{ lib, pkgs, config, myconfig, mylibs, ... }:
let
- varDir = "/var/lib/diaspora_immae";
-
- diaspora = pkgs.webapps.diaspora.override {
- ldap = true;
- inherit varDir;
- podmin_email = "diaspora@tools.immae.eu";
- config_dir = "/var/secrets/webapps/diaspora";
- };
-
- railsSocket = "${socketsDir}/diaspora.sock";
- socketsDir = "/run/diaspora";
env = myconfig.env.tools.diaspora;
root = "/run/current-system/webapps/tools_diaspora";
cfg = config.services.myWebsites.tools.diaspora;
+ dcfg = config.services.diaspora;
in {
options.services.myWebsites.tools.diaspora = {
enable = lib.mkEnableOption "enable diaspora's website";
};
config = lib.mkIf cfg.enable {
- ids.uids.diaspora = env.user.uid;
- ids.gids.diaspora = env.user.gid;
-
- users.users.diaspora = {
- name = "diaspora";
- uid = config.ids.uids.diaspora;
- group = "diaspora";
- description = "Diaspora user";
- home = varDir;
- useDefaultShell = true;
- packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ];
- extraGroups = [ "keys" ];
- };
+ users.users.diaspora.extraGroups = [ "keys" ];
- users.groups.diaspora.gid = config.ids.gids.diaspora;
secrets.keys = [
{
dest = "webapps/diaspora/diaspora.yml";
logrotate:
debug:
server:
- listen: '${socketsDir}/diaspora.sock'
+ listen: '${dcfg.sockets.rails}'
rails_environment: 'production'
chat:
server:
}
];
- systemd.services.diaspora = {
- description = "Diaspora";
- wantedBy = [ "multi-user.target" ];
- after = [
- "network.target" "redis.service" "postgresql.service"
- ];
- wants = [
- "redis.service" "postgresql.service"
- ];
-
- environment.RAILS_ENV = "production";
- environment.BUNDLE_PATH = "${diaspora.gems}/${diaspora.gems.ruby.gemPath}";
- environment.BUNDLE_GEMFILE = "${diaspora.gems.confFiles}/Gemfile";
- environment.EYE_SOCK = "${socketsDir}/eye.sock";
- environment.EYE_PID = "${socketsDir}/eye.pid";
-
- path = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby pkgs.curl pkgs.which pkgs.gawk ];
-
- preStart = ''
- ./bin/bundle exec rails db:migrate
- '';
-
- script = ''
- exec ${diaspora}/script/server
- '';
-
- serviceConfig = {
- User = "diaspora";
- PrivateTmp = true;
- Restart = "always";
- Type = "simple";
- WorkingDirectory = diaspora;
- StandardInput = "null";
- KillMode = "control-group";
- };
-
- unitConfig.RequiresMountsFor = varDir;
- };
-
- system.activationScripts.diaspora = {
- deps = [ "users" ];
- text = ''
- install -m 0755 -o diaspora -g diaspora -d ${socketsDir}
- install -m 0755 -o diaspora -g diaspora -d ${varDir} \
- ${varDir}/uploads ${varDir}/tmp \
- ${varDir}/log
- install -m 0700 -o diaspora -g diaspora -d ${varDir}/tmp/pids
- if [ ! -f ${varDir}/schedule.yml ]; then
- echo "{}" | $wrapperDir/sudo -u diaspora tee ${varDir}/schedule.yml
- fi
- '';
+ services.diaspora = {
+ enable = true;
+ package = pkgs.webapps.diaspora.override { ldap = true; };
+ dataDir = "/var/lib/diaspora_immae";
+ adminEmail = "diaspora@tools.immae.eu";
+ configDir = "/var/secrets/webapps/diaspora";
};
services.myWebsites.tools.modules = [
security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null;
system.extraSystemBuilderCmds = ''
mkdir -p $out/webapps
- ln -s ${diaspora}/public/ $out/webapps/tools_diaspora
+ ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora
'';
services.myWebsites.tools.vhostConfs.diaspora = {
certName = "eldiron";
extraConfig = [ ''
RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
- RewriteRule ^/(.*)$ unix://${railsSocket}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L]
+ RewriteRule ^/(.*)$ unix://${dcfg.sockets.rails}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L]
ProxyRequests Off
ProxyVia On
projects / perso / Immae / Config / Nix.git / blobdiff