virtual/modules/websites/tools/mastodon/mastodon.nix

   1 { checkEnv, fetchedGithub, stdenv, writeText, pkgs, cacert }:
   2 let
   3   varDir = "/var/lib/mastodon_immae";
   4   socketsDir = "/run/mastodon";
   5   mastodon = stdenv.mkDerivation (fetchedGithub ./mastodon.json // rec {
   6     buildPhase = ''
   7       export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
   8       export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
   9
  10       bundle install --deployment --without development test
  11       yarn install --pure-lockfile
  12     '';
  13     installPhase = ''
  14       cp -a . $out
  15     '';
  16     propagatedBuildInputs = with pkgs; [
  17       zlib icu libchardet git bundler yarn
  18       protobuf protobufc libidn libpqxx nodejs
  19       imagemagick ffmpeg libxml2 libxslt pkgconfig
  20       autoconf bison libyaml readline ncurses libffi gdbm
  21       jemalloc which postgresql python3 cacert
  22     ];
  23   });
  24   config =
  25       assert checkEnv "NIXOPS_MASTODON_DB_PASS";
  26       assert checkEnv "NIXOPS_MASTODON_PAPERCLIP_SECRET";
  27       assert checkEnv "NIXOPS_MASTODON_SECRET_KEY_BASE";
  28       assert checkEnv "NIXOPS_MASTODON_OTP_SECRET";
  29       assert checkEnv "NIXOPS_MASTODON_VAPID_PRIVATE_KEY";
  30       assert checkEnv "NIXOPS_MASTODON_VAPID_PUBLIC_KEY";
  31       assert checkEnv "NIXOPS_MASTODON_OTP_SECRET";
  32       assert checkEnv "NIXOPS_MASTODON_LDAP_PASSWORD";
  33       writeText "mastodon_environment" ''
  34     REDIS_HOST=localhost
  35     REDIS_PORT=6379
  36     REDIS_DB=13
  37     DB_HOST=/run/postgresql
  38     DB_USER=mastodon
  39     DB_NAME=mastodon
  40     DB_PASS=${builtins.getEnv "NIXOPS_MASTODON_DB_PASS"}
  41     DB_PORT=5432
  42
  43     LOCAL_DOMAIN=mastodon.immae.eu
  44     LOCAL_HTTPS=true
  45     ALTERNATE_DOMAINS=immae.eu
  46
  47     PAPERCLIP_SECRET=${builtins.getEnv "NIXOPS_MASTODON_PAPERCLIP_SECRET"}
  48     SECRET_KEY_BASE=${builtins.getEnv "NIXOPS_MASTODON_SECRET_KEY_BASE"}
  49     OTP_SECRET=${builtins.getEnv "NIXOPS_MASTODON_OTP_SECRET"}
  50
  51     VAPID_PRIVATE_KEY=${builtins.getEnv "NIXOPS_MASTODON_VAPID_PRIVATE_KEY"}
  52     VAPID_PUBLIC_KEY=${builtins.getEnv "NIXOPS_MASTODON_VAPID_PUBLIC_KEY"}
  53
  54     SMTP_SERVER=mail.immae.eu
  55     SMTP_PORT=587
  56     SMTP_FROM_ADDRESS=notifications@mastodon.immae.eu
  57     SMTP_DELIVERY_METHOD=smtp
  58     PAPERCLIP_ROOT_PATH=${varDir}
  59
  60     STREAMING_CLUSTER_NUM=1
  61
  62     # LDAP authentication (optional)
  63     LDAP_ENABLED=true
  64     LDAP_HOST=ldap.immae.eu
  65     LDAP_PORT=636
  66     LDAP_METHOD=simple_tls
  67     LDAP_BASE="dc=immae,dc=eu"
  68     LDAP_BIND_DN="cn=mastodon,ou=services,dc=immae,dc=eu"
  69     LDAP_PASSWORD="${builtins.getEnv "NIXOPS_MASTODON_LDAP_PASSWORD"}"
  70     LDAP_UID="uid"
  71     LDAP_SEARCH_FILTER="(&(%{uid}=%{email})(memberOf=cn=users,cn=mastodon,ou=services,dc=immae,dc=eu))"
  72     '';
  73
  74     railsRoot = stdenv.mkDerivation {
  75       name = "mastodon_immae";
  76       inherit config mastodon;
  77       builder = writeText "build_mastodon_immae" ''
  78         source $stdenv/setup
  79         set -a
  80         source $config
  81         set +a
  82         cp -a $mastodon $out
  83         cd $out
  84         chmod u+rwX . node_modules public
  85         RAILS_ENV=production bundle exec rails assets:precompile
  86         '';
  87       propagatedBuildInputs = with pkgs; [
  88         zlib icu libchardet git bundler yarn
  89         protobuf protobufc libidn libpqxx nodejs
  90         imagemagick ffmpeg libxml2 libxslt pkgconfig
  91         autoconf bison libyaml readline ncurses libffi gdbm
  92         jemalloc which postgresql python3 cacert
  93       ];
  94     };
  95 in
  96   {
  97     inherit railsRoot config varDir socketsDir;
  98     nodeSocket = "${socketsDir}/live_immae_node.sock";
  99     railsSocket = "${socketsDir}/live_immae_puma.sock";
 100   }