1 { checkEnv, fetchedGithub, stdenv, writeText, pkgs, cacert }:
3 varDir = "/var/lib/mastodon_immae";
4 socketsDir = "/run/mastodon";
5 # FIXME: use gemsets and nodejs equivalent
6 mastodon = stdenv.mkDerivation (fetchedGithub ./mastodon.json // rec {
8 export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
9 export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
11 bundle install --deployment --without development test
12 yarn install --pure-lockfile
17 propagatedBuildInputs = with pkgs; [
18 zlib icu libchardet git bundler yarn
19 protobuf protobufc libidn libpqxx nodejs
20 imagemagick ffmpeg libxml2 libxslt pkgconfig
21 autoconf bison libyaml readline ncurses libffi gdbm
22 jemalloc which postgresql python3 cacert
26 assert checkEnv "NIXOPS_MASTODON_DB_PASS";
27 assert checkEnv "NIXOPS_MASTODON_PAPERCLIP_SECRET";
28 assert checkEnv "NIXOPS_MASTODON_SECRET_KEY_BASE";
29 assert checkEnv "NIXOPS_MASTODON_OTP_SECRET";
30 assert checkEnv "NIXOPS_MASTODON_VAPID_PRIVATE_KEY";
31 assert checkEnv "NIXOPS_MASTODON_VAPID_PUBLIC_KEY";
32 assert checkEnv "NIXOPS_MASTODON_OTP_SECRET";
33 assert checkEnv "NIXOPS_MASTODON_LDAP_PASSWORD";
34 writeText "mastodon_environment" ''
38 DB_HOST=/run/postgresql
41 DB_PASS=${builtins.getEnv "NIXOPS_MASTODON_DB_PASS"}
44 LOCAL_DOMAIN=mastodon.immae.eu
46 ALTERNATE_DOMAINS=immae.eu
48 PAPERCLIP_SECRET=${builtins.getEnv "NIXOPS_MASTODON_PAPERCLIP_SECRET"}
49 SECRET_KEY_BASE=${builtins.getEnv "NIXOPS_MASTODON_SECRET_KEY_BASE"}
50 OTP_SECRET=${builtins.getEnv "NIXOPS_MASTODON_OTP_SECRET"}
52 VAPID_PRIVATE_KEY=${builtins.getEnv "NIXOPS_MASTODON_VAPID_PRIVATE_KEY"}
53 VAPID_PUBLIC_KEY=${builtins.getEnv "NIXOPS_MASTODON_VAPID_PUBLIC_KEY"}
55 SMTP_SERVER=mail.immae.eu
57 SMTP_FROM_ADDRESS=notifications@mastodon.immae.eu
58 SMTP_DELIVERY_METHOD=smtp
59 PAPERCLIP_ROOT_PATH=${varDir}
61 STREAMING_CLUSTER_NUM=1
63 # LDAP authentication (optional)
65 LDAP_HOST=ldap.immae.eu
67 LDAP_METHOD=simple_tls
68 LDAP_BASE="dc=immae,dc=eu"
69 LDAP_BIND_DN="cn=mastodon,ou=services,dc=immae,dc=eu"
70 LDAP_PASSWORD="${builtins.getEnv "NIXOPS_MASTODON_LDAP_PASSWORD"}"
72 LDAP_SEARCH_FILTER="(&(%{uid}=%{email})(memberOf=cn=users,cn=mastodon,ou=services,dc=immae,dc=eu))"
75 railsRoot = stdenv.mkDerivation {
76 name = "mastodon_immae";
77 inherit config mastodon;
78 builder = writeText "build_mastodon_immae" ''
85 chmod u+rwX . node_modules public
86 RAILS_ENV=production bundle exec rails assets:precompile
88 propagatedBuildInputs = with pkgs; [
89 zlib icu libchardet git bundler yarn
90 protobuf protobufc libidn libpqxx nodejs
91 imagemagick ffmpeg libxml2 libxslt pkgconfig
92 autoconf bison libyaml readline ncurses libffi gdbm
93 jemalloc which postgresql python3 cacert
98 inherit railsRoot config varDir socketsDir;
99 nodeSocket = "${socketsDir}/live_immae_node.sock";
100 railsSocket = "${socketsDir}/live_immae_puma.sock";