--- /dev/null
+{ checkEnv, fetchedGithub, stdenv, writeText, pkgs, cacert }:
+let
+ varDir = "/var/lib/mastodon_immae";
+ socketsDir = "/run/mastodon";
+ mastodon = stdenv.mkDerivation (fetchedGithub ./mastodon.json // rec {
+ buildPhase = ''
+ export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
+ export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
+
+ bundle install --deployment --without development test
+ yarn install --pure-lockfile
+ '';
+ installPhase = ''
+ cp -a . $out
+ '';
+ propagatedBuildInputs = with pkgs; [
+ zlib icu libchardet git bundler yarn
+ protobuf protobufc libidn libpqxx nodejs
+ imagemagick ffmpeg libxml2 libxslt pkgconfig
+ autoconf bison libyaml readline ncurses libffi gdbm
+ jemalloc which postgresql python3 cacert
+ ];
+ });
+ config =
+ assert checkEnv "NIXOPS_MASTODON_DB_PASS";
+ assert checkEnv "NIXOPS_MASTODON_PAPERCLIP_SECRET";
+ assert checkEnv "NIXOPS_MASTODON_SECRET_KEY_BASE";
+ assert checkEnv "NIXOPS_MASTODON_OTP_SECRET";
+ assert checkEnv "NIXOPS_MASTODON_VAPID_PRIVATE_KEY";
+ assert checkEnv "NIXOPS_MASTODON_VAPID_PUBLIC_KEY";
+ assert checkEnv "NIXOPS_MASTODON_OTP_SECRET";
+ assert checkEnv "NIXOPS_MASTODON_LDAP_PASSWORD";
+ writeText "mastodon_environment" ''
+ REDIS_HOST=localhost
+ REDIS_PORT=6379
+ REDIS_DB=13
+ DB_HOST=/run/postgresql
+ DB_USER=mastodon
+ DB_NAME=mastodon
+ DB_PASS=${builtins.getEnv "NIXOPS_MASTODON_DB_PASS"}
+ DB_PORT=5432
+
+ LOCAL_DOMAIN=mastodon.immae.eu
+ LOCAL_HTTPS=true
+ ALTERNATE_DOMAINS=immae.eu
+
+ PAPERCLIP_SECRET=${builtins.getEnv "NIXOPS_MASTODON_PAPERCLIP_SECRET"}
+ SECRET_KEY_BASE=${builtins.getEnv "NIXOPS_MASTODON_SECRET_KEY_BASE"}
+ OTP_SECRET=${builtins.getEnv "NIXOPS_MASTODON_OTP_SECRET"}
+
+ VAPID_PRIVATE_KEY=${builtins.getEnv "NIXOPS_MASTODON_VAPID_PRIVATE_KEY"}
+ VAPID_PUBLIC_KEY=${builtins.getEnv "NIXOPS_MASTODON_VAPID_PUBLIC_KEY"}
+
+ SMTP_SERVER=mail.immae.eu
+ SMTP_PORT=587
+ SMTP_FROM_ADDRESS=notifications@mastodon.immae.eu
+ SMTP_DELIVERY_METHOD=smtp
+ PAPERCLIP_ROOT_PATH=${varDir}
+
+ STREAMING_CLUSTER_NUM=1
+
+ # LDAP authentication (optional)
+ LDAP_ENABLED=true
+ LDAP_HOST=ldap.immae.eu
+ LDAP_PORT=636
+ LDAP_METHOD=simple_tls
+ LDAP_BASE="dc=immae,dc=eu"
+ LDAP_BIND_DN="cn=mastodon,ou=services,dc=immae,dc=eu"
+ LDAP_PASSWORD="${builtins.getEnv "NIXOPS_MASTODON_LDAP_PASSWORD"}"
+ LDAP_UID="uid"
+ LDAP_SEARCH_FILTER="(&(%{uid}=%{email})(memberOf=cn=users,cn=mastodon,ou=services,dc=immae,dc=eu))"
+ '';
+
+ railsRoot = stdenv.mkDerivation {
+ name = "mastodon_immae";
+ inherit config mastodon;
+ builder = writeText "build_mastodon_immae" ''
+ source $stdenv/setup
+ set -a
+ source $config
+ set +a
+ cp -a $mastodon $out
+ cd $out
+ chmod u+rwX . node_modules public
+ RAILS_ENV=production bundle exec rails assets:precompile
+ '';
+ propagatedBuildInputs = with pkgs; [
+ zlib icu libchardet git bundler yarn
+ protobuf protobufc libidn libpqxx nodejs
+ imagemagick ffmpeg libxml2 libxslt pkgconfig
+ autoconf bison libyaml readline ncurses libffi gdbm
+ jemalloc which postgresql python3 cacert
+ ];
+ };
+in
+ {
+ inherit railsRoot config varDir socketsDir;
+ nodeSocket = "${socketsDir}/live_immae_node.sock";
+ railsSocket = "${socketsDir}/live_immae_puma.sock";
+ }