudo -u diaspora tee ${diaspora.varDir}/schedule.yml
      fi
      '';
    };

    services.myWebsites.tools.modules = [
      "headers" "proxy" "proxy_http"
    ];
    security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null;
    system.extraSystemBuilderCmds = ''
      mkdir -p $out/webapps
      ln -s ${diaspora.railsRoot}/public/ $out/webapps/tools_diaspora
      '';
    services.myWebsites.tools.vhostConfs.diaspora = {
      certName    = "eldiron";
      hosts       = [ "diaspora.immae.eu" ];
      root        = root;
      extraConfig = [ ''
        RewriteEngine On
        RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
        RewriteRule ^/(.*)$ unix://${diaspora.railsSocket}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L]

        ProxyRequests Off
        ProxyVia On
        ProxyPreserveHost On
        RequestHeader set X_FORWARDED_PROTO https

        <Proxy *>
            Require all granted
        </Proxy>

        <Directory ${root}>
            Require all granted
            Options -MultiViews
        </Directory>
      '' ];
    };
  };
}