virtual/modules/websites/tools/mastodon/mastodon.nix

   1 { checkEnv, fetchedGithub, stdenv, writeText, pkgs, cacert }:
   2 let
   3   varDir = "/var/lib/mastodon_immae";
   4   socketsDir = "/run/mastodon";
   5   # FIXME: use gemsets and nodejs equivalent
   6   mastodon = stdenv.mkDerivation (fetchedGithub ./mastodon.json // rec {
   7     buildPhase = ''
   8       export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
   9       export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
  10
  11       bundle install --deployment --without development test
  12       yarn install --pure-lockfile
  13     '';
  14     installPhase = ''
  15       cp -a . $out
  16     '';
  17     propagatedBuildInputs = with pkgs; [
  18       zlib icu libchardet git bundler yarn
  19       protobuf protobufc libidn libpqxx nodejs
  20       imagemagick ffmpeg libxml2 libxslt pkgconfig
  21       autoconf bison libyaml readline ncurses libffi gdbm
  22       jemalloc which postgresql python3 cacert
  23     ];
  24   });
  25   config =
  26       assert checkEnv "NIXOPS_MASTODON_DB_PASS";
  27       assert checkEnv "NIXOPS_MASTODON_PAPERCLIP_SECRET";
  28       assert checkEnv "NIXOPS_MASTODON_SECRET_KEY_BASE";
  29       assert checkEnv "NIXOPS_MASTODON_OTP_SECRET";
  30       assert checkEnv "NIXOPS_MASTODON_VAPID_PRIVATE_KEY";
  31       assert checkEnv "NIXOPS_MASTODON_VAPID_PUBLIC_KEY";
  32       assert checkEnv "NIXOPS_MASTODON_OTP_SECRET";
  33       assert checkEnv "NIXOPS_MASTODON_LDAP_PASSWORD";
  34       writeText "mastodon_environment" ''
  35     REDIS_HOST=localhost
  36     REDIS_PORT=6379
  37     REDIS_DB=13
  38     DB_HOST=/run/postgresql
  39     DB_USER=mastodon
  40     DB_NAME=mastodon
  41     DB_PASS=${builtins.getEnv "NIXOPS_MASTODON_DB_PASS"}
  42     DB_PORT=5432
  43
  44     LOCAL_DOMAIN=mastodon.immae.eu
  45     LOCAL_HTTPS=true
  46     ALTERNATE_DOMAINS=immae.eu
  47
  48     PAPERCLIP_SECRET=${builtins.getEnv "NIXOPS_MASTODON_PAPERCLIP_SECRET"}
  49     SECRET_KEY_BASE=${builtins.getEnv "NIXOPS_MASTODON_SECRET_KEY_BASE"}
  50     OTP_SECRET=${builtins.getEnv "NIXOPS_MASTODON_OTP_SECRET"}
  51
  52     VAPID_PRIVATE_KEY=${builtins.getEnv "NIXOPS_MASTODON_VAPID_PRIVATE_KEY"}
  53     VAPID_PUBLIC_KEY=${builtins.getEnv "NIXOPS_MASTODON_VAPID_PUBLIC_KEY"}
  54
  55     SMTP_SERVER=mail.immae.eu
  56     SMTP_PORT=587
  57     SMTP_FROM_ADDRESS=notifications@mastodon.immae.eu
  58     SMTP_DELIVERY_METHOD=smtp
  59     PAPERCLIP_ROOT_PATH=${varDir}
  60
  61     STREAMING_CLUSTER_NUM=1
  62
  63     # LDAP authentication (optional)
  64     LDAP_ENABLED=true
  65     LDAP_HOST=ldap.immae.eu
  66     LDAP_PORT=636
  67     LDAP_METHOD=simple_tls
  68     LDAP_BASE="dc=immae,dc=eu"
  69     LDAP_BIND_DN="cn=mastodon,ou=services,dc=immae,dc=eu"
  70     LDAP_PASSWORD="${builtins.getEnv "NIXOPS_MASTODON_LDAP_PASSWORD"}"
  71     LDAP_UID="uid"
  72     LDAP_SEARCH_FILTER="(&(%{uid}=%{email})(memberOf=cn=users,cn=mastodon,ou=services,dc=immae,dc=eu))"
  73     '';
  74
  75     railsRoot = stdenv.mkDerivation {
  76       name = "mastodon_immae";
  77       inherit config mastodon;
  78       builder = writeText "build_mastodon_immae" ''
  79         source $stdenv/setup
  80         set -a
  81         source $config
  82         set +a
  83         cp -a $mastodon $out
  84         cd $out
  85         chmod u+rwX . node_modules public
  86         RAILS_ENV=production bundle exec rails assets:precompile
  87         '';
  88       propagatedBuildInputs = with pkgs; [
  89         zlib icu libchardet git bundler yarn
  90         protobuf protobufc libidn libpqxx nodejs
  91         imagemagick ffmpeg libxml2 libxslt pkgconfig
  92         autoconf bison libyaml readline ncurses libffi gdbm
  93         jemalloc which postgresql python3 cacert
  94       ];
  95     };
  96 in
  97   {
  98     inherit railsRoot config varDir socketsDir;
  99     nodeSocket = "${socketsDir}/live_immae_node.sock";
 100     railsSocket = "${socketsDir}/live_immae_puma.sock";
 101   }