+++ /dev/null
-{ lib, pkgs, config, ... }:
-let
- env = config.myEnv.tools.diaspora;
- root = "${dcfg.workdir}/public/";
- cfg = config.myServices.websites.tools.diaspora;
- dcfg = config.services.diaspora;
-in {
- options.myServices.websites.tools.diaspora = {
- enable = lib.mkEnableOption "enable diaspora's website";
- };
-
- config = lib.mkIf cfg.enable {
- users.users.diaspora.extraGroups = [ "keys" ];
-
- secrets.keys = {
- "webapps/diaspora" = {
- isDir = true;
- user = "diaspora";
- group = "diaspora";
- permissions = "0500";
- };
- "webapps/diaspora/diaspora.yml" = {
- user = "diaspora";
- group = "diaspora";
- permissions = "0400";
- text = ''
- configuration:
- environment:
- url: "https://diaspora.immae.eu/"
- certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt'
- redis: 'redis://${env.redis.host}:${env.redis.port}/${env.redis.db}'
- sidekiq:
- s3:
- assets:
- logging:
- logrotate:
- debug:
- server:
- listen: '${dcfg.sockets.rails}'
- rails_environment: 'production'
- chat:
- server:
- bosh:
- log:
- map:
- mapbox:
- privacy:
- piwik:
- statistics:
- camo:
- settings:
- enable_registrations: false
- welcome_message:
- invitations:
- open: false
- paypal_donations:
- community_spotlight:
- captcha:
- enable: false
- terms:
- maintenance:
- remove_old_users:
- default_metas:
- csp:
- services:
- twitter:
- tumblr:
- wordpress:
- mail:
- enable: true
- sender_address: 'diaspora@tools.immae.eu'
- method: 'sendmail'
- smtp:
- sendmail:
- location: '/run/wrappers/bin/sendmail'
- admins:
- account: "ismael"
- podmin_email: 'diaspora@tools.immae.eu'
- relay:
- outbound:
- inbound:
- ldap:
- enable: true
- host: ${env.ldap.host}
- port: 636
- only_ldap: true
- mail_attribute: mail
- skip_email_confirmation: true
- use_bind_dn: true
- bind_dn: "${env.ldap.dn}"
- bind_pw: "${env.ldap.password}"
- search_base: "${env.ldap.base}"
- search_filter: "${env.ldap.filter}"
- production:
- environment:
- development:
- environment:
- '';
- };
- "webapps/diaspora/database.yml" = {
- user = "diaspora";
- group = "diaspora";
- permissions = "0400";
- text = ''
- postgresql: &postgresql
- adapter: postgresql
- host: "${env.postgresql.socket}"
- port: "${env.postgresql.port}"
- username: "${env.postgresql.user}"
- password: "${env.postgresql.password}"
- encoding: unicode
- common: &common
- <<: *postgresql
- combined: &combined
- <<: *common
- development:
- <<: *combined
- database: diaspora_development
- production:
- <<: *combined
- database: ${env.postgresql.database}
- test:
- <<: *combined
- database: "diaspora_test"
- integration1:
- <<: *combined
- database: diaspora_integration1
- integration2:
- <<: *combined
- database: diaspora_integration2
- '';
- };
- "webapps/diaspora/secret_token.rb" = {
- user = "diaspora";
- group = "diaspora";
- permissions = "0400";
- text = ''
- Diaspora::Application.config.secret_key_base = '${env.secret_token}'
- '';
- };
- };
-
- services.diaspora = {
- enable = true;
- package = pkgs.webapps.diaspora.override { ldap = true; };
- dataDir = "/var/lib/diaspora_immae";
- adminEmail = "diaspora@tools.immae.eu";
- configDir = config.secrets.fullPaths."webapps/diaspora";
- };
-
- services.filesWatcher.diaspora = {
- restart = true;
- paths = [ dcfg.configDir ];
- };
-
- services.websites.env.tools.modules = [
- "headers" "proxy" "proxy_http"
- ];
- services.websites.env.tools.vhostConfs.diaspora = {
- certName = "eldiron";
- addToCerts = true;
- hosts = [ "diaspora.immae.eu" ];
- root = root;
- extraConfig = [ ''
- RewriteEngine On
- RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
- RewriteRule ^/(.*)$ unix://${dcfg.sockets.rails}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L]
-
- ProxyRequests Off
- ProxyVia On
- ProxyPreserveHost On
- RequestHeader set X_FORWARDED_PROTO https
-
- <Proxy *>
- Require all granted
- </Proxy>
-
- <Directory ${root}>
- Require all granted
- Options -MultiViews
- </Directory>
- '' ];
- };
- };
-}
projects / perso / Immae / Config / Nix.git / blobdiff