diff options
Diffstat (limited to 'nixops/modules/websites/tools/diaspora/default.nix')
-rw-r--r-- | nixops/modules/websites/tools/diaspora/default.nix | 113 |
1 files changed, 113 insertions, 0 deletions
diff --git a/nixops/modules/websites/tools/diaspora/default.nix b/nixops/modules/websites/tools/diaspora/default.nix new file mode 100644 index 0000000..ae870b0 --- /dev/null +++ b/nixops/modules/websites/tools/diaspora/default.nix | |||
@@ -0,0 +1,113 @@ | |||
1 | { lib, pkgs, config, myconfig, mylibs, ... }: | ||
2 | let | ||
3 | diaspora = pkgs.callPackage ./diaspora.nix { | ||
4 | inherit (mylibs) fetchedGithub; | ||
5 | env = myconfig.env.tools.diaspora; | ||
6 | }; | ||
7 | |||
8 | cfg = config.services.myWebsites.tools.diaspora; | ||
9 | in { | ||
10 | options.services.myWebsites.tools.diaspora = { | ||
11 | enable = lib.mkEnableOption "enable diaspora's website"; | ||
12 | }; | ||
13 | |||
14 | config = lib.mkIf cfg.enable { | ||
15 | ids.uids.diaspora = 398; | ||
16 | ids.gids.diaspora = 398; | ||
17 | |||
18 | users.users.diaspora = { | ||
19 | name = "diaspora"; | ||
20 | uid = config.ids.uids.diaspora; | ||
21 | group = "diaspora"; | ||
22 | description = "Diaspora user"; | ||
23 | home = diaspora.railsRoot; | ||
24 | useDefaultShell = true; | ||
25 | packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ]; | ||
26 | }; | ||
27 | |||
28 | users.groups.diaspora.gid = config.ids.gids.diaspora; | ||
29 | |||
30 | systemd.services.diaspora = { | ||
31 | description = "Diaspora"; | ||
32 | wantedBy = [ "multi-user.target" ]; | ||
33 | after = [ "network.target" "redis.service" "postgresql.service" ]; | ||
34 | wants = [ "redis.service" "postgresql.service" ]; | ||
35 | |||
36 | environment.RAILS_ENV = "production"; | ||
37 | environment.BUNDLE_PATH = "${diaspora.gems}/${diaspora.gems.ruby.gemPath}"; | ||
38 | environment.BUNDLE_GEMFILE = "${diaspora.gems.confFiles}/Gemfile"; | ||
39 | environment.EYE_SOCK = "${diaspora.socketsDir}/eye.sock"; | ||
40 | environment.EYE_PID = "${diaspora.socketsDir}/eye.pid"; | ||
41 | |||
42 | path = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby pkgs.curl pkgs.which pkgs.gawk ]; | ||
43 | |||
44 | preStart = '' | ||
45 | ./bin/bundle exec rails db:migrate | ||
46 | ''; | ||
47 | |||
48 | script = '' | ||
49 | exec ${diaspora.railsRoot}/script/server | ||
50 | ''; | ||
51 | |||
52 | serviceConfig = { | ||
53 | User = "diaspora"; | ||
54 | PrivateTmp = true; | ||
55 | Restart = "always"; | ||
56 | Type = "simple"; | ||
57 | WorkingDirectory = diaspora.railsRoot; | ||
58 | StandardInput = "null"; | ||
59 | KillMode = "control-group"; | ||
60 | }; | ||
61 | |||
62 | unitConfig.RequiresMountsFor = diaspora.varDir; | ||
63 | }; | ||
64 | |||
65 | system.activationScripts.diaspora = { | ||
66 | deps = [ "users" ]; | ||
67 | text = '' | ||
68 | install -m 0755 -o diaspora -g diaspora -d ${diaspora.socketsDir} | ||
69 | install -m 0755 -o diaspora -g diaspora -d ${diaspora.varDir} \ | ||
70 | ${diaspora.varDir}/uploads ${diaspora.varDir}/tmp \ | ||
71 | ${diaspora.varDir}/log | ||
72 | install -m 0700 -o diaspora -g diaspora -d ${diaspora.varDir}/tmp/pids | ||
73 | if [ ! -f ${diaspora.varDir}/schedule.yml ]; then | ||
74 | echo "{}" | $wrapperDir/sudo -u diaspora tee ${diaspora.varDir}/schedule.yml | ||
75 | fi | ||
76 | ''; | ||
77 | }; | ||
78 | |||
79 | services.myWebsites.tools.modules = [ | ||
80 | "headers" "proxy" "proxy_http" "proxy_balancer" | ||
81 | "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat" | ||
82 | ]; | ||
83 | security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null; | ||
84 | services.myWebsites.tools.vhostConfs.diaspora = { | ||
85 | certName = "eldiron"; | ||
86 | hosts = [ "diaspora.immae.eu" ]; | ||
87 | root = "${diaspora.railsRoot}/public/"; | ||
88 | extraConfig = [ '' | ||
89 | RewriteEngine On | ||
90 | RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f | ||
91 | RewriteRule ^/(.*)$ balancer://thinservers%{REQUEST_URI} [P,QSA,L] | ||
92 | |||
93 | <Proxy balancer://thinservers> | ||
94 | BalancerMember unix://${diaspora.railsSocket}|http:// | ||
95 | </Proxy> | ||
96 | |||
97 | ProxyRequests Off | ||
98 | ProxyVia On | ||
99 | ProxyPreserveHost On | ||
100 | RequestHeader set X_FORWARDED_PROTO https | ||
101 | |||
102 | <Proxy *> | ||
103 | Require all granted | ||
104 | </Proxy> | ||
105 | |||
106 | <Directory ${diaspora.railsRoot}/public> | ||
107 | Require all granted | ||
108 | Options -MultiViews | ||
109 | </Directory> | ||
110 | '' ]; | ||
111 | }; | ||
112 | }; | ||
113 | } | ||