{ env, fetchedGithub, stdenv, defaultGemConfig, writeText, bundlerEnv, ruby_2_4, pkgs, cacert }:
let
varDir = "/var/lib/diaspora_immae";
socketsDir = "/run/diaspora";
diaspora = stdenv.mkDerivation (fetchedGithub ./diaspora.json // rec {
buildPhase = ''
patch -p1 < ${./ldap.patch}
# FIXME: bundlerEnv below doesn't take postgresql group for some
# reason
echo 'gem "pg", "1.1.3"' >> Gemfile
'';
installPhase = ''
cp -a . $out
'';
});
gems = bundlerEnv {
name = "diaspora-env";
# https://git.immae.eu/mantisbt/view.php?id=131
ruby = ruby_2_4.overrideAttrs(old: {
postInstall = builtins.replaceStrings [" --destdir $GEM_HOME"] [""] old.postInstall;
});
gemfile = "${diaspora}/Gemfile";
lockfile = "${diaspora}/Gemfile.lock";
gemset = ./gemset.nix;
groups = [ "postgresql" "default" "production" ];
gemConfig = defaultGemConfig // {
kostya-sigar = attrs: {
buildInputs = [ pkgs.perl ];
};
};
};
keys.tools-diaspora-secret_token = {
destDir = "/run/keys/webapps";
user = "diaspora";
group = "diaspora";
permissions = "0400";
text = ''
Diaspora::Application.config.secret_key_base = '${env.secret_token}'
'';
};
keys.tools-diaspora-config = {
destDir = "/run/keys/webapps";
user = "diaspora";
group = "diaspora";
permissions = "0400";
text = ''
configuration:
environment:
url: "https://diaspora.immae.eu/"
certificate_authorities: '${cacert}/etc/ssl/certs/ca-bundle.crt'
redis: '${env.redis_url}'
sidekiq:
s3:
assets:
logging:
logrotate:
debug:
server:
listen: '${socketsDir}/diaspora.sock'
rails_environment: 'production'
chat:
server:
bosh:
log:
map:
mapbox:
privacy:
piwik:
statistics:
camo:
settings:
enable_registrations: false
welcome_message:
invitations:
open: false
paypal_donations:
community_spotlight:
captcha:
enable: false
terms:
maintenance:
remove_old_users:
default_metas:
csp:
services:
twitter:
tumblr:
wordpress:
mail:
enable: true
sender_address: 'diaspora@tools.immae.eu'
method: 'sendmail'
smtp:
sendmail:
location: '/run/wrappers/bin/sendmail'
admins:
account: "ismael"
podmin_email: 'diaspora@tools.immae.eu'
relay:
outbound:
inbound:
ldap:
enable: true
host: ldap.immae.eu
port: 636
only_ldap: true
mail_attribute: mail
skip_email_confirmation: true
use_bind_dn: true
bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu"
bind_pw: "${env.ldap.password}"
search_base: "dc=immae,dc=eu"
search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))"
production:
environment:
development:
environment:
'';
};
keys.tools-diaspora-database_config = {
destDir = "/run/keys/webapps";
user = "diaspora";
group = "diaspora";
permissions = "0400";
text = ''
postgresql: &postgresql
adapter: postgresql
host: "${env.postgresql.socket}"
port: "${env.postgresql.port}"
username: "${env.postgresql.user}"
password: "${env.postgresql.password}"
encoding: unicode
common: &common
<<: *postgresql
combined: &combined
<<: *common
development:
<<: *combined
database: diaspora_development
production:
<<: *combined
database: ${env.postgresql.database}
test:
<<: *combined
database: "diaspora_test"
integration1:
<<: *combined
database: diaspora_integration1
integration2:
<<: *combined
database: diaspora_integration2
'';
};
railsRoot = stdenv.mkDerivation {
name = "diaspora_immae";
inherit diaspora;
# FIXME: build machine will contain some passwords in the nix store
builder = writeText "build_diaspora_immae" ''
source $stdenv/setup
cp -a $diaspora $out
cd $out
chmod -R u+rwX .
tar -czf public/source.tar.gz ./{app,db,lib,script,Gemfile,Gemfile.lock,Rakefile,config.ru}
ln -s ${writeText "database.yml" keys.tools-diaspora-database_config.text} config/database.yml
ln -s ${writeText "diaspora.yml" keys.tools-diaspora-config.text} config/diaspora.yml
ln -s ${writeText "secret_token.rb" keys.tools-diaspora-secret_token.text} config/initializers/secret_token.rb
ln -sf ${varDir}/schedule.yml config/schedule.yml
ln -sf ${varDir}/oidc_key.pem config/oidc_key.pem
ln -sf ${varDir}/uploads public/uploads
RAILS_ENV=production ${gems}/bin/rake assets:precompile
ln -sf /run/keys/webapps/tools-diaspora-database_config config/database.yml
ln -sf /run/keys/webapps/tools-diaspora-config config/diaspora.yml
ln -sf /run/keys/webapps/tools-diaspora-secret_token config/initializers/secret_token.rb
rm -rf tmp log
ln -sf ${varDir}/tmp tmp
ln -sf ${varDir}/log log
'';
propagatedBuildInputs = [ gems pkgs.nodejs pkgs.which pkgs.git ];
};
in
{
inherit railsRoot varDir socketsDir gems keys;
railsSocket = "${socketsDir}/diaspora.sock";
}