]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - virtual/modules/websites/tools/diaspora/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add diaspora services
[perso/Immae/Config/Nix.git] / virtual / modules / websites / tools / diaspora / default.nix
1 { lib, pkgs, config, mylibs, ... }:
2 let
3 diaspora = pkgs.callPackage ./diaspora.nix {
4 inherit (mylibs) fetchedGithub checkEnv;
5 };
6
7 cfg = config.services.myWebsites.tools.diaspora;
8 in {
9 options.services.myWebsites.tools.diaspora = {
10 enable = lib.mkEnableOption "enable diaspora's website";
11 };
12
13 config = lib.mkIf cfg.enable {
14 # FIXME: Can we use dynamic users from systemd?
15 # nixos/modules/misc/ids.nix
16 ids.uids.diaspora = 398;
17 ids.gids.diaspora = 398;
18
19 users.users.diaspora = {
20 name = "diaspora";
21 uid = config.ids.uids.diaspora;
22 group = "diaspora";
23 description = "Diaspora user";
24 home = diaspora.railsRoot;
25 useDefaultShell = true;
26 packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ];
27 };
28
29 users.groups.diaspora.gid = config.ids.gids.diaspora;
30
31 systemd.services.diaspora = {
32 description = "Diaspora";
33 wantedBy = [ "multi-user.target" ];
34 after = [ "network.target" "redis.service" "postgresql.service" ];
35 wants = [ "redis.service" "postgresql.service" ];
36
37 environment.RAILS_ENV = "production";
38 environment.BUNDLE_PATH = "${diaspora.gems}/lib/ruby/gems/2.4.0";
39 environment.BUNDLE_GEMFILE = "${diaspora.gems.confFiles}/Gemfile";
40 environment.EYE_SOCK = "${diaspora.socketsDir}/eye.sock";
41 environment.EYE_PID = "${diaspora.socketsDir}/eye.pid";
42
43 path = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby pkgs.curl pkgs.which pkgs.gawk ];
44
45 preStart = ''
46 ./bin/bundle exec rails db:migrate
47 '';
48
49 script = ''
50 exec ${diaspora.railsRoot}/script/server
51 '';
52
53 serviceConfig = {
54 User = "diaspora";
55 PrivateTmp = true;
56 Restart = "always";
57 Type = "simple";
58 WorkingDirectory = diaspora.railsRoot;
59 StandardInput = "null";
60 KillMode = "control-group";
61 };
62
63 unitConfig.RequiresMountsFor = diaspora.varDir;
64 };
65
66 # FIXME: initial sync
67 # FIXME: touch ${diaspora.varDir}/schedule.yml
68 system.activationScripts.diaspora = {
69 deps = [ "users" ];
70 text = ''
71 install -m 0755 -o diaspora -g diaspora -d ${diaspora.socketsDir}
72 install -m 0755 -o diaspora -g diaspora -d ${diaspora.varDir} \
73 ${diaspora.varDir}/uploads ${diaspora.varDir}/tmp \
74 ${diaspora.varDir}/log
75 install -m 0700 -o diaspora -g diaspora -d ${diaspora.varDir}/tmp/pids
76 if [ ! -f ${diaspora.varDir}/schedule.yml ]; then
77 echo "{}" | $wrapperDir/sudo -u diaspora tee ${diaspora.varDir}/schedule.yml
78 fi
79 '';
80 };
81
82 services.myWebsites.tools.modules = [
83 "headers" "proxy" "proxy_http" "proxy_balancer"
84 # FIXME: probably only one balancer method is needed:
85 "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat"
86 ];
87 security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null;
88 services.myWebsites.tools.vhostConfs.diaspora = {
89 certName = "eldiron";
90 hosts = [ "diaspora.immae.eu" ];
91 root = "${diaspora.railsRoot}/public/";
92 extraConfig = [ ''
93 RewriteEngine On
94 RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
95 RewriteRule ^/(.*)$ balancer://thinservers%{REQUEST_URI} [P,QSA,L]
96
97 <Proxy balancer://thinservers>
98 BalancerMember unix://${diaspora.railsSocket}|http://
99 </Proxy>
100
101 ProxyRequests Off
102 ProxyVia On
103 ProxyPreserveHost On
104 RequestHeader set X_FORWARDED_PROTO https
105
106 <Proxy *>
107 Require all granted
108 </Proxy>
109
110 <Directory ${diaspora.railsRoot}/public>
111 Require all granted
112 Options -MultiViews
113 </Directory>
114 '' ];
115 };
116 };
117 }
My infrastructure configuration