});
gems = bundlerEnv {
name = "diaspora-env";
- ruby = ruby_2_4;
+ # https://git.immae.eu/mantisbt/view.php?id=131
+ ruby = ruby_2_4.overrideAttrs(old: {
+ postInstall = builtins.replaceStrings [" --destdir $GEM_HOME"] [""] old.postInstall;
+ });
gemfile = "${diaspora}/Gemfile";
lockfile = "${diaspora}/Gemfile.lock";
gemset = ./gemset.nix;
};
};
};
- secret_token = writeText "secret_token.rb" ''
- Diaspora::Application.config.secret_key_base = '${env.secret_token}'
- '';
- config = writeText "diaspora.yml" ''
+ keys = {
+ secret_token = {
+ dest = "webapps/tools-diaspora-secret_token";
+ user = "diaspora";
+ group = "diaspora";
+ permissions = "0400";
+ text = ''
+ Diaspora::Application.config.secret_key_base = '${env.secret_token}'
+ '';
+ };
+ config = {
+ dest = "webapps/tools-diaspora-config";
+ user = "diaspora";
+ group = "diaspora";
+ permissions = "0400";
+ text = ''
configuration:
environment:
url: "https://diaspora.immae.eu/"
wordpress:
mail:
enable: true
- sender_address: 'diaspora@immae.eu'
+ sender_address: 'diaspora@tools.immae.eu'
method: 'sendmail'
smtp:
sendmail:
location: '/run/wrappers/bin/sendmail'
admins:
account: "ismael"
- podmin_email: 'diaspora@immae.eu'
+ podmin_email: 'diaspora@tools.immae.eu'
relay:
outbound:
inbound:
environment:
development:
environment:
- '';
- database_config = writeText "database.yml" ''
+ '';
+ };
+ database = {
+ dest = "webapps/tools-diaspora-database_config";
+ user = "diaspora";
+ group = "diaspora";
+ permissions = "0400";
+ text = ''
postgresql: &postgresql
adapter: postgresql
host: "${env.postgresql.socket}"
integration2:
<<: *combined
database: diaspora_integration2
- '';
-
+ '';
+ };
+ };
railsRoot = stdenv.mkDerivation {
name = "diaspora_immae";
inherit diaspora;
+ # FIXME: build machine will contain some passwords in the nix store
builder = writeText "build_diaspora_immae" ''
source $stdenv/setup
cp -a $diaspora $out
cd $out
chmod -R u+rwX .
tar -czf public/source.tar.gz ./{app,db,lib,script,Gemfile,Gemfile.lock,Rakefile,config.ru}
- ln -s ${database_config} config/database.yml
- ln -s ${config} config/diaspora.yml
- ln -s ${secret_token} config/initializers/secret_token.rb
+ ln -s ${writeText "database.yml" keys.database.text} config/database.yml
+ ln -s ${writeText "diaspora.yml" keys.config.text} config/diaspora.yml
+ ln -s ${writeText "secret_token.rb" keys.secret_token.text} config/initializers/secret_token.rb
ln -sf ${varDir}/schedule.yml config/schedule.yml
ln -sf ${varDir}/oidc_key.pem config/oidc_key.pem
ln -sf ${varDir}/uploads public/uploads
RAILS_ENV=production ${gems}/bin/rake assets:precompile
+ ln -sf /var/secrets/webapps/tools-diaspora-database_config config/database.yml
+ ln -sf /var/secrets/webapps/tools-diaspora-config config/diaspora.yml
+ ln -sf /var/secrets/webapps/tools-diaspora-secret_token config/initializers/secret_token.rb
rm -rf tmp log
ln -sf ${varDir}/tmp tmp
ln -sf ${varDir}/log log
in
{
inherit railsRoot varDir socketsDir gems;
+ keys = builtins.attrValues keys;
railsSocket = "${socketsDir}/diaspora.sock";
}
projects / perso / Immae / Config / Nix.git / blobdiff