-{ lib, pkgs, config, myconfig, ... }:
+{ lib, pkgs, config, ... }:
let
- env = myconfig.env.tools.diaspora;
- root = "/run/current-system/webapps/tools_diaspora";
+ env = config.myEnv.tools.diaspora;
+ root = "${dcfg.workdir}/public/";
cfg = config.myServices.websites.tools.diaspora;
dcfg = config.services.diaspora;
in {
config = lib.mkIf cfg.enable {
users.users.diaspora.extraGroups = [ "keys" ];
- secrets.keys = [
- {
- dest = "webapps/diaspora/diaspora.yml";
+ secrets.keys = {
+ "webapps/diaspora" = {
+ isDir = true;
+ user = "diaspora";
+ group = "diaspora";
+ permissions = "0500";
+ };
+ "webapps/diaspora/diaspora.yml" = {
user = "diaspora";
group = "diaspora";
permissions = "0400";
environment:
url: "https://diaspora.immae.eu/"
certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt'
- redis: '${env.redis_url}'
+ redis: 'redis://${env.redis.host}:${env.redis.port}/${env.redis.db}'
sidekiq:
s3:
assets:
inbound:
ldap:
enable: true
- host: ldap.immae.eu
+ host: ${env.ldap.host}
port: 636
only_ldap: true
mail_attribute: mail
skip_email_confirmation: true
use_bind_dn: true
- bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu"
+ bind_dn: "${env.ldap.dn}"
bind_pw: "${env.ldap.password}"
- search_base: "dc=immae,dc=eu"
- search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))"
+ search_base: "${env.ldap.base}"
+ search_filter: "${env.ldap.filter}"
production:
environment:
development:
environment:
'';
- }
- {
- dest = "webapps/diaspora/database.yml";
+ };
+ "webapps/diaspora/database.yml" = {
user = "diaspora";
group = "diaspora";
permissions = "0400";
<<: *combined
database: diaspora_integration2
'';
- }
- {
- dest = "webapps/diaspora/secret_token.rb";
+ };
+ "webapps/diaspora/secret_token.rb" = {
user = "diaspora";
group = "diaspora";
permissions = "0400";
text = ''
Diaspora::Application.config.secret_key_base = '${env.secret_token}'
'';
- }
- ];
+ };
+ };
services.diaspora = {
enable = true;
package = pkgs.webapps.diaspora.override { ldap = true; };
dataDir = "/var/lib/diaspora_immae";
adminEmail = "diaspora@tools.immae.eu";
- configDir = "/var/secrets/webapps/diaspora";
+ configDir = config.secrets.fullPaths."webapps/diaspora";
};
services.filesWatcher.diaspora = {
paths = [ dcfg.configDir ];
};
- services.websites.tools.modules = [
+ services.websites.env.tools.modules = [
"headers" "proxy" "proxy_http"
];
- system.extraSystemBuilderCmds = ''
- mkdir -p $out/webapps
- ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora
- '';
- services.websites.tools.vhostConfs.diaspora = {
+ services.websites.env.tools.vhostConfs.diaspora = {
certName = "eldiron";
addToCerts = true;
hosts = [ "diaspora.immae.eu" ];