]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - nixops/modules/websites/tools/diaspora/default.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Move diaspora and mantisbt passwords to a secure location
[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / diaspora / default.nix
diff --git a/nixops/modules/websites/tools/diaspora/default.nix b/nixops/modules/websites/tools/diaspora/default.nix
index 8d62c7e3f798830faf963d250475c2802a7c87ba..5d36ce7490a3891d9d35efac444481e8954e7da1 100644 (file)
--- a/nixops/modules/websites/tools/diaspora/default.nix
+++ b/nixops/modules/websites/tools/diaspora/default.nix
@@ -5,6 +5,7 @@ let
     env = myconfig.env.tools.diaspora;
   };
 
+  root = "/run/current-system/webapps/tools_diaspora";
   cfg = config.services.myWebsites.tools.diaspora;
 in {
   options.services.myWebsites.tools.diaspora = {
@@ -20,18 +21,30 @@ in {
       uid = config.ids.uids.diaspora;
       group = "diaspora";
       description = "Diaspora user";
-      home = diaspora.railsRoot;
+      home = diaspora.varDir;
       useDefaultShell = true;
       packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ];
+      extraGroups = [ "keys" ];
     };
 
     users.groups.diaspora.gid = config.ids.gids.diaspora;
 
+    deployment.keys = diaspora.keys;
     systemd.services.diaspora = {
       description = "Diaspora";
       wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" "redis.service" "postgresql.service" ];
-      wants = [ "redis.service" "postgresql.service" ];
+      after = [
+        "network.target" "redis.service" "postgresql.service"
+        "tools-diaspora-secret_token.service"
+        "tools-diaspora-config.service"
+        "tools-diaspora-database_config.service"
+      ];
+      wants = [
+        "redis.service" "postgresql.service"
+        "tools-diaspora-secret_token.service"
+        "tools-diaspora-config.service"
+        "tools-diaspora-database_config.service"
+      ];
 
       environment.RAILS_ENV = "production";
       environment.BUNDLE_PATH = "${diaspora.gems}/${diaspora.gems.ruby.gemPath}";
@@ -77,22 +90,21 @@ in {
     };
 
     services.myWebsites.tools.modules = [
-      "headers" "proxy" "proxy_http" "proxy_balancer"
-      "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat"
+      "headers" "proxy" "proxy_http"
     ];
     security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null;
+    system.extraSystemBuilderCmds = ''
+      mkdir -p $out/webapps
+      ln -s ${diaspora.railsRoot}/public/ $out/webapps/tools_diaspora
+      '';
     services.myWebsites.tools.vhostConfs.diaspora = {
       certName    = "eldiron";
       hosts       = [ "diaspora.immae.eu" ];
-      root        = "${diaspora.railsRoot}/public/";
+      root        = root;
       extraConfig = [ ''
         RewriteEngine On
         RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
-        RewriteRule ^/(.*)$ balancer://thinservers%{REQUEST_URI} [P,QSA,L]
-
-        <Proxy balancer://thinservers>
-            BalancerMember unix://${diaspora.railsSocket}|http://
-        </Proxy>
+        RewriteRule ^/(.*)$ unix://${diaspora.railsSocket}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L]
 
         ProxyRequests Off
         ProxyVia On
@@ -103,7 +115,7 @@ in {
             Require all granted
         </Proxy>
 
-        <Directory ${diaspora.railsRoot}/public>
+        <Directory ${root}>
             Require all granted
             Options -MultiViews
         </Directory>
My infrastructure configuration