]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - virtual/modules/websites/tools/diaspora/diaspora.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add diaspora services
[perso/Immae/Config/Nix.git] / virtual / modules / websites / tools / diaspora / diaspora.nix
1 { checkEnv, fetchedGithub, stdenv, defaultGemConfig, writeText, bundlerEnv, ruby_2_4, pkgs, cacert }:
2 let
3 gems = bundlerEnv {
4 name = "diaspora-env";
5 ruby = ruby_2_4;
6 gemdir = ./.;
7 # FIXME: it fails if I don’t include all groups
8 #groups = [ "default" "postgresql" "production" "development" "test" ];
9 # Had to remove them from gemset.nix, and remove mysql2
10 # Also had to "ungroup" pg in Gemfile
11 gemConfig = defaultGemConfig // {
12 kostya-sigar = attrs: {
13 buildInputs = with pkgs; [ pkgs.perl ];
14 };
15 };
16 };
17 varDir = "/var/lib/diaspora_immae";
18 socketsDir = "/run/diaspora";
19 buildInputs = [ gems ] ++ (with pkgs; [
20 git redis imagemagick libxslt nodejs
21 jemalloc cacert ruby_2_4
22 openssl postgresql curl libnghttp2
23 pkgconfig which
24 ]);
25 diaspora = stdenv.mkDerivation (fetchedGithub ./diaspora.json // rec {
26 buildPhase = ''
27 export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
28 export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
29
30 patch -p1 < ${./ldap.patch}
31 '';
32 installPhase = ''
33 cp -a . $out
34 '';
35 propagatedBuildInputs = buildInputs;
36 });
37 secret_token = assert checkEnv "NIXOPS_DIASPORA_SECRET_TOKEN";
38 writeText "secret_token.rb" ''
39 Diaspora::Application.config.secret_key_base = '${builtins.getEnv "NIXOPS_DIASPORA_SECRET_TOKEN"}'
40 '';
41 config =
42 assert checkEnv "NIXOPS_DIASPORA_LDAP_PASSWORD";
43 writeText "diaspora.yml" ''
44 configuration:
45 environment:
46 url: "https://diaspora.immae.eu/"
47 certificate_authorities: '/etc/ssl/certs/ca-certificates.crt'
48 redis: 'redis://localhost:6379/15'
49 sidekiq:
50 s3:
51 assets:
52 logging:
53 logrotate:
54 debug:
55 server:
56 listen: '${socketsDir}/diaspora.sock'
57 rails_environment: 'production'
58 chat:
59 server:
60 bosh:
61 log:
62 map:
63 mapbox:
64 privacy:
65 piwik:
66 statistics:
67 camo:
68 settings:
69 enable_registrations: false
70 welcome_message:
71 invitations:
72 open: false
73 paypal_donations:
74 community_spotlight:
75 captcha:
76 enable: false
77 terms:
78 maintenance:
79 remove_old_users:
80 default_metas:
81 csp:
82 services:
83 twitter:
84 tumblr:
85 wordpress:
86 mail:
87 enable: true
88 sender_address: 'diaspora@immae.eu'
89 method: 'smtp'
90 smtp:
91 host: 'mail.immae.eu'
92 sendmail:
93 admins:
94 account: "ismael"
95 podmin_email: 'diaspora@immae.eu'
96 relay:
97 outbound:
98 inbound:
99 ldap:
100 enable: true
101 host: ldap.immae.eu
102 port: 636
103 only_ldap: true
104 mail_attribute: mail
105 skip_email_confirmation: true
106 use_bind_dn: true
107 bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu"
108 bind_pw: "${builtins.getEnv "NIXOPS_DIASPORA_LDAP_PASSWORD"}"
109 search_base: "dc=immae,dc=eu"
110 search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))"
111 production:
112 environment:
113 development:
114 environment:
115 '';
116 database_config =
117 assert checkEnv "NIXOPS_DIASPORA_SQL_PASSWORD";
118 writeText "database.yml" ''
119 postgresql: &postgresql
120 adapter: postgresql
121 host: db-1.immae.eu
122 port: 5432
123 username: "diaspora"
124 password: "${builtins.getEnv "NIXOPS_DIASPORA_SQL_PASSWORD"}"
125 encoding: unicode
126 common: &common
127 <<: *postgresql
128 combined: &combined
129 <<: *common
130 development:
131 <<: *combined
132 database: diaspora_development
133 production:
134 <<: *combined
135 database: diaspora
136 test:
137 <<: *combined
138 database: "diaspora_test"
139 integration1:
140 <<: *combined
141 database: diaspora_integration1
142 integration2:
143 <<: *combined
144 database: diaspora_integration2
145 '';
146
147 railsRoot = stdenv.mkDerivation {
148 name = "diaspora_immae";
149 inherit diaspora;
150 builder = writeText "build_diaspora_immae" ''
151 source $stdenv/setup
152 cp -a $diaspora $out
153 cd $out
154 chmod -R u+rwX .
155 tar -czf public/source.tar.gz ./{app,db,lib,script,Gemfile,Gemfile.lock,Rakefile,config.ru}
156 ln -s ${database_config} config/database.yml
157 ln -s ${config} config/diaspora.yml
158 ln -s ${secret_token} config/initializers/secret_token.rb
159 ln -sf ../../../../../../${varDir}/schedule.yml config/schedule.yml
160 ln -sf ../../../../../../${varDir}/oidc_key.pem config/oidc_key.pem
161 ln -sf ../../../../../../${varDir}/uploads public/uploads
162 RAILS_ENV=production ${gems}/bin/rake assets:precompile
163 rm -rf tmp log
164 ln -sf ../../../../../${varDir}/tmp tmp
165 ln -sf ../../../../../${varDir}/log log
166 '';
167 propagatedBuildInputs = buildInputs;
168 };
169 in
170 {
171 inherit railsRoot varDir socketsDir gems;
172 railsSocket = "${socketsDir}/diaspora.sock";
173 }
My infrastructure configuration