aboutsummaryrefslogblamecommitdiff
path: root/nixops/modules/websites/tools/diaspora.nix
blob: 53989b7fa31b526fd8f718dadf820f37c3f29268 (plain) (tree)
1
2
3
4
5
6
7
8
9
                                             
   






                                                 

    


                                              
                                                      






                                                            

                                     





                                     
                    

                                                                  
                               


                                                         



























































































































                                                                                                             



                                         

                                                             


                                            
        

                                           
                                                                                 
                                                                        

                                                      







                                                                                             
                                      






                           
                                    



                                   
                                            

      


                                         






                                                                           




                                         
                                    

                                                                          

                                      
                                                           
         


                                                     
                         


                                                            
                                                                                                      









                                                 
                           






                               
{ lib, pkgs, config, myconfig, mylibs, ... }:
let
  varDir = "/var/lib/diaspora_immae";

  diaspora = pkgs.webapps.diaspora.override {
    ldap = true;
    inherit varDir;
    podmin_email = "diaspora@tools.immae.eu";
    config_dir = "/var/secrets/webapps/diaspora";
  };

  railsSocket = "${socketsDir}/diaspora.sock";
  socketsDir = "/run/diaspora";
  env = myconfig.env.tools.diaspora;
  root = "/run/current-system/webapps/tools_diaspora";
  cfg = config.services.myWebsites.tools.diaspora;
in {
  options.services.myWebsites.tools.diaspora = {
    enable = lib.mkEnableOption "enable diaspora's website";
  };

  config = lib.mkIf cfg.enable {
    ids.uids.diaspora = env.user.uid;
    ids.gids.diaspora = env.user.gid;

    users.users.diaspora = {
      name = "diaspora";
      uid = config.ids.uids.diaspora;
      group = "diaspora";
      description = "Diaspora user";
      home = varDir;
      useDefaultShell = true;
      packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ];
      extraGroups = [ "keys" ];
    };

    users.groups.diaspora.gid = config.ids.gids.diaspora;
    mySecrets.keys = [
      {
        dest = "webapps/diaspora/diaspora.yml";
        user = "diaspora";
        group = "diaspora";
        permissions = "0400";
        text = ''
        configuration:
          environment:
            url: "https://diaspora.immae.eu/"
            certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt'
            redis: '${env.redis_url}'
            sidekiq:
            s3:
            assets:
            logging:
              logrotate:
              debug:
          server:
            listen: '${socketsDir}/diaspora.sock'
            rails_environment: 'production'
          chat:
            server:
              bosh:
              log:
          map:
            mapbox:
          privacy:
            piwik:
            statistics:
            camo:
          settings:
            enable_registrations: false
            welcome_message:
            invitations:
              open: false
            paypal_donations:
            community_spotlight:
            captcha:
              enable: false
            terms:
            maintenance:
              remove_old_users:
            default_metas:
            csp:
          services:
            twitter:
            tumblr:
            wordpress:
          mail:
            enable: true
            sender_address: 'diaspora@tools.immae.eu'
            method: 'sendmail'
            smtp:
            sendmail:
              location: '/run/wrappers/bin/sendmail'
          admins:
            account: "ismael"
            podmin_email: 'diaspora@tools.immae.eu'
          relay:
            outbound:
            inbound:
          ldap:
              enable: true
              host: ldap.immae.eu
              port: 636
              only_ldap: true
              mail_attribute: mail
              skip_email_confirmation: true
              use_bind_dn: true
              bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu"
              bind_pw: "${env.ldap.password}"
              search_base: "dc=immae,dc=eu"
              search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))"
        production:
          environment:
        development:
          environment:
        '';
      }
      {
        dest = "webapps/diaspora/database.yml";
        user = "diaspora";
        group = "diaspora";
        permissions = "0400";
        text = ''
        postgresql: &postgresql
          adapter: postgresql
          host: "${env.postgresql.socket}"
          port: "${env.postgresql.port}"
          username: "${env.postgresql.user}"
          password: "${env.postgresql.password}"
          encoding: unicode
        common: &common
          <<: *postgresql
        combined: &combined
          <<: *common
        development:
          <<: *combined
          database: diaspora_development
        production:
          <<: *combined
          database: ${env.postgresql.database}
        test:
          <<: *combined
          database: "diaspora_test"
        integration1:
          <<: *combined
          database: diaspora_integration1
        integration2:
          <<: *combined
          database: diaspora_integration2
        '';
      }
      {
        dest = "webapps/diaspora/secret_token.rb";
        user = "diaspora";
        group = "diaspora";
        permissions = "0400";
        text = ''
          Diaspora::Application.config.secret_key_base = '${env.secret_token}'
        '';
      }
    ];

    systemd.services.diaspora = {
      description = "Diaspora";
      wantedBy = [ "multi-user.target" ];
      after = [
        "network.target" "redis.service" "postgresql.service"
      ];
      wants = [
        "redis.service" "postgresql.service"
      ];

      environment.RAILS_ENV = "production";
      environment.BUNDLE_PATH = "${diaspora.gems}/${diaspora.gems.ruby.gemPath}";
      environment.BUNDLE_GEMFILE = "${diaspora.gems.confFiles}/Gemfile";
      environment.EYE_SOCK = "${socketsDir}/eye.sock";
      environment.EYE_PID = "${socketsDir}/eye.pid";

      path = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby pkgs.curl pkgs.which pkgs.gawk ];

      preStart = ''
        ./bin/bundle exec rails db:migrate
      '';

      script = ''
        exec ${diaspora}/script/server
      '';

      serviceConfig = {
        User = "diaspora";
        PrivateTmp = true;
        Restart = "always";
        Type = "simple";
        WorkingDirectory = diaspora;
        StandardInput = "null";
        KillMode = "control-group";
      };

      unitConfig.RequiresMountsFor = varDir;
    };

    system.activationScripts.diaspora = {
      deps = [ "users" ];
      text = ''
      install -m 0755 -o diaspora -g diaspora -d ${socketsDir}
      install -m 0755 -o diaspora -g diaspora -d ${varDir} \
        ${varDir}/uploads ${varDir}/tmp \
        ${varDir}/log
      install -m 0700 -o diaspora -g diaspora -d ${varDir}/tmp/pids
      if [ ! -f ${varDir}/schedule.yml ]; then
        echo "{}" | $wrapperDir/sudo -u diaspora tee ${varDir}/schedule.yml
      fi
      '';
    };

    services.myWebsites.tools.modules = [
      "headers" "proxy" "proxy_http"
    ];
    security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null;
    system.extraSystemBuilderCmds = ''
      mkdir -p $out/webapps
      ln -s ${diaspora}/public/ $out/webapps/tools_diaspora
      '';
    services.myWebsites.tools.vhostConfs.diaspora = {
      certName    = "eldiron";
      hosts       = [ "diaspora.immae.eu" ];
      root        = root;
      extraConfig = [ ''
        RewriteEngine On
        RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
        RewriteRule ^/(.*)$ unix://${railsSocket}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L]

        ProxyRequests Off
        ProxyVia On
        ProxyPreserveHost On
        RequestHeader set X_FORWARDED_PROTO https

        <Proxy *>
            Require all granted
        </Proxy>

        <Directory ${root}>
            Require all granted
            Options -MultiViews
        </Directory>
      '' ];
    };
  };
}