diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-01-14 18:05:03 +0100 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-01-19 01:36:32 +0100 |
commit | a7f7fdae99f7617fb7fdabe1e65423e02a4982b1 (patch) | |
tree | 213cad95926ccbeba95c7a1843c0882d9ccd5a71 /virtual/modules/websites/tools/diaspora/default.nix | |
parent | 62a0946e8b3eda220943b9740becb3c969455549 (diff) | |
download | Nix-a7f7fdae99f7617fb7fdabe1e65423e02a4982b1.tar.gz Nix-a7f7fdae99f7617fb7fdabe1e65423e02a4982b1.tar.zst Nix-a7f7fdae99f7617fb7fdabe1e65423e02a4982b1.zip |
Add diaspora services
Diffstat (limited to 'virtual/modules/websites/tools/diaspora/default.nix')
-rw-r--r-- | virtual/modules/websites/tools/diaspora/default.nix | 117 |
1 files changed, 117 insertions, 0 deletions
diff --git a/virtual/modules/websites/tools/diaspora/default.nix b/virtual/modules/websites/tools/diaspora/default.nix new file mode 100644 index 0000000..23670dc --- /dev/null +++ b/virtual/modules/websites/tools/diaspora/default.nix | |||
@@ -0,0 +1,117 @@ | |||
1 | { lib, pkgs, config, mylibs, ... }: | ||
2 | let | ||
3 | diaspora = pkgs.callPackage ./diaspora.nix { | ||
4 | inherit (mylibs) fetchedGithub checkEnv; | ||
5 | }; | ||
6 | |||
7 | cfg = config.services.myWebsites.tools.diaspora; | ||
8 | in { | ||
9 | options.services.myWebsites.tools.diaspora = { | ||
10 | enable = lib.mkEnableOption "enable diaspora's website"; | ||
11 | }; | ||
12 | |||
13 | config = lib.mkIf cfg.enable { | ||
14 | # FIXME: Can we use dynamic users from systemd? | ||
15 | # nixos/modules/misc/ids.nix | ||
16 | ids.uids.diaspora = 398; | ||
17 | ids.gids.diaspora = 398; | ||
18 | |||
19 | users.users.diaspora = { | ||
20 | name = "diaspora"; | ||
21 | uid = config.ids.uids.diaspora; | ||
22 | group = "diaspora"; | ||
23 | description = "Diaspora user"; | ||
24 | home = diaspora.railsRoot; | ||
25 | useDefaultShell = true; | ||
26 | packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ]; | ||
27 | }; | ||
28 | |||
29 | users.groups.diaspora.gid = config.ids.gids.diaspora; | ||
30 | |||
31 | systemd.services.diaspora = { | ||
32 | description = "Diaspora"; | ||
33 | wantedBy = [ "multi-user.target" ]; | ||
34 | after = [ "network.target" "redis.service" "postgresql.service" ]; | ||
35 | wants = [ "redis.service" "postgresql.service" ]; | ||
36 | |||
37 | environment.RAILS_ENV = "production"; | ||
38 | environment.BUNDLE_PATH = "${diaspora.gems}/lib/ruby/gems/2.4.0"; | ||
39 | environment.BUNDLE_GEMFILE = "${diaspora.gems.confFiles}/Gemfile"; | ||
40 | environment.EYE_SOCK = "${diaspora.socketsDir}/eye.sock"; | ||
41 | environment.EYE_PID = "${diaspora.socketsDir}/eye.pid"; | ||
42 | |||
43 | path = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby pkgs.curl pkgs.which pkgs.gawk ]; | ||
44 | |||
45 | preStart = '' | ||
46 | ./bin/bundle exec rails db:migrate | ||
47 | ''; | ||
48 | |||
49 | script = '' | ||
50 | exec ${diaspora.railsRoot}/script/server | ||
51 | ''; | ||
52 | |||
53 | serviceConfig = { | ||
54 | User = "diaspora"; | ||
55 | PrivateTmp = true; | ||
56 | Restart = "always"; | ||
57 | Type = "simple"; | ||
58 | WorkingDirectory = diaspora.railsRoot; | ||
59 | StandardInput = "null"; | ||
60 | KillMode = "control-group"; | ||
61 | }; | ||
62 | |||
63 | unitConfig.RequiresMountsFor = diaspora.varDir; | ||
64 | }; | ||
65 | |||
66 | # FIXME: initial sync | ||
67 | # FIXME: touch ${diaspora.varDir}/schedule.yml | ||
68 | system.activationScripts.diaspora = { | ||
69 | deps = [ "users" ]; | ||
70 | text = '' | ||
71 | install -m 0755 -o diaspora -g diaspora -d ${diaspora.socketsDir} | ||
72 | install -m 0755 -o diaspora -g diaspora -d ${diaspora.varDir} \ | ||
73 | ${diaspora.varDir}/uploads ${diaspora.varDir}/tmp \ | ||
74 | ${diaspora.varDir}/log | ||
75 | install -m 0700 -o diaspora -g diaspora -d ${diaspora.varDir}/tmp/pids | ||
76 | if [ ! -f ${diaspora.varDir}/schedule.yml ]; then | ||
77 | echo "{}" | $wrapperDir/sudo -u diaspora tee ${diaspora.varDir}/schedule.yml | ||
78 | fi | ||
79 | ''; | ||
80 | }; | ||
81 | |||
82 | services.myWebsites.tools.modules = [ | ||
83 | "headers" "proxy" "proxy_http" "proxy_balancer" | ||
84 | # FIXME: probably only one balancer method is needed: | ||
85 | "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat" | ||
86 | ]; | ||
87 | security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null; | ||
88 | services.myWebsites.tools.vhostConfs.diaspora = { | ||
89 | certName = "eldiron"; | ||
90 | hosts = [ "diaspora.immae.eu" ]; | ||
91 | root = "${diaspora.railsRoot}/public/"; | ||
92 | extraConfig = [ '' | ||
93 | RewriteEngine On | ||
94 | RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f | ||
95 | RewriteRule ^/(.*)$ balancer://thinservers%{REQUEST_URI} [P,QSA,L] | ||
96 | |||
97 | <Proxy balancer://thinservers> | ||
98 | BalancerMember unix://${diaspora.railsSocket}|http:// | ||
99 | </Proxy> | ||
100 | |||
101 | ProxyRequests Off | ||
102 | ProxyVia On | ||
103 | ProxyPreserveHost On | ||
104 | RequestHeader set X_FORWARDED_PROTO https | ||
105 | |||
106 | <Proxy *> | ||
107 | Require all granted | ||
108 | </Proxy> | ||
109 | |||
110 | <Directory ${diaspora.railsRoot}/public> | ||
111 | Require all granted | ||
112 | Options -MultiViews | ||
113 | </Directory> | ||
114 | '' ]; | ||
115 | }; | ||
116 | }; | ||
117 | } | ||