diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-05-10 19:39:51 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-05-10 19:39:51 +0200 |
commit | 7009832ab635a664e26c73cdc0ca0f8689a57774 (patch) | |
tree | 2c886604bbd37d36de5cc011a6e4b85e653118de /nixops/modules/websites | |
parent | 658822fb4a42be89b2ea47e111532513c4556d87 (diff) | |
download | Nix-7009832ab635a664e26c73cdc0ca0f8689a57774.tar.gz Nix-7009832ab635a664e26c73cdc0ca0f8689a57774.tar.zst Nix-7009832ab635a664e26c73cdc0ca0f8689a57774.zip |
Move diaspora module outside of nixops
Diffstat (limited to 'nixops/modules/websites')
-rw-r--r-- | nixops/modules/websites/tools/diaspora.nix | 90 |
1 files changed, 11 insertions, 79 deletions
diff --git a/nixops/modules/websites/tools/diaspora.nix b/nixops/modules/websites/tools/diaspora.nix index 1088e71..ebb7612 100644 --- a/nixops/modules/websites/tools/diaspora.nix +++ b/nixops/modules/websites/tools/diaspora.nix | |||
@@ -1,40 +1,17 @@ | |||
1 | { lib, pkgs, config, myconfig, mylibs, ... }: | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
2 | let | 2 | let |
3 | varDir = "/var/lib/diaspora_immae"; | ||
4 | |||
5 | diaspora = pkgs.webapps.diaspora.override { | ||
6 | ldap = true; | ||
7 | inherit varDir; | ||
8 | podmin_email = "diaspora@tools.immae.eu"; | ||
9 | config_dir = "/var/secrets/webapps/diaspora"; | ||
10 | }; | ||
11 | |||
12 | railsSocket = "${socketsDir}/diaspora.sock"; | ||
13 | socketsDir = "/run/diaspora"; | ||
14 | env = myconfig.env.tools.diaspora; | 3 | env = myconfig.env.tools.diaspora; |
15 | root = "/run/current-system/webapps/tools_diaspora"; | 4 | root = "/run/current-system/webapps/tools_diaspora"; |
16 | cfg = config.services.myWebsites.tools.diaspora; | 5 | cfg = config.services.myWebsites.tools.diaspora; |
6 | dcfg = config.services.diaspora; | ||
17 | in { | 7 | in { |
18 | options.services.myWebsites.tools.diaspora = { | 8 | options.services.myWebsites.tools.diaspora = { |
19 | enable = lib.mkEnableOption "enable diaspora's website"; | 9 | enable = lib.mkEnableOption "enable diaspora's website"; |
20 | }; | 10 | }; |
21 | 11 | ||
22 | config = lib.mkIf cfg.enable { | 12 | config = lib.mkIf cfg.enable { |
23 | ids.uids.diaspora = env.user.uid; | 13 | users.users.diaspora.extraGroups = [ "keys" ]; |
24 | ids.gids.diaspora = env.user.gid; | ||
25 | |||
26 | users.users.diaspora = { | ||
27 | name = "diaspora"; | ||
28 | uid = config.ids.uids.diaspora; | ||
29 | group = "diaspora"; | ||
30 | description = "Diaspora user"; | ||
31 | home = varDir; | ||
32 | useDefaultShell = true; | ||
33 | packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ]; | ||
34 | extraGroups = [ "keys" ]; | ||
35 | }; | ||
36 | 14 | ||
37 | users.groups.diaspora.gid = config.ids.gids.diaspora; | ||
38 | secrets.keys = [ | 15 | secrets.keys = [ |
39 | { | 16 | { |
40 | dest = "webapps/diaspora/diaspora.yml"; | 17 | dest = "webapps/diaspora/diaspora.yml"; |
@@ -54,7 +31,7 @@ in { | |||
54 | logrotate: | 31 | logrotate: |
55 | debug: | 32 | debug: |
56 | server: | 33 | server: |
57 | listen: '${socketsDir}/diaspora.sock' | 34 | listen: '${dcfg.sockets.rails}' |
58 | rails_environment: 'production' | 35 | rails_environment: 'production' |
59 | chat: | 36 | chat: |
60 | server: | 37 | server: |
@@ -160,57 +137,12 @@ in { | |||
160 | } | 137 | } |
161 | ]; | 138 | ]; |
162 | 139 | ||
163 | systemd.services.diaspora = { | 140 | services.diaspora = { |
164 | description = "Diaspora"; | 141 | enable = true; |
165 | wantedBy = [ "multi-user.target" ]; | 142 | package = pkgs.webapps.diaspora.override { ldap = true; }; |
166 | after = [ | 143 | dataDir = "/var/lib/diaspora_immae"; |
167 | "network.target" "redis.service" "postgresql.service" | 144 | adminEmail = "diaspora@tools.immae.eu"; |
168 | ]; | 145 | configDir = "/var/secrets/webapps/diaspora"; |
169 | wants = [ | ||
170 | "redis.service" "postgresql.service" | ||
171 | ]; | ||
172 | |||
173 | environment.RAILS_ENV = "production"; | ||
174 | environment.BUNDLE_PATH = "${diaspora.gems}/${diaspora.gems.ruby.gemPath}"; | ||
175 | environment.BUNDLE_GEMFILE = "${diaspora.gems.confFiles}/Gemfile"; | ||
176 | environment.EYE_SOCK = "${socketsDir}/eye.sock"; | ||
177 | environment.EYE_PID = "${socketsDir}/eye.pid"; | ||
178 | |||
179 | path = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby pkgs.curl pkgs.which pkgs.gawk ]; | ||
180 | |||
181 | preStart = '' | ||
182 | ./bin/bundle exec rails db:migrate | ||
183 | ''; | ||
184 | |||
185 | script = '' | ||
186 | exec ${diaspora}/script/server | ||
187 | ''; | ||
188 | |||
189 | serviceConfig = { | ||
190 | User = "diaspora"; | ||
191 | PrivateTmp = true; | ||
192 | Restart = "always"; | ||
193 | Type = "simple"; | ||
194 | WorkingDirectory = diaspora; | ||
195 | StandardInput = "null"; | ||
196 | KillMode = "control-group"; | ||
197 | }; | ||
198 | |||
199 | unitConfig.RequiresMountsFor = varDir; | ||
200 | }; | ||
201 | |||
202 | system.activationScripts.diaspora = { | ||
203 | deps = [ "users" ]; | ||
204 | text = '' | ||
205 | install -m 0755 -o diaspora -g diaspora -d ${socketsDir} | ||
206 | install -m 0755 -o diaspora -g diaspora -d ${varDir} \ | ||
207 | ${varDir}/uploads ${varDir}/tmp \ | ||
208 | ${varDir}/log | ||
209 | install -m 0700 -o diaspora -g diaspora -d ${varDir}/tmp/pids | ||
210 | if [ ! -f ${varDir}/schedule.yml ]; then | ||
211 | echo "{}" | $wrapperDir/sudo -u diaspora tee ${varDir}/schedule.yml | ||
212 | fi | ||
213 | ''; | ||
214 | }; | 146 | }; |
215 | 147 | ||
216 | services.myWebsites.tools.modules = [ | 148 | services.myWebsites.tools.modules = [ |
@@ -219,7 +151,7 @@ in { | |||
219 | security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null; | 151 | security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null; |
220 | system.extraSystemBuilderCmds = '' | 152 | system.extraSystemBuilderCmds = '' |
221 | mkdir -p $out/webapps | 153 | mkdir -p $out/webapps |
222 | ln -s ${diaspora}/public/ $out/webapps/tools_diaspora | 154 | ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora |
223 | ''; | 155 | ''; |
224 | services.myWebsites.tools.vhostConfs.diaspora = { | 156 | services.myWebsites.tools.vhostConfs.diaspora = { |
225 | certName = "eldiron"; | 157 | certName = "eldiron"; |
@@ -228,7 +160,7 @@ in { | |||
228 | extraConfig = [ '' | 160 | extraConfig = [ '' |
229 | RewriteEngine On | 161 | RewriteEngine On |
230 | RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f | 162 | RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f |
231 | RewriteRule ^/(.*)$ unix://${railsSocket}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L] | 163 | RewriteRule ^/(.*)$ unix://${dcfg.sockets.rails}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L] |
232 | 164 | ||
233 | ProxyRequests Off | 165 | ProxyRequests Off |
234 | ProxyVia On | 166 | ProxyVia On |