diff options
Diffstat (limited to 'virtual/modules/websites/tools/mastodon/mastodon.nix')
-rw-r--r-- | virtual/modules/websites/tools/mastodon/mastodon.nix | 100 |
1 files changed, 100 insertions, 0 deletions
diff --git a/virtual/modules/websites/tools/mastodon/mastodon.nix b/virtual/modules/websites/tools/mastodon/mastodon.nix new file mode 100644 index 0000000..e948852 --- /dev/null +++ b/virtual/modules/websites/tools/mastodon/mastodon.nix | |||
@@ -0,0 +1,100 @@ | |||
1 | { checkEnv, fetchedGithub, stdenv, writeText, pkgs, cacert }: | ||
2 | let | ||
3 | varDir = "/var/lib/mastodon_immae"; | ||
4 | socketsDir = "/run/mastodon"; | ||
5 | mastodon = stdenv.mkDerivation (fetchedGithub ./mastodon.json // rec { | ||
6 | buildPhase = '' | ||
7 | export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt | ||
8 | export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt | ||
9 | |||
10 | bundle install --deployment --without development test | ||
11 | yarn install --pure-lockfile | ||
12 | ''; | ||
13 | installPhase = '' | ||
14 | cp -a . $out | ||
15 | ''; | ||
16 | propagatedBuildInputs = with pkgs; [ | ||
17 | zlib icu libchardet git bundler yarn | ||
18 | protobuf protobufc libidn libpqxx nodejs | ||
19 | imagemagick ffmpeg libxml2 libxslt pkgconfig | ||
20 | autoconf bison libyaml readline ncurses libffi gdbm | ||
21 | jemalloc which postgresql python3 cacert | ||
22 | ]; | ||
23 | }); | ||
24 | config = | ||
25 | assert checkEnv "NIXOPS_MASTODON_DB_PASS"; | ||
26 | assert checkEnv "NIXOPS_MASTODON_PAPERCLIP_SECRET"; | ||
27 | assert checkEnv "NIXOPS_MASTODON_SECRET_KEY_BASE"; | ||
28 | assert checkEnv "NIXOPS_MASTODON_OTP_SECRET"; | ||
29 | assert checkEnv "NIXOPS_MASTODON_VAPID_PRIVATE_KEY"; | ||
30 | assert checkEnv "NIXOPS_MASTODON_VAPID_PUBLIC_KEY"; | ||
31 | assert checkEnv "NIXOPS_MASTODON_OTP_SECRET"; | ||
32 | assert checkEnv "NIXOPS_MASTODON_LDAP_PASSWORD"; | ||
33 | writeText "mastodon_environment" '' | ||
34 | REDIS_HOST=localhost | ||
35 | REDIS_PORT=6379 | ||
36 | REDIS_DB=13 | ||
37 | DB_HOST=/run/postgresql | ||
38 | DB_USER=mastodon | ||
39 | DB_NAME=mastodon | ||
40 | DB_PASS=${builtins.getEnv "NIXOPS_MASTODON_DB_PASS"} | ||
41 | DB_PORT=5432 | ||
42 | |||
43 | LOCAL_DOMAIN=mastodon.immae.eu | ||
44 | LOCAL_HTTPS=true | ||
45 | ALTERNATE_DOMAINS=immae.eu | ||
46 | |||
47 | PAPERCLIP_SECRET=${builtins.getEnv "NIXOPS_MASTODON_PAPERCLIP_SECRET"} | ||
48 | SECRET_KEY_BASE=${builtins.getEnv "NIXOPS_MASTODON_SECRET_KEY_BASE"} | ||
49 | OTP_SECRET=${builtins.getEnv "NIXOPS_MASTODON_OTP_SECRET"} | ||
50 | |||
51 | VAPID_PRIVATE_KEY=${builtins.getEnv "NIXOPS_MASTODON_VAPID_PRIVATE_KEY"} | ||
52 | VAPID_PUBLIC_KEY=${builtins.getEnv "NIXOPS_MASTODON_VAPID_PUBLIC_KEY"} | ||
53 | |||
54 | SMTP_SERVER=mail.immae.eu | ||
55 | SMTP_PORT=587 | ||
56 | SMTP_FROM_ADDRESS=notifications@mastodon.immae.eu | ||
57 | SMTP_DELIVERY_METHOD=smtp | ||
58 | PAPERCLIP_ROOT_PATH=${varDir} | ||
59 | |||
60 | STREAMING_CLUSTER_NUM=1 | ||
61 | |||
62 | # LDAP authentication (optional) | ||
63 | LDAP_ENABLED=true | ||
64 | LDAP_HOST=ldap.immae.eu | ||
65 | LDAP_PORT=636 | ||
66 | LDAP_METHOD=simple_tls | ||
67 | LDAP_BASE="dc=immae,dc=eu" | ||
68 | LDAP_BIND_DN="cn=mastodon,ou=services,dc=immae,dc=eu" | ||
69 | LDAP_PASSWORD="${builtins.getEnv "NIXOPS_MASTODON_LDAP_PASSWORD"}" | ||
70 | LDAP_UID="uid" | ||
71 | LDAP_SEARCH_FILTER="(&(%{uid}=%{email})(memberOf=cn=users,cn=mastodon,ou=services,dc=immae,dc=eu))" | ||
72 | ''; | ||
73 | |||
74 | railsRoot = stdenv.mkDerivation { | ||
75 | name = "mastodon_immae"; | ||
76 | inherit config mastodon; | ||
77 | builder = writeText "build_mastodon_immae" '' | ||
78 | source $stdenv/setup | ||
79 | set -a | ||
80 | source $config | ||
81 | set +a | ||
82 | cp -a $mastodon $out | ||
83 | cd $out | ||
84 | chmod u+rwX . node_modules public | ||
85 | RAILS_ENV=production bundle exec rails assets:precompile | ||
86 | ''; | ||
87 | propagatedBuildInputs = with pkgs; [ | ||
88 | zlib icu libchardet git bundler yarn | ||
89 | protobuf protobufc libidn libpqxx nodejs | ||
90 | imagemagick ffmpeg libxml2 libxslt pkgconfig | ||
91 | autoconf bison libyaml readline ncurses libffi gdbm | ||
92 | jemalloc which postgresql python3 cacert | ||
93 | ]; | ||
94 | }; | ||
95 | in | ||
96 | { | ||
97 | inherit railsRoot config varDir socketsDir; | ||
98 | nodeSocket = "${socketsDir}/live_immae_node.sock"; | ||
99 | railsSocket = "${socketsDir}/live_immae_puma.sock"; | ||
100 | } | ||