aboutsummaryrefslogtreecommitdiff
path: root/nixops/modules/websites
diff options
context:
space:
mode:
Diffstat (limited to 'nixops/modules/websites')
-rw-r--r--nixops/modules/websites/tools/mastodon/default.nix99
-rw-r--r--nixops/modules/websites/tools/mastodon/mastodon.nix61
2 files changed, 74 insertions, 86 deletions
diff --git a/nixops/modules/websites/tools/mastodon/default.nix b/nixops/modules/websites/tools/mastodon/default.nix
index 919bac2..3279cf8 100644
--- a/nixops/modules/websites/tools/mastodon/default.nix
+++ b/nixops/modules/websites/tools/mastodon/default.nix
@@ -1,10 +1,13 @@
1{ lib, pkgs, config, myconfig, mylibs, ... }: 1{ lib, pkgs, config, myconfig, mylibs, ... }:
2let 2let
3 mastodon = pkgs.callPackage ./mastodon.nix { 3 varDir = "/var/lib/mastodon_immae";
4 inherit (pkgs.webapps) mastodon; 4 socketsDir = "/run/mastodon";
5 env = myconfig.env.tools.mastodon; 5 nodeSocket = "${socketsDir}/live_immae_node.sock";
6 }; 6 railsSocket = "${socketsDir}/live_immae_puma.sock";
7
8 mastodon = pkgs.webapps.mastodon.override { inherit varDir; };
7 9
10 env = myconfig.env.tools.mastodon;
8 root = "/run/current-system/webapps/tools_mastodon"; 11 root = "/run/current-system/webapps/tools_mastodon";
9 cfg = config.services.myWebsites.tools.mastodon; 12 cfg = config.services.myWebsites.tools.mastodon;
10in { 13in {
@@ -13,16 +16,62 @@ in {
13 }; 16 };
14 17
15 config = lib.mkIf cfg.enable { 18 config = lib.mkIf cfg.enable {
16 mySecrets.keys = mastodon.keys; 19 mySecrets.keys = [{
17 ids.uids.mastodon = myconfig.env.tools.mastodon.user.uid; 20 dest = "webapps/tools-mastodon";
18 ids.gids.mastodon = myconfig.env.tools.mastodon.user.gid; 21 user = "mastodon";
22 group = "mastodon";
23 permissions = "0400";
24 text = ''
25 REDIS_HOST=${env.redis.host}
26 REDIS_PORT=${env.redis.port}
27 REDIS_DB=${env.redis.db}
28 DB_HOST=${env.postgresql.socket}
29 DB_USER=${env.postgresql.user}
30 DB_NAME=${env.postgresql.database}
31 DB_PASS=${env.postgresql.password}
32 DB_PORT=${env.postgresql.port}
33
34 LOCAL_DOMAIN=mastodon.immae.eu
35 LOCAL_HTTPS=true
36 ALTERNATE_DOMAINS=immae.eu
37
38 PAPERCLIP_SECRET=${env.paperclip_secret}
39 SECRET_KEY_BASE=${env.secret_key_base}
40 OTP_SECRET=${env.otp_secret}
41
42 VAPID_PRIVATE_KEY=${env.vapid.private}
43 VAPID_PUBLIC_KEY=${env.vapid.public}
44
45 SMTP_DELIVERY_METHOD=sendmail
46 SMTP_FROM_ADDRESS=mastodon@tools.immae.eu
47 SENDMAIL_LOCATION="/run/wrappers/bin/sendmail"
48 PAPERCLIP_ROOT_PATH=${varDir}
49
50 STREAMING_CLUSTER_NUM=1
51
52 RAILS_LOG_LEVEL=warn
53
54 # LDAP authentication (optional)
55 LDAP_ENABLED=true
56 LDAP_HOST=ldap.immae.eu
57 LDAP_PORT=636
58 LDAP_METHOD=simple_tls
59 LDAP_BASE="dc=immae,dc=eu"
60 LDAP_BIND_DN="cn=mastodon,ou=services,dc=immae,dc=eu"
61 LDAP_PASSWORD="${env.ldap.password}"
62 LDAP_UID="uid"
63 LDAP_SEARCH_FILTER="(&(%{uid}=%{email})(memberOf=cn=users,cn=mastodon,ou=services,dc=immae,dc=eu))"
64 '';
65 }];
66 ids.uids.mastodon = env.user.uid;
67 ids.gids.mastodon = env.user.gid;
19 68
20 users.users.mastodon = { 69 users.users.mastodon = {
21 name = "mastodon"; 70 name = "mastodon";
22 uid = config.ids.uids.mastodon; 71 uid = config.ids.uids.mastodon;
23 group = "mastodon"; 72 group = "mastodon";
24 description = "Mastodon user"; 73 description = "Mastodon user";
25 home = mastodon.varDir; 74 home = varDir;
26 useDefaultShell = true; 75 useDefaultShell = true;
27 }; 76 };
28 77
@@ -34,7 +83,7 @@ in {
34 after = [ "network.target" "mastodon-web.service" ]; 83 after = [ "network.target" "mastodon-web.service" ];
35 84
36 environment.NODE_ENV = "production"; 85 environment.NODE_ENV = "production";
37 environment.SOCKET = mastodon.nodeSocket; 86 environment.SOCKET = nodeSocket;
38 87
39 path = [ pkgs.nodejs pkgs.bashInteractive ]; 88 path = [ pkgs.nodejs pkgs.bashInteractive ];
40 89
@@ -60,10 +109,10 @@ in {
60 Restart = "always"; 109 Restart = "always";
61 TimeoutSec = 15; 110 TimeoutSec = 15;
62 Type = "simple"; 111 Type = "simple";
63 WorkingDirectory = mastodon.railsRoot; 112 WorkingDirectory = mastodon;
64 }; 113 };
65 114
66 unitConfig.RequiresMountsFor = mastodon.varDir; 115 unitConfig.RequiresMountsFor = varDir;
67 }; 116 };
68 117
69 systemd.services.mastodon-web = { 118 systemd.services.mastodon-web = {
@@ -74,7 +123,7 @@ in {
74 environment.RAILS_ENV = "production"; 123 environment.RAILS_ENV = "production";
75 environment.BUNDLE_PATH = "${mastodon.gems}/${mastodon.gems.ruby.gemPath}"; 124 environment.BUNDLE_PATH = "${mastodon.gems}/${mastodon.gems.ruby.gemPath}";
76 environment.BUNDLE_GEMFILE = "${mastodon.gems.confFiles}/Gemfile"; 125 environment.BUNDLE_GEMFILE = "${mastodon.gems.confFiles}/Gemfile";
77 environment.SOCKET = mastodon.railsSocket; 126 environment.SOCKET = railsSocket;
78 127
79 path = [ mastodon.gems mastodon.gems.ruby pkgs.file ]; 128 path = [ mastodon.gems mastodon.gems.ruby pkgs.file ];
80 129
@@ -93,10 +142,10 @@ in {
93 Restart = "always"; 142 Restart = "always";
94 TimeoutSec = 60; 143 TimeoutSec = 60;
95 Type = "simple"; 144 Type = "simple";
96 WorkingDirectory = mastodon.railsRoot; 145 WorkingDirectory = mastodon;
97 }; 146 };
98 147
99 unitConfig.RequiresMountsFor = mastodon.varDir; 148 unitConfig.RequiresMountsFor = varDir;
100 }; 149 };
101 150
102 systemd.services.mastodon-sidekiq = { 151 systemd.services.mastodon-sidekiq = {
@@ -122,17 +171,17 @@ in {
122 Restart = "always"; 171 Restart = "always";
123 TimeoutSec = 15; 172 TimeoutSec = 15;
124 Type = "simple"; 173 Type = "simple";
125 WorkingDirectory = mastodon.railsRoot; 174 WorkingDirectory = mastodon;
126 }; 175 };
127 176
128 unitConfig.RequiresMountsFor = mastodon.varDir; 177 unitConfig.RequiresMountsFor = varDir;
129 }; 178 };
130 179
131 system.activationScripts.mastodon = { 180 system.activationScripts.mastodon = {
132 deps = [ "users" ]; 181 deps = [ "users" ];
133 text = '' 182 text = ''
134 install -m 0755 -o mastodon -g mastodon -d ${mastodon.socketsDir} 183 install -m 0755 -o mastodon -g mastodon -d ${socketsDir}
135 install -m 0755 -o mastodon -g mastodon -d ${mastodon.varDir} ${mastodon.varDir}/tmp/cache 184 install -m 0755 -o mastodon -g mastodon -d ${varDir} ${varDir}/tmp/cache
136 ''; 185 '';
137 }; 186 };
138 187
@@ -142,7 +191,7 @@ in {
142 security.acme.certs."eldiron".extraDomains."mastodon.immae.eu" = null; 191 security.acme.certs."eldiron".extraDomains."mastodon.immae.eu" = null;
143 system.extraSystemBuilderCmds = '' 192 system.extraSystemBuilderCmds = ''
144 mkdir -p $out/webapps 193 mkdir -p $out/webapps
145 ln -s ${mastodon.railsRoot}/public/ $out/webapps/tools_mastodon 194 ln -s ${mastodon}/public/ $out/webapps/tools_mastodon
146 ''; 195 '';
147 services.myWebsites.tools.vhostConfs.mastodon = { 196 services.myWebsites.tools.vhostConfs.mastodon = {
148 certName = "eldiron"; 197 certName = "eldiron";
@@ -172,14 +221,14 @@ in {
172 ProxyPassMatch ^(/.*\.(png|ico|gif)$) ! 221 ProxyPassMatch ^(/.*\.(png|ico|gif)$) !
173 ProxyPassMatch ^/(assets|avatars|emoji|headers|packs|sounds|system|.well-known/acme-challenge) ! 222 ProxyPassMatch ^/(assets|avatars|emoji|headers|packs|sounds|system|.well-known/acme-challenge) !
174 223
175 RewriteRule ^/api/v1/streaming/(.+)$ unix://${mastodon.nodeSocket}|http://mastodon.immae.eu/api/v1/streaming/$1 [P,NE,QSA,L] 224 RewriteRule ^/api/v1/streaming/(.+)$ unix://${nodeSocket}|http://mastodon.immae.eu/api/v1/streaming/$1 [P,NE,QSA,L]
176 RewriteRule ^/api/v1/streaming/$ unix://${mastodon.nodeSocket}|ws://mastodon.immae.eu/ [P,NE,QSA,L] 225 RewriteRule ^/api/v1/streaming/$ unix://${nodeSocket}|ws://mastodon.immae.eu/ [P,NE,QSA,L]
177 ProxyPass / unix://${mastodon.railsSocket}|http://mastodon.immae.eu/ 226 ProxyPass / unix://${railsSocket}|http://mastodon.immae.eu/
178 ProxyPassReverse / unix://${mastodon.railsSocket}|http://mastodon.immae.eu/ 227 ProxyPassReverse / unix://${railsSocket}|http://mastodon.immae.eu/
179 228
180 Alias /system ${mastodon.varDir} 229 Alias /system ${varDir}
181 230
182 <Directory ${mastodon.varDir}> 231 <Directory ${varDir}>
183 Require all granted 232 Require all granted
184 Options -MultiViews 233 Options -MultiViews
185 </Directory> 234 </Directory>
diff --git a/nixops/modules/websites/tools/mastodon/mastodon.nix b/nixops/modules/websites/tools/mastodon/mastodon.nix
deleted file mode 100644
index 83e3a54..0000000
--- a/nixops/modules/websites/tools/mastodon/mastodon.nix
+++ /dev/null
@@ -1,61 +0,0 @@
1{ env, mastodon }:
2let
3 varDir = "/var/lib/mastodon_immae";
4 socketsDir = "/run/mastodon";
5 keys.mastodon = {
6 dest = "webapps/tools-mastodon";
7 user = "mastodon";
8 group = "mastodon";
9 permissions = "0400";
10 text = ''
11 REDIS_HOST=${env.redis.host}
12 REDIS_PORT=${env.redis.port}
13 REDIS_DB=${env.redis.db}
14 DB_HOST=${env.postgresql.socket}
15 DB_USER=${env.postgresql.user}
16 DB_NAME=${env.postgresql.database}
17 DB_PASS=${env.postgresql.password}
18 DB_PORT=${env.postgresql.port}
19
20 LOCAL_DOMAIN=mastodon.immae.eu
21 LOCAL_HTTPS=true
22 ALTERNATE_DOMAINS=immae.eu
23
24 PAPERCLIP_SECRET=${env.paperclip_secret}
25 SECRET_KEY_BASE=${env.secret_key_base}
26 OTP_SECRET=${env.otp_secret}
27
28 VAPID_PRIVATE_KEY=${env.vapid.private}
29 VAPID_PUBLIC_KEY=${env.vapid.public}
30
31 SMTP_DELIVERY_METHOD=sendmail
32 SMTP_FROM_ADDRESS=mastodon@tools.immae.eu
33 SENDMAIL_LOCATION="/run/wrappers/bin/sendmail"
34 PAPERCLIP_ROOT_PATH=${varDir}
35
36 STREAMING_CLUSTER_NUM=1
37
38 RAILS_LOG_LEVEL=warn
39
40 # LDAP authentication (optional)
41 LDAP_ENABLED=true
42 LDAP_HOST=ldap.immae.eu
43 LDAP_PORT=636
44 LDAP_METHOD=simple_tls
45 LDAP_BASE="dc=immae,dc=eu"
46 LDAP_BIND_DN="cn=mastodon,ou=services,dc=immae,dc=eu"
47 LDAP_PASSWORD="${env.ldap.password}"
48 LDAP_UID="uid"
49 LDAP_SEARCH_FILTER="(&(%{uid}=%{email})(memberOf=cn=users,cn=mastodon,ou=services,dc=immae,dc=eu))"
50 '';
51 };
52
53 railsRoot = mastodon.override { inherit varDir; };
54in
55 {
56 inherit varDir railsRoot socketsDir;
57 inherit (railsRoot.passthru) gems;
58 keys = builtins.attrValues keys;
59 nodeSocket = "${socketsDir}/live_immae_node.sock";
60 railsSocket = "${socketsDir}/live_immae_puma.sock";
61 }