diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 01:35:06 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 02:11:48 +0200 |
commit | 1a64deeb894dc95e2645a75771732c6cc53a79ad (patch) | |
tree | 1b9df4838f894577a09b9b260151756272efeb53 /systems/eldiron/websites/diaspora | |
parent | fa25ffd4583cc362075cd5e1b4130f33306103f0 (diff) | |
download | Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip |
Squash changes containing private information
There were a lot of changes since the previous commit, but a lot of them
contained personnal information about users. All thos changes got
stashed into a single commit (history is kept in a different place) and
private information was moved in a separate private repository
Diffstat (limited to 'systems/eldiron/websites/diaspora')
-rw-r--r-- | systems/eldiron/websites/diaspora/default.nix | 224 |
1 files changed, 224 insertions, 0 deletions
diff --git a/systems/eldiron/websites/diaspora/default.nix b/systems/eldiron/websites/diaspora/default.nix new file mode 100644 index 0000000..c536446 --- /dev/null +++ b/systems/eldiron/websites/diaspora/default.nix | |||
@@ -0,0 +1,224 @@ | |||
1 | { lib, pkgs, config, ... }: | ||
2 | let | ||
3 | env = config.myEnv.tools.diaspora; | ||
4 | root = "${dcfg.workdir}/public/"; | ||
5 | cfg = config.myServices.websites.tools.diaspora; | ||
6 | dcfg = config.services.diaspora; | ||
7 | in { | ||
8 | options.myServices.websites.tools.diaspora = { | ||
9 | enable = lib.mkEnableOption "enable diaspora's website"; | ||
10 | }; | ||
11 | |||
12 | config = lib.mkIf cfg.enable { | ||
13 | myServices.dns.zones."immae.eu".subdomains.diaspora = | ||
14 | with config.myServices.dns.helpers; ips servers.eldiron.ips.main; | ||
15 | |||
16 | myServices.chatonsProperties.services.diaspora = { | ||
17 | file.datetime = "2022-08-21T01:39:00"; | ||
18 | service = { | ||
19 | name = "Diaspora"; | ||
20 | description = "The online social world where you are in control"; | ||
21 | website = "https://diaspora.immae.eu"; | ||
22 | logo = "https://diaspora.immae.eu/assets/apple-touch-icon-9f7c9cc3923b4817fbb25bfeb0dd5fd34638827fd9c82b5a03f7b68e6e90806f.png"; | ||
23 | status.level = "OK"; | ||
24 | status.description = "OK"; | ||
25 | registration."" = ["MEMBER" "CLIENT"]; | ||
26 | registration.load = "OPEN"; | ||
27 | install.type = "PACKAGE"; | ||
28 | }; | ||
29 | software = { | ||
30 | name = "Diaspora*"; | ||
31 | website = "https://diasporafoundation.org/"; | ||
32 | license.url = "https://github.com/diaspora/diaspora/blob/develop/LICENSE"; | ||
33 | license.name = "GNU Affero General Public License v3.0"; | ||
34 | version = dcfg.package.version; | ||
35 | source.url = "https://github.com/diaspora/diaspora"; | ||
36 | }; | ||
37 | }; | ||
38 | users.users.diaspora.extraGroups = [ "keys" ]; | ||
39 | |||
40 | secrets.keys = { | ||
41 | "webapps/diaspora" = { | ||
42 | isDir = true; | ||
43 | user = "diaspora"; | ||
44 | group = "diaspora"; | ||
45 | permissions = "0500"; | ||
46 | }; | ||
47 | "webapps/diaspora/diaspora.yml" = { | ||
48 | user = "diaspora"; | ||
49 | group = "diaspora"; | ||
50 | permissions = "0400"; | ||
51 | keyDependencies = [ pkgs.cacert ]; | ||
52 | text = '' | ||
53 | configuration: | ||
54 | environment: | ||
55 | url: "https://diaspora.immae.eu/" | ||
56 | certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt' | ||
57 | redis: 'redis://${env.redis.host}:${env.redis.port}/${env.redis.db}' | ||
58 | sidekiq: | ||
59 | s3: | ||
60 | assets: | ||
61 | logging: | ||
62 | logrotate: | ||
63 | debug: | ||
64 | server: | ||
65 | listen: '${dcfg.sockets.rails}' | ||
66 | rails_environment: 'production' | ||
67 | chat: | ||
68 | server: | ||
69 | bosh: | ||
70 | log: | ||
71 | map: | ||
72 | mapbox: | ||
73 | privacy: | ||
74 | piwik: | ||
75 | statistics: | ||
76 | camo: | ||
77 | settings: | ||
78 | enable_registrations: false | ||
79 | welcome_message: | ||
80 | invitations: | ||
81 | open: false | ||
82 | paypal_donations: | ||
83 | community_spotlight: | ||
84 | captcha: | ||
85 | enable: false | ||
86 | terms: | ||
87 | maintenance: | ||
88 | remove_old_users: | ||
89 | default_metas: | ||
90 | csp: | ||
91 | services: | ||
92 | twitter: | ||
93 | tumblr: | ||
94 | wordpress: | ||
95 | mail: | ||
96 | enable: true | ||
97 | sender_address: 'diaspora@tools.immae.eu' | ||
98 | method: 'sendmail' | ||
99 | smtp: | ||
100 | sendmail: | ||
101 | location: '/run/wrappers/bin/sendmail' | ||
102 | admins: | ||
103 | account: "ismael" | ||
104 | podmin_email: 'diaspora@tools.immae.eu' | ||
105 | relay: | ||
106 | outbound: | ||
107 | inbound: | ||
108 | ldap: | ||
109 | enable: true | ||
110 | host: ${env.ldap.host} | ||
111 | port: 636 | ||
112 | only_ldap: true | ||
113 | mail_attribute: mail | ||
114 | skip_email_confirmation: true | ||
115 | use_bind_dn: true | ||
116 | bind_dn: "${env.ldap.dn}" | ||
117 | bind_pw: "${env.ldap.password}" | ||
118 | search_base: "${env.ldap.base}" | ||
119 | search_filter: "${env.ldap.filter}" | ||
120 | production: | ||
121 | environment: | ||
122 | development: | ||
123 | environment: | ||
124 | ''; | ||
125 | }; | ||
126 | "webapps/diaspora/database.yml" = { | ||
127 | user = "diaspora"; | ||
128 | group = "diaspora"; | ||
129 | permissions = "0400"; | ||
130 | text = '' | ||
131 | postgresql: &postgresql | ||
132 | adapter: postgresql | ||
133 | host: "${env.postgresql.socket}" | ||
134 | port: "${env.postgresql.port}" | ||
135 | username: "${env.postgresql.user}" | ||
136 | password: "${env.postgresql.password}" | ||
137 | encoding: unicode | ||
138 | common: &common | ||
139 | <<: *postgresql | ||
140 | combined: &combined | ||
141 | <<: *common | ||
142 | development: | ||
143 | <<: *combined | ||
144 | database: diaspora_development | ||
145 | production: | ||
146 | <<: *combined | ||
147 | database: ${env.postgresql.database} | ||
148 | test: | ||
149 | <<: *combined | ||
150 | database: "diaspora_test" | ||
151 | integration1: | ||
152 | <<: *combined | ||
153 | database: diaspora_integration1 | ||
154 | integration2: | ||
155 | <<: *combined | ||
156 | database: diaspora_integration2 | ||
157 | ''; | ||
158 | }; | ||
159 | "webapps/diaspora/secret_token.rb" = { | ||
160 | user = "diaspora"; | ||
161 | group = "diaspora"; | ||
162 | permissions = "0400"; | ||
163 | text = '' | ||
164 | Diaspora::Application.config.secret_key_base = '${env.secret_token}' | ||
165 | ''; | ||
166 | }; | ||
167 | }; | ||
168 | |||
169 | services.diaspora = { | ||
170 | enable = true; | ||
171 | withLdap = true; | ||
172 | dataDir = "/var/lib/diaspora_immae"; | ||
173 | adminEmail = "diaspora@tools.immae.eu"; | ||
174 | configDir = config.secrets.fullPaths."webapps/diaspora"; | ||
175 | }; | ||
176 | |||
177 | services.filesWatcher.diaspora = { | ||
178 | restart = true; | ||
179 | paths = [ dcfg.configDir ]; | ||
180 | }; | ||
181 | |||
182 | services.websites.env.tools.modules = [ | ||
183 | "headers" "proxy" "proxy_http" | ||
184 | ]; | ||
185 | security.acme.certs.eldiron.extraDomainNames = [ "diaspora.immae.eu" ]; | ||
186 | services.websites.env.tools.vhostConfs.diaspora = { | ||
187 | certName = "eldiron"; | ||
188 | hosts = [ "diaspora.immae.eu" ]; | ||
189 | root = root; | ||
190 | extraConfig = [ '' | ||
191 | RewriteEngine On | ||
192 | RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f | ||
193 | RewriteRule ^/(.*)$ unix://${dcfg.sockets.rails}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L] | ||
194 | |||
195 | ProxyRequests Off | ||
196 | ProxyVia On | ||
197 | ProxyPreserveHost On | ||
198 | RequestHeader set X_FORWARDED_PROTO https | ||
199 | |||
200 | <Proxy *> | ||
201 | Require all granted | ||
202 | </Proxy> | ||
203 | |||
204 | <Directory ${root}> | ||
205 | Require all granted | ||
206 | Options -MultiViews | ||
207 | </Directory> | ||
208 | '' ]; | ||
209 | }; | ||
210 | myServices.monitoring.fromMasterActivatedPlugins = [ "http" ]; | ||
211 | myServices.monitoring.fromMasterObjects.service = [ | ||
212 | { | ||
213 | service_description = "diaspora website is running on diaspora.immae.eu"; | ||
214 | host_name = config.hostEnv.fqdn; | ||
215 | use = "external-web-service"; | ||
216 | check_command = ["check_https" "diaspora.immae.eu" "/" "is the online social world where you are in control"]; | ||
217 | |||
218 | servicegroups = "webstatus-webapps"; | ||
219 | _webstatus_name = "Diaspora"; | ||
220 | _webstatus_url = "https://diaspora.immae.eu/"; | ||
221 | } | ||
222 | ]; | ||
223 | }; | ||
224 | } | ||