{ checkEnv, fetchedGithub, stdenv, defaultGemConfig, writeText, bundlerEnv, ruby_2_4, pkgs, cacert }: let gems = bundlerEnv { name = "diaspora-env"; ruby = ruby_2_4; gemdir = ./.; # FIXME: it fails if I don’t include all groups #groups = [ "default" "postgresql" "production" "development" "test" ]; # Had to remove them from gemset.nix, and remove mysql2 # Also had to "ungroup" pg in Gemfile gemConfig = defaultGemConfig // { kostya-sigar = attrs: { buildInputs = with pkgs; [ pkgs.perl ]; }; }; }; varDir = "/var/lib/diaspora_immae"; socketsDir = "/run/diaspora"; buildInputs = [ gems ] ++ (with pkgs; [ git redis imagemagick libxslt nodejs jemalloc cacert ruby_2_4 openssl postgresql curl libnghttp2 pkgconfig which ]); diaspora = stdenv.mkDerivation (fetchedGithub ./diaspora.json // rec { buildPhase = '' export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt patch -p1 < ${./ldap.patch} ''; installPhase = '' cp -a . $out ''; propagatedBuildInputs = buildInputs; }); secret_token = assert checkEnv "NIXOPS_DIASPORA_SECRET_TOKEN"; writeText "secret_token.rb" '' Diaspora::Application.config.secret_key_base = '${builtins.getEnv "NIXOPS_DIASPORA_SECRET_TOKEN"}' ''; config = assert checkEnv "NIXOPS_DIASPORA_LDAP_PASSWORD"; writeText "diaspora.yml" '' configuration: environment: url: "https://diaspora.immae.eu/" certificate_authorities: '/etc/ssl/certs/ca-certificates.crt' redis: 'redis://localhost:6379/15' sidekiq: s3: assets: logging: logrotate: debug: server: listen: '${socketsDir}/diaspora.sock' rails_environment: 'production' chat: server: bosh: log: map: mapbox: privacy: piwik: statistics: camo: settings: enable_registrations: false welcome_message: invitations: open: false paypal_donations: community_spotlight: captcha: enable: false terms: maintenance: remove_old_users: default_metas: csp: services: twitter: tumblr: wordpress: mail: enable: true sender_address: 'diaspora@immae.eu' method: 'smtp' smtp: host: 'mail.immae.eu' sendmail: admins: account: "ismael" podmin_email: 'diaspora@immae.eu' relay: outbound: inbound: ldap: enable: true host: ldap.immae.eu port: 636 only_ldap: true mail_attribute: mail skip_email_confirmation: true use_bind_dn: true bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu" bind_pw: "${builtins.getEnv "NIXOPS_DIASPORA_LDAP_PASSWORD"}" search_base: "dc=immae,dc=eu" search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))" production: environment: development: environment: ''; database_config = assert checkEnv "NIXOPS_DIASPORA_SQL_PASSWORD"; writeText "database.yml" '' postgresql: &postgresql adapter: postgresql host: db-1.immae.eu port: 5432 username: "diaspora" password: "${builtins.getEnv "NIXOPS_DIASPORA_SQL_PASSWORD"}" encoding: unicode common: &common <<: *postgresql combined: &combined <<: *common development: <<: *combined database: diaspora_development production: <<: *combined database: diaspora test: <<: *combined database: "diaspora_test" integration1: <<: *combined database: diaspora_integration1 integration2: <<: *combined database: diaspora_integration2 ''; railsRoot = stdenv.mkDerivation { name = "diaspora_immae"; inherit diaspora; builder = writeText "build_diaspora_immae" '' source $stdenv/setup cp -a $diaspora $out cd $out chmod -R u+rwX . tar -czf public/source.tar.gz ./{app,db,lib,script,Gemfile,Gemfile.lock,Rakefile,config.ru} ln -s ${database_config} config/database.yml ln -s ${config} config/diaspora.yml ln -s ${secret_token} config/initializers/secret_token.rb ln -sf ../../../../../../${varDir}/schedule.yml config/schedule.yml ln -sf ../../../../../../${varDir}/oidc_key.pem config/oidc_key.pem ln -sf ../../../../../../${varDir}/uploads public/uploads RAILS_ENV=production ${gems}/bin/rake assets:precompile rm -rf tmp log ln -sf ../../../../../${varDir}/tmp tmp ln -sf ../../../../../${varDir}/log log ''; propagatedBuildInputs = buildInputs; }; in { inherit railsRoot varDir socketsDir gems; railsSocket = "${socketsDir}/diaspora.sock"; }