diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-01-14 18:05:03 +0100 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-01-19 01:36:32 +0100 |
commit | a7f7fdae99f7617fb7fdabe1e65423e02a4982b1 (patch) | |
tree | 213cad95926ccbeba95c7a1843c0882d9ccd5a71 /virtual/modules/websites/tools/diaspora/diaspora.nix | |
parent | 62a0946e8b3eda220943b9740becb3c969455549 (diff) | |
download | Nix-a7f7fdae99f7617fb7fdabe1e65423e02a4982b1.tar.gz Nix-a7f7fdae99f7617fb7fdabe1e65423e02a4982b1.tar.zst Nix-a7f7fdae99f7617fb7fdabe1e65423e02a4982b1.zip |
Add diaspora services
Diffstat (limited to 'virtual/modules/websites/tools/diaspora/diaspora.nix')
-rw-r--r-- | virtual/modules/websites/tools/diaspora/diaspora.nix | 173 |
1 files changed, 173 insertions, 0 deletions
diff --git a/virtual/modules/websites/tools/diaspora/diaspora.nix b/virtual/modules/websites/tools/diaspora/diaspora.nix new file mode 100644 index 0000000..7880ac5 --- /dev/null +++ b/virtual/modules/websites/tools/diaspora/diaspora.nix | |||
@@ -0,0 +1,173 @@ | |||
1 | { checkEnv, fetchedGithub, stdenv, defaultGemConfig, writeText, bundlerEnv, ruby_2_4, pkgs, cacert }: | ||
2 | let | ||
3 | gems = bundlerEnv { | ||
4 | name = "diaspora-env"; | ||
5 | ruby = ruby_2_4; | ||
6 | gemdir = ./.; | ||
7 | # FIXME: it fails if I don’t include all groups | ||
8 | #groups = [ "default" "postgresql" "production" "development" "test" ]; | ||
9 | # Had to remove them from gemset.nix, and remove mysql2 | ||
10 | # Also had to "ungroup" pg in Gemfile | ||
11 | gemConfig = defaultGemConfig // { | ||
12 | kostya-sigar = attrs: { | ||
13 | buildInputs = with pkgs; [ pkgs.perl ]; | ||
14 | }; | ||
15 | }; | ||
16 | }; | ||
17 | varDir = "/var/lib/diaspora_immae"; | ||
18 | socketsDir = "/run/diaspora"; | ||
19 | buildInputs = [ gems ] ++ (with pkgs; [ | ||
20 | git redis imagemagick libxslt nodejs | ||
21 | jemalloc cacert ruby_2_4 | ||
22 | openssl postgresql curl libnghttp2 | ||
23 | pkgconfig which | ||
24 | ]); | ||
25 | diaspora = stdenv.mkDerivation (fetchedGithub ./diaspora.json // rec { | ||
26 | buildPhase = '' | ||
27 | export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt | ||
28 | export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt | ||
29 | |||
30 | patch -p1 < ${./ldap.patch} | ||
31 | ''; | ||
32 | installPhase = '' | ||
33 | cp -a . $out | ||
34 | ''; | ||
35 | propagatedBuildInputs = buildInputs; | ||
36 | }); | ||
37 | secret_token = assert checkEnv "NIXOPS_DIASPORA_SECRET_TOKEN"; | ||
38 | writeText "secret_token.rb" '' | ||
39 | Diaspora::Application.config.secret_key_base = '${builtins.getEnv "NIXOPS_DIASPORA_SECRET_TOKEN"}' | ||
40 | ''; | ||
41 | config = | ||
42 | assert checkEnv "NIXOPS_DIASPORA_LDAP_PASSWORD"; | ||
43 | writeText "diaspora.yml" '' | ||
44 | configuration: | ||
45 | environment: | ||
46 | url: "https://diaspora.immae.eu/" | ||
47 | certificate_authorities: '/etc/ssl/certs/ca-certificates.crt' | ||
48 | redis: 'redis://localhost:6379/15' | ||
49 | sidekiq: | ||
50 | s3: | ||
51 | assets: | ||
52 | logging: | ||
53 | logrotate: | ||
54 | debug: | ||
55 | server: | ||
56 | listen: '${socketsDir}/diaspora.sock' | ||
57 | rails_environment: 'production' | ||
58 | chat: | ||
59 | server: | ||
60 | bosh: | ||
61 | log: | ||
62 | map: | ||
63 | mapbox: | ||
64 | privacy: | ||
65 | piwik: | ||
66 | statistics: | ||
67 | camo: | ||
68 | settings: | ||
69 | enable_registrations: false | ||
70 | welcome_message: | ||
71 | invitations: | ||
72 | open: false | ||
73 | paypal_donations: | ||
74 | community_spotlight: | ||
75 | captcha: | ||
76 | enable: false | ||
77 | terms: | ||
78 | maintenance: | ||
79 | remove_old_users: | ||
80 | default_metas: | ||
81 | csp: | ||
82 | services: | ||
83 | twitter: | ||
84 | tumblr: | ||
85 | wordpress: | ||
86 | mail: | ||
87 | enable: true | ||
88 | sender_address: 'diaspora@immae.eu' | ||
89 | method: 'smtp' | ||
90 | smtp: | ||
91 | host: 'mail.immae.eu' | ||
92 | sendmail: | ||
93 | admins: | ||
94 | account: "ismael" | ||
95 | podmin_email: 'diaspora@immae.eu' | ||
96 | relay: | ||
97 | outbound: | ||
98 | inbound: | ||
99 | ldap: | ||
100 | enable: true | ||
101 | host: ldap.immae.eu | ||
102 | port: 636 | ||
103 | only_ldap: true | ||
104 | mail_attribute: mail | ||
105 | skip_email_confirmation: true | ||
106 | use_bind_dn: true | ||
107 | bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu" | ||
108 | bind_pw: "${builtins.getEnv "NIXOPS_DIASPORA_LDAP_PASSWORD"}" | ||
109 | search_base: "dc=immae,dc=eu" | ||
110 | search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))" | ||
111 | production: | ||
112 | environment: | ||
113 | development: | ||
114 | environment: | ||
115 | ''; | ||
116 | database_config = | ||
117 | assert checkEnv "NIXOPS_DIASPORA_SQL_PASSWORD"; | ||
118 | writeText "database.yml" '' | ||
119 | postgresql: &postgresql | ||
120 | adapter: postgresql | ||
121 | host: db-1.immae.eu | ||
122 | port: 5432 | ||
123 | username: "diaspora" | ||
124 | password: "${builtins.getEnv "NIXOPS_DIASPORA_SQL_PASSWORD"}" | ||
125 | encoding: unicode | ||
126 | common: &common | ||
127 | <<: *postgresql | ||
128 | combined: &combined | ||
129 | <<: *common | ||
130 | development: | ||
131 | <<: *combined | ||
132 | database: diaspora_development | ||
133 | production: | ||
134 | <<: *combined | ||
135 | database: diaspora | ||
136 | test: | ||
137 | <<: *combined | ||
138 | database: "diaspora_test" | ||
139 | integration1: | ||
140 | <<: *combined | ||
141 | database: diaspora_integration1 | ||
142 | integration2: | ||
143 | <<: *combined | ||
144 | database: diaspora_integration2 | ||
145 | ''; | ||
146 | |||
147 | railsRoot = stdenv.mkDerivation { | ||
148 | name = "diaspora_immae"; | ||
149 | inherit diaspora; | ||
150 | builder = writeText "build_diaspora_immae" '' | ||
151 | source $stdenv/setup | ||
152 | cp -a $diaspora $out | ||
153 | cd $out | ||
154 | chmod -R u+rwX . | ||
155 | tar -czf public/source.tar.gz ./{app,db,lib,script,Gemfile,Gemfile.lock,Rakefile,config.ru} | ||
156 | ln -s ${database_config} config/database.yml | ||
157 | ln -s ${config} config/diaspora.yml | ||
158 | ln -s ${secret_token} config/initializers/secret_token.rb | ||
159 | ln -sf ../../../../../../${varDir}/schedule.yml config/schedule.yml | ||
160 | ln -sf ../../../../../../${varDir}/oidc_key.pem config/oidc_key.pem | ||
161 | ln -sf ../../../../../../${varDir}/uploads public/uploads | ||
162 | RAILS_ENV=production ${gems}/bin/rake assets:precompile | ||
163 | rm -rf tmp log | ||
164 | ln -sf ../../../../../${varDir}/tmp tmp | ||
165 | ln -sf ../../../../../${varDir}/log log | ||
166 | ''; | ||
167 | propagatedBuildInputs = buildInputs; | ||
168 | }; | ||
169 | in | ||
170 | { | ||
171 | inherit railsRoot varDir socketsDir gems; | ||
172 | railsSocket = "${socketsDir}/diaspora.sock"; | ||
173 | } | ||