aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2019-05-10 19:39:51 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2019-05-10 19:39:51 +0200
commit7009832ab635a664e26c73cdc0ca0f8689a57774 (patch)
tree2c886604bbd37d36de5cc011a6e4b85e653118de
parent658822fb4a42be89b2ea47e111532513c4556d87 (diff)
downloadNix-7009832ab635a664e26c73cdc0ca0f8689a57774.tar.gz
Nix-7009832ab635a664e26c73cdc0ca0f8689a57774.tar.zst
Nix-7009832ab635a664e26c73cdc0ca0f8689a57774.zip
Move diaspora module outside of nixops
-rw-r--r--modules/default.nix1
-rw-r--r--modules/myids.nix2
-rw-r--r--modules/webapps/diaspora.nix159
-rw-r--r--nixops/modules/websites/tools/diaspora.nix90
4 files changed, 173 insertions, 79 deletions
diff --git a/modules/default.nix b/modules/default.nix
index 7db0cc2..20386af 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -2,6 +2,7 @@
2 myids = ./myids.nix; 2 myids = ./myids.nix;
3 secrets = ./secrets.nix; 3 secrets = ./secrets.nix;
4 4
5 diaspora = ./webapps/diaspora.nix;
5 mastodon = ./webapps/mastodon.nix; 6 mastodon = ./webapps/mastodon.nix;
6 mediagoblin = ./webapps/mediagoblin.nix; 7 mediagoblin = ./webapps/mediagoblin.nix;
7 peertube = ./webapps/peertube.nix; 8 peertube = ./webapps/peertube.nix;
diff --git a/modules/myids.nix b/modules/myids.nix
index 24d853b..17270af 100644
--- a/modules/myids.nix
+++ b/modules/myids.nix
@@ -6,12 +6,14 @@
6 peertube = 394; 6 peertube = 394;
7 nullmailer = 396; 7 nullmailer = 396;
8 mediagoblin = 397; 8 mediagoblin = 397;
9 diaspora = 398;
9 mastodon = 399; 10 mastodon = 399;
10 }; 11 };
11 ids.gids = { 12 ids.gids = {
12 peertube = 394; 13 peertube = 394;
13 nullmailer = 396; 14 nullmailer = 396;
14 mediagoblin = 397; 15 mediagoblin = 397;
16 diaspora = 398;
15 mastodon = 399; 17 mastodon = 399;
16 }; 18 };
17 }; 19 };
diff --git a/modules/webapps/diaspora.nix b/modules/webapps/diaspora.nix
new file mode 100644
index 0000000..8451c6d
--- /dev/null
+++ b/modules/webapps/diaspora.nix
@@ -0,0 +1,159 @@
1{ lib, pkgs, config, ... }:
2let
3 name = "diaspora";
4 cfg = config.services.diaspora;
5
6 uid = config.ids.uids.diaspora;
7 gid = config.ids.gids.diaspora;
8in
9{
10 options.services.diaspora = {
11 enable = lib.mkEnableOption "Enable Diaspora’s service";
12 user = lib.mkOption {
13 type = lib.types.str;
14 default = name;
15 description = "User account under which Diaspora runs";
16 };
17 group = lib.mkOption {
18 type = lib.types.str;
19 default = name;
20 description = "Group under which Diaspora runs";
21 };
22 adminEmail = lib.mkOption {
23 type = lib.types.str;
24 example = "admin@example.com";
25 description = "Admin e-mail for Diaspora";
26 };
27 dataDir = lib.mkOption {
28 type = lib.types.path;
29 default = "/var/lib/${name}";
30 description = ''
31 The directory where Diaspora stores its data.
32 '';
33 };
34 socketsDir = lib.mkOption {
35 type = lib.types.path;
36 default = "/run/${name}";
37 description = ''
38 The directory where Diaspora puts runtime files and sockets.
39 '';
40 };
41 configDir = lib.mkOption {
42 type = lib.types.path;
43 description = ''
44 The configuration path for Diaspora.
45 '';
46 };
47 package = lib.mkOption {
48 type = lib.types.package;
49 default = pkgs.webapps.diaspora;
50 description = ''
51 Diaspora package to use.
52 '';
53 };
54 # Output variables
55 workdir = lib.mkOption {
56 type = lib.types.package;
57 default = cfg.package.override {
58 varDir = cfg.dataDir;
59 podmin_email = cfg.adminEmail;
60 config_dir = cfg.configDir;
61 };
62 description = ''
63 Adjusted diaspora package with overriden values
64 '';
65 readOnly = true;
66 };
67 sockets = lib.mkOption {
68 type = lib.types.attrsOf lib.types.path;
69 default = {
70 rails = "${cfg.socketsDir}/diaspora.sock";
71 eye = "${cfg.socketsDir}/eye.sock";
72 };
73 readOnly = true;
74 description = ''
75 Diaspora sockets
76 '';
77 };
78 pids = lib.mkOption {
79 type = lib.types.attrsOf lib.types.path;
80 default = {
81 eye = "${cfg.socketsDir}/eye.pid";
82 };
83 readOnly = true;
84 description = ''
85 Diaspora pids
86 '';
87 };
88 };
89
90 config = lib.mkIf cfg.enable {
91 users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton {
92 inherit name;
93 inherit uid;
94 group = cfg.group;
95 description = "Diaspora user";
96 home = cfg.dataDir;
97 packages = [ cfg.workdir.gems pkgs.nodejs cfg.workdir.gems.ruby ];
98 useDefaultShell = true;
99 });
100 users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton {
101 inherit name;
102 inherit gid;
103 });
104
105 systemd.services.diaspora = {
106 description = "Diaspora";
107 wantedBy = [ "multi-user.target" ];
108 after = [
109 "network.target" "redis.service" "postgresql.service"
110 ];
111 wants = [
112 "redis.service" "postgresql.service"
113 ];
114
115 environment.RAILS_ENV = "production";
116 environment.BUNDLE_PATH = "${cfg.workdir.gems}/${cfg.workdir.gems.ruby.gemPath}";
117 environment.BUNDLE_GEMFILE = "${cfg.workdir.gems.confFiles}/Gemfile";
118 environment.EYE_SOCK = cfg.sockets.eye;
119 environment.EYE_PID = cfg.pids.eye;
120
121 path = [ cfg.workdir.gems pkgs.nodejs cfg.workdir.gems.ruby pkgs.curl pkgs.which pkgs.gawk ];
122
123 preStart = ''
124 ./bin/bundle exec rails db:migrate
125 '';
126
127 script = ''
128 exec ${cfg.workdir}/script/server
129 '';
130
131 serviceConfig = {
132 User = cfg.user;
133 PrivateTmp = true;
134 Restart = "always";
135 Type = "simple";
136 WorkingDirectory = cfg.workdir;
137 StandardInput = "null";
138 KillMode = "control-group";
139 };
140
141 unitConfig.RequiresMountsFor = cfg.dataDir;
142 };
143
144 system.activationScripts.diaspora = {
145 deps = [ "users" ];
146 text = ''
147 install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.socketsDir}
148 install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir} \
149 ${cfg.dataDir}/uploads ${cfg.dataDir}/tmp \
150 ${cfg.dataDir}/log
151 install -m 0700 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}/tmp/pids
152 if [ ! -f ${cfg.dataDir}/schedule.yml ]; then
153 echo "{}" | $wrapperDir/sudo -u ${cfg.user} tee ${cfg.dataDir}/schedule.yml
154 fi
155 '';
156 };
157
158 };
159}
diff --git a/nixops/modules/websites/tools/diaspora.nix b/nixops/modules/websites/tools/diaspora.nix
index 1088e71..ebb7612 100644
--- a/nixops/modules/websites/tools/diaspora.nix
+++ b/nixops/modules/websites/tools/diaspora.nix
@@ -1,40 +1,17 @@
1{ lib, pkgs, config, myconfig, mylibs, ... }: 1{ lib, pkgs, config, myconfig, mylibs, ... }:
2let 2let
3 varDir = "/var/lib/diaspora_immae";
4
5 diaspora = pkgs.webapps.diaspora.override {
6 ldap = true;
7 inherit varDir;
8 podmin_email = "diaspora@tools.immae.eu";
9 config_dir = "/var/secrets/webapps/diaspora";
10 };
11
12 railsSocket = "${socketsDir}/diaspora.sock";
13 socketsDir = "/run/diaspora";
14 env = myconfig.env.tools.diaspora; 3 env = myconfig.env.tools.diaspora;
15 root = "/run/current-system/webapps/tools_diaspora"; 4 root = "/run/current-system/webapps/tools_diaspora";
16 cfg = config.services.myWebsites.tools.diaspora; 5 cfg = config.services.myWebsites.tools.diaspora;
6 dcfg = config.services.diaspora;
17in { 7in {
18 options.services.myWebsites.tools.diaspora = { 8 options.services.myWebsites.tools.diaspora = {
19 enable = lib.mkEnableOption "enable diaspora's website"; 9 enable = lib.mkEnableOption "enable diaspora's website";
20 }; 10 };
21 11
22 config = lib.mkIf cfg.enable { 12 config = lib.mkIf cfg.enable {
23 ids.uids.diaspora = env.user.uid; 13 users.users.diaspora.extraGroups = [ "keys" ];
24 ids.gids.diaspora = env.user.gid;
25
26 users.users.diaspora = {
27 name = "diaspora";
28 uid = config.ids.uids.diaspora;
29 group = "diaspora";
30 description = "Diaspora user";
31 home = varDir;
32 useDefaultShell = true;
33 packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ];
34 extraGroups = [ "keys" ];
35 };
36 14
37 users.groups.diaspora.gid = config.ids.gids.diaspora;
38 secrets.keys = [ 15 secrets.keys = [
39 { 16 {
40 dest = "webapps/diaspora/diaspora.yml"; 17 dest = "webapps/diaspora/diaspora.yml";
@@ -54,7 +31,7 @@ in {
54 logrotate: 31 logrotate:
55 debug: 32 debug:
56 server: 33 server:
57 listen: '${socketsDir}/diaspora.sock' 34 listen: '${dcfg.sockets.rails}'
58 rails_environment: 'production' 35 rails_environment: 'production'
59 chat: 36 chat:
60 server: 37 server:
@@ -160,57 +137,12 @@ in {
160 } 137 }
161 ]; 138 ];
162 139
163 systemd.services.diaspora = { 140 services.diaspora = {
164 description = "Diaspora"; 141 enable = true;
165 wantedBy = [ "multi-user.target" ]; 142 package = pkgs.webapps.diaspora.override { ldap = true; };
166 after = [ 143 dataDir = "/var/lib/diaspora_immae";
167 "network.target" "redis.service" "postgresql.service" 144 adminEmail = "diaspora@tools.immae.eu";
168 ]; 145 configDir = "/var/secrets/webapps/diaspora";
169 wants = [
170 "redis.service" "postgresql.service"
171 ];
172
173 environment.RAILS_ENV = "production";
174 environment.BUNDLE_PATH = "${diaspora.gems}/${diaspora.gems.ruby.gemPath}";
175 environment.BUNDLE_GEMFILE = "${diaspora.gems.confFiles}/Gemfile";
176 environment.EYE_SOCK = "${socketsDir}/eye.sock";
177 environment.EYE_PID = "${socketsDir}/eye.pid";
178
179 path = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby pkgs.curl pkgs.which pkgs.gawk ];
180
181 preStart = ''
182 ./bin/bundle exec rails db:migrate
183 '';
184
185 script = ''
186 exec ${diaspora}/script/server
187 '';
188
189 serviceConfig = {
190 User = "diaspora";
191 PrivateTmp = true;
192 Restart = "always";
193 Type = "simple";
194 WorkingDirectory = diaspora;
195 StandardInput = "null";
196 KillMode = "control-group";
197 };
198
199 unitConfig.RequiresMountsFor = varDir;
200 };
201
202 system.activationScripts.diaspora = {
203 deps = [ "users" ];
204 text = ''
205 install -m 0755 -o diaspora -g diaspora -d ${socketsDir}
206 install -m 0755 -o diaspora -g diaspora -d ${varDir} \
207 ${varDir}/uploads ${varDir}/tmp \
208 ${varDir}/log
209 install -m 0700 -o diaspora -g diaspora -d ${varDir}/tmp/pids
210 if [ ! -f ${varDir}/schedule.yml ]; then
211 echo "{}" | $wrapperDir/sudo -u diaspora tee ${varDir}/schedule.yml
212 fi
213 '';
214 }; 146 };
215 147
216 services.myWebsites.tools.modules = [ 148 services.myWebsites.tools.modules = [
@@ -219,7 +151,7 @@ in {
219 security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null; 151 security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null;
220 system.extraSystemBuilderCmds = '' 152 system.extraSystemBuilderCmds = ''
221 mkdir -p $out/webapps 153 mkdir -p $out/webapps
222 ln -s ${diaspora}/public/ $out/webapps/tools_diaspora 154 ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora
223 ''; 155 '';
224 services.myWebsites.tools.vhostConfs.diaspora = { 156 services.myWebsites.tools.vhostConfs.diaspora = {
225 certName = "eldiron"; 157 certName = "eldiron";
@@ -228,7 +160,7 @@ in {
228 extraConfig = [ '' 160 extraConfig = [ ''
229 RewriteEngine On 161 RewriteEngine On
230 RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f 162 RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
231 RewriteRule ^/(.*)$ unix://${railsSocket}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L] 163 RewriteRule ^/(.*)$ unix://${dcfg.sockets.rails}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L]
232 164
233 ProxyRequests Off 165 ProxyRequests Off
234 ProxyVia On 166 ProxyVia On