aboutsummaryrefslogtreecommitdiff
path: root/nixops
diff options
context:
space:
mode:
Diffstat (limited to 'nixops')
-rw-r--r--nixops/modules/websites/tools/diaspora.nix90
1 files changed, 11 insertions, 79 deletions
diff --git a/nixops/modules/websites/tools/diaspora.nix b/nixops/modules/websites/tools/diaspora.nix
index 1088e71..ebb7612 100644
--- a/nixops/modules/websites/tools/diaspora.nix
+++ b/nixops/modules/websites/tools/diaspora.nix
@@ -1,40 +1,17 @@
1{ lib, pkgs, config, myconfig, mylibs, ... }: 1{ lib, pkgs, config, myconfig, mylibs, ... }:
2let 2let
3 varDir = "/var/lib/diaspora_immae";
4
5 diaspora = pkgs.webapps.diaspora.override {
6 ldap = true;
7 inherit varDir;
8 podmin_email = "diaspora@tools.immae.eu";
9 config_dir = "/var/secrets/webapps/diaspora";
10 };
11
12 railsSocket = "${socketsDir}/diaspora.sock";
13 socketsDir = "/run/diaspora";
14 env = myconfig.env.tools.diaspora; 3 env = myconfig.env.tools.diaspora;
15 root = "/run/current-system/webapps/tools_diaspora"; 4 root = "/run/current-system/webapps/tools_diaspora";
16 cfg = config.services.myWebsites.tools.diaspora; 5 cfg = config.services.myWebsites.tools.diaspora;
6 dcfg = config.services.diaspora;
17in { 7in {
18 options.services.myWebsites.tools.diaspora = { 8 options.services.myWebsites.tools.diaspora = {
19 enable = lib.mkEnableOption "enable diaspora's website"; 9 enable = lib.mkEnableOption "enable diaspora's website";
20 }; 10 };
21 11
22 config = lib.mkIf cfg.enable { 12 config = lib.mkIf cfg.enable {
23 ids.uids.diaspora = env.user.uid; 13 users.users.diaspora.extraGroups = [ "keys" ];
24 ids.gids.diaspora = env.user.gid;
25
26 users.users.diaspora = {
27 name = "diaspora";
28 uid = config.ids.uids.diaspora;
29 group = "diaspora";
30 description = "Diaspora user";
31 home = varDir;
32 useDefaultShell = true;
33 packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ];
34 extraGroups = [ "keys" ];
35 };
36 14
37 users.groups.diaspora.gid = config.ids.gids.diaspora;
38 secrets.keys = [ 15 secrets.keys = [
39 { 16 {
40 dest = "webapps/diaspora/diaspora.yml"; 17 dest = "webapps/diaspora/diaspora.yml";
@@ -54,7 +31,7 @@ in {
54 logrotate: 31 logrotate:
55 debug: 32 debug:
56 server: 33 server:
57 listen: '${socketsDir}/diaspora.sock' 34 listen: '${dcfg.sockets.rails}'
58 rails_environment: 'production' 35 rails_environment: 'production'
59 chat: 36 chat:
60 server: 37 server:
@@ -160,57 +137,12 @@ in {
160 } 137 }
161 ]; 138 ];
162 139
163 systemd.services.diaspora = { 140 services.diaspora = {
164 description = "Diaspora"; 141 enable = true;
165 wantedBy = [ "multi-user.target" ]; 142 package = pkgs.webapps.diaspora.override { ldap = true; };
166 after = [ 143 dataDir = "/var/lib/diaspora_immae";
167 "network.target" "redis.service" "postgresql.service" 144 adminEmail = "diaspora@tools.immae.eu";
168 ]; 145 configDir = "/var/secrets/webapps/diaspora";
169 wants = [
170 "redis.service" "postgresql.service"
171 ];
172
173 environment.RAILS_ENV = "production";
174 environment.BUNDLE_PATH = "${diaspora.gems}/${diaspora.gems.ruby.gemPath}";
175 environment.BUNDLE_GEMFILE = "${diaspora.gems.confFiles}/Gemfile";
176 environment.EYE_SOCK = "${socketsDir}/eye.sock";
177 environment.EYE_PID = "${socketsDir}/eye.pid";
178
179 path = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby pkgs.curl pkgs.which pkgs.gawk ];
180
181 preStart = ''
182 ./bin/bundle exec rails db:migrate
183 '';
184
185 script = ''
186 exec ${diaspora}/script/server
187 '';
188
189 serviceConfig = {
190 User = "diaspora";
191 PrivateTmp = true;
192 Restart = "always";
193 Type = "simple";
194 WorkingDirectory = diaspora;
195 StandardInput = "null";
196 KillMode = "control-group";
197 };
198
199 unitConfig.RequiresMountsFor = varDir;
200 };
201
202 system.activationScripts.diaspora = {
203 deps = [ "users" ];
204 text = ''
205 install -m 0755 -o diaspora -g diaspora -d ${socketsDir}
206 install -m 0755 -o diaspora -g diaspora -d ${varDir} \
207 ${varDir}/uploads ${varDir}/tmp \
208 ${varDir}/log
209 install -m 0700 -o diaspora -g diaspora -d ${varDir}/tmp/pids
210 if [ ! -f ${varDir}/schedule.yml ]; then
211 echo "{}" | $wrapperDir/sudo -u diaspora tee ${varDir}/schedule.yml
212 fi
213 '';
214 }; 146 };
215 147
216 services.myWebsites.tools.modules = [ 148 services.myWebsites.tools.modules = [
@@ -219,7 +151,7 @@ in {
219 security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null; 151 security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null;
220 system.extraSystemBuilderCmds = '' 152 system.extraSystemBuilderCmds = ''
221 mkdir -p $out/webapps 153 mkdir -p $out/webapps
222 ln -s ${diaspora}/public/ $out/webapps/tools_diaspora 154 ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora
223 ''; 155 '';
224 services.myWebsites.tools.vhostConfs.diaspora = { 156 services.myWebsites.tools.vhostConfs.diaspora = {
225 certName = "eldiron"; 157 certName = "eldiron";
@@ -228,7 +160,7 @@ in {
228 extraConfig = [ '' 160 extraConfig = [ ''
229 RewriteEngine On 161 RewriteEngine On
230 RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f 162 RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
231 RewriteRule ^/(.*)$ unix://${railsSocket}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L] 163 RewriteRule ^/(.*)$ unix://${dcfg.sockets.rails}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L]
232 164
233 ProxyRequests Off 165 ProxyRequests Off
234 ProxyVia On 166 ProxyVia On