--- /dev/null
+{ lib, pkgs, config, myconfig, mylibs, ... }:
+let
+ diaspora = pkgs.callPackage ./diaspora.nix {
+ inherit (mylibs) fetchedGithub;
+ env = myconfig.env.tools.diaspora;
+ };
+
+ cfg = config.services.myWebsites.tools.diaspora;
+in {
+ options.services.myWebsites.tools.diaspora = {
+ enable = lib.mkEnableOption "enable diaspora's website";
+ };
+
+ config = lib.mkIf cfg.enable {
+ ids.uids.diaspora = 398;
+ ids.gids.diaspora = 398;
+
+ users.users.diaspora = {
+ name = "diaspora";
+ uid = config.ids.uids.diaspora;
+ group = "diaspora";
+ description = "Diaspora user";
+ home = diaspora.railsRoot;
+ useDefaultShell = true;
+ packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ];
+ };
+
+ users.groups.diaspora.gid = config.ids.gids.diaspora;
+
+ systemd.services.diaspora = {
+ description = "Diaspora";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" "redis.service" "postgresql.service" ];
+ wants = [ "redis.service" "postgresql.service" ];
+
+ environment.RAILS_ENV = "production";
+ environment.BUNDLE_PATH = "${diaspora.gems}/${diaspora.gems.ruby.gemPath}";
+ environment.BUNDLE_GEMFILE = "${diaspora.gems.confFiles}/Gemfile";
+ environment.EYE_SOCK = "${diaspora.socketsDir}/eye.sock";
+ environment.EYE_PID = "${diaspora.socketsDir}/eye.pid";
+
+ path = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby pkgs.curl pkgs.which pkgs.gawk ];
+
+ preStart = ''
+ ./bin/bundle exec rails db:migrate
+ '';
+
+ script = ''
+ exec ${diaspora.railsRoot}/script/server
+ '';
+
+ serviceConfig = {
+ User = "diaspora";
+ PrivateTmp = true;
+ Restart = "always";
+ Type = "simple";
+ WorkingDirectory = diaspora.railsRoot;
+ StandardInput = "null";
+ KillMode = "control-group";
+ };
+
+ unitConfig.RequiresMountsFor = diaspora.varDir;
+ };
+
+ system.activationScripts.diaspora = {
+ deps = [ "users" ];
+ text = ''
+ install -m 0755 -o diaspora -g diaspora -d ${diaspora.socketsDir}
+ install -m 0755 -o diaspora -g diaspora -d ${diaspora.varDir} \
+ ${diaspora.varDir}/uploads ${diaspora.varDir}/tmp \
+ ${diaspora.varDir}/log
+ install -m 0700 -o diaspora -g diaspora -d ${diaspora.varDir}/tmp/pids
+ if [ ! -f ${diaspora.varDir}/schedule.yml ]; then
+ echo "{}" | $wrapperDir/sudo -u diaspora tee ${diaspora.varDir}/schedule.yml
+ fi
+ '';
+ };
+
+ services.myWebsites.tools.modules = [
+ "headers" "proxy" "proxy_http" "proxy_balancer"
+ "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat"
+ ];
+ security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null;
+ services.myWebsites.tools.vhostConfs.diaspora = {
+ certName = "eldiron";
+ hosts = [ "diaspora.immae.eu" ];
+ root = "${diaspora.railsRoot}/public/";
+ extraConfig = [ ''
+ RewriteEngine On
+ RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
+ RewriteRule ^/(.*)$ balancer://thinservers%{REQUEST_URI} [P,QSA,L]
+
+ <Proxy balancer://thinservers>
+ BalancerMember unix://${diaspora.railsSocket}|http://
+ </Proxy>
+
+ ProxyRequests Off
+ ProxyVia On
+ ProxyPreserveHost On
+ RequestHeader set X_FORWARDED_PROTO https
+
+ <Proxy *>
+ Require all granted
+ </Proxy>
+
+ <Directory ${diaspora.railsRoot}/public>
+ Require all granted
+ Options -MultiViews
+ </Directory>
+ '' ];
+ };
+ };
+}