diff options
Diffstat (limited to 'modules/private/websites/tools/diaspora/default.nix')
-rw-r--r-- | modules/private/websites/tools/diaspora/default.nix | 181 |
1 files changed, 181 insertions, 0 deletions
diff --git a/modules/private/websites/tools/diaspora/default.nix b/modules/private/websites/tools/diaspora/default.nix new file mode 100644 index 0000000..efa1fab --- /dev/null +++ b/modules/private/websites/tools/diaspora/default.nix | |||
@@ -0,0 +1,181 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | ||
2 | let | ||
3 | env = myconfig.env.tools.diaspora; | ||
4 | root = "/run/current-system/webapps/tools_diaspora"; | ||
5 | cfg = config.myServices.websites.tools.diaspora; | ||
6 | dcfg = config.services.diaspora; | ||
7 | in { | ||
8 | options.myServices.websites.tools.diaspora = { | ||
9 | enable = lib.mkEnableOption "enable diaspora's website"; | ||
10 | }; | ||
11 | |||
12 | config = lib.mkIf cfg.enable { | ||
13 | users.users.diaspora.extraGroups = [ "keys" ]; | ||
14 | |||
15 | secrets.keys = [ | ||
16 | { | ||
17 | dest = "webapps/diaspora/diaspora.yml"; | ||
18 | user = "diaspora"; | ||
19 | group = "diaspora"; | ||
20 | permissions = "0400"; | ||
21 | text = '' | ||
22 | configuration: | ||
23 | environment: | ||
24 | url: "https://diaspora.immae.eu/" | ||
25 | certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt' | ||
26 | redis: '${env.redis_url}' | ||
27 | sidekiq: | ||
28 | s3: | ||
29 | assets: | ||
30 | logging: | ||
31 | logrotate: | ||
32 | debug: | ||
33 | server: | ||
34 | listen: '${dcfg.sockets.rails}' | ||
35 | rails_environment: 'production' | ||
36 | chat: | ||
37 | server: | ||
38 | bosh: | ||
39 | log: | ||
40 | map: | ||
41 | mapbox: | ||
42 | privacy: | ||
43 | piwik: | ||
44 | statistics: | ||
45 | camo: | ||
46 | settings: | ||
47 | enable_registrations: false | ||
48 | welcome_message: | ||
49 | invitations: | ||
50 | open: false | ||
51 | paypal_donations: | ||
52 | community_spotlight: | ||
53 | captcha: | ||
54 | enable: false | ||
55 | terms: | ||
56 | maintenance: | ||
57 | remove_old_users: | ||
58 | default_metas: | ||
59 | csp: | ||
60 | services: | ||
61 | twitter: | ||
62 | tumblr: | ||
63 | wordpress: | ||
64 | mail: | ||
65 | enable: true | ||
66 | sender_address: 'diaspora@tools.immae.eu' | ||
67 | method: 'sendmail' | ||
68 | smtp: | ||
69 | sendmail: | ||
70 | location: '/run/wrappers/bin/sendmail' | ||
71 | admins: | ||
72 | account: "ismael" | ||
73 | podmin_email: 'diaspora@tools.immae.eu' | ||
74 | relay: | ||
75 | outbound: | ||
76 | inbound: | ||
77 | ldap: | ||
78 | enable: true | ||
79 | host: ldap.immae.eu | ||
80 | port: 636 | ||
81 | only_ldap: true | ||
82 | mail_attribute: mail | ||
83 | skip_email_confirmation: true | ||
84 | use_bind_dn: true | ||
85 | bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu" | ||
86 | bind_pw: "${env.ldap.password}" | ||
87 | search_base: "dc=immae,dc=eu" | ||
88 | search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))" | ||
89 | production: | ||
90 | environment: | ||
91 | development: | ||
92 | environment: | ||
93 | ''; | ||
94 | } | ||
95 | { | ||
96 | dest = "webapps/diaspora/database.yml"; | ||
97 | user = "diaspora"; | ||
98 | group = "diaspora"; | ||
99 | permissions = "0400"; | ||
100 | text = '' | ||
101 | postgresql: &postgresql | ||
102 | adapter: postgresql | ||
103 | host: "${env.postgresql.socket}" | ||
104 | port: "${env.postgresql.port}" | ||
105 | username: "${env.postgresql.user}" | ||
106 | password: "${env.postgresql.password}" | ||
107 | encoding: unicode | ||
108 | common: &common | ||
109 | <<: *postgresql | ||
110 | combined: &combined | ||
111 | <<: *common | ||
112 | development: | ||
113 | <<: *combined | ||
114 | database: diaspora_development | ||
115 | production: | ||
116 | <<: *combined | ||
117 | database: ${env.postgresql.database} | ||
118 | test: | ||
119 | <<: *combined | ||
120 | database: "diaspora_test" | ||
121 | integration1: | ||
122 | <<: *combined | ||
123 | database: diaspora_integration1 | ||
124 | integration2: | ||
125 | <<: *combined | ||
126 | database: diaspora_integration2 | ||
127 | ''; | ||
128 | } | ||
129 | { | ||
130 | dest = "webapps/diaspora/secret_token.rb"; | ||
131 | user = "diaspora"; | ||
132 | group = "diaspora"; | ||
133 | permissions = "0400"; | ||
134 | text = '' | ||
135 | Diaspora::Application.config.secret_key_base = '${env.secret_token}' | ||
136 | ''; | ||
137 | } | ||
138 | ]; | ||
139 | |||
140 | services.diaspora = { | ||
141 | enable = true; | ||
142 | package = pkgs.webapps.diaspora.override { ldap = true; }; | ||
143 | dataDir = "/var/lib/diaspora_immae"; | ||
144 | adminEmail = "diaspora@tools.immae.eu"; | ||
145 | configDir = "/var/secrets/webapps/diaspora"; | ||
146 | }; | ||
147 | |||
148 | services.websites.tools.modules = [ | ||
149 | "headers" "proxy" "proxy_http" | ||
150 | ]; | ||
151 | system.extraSystemBuilderCmds = '' | ||
152 | mkdir -p $out/webapps | ||
153 | ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora | ||
154 | ''; | ||
155 | services.websites.tools.vhostConfs.diaspora = { | ||
156 | certName = "eldiron"; | ||
157 | addToCerts = true; | ||
158 | hosts = [ "diaspora.immae.eu" ]; | ||
159 | root = root; | ||
160 | extraConfig = [ '' | ||
161 | RewriteEngine On | ||
162 | RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f | ||
163 | RewriteRule ^/(.*)$ unix://${dcfg.sockets.rails}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L] | ||
164 | |||
165 | ProxyRequests Off | ||
166 | ProxyVia On | ||
167 | ProxyPreserveHost On | ||
168 | RequestHeader set X_FORWARDED_PROTO https | ||
169 | |||
170 | <Proxy *> | ||
171 | Require all granted | ||
172 | </Proxy> | ||
173 | |||
174 | <Directory ${root}> | ||
175 | Require all granted | ||
176 | Options -MultiViews | ||
177 | </Directory> | ||
178 | '' ]; | ||
179 | }; | ||
180 | }; | ||
181 | } | ||