From 4288c2f2431fb782b0d512b1b3749187f2374b6a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Wed, 22 May 2019 20:01:33 +0200
Subject: Move websites/tools to modules

---
 .../private/websites/tools/diaspora/default.nix    | 181 +++++++++++++++++++++
 1 file changed, 181 insertions(+)
 create mode 100644 modules/private/websites/tools/diaspora/default.nix

(limited to 'modules/private/websites/tools/diaspora/default.nix')

diff --git a/modules/private/websites/tools/diaspora/default.nix b/modules/private/websites/tools/diaspora/default.nix
new file mode 100644
index 0000000..efa1fab
--- /dev/null
+++ b/modules/private/websites/tools/diaspora/default.nix
@@ -0,0 +1,181 @@
+{ lib, pkgs, config, myconfig,  ... }:
+let
+  env = myconfig.env.tools.diaspora;
+  root = "/run/current-system/webapps/tools_diaspora";
+  cfg = config.myServices.websites.tools.diaspora;
+  dcfg = config.services.diaspora;
+in {
+  options.myServices.websites.tools.diaspora = {
+    enable = lib.mkEnableOption "enable diaspora's website";
+  };
+
+  config = lib.mkIf cfg.enable {
+    users.users.diaspora.extraGroups = [ "keys" ];
+
+    secrets.keys = [
+      {
+        dest = "webapps/diaspora/diaspora.yml";
+        user = "diaspora";
+        group = "diaspora";
+        permissions = "0400";
+        text = ''
+        configuration:
+          environment:
+            url: "https://diaspora.immae.eu/"
+            certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt'
+            redis: '${env.redis_url}'
+            sidekiq:
+            s3:
+            assets:
+            logging:
+              logrotate:
+              debug:
+          server:
+            listen: '${dcfg.sockets.rails}'
+            rails_environment: 'production'
+          chat:
+            server:
+              bosh:
+              log:
+          map:
+            mapbox:
+          privacy:
+            piwik:
+            statistics:
+            camo:
+          settings:
+            enable_registrations: false
+            welcome_message:
+            invitations:
+              open: false
+            paypal_donations:
+            community_spotlight:
+            captcha:
+              enable: false
+            terms:
+            maintenance:
+              remove_old_users:
+            default_metas:
+            csp:
+          services:
+            twitter:
+            tumblr:
+            wordpress:
+          mail:
+            enable: true
+            sender_address: 'diaspora@tools.immae.eu'
+            method: 'sendmail'
+            smtp:
+            sendmail:
+              location: '/run/wrappers/bin/sendmail'
+          admins:
+            account: "ismael"
+            podmin_email: 'diaspora@tools.immae.eu'
+          relay:
+            outbound:
+            inbound:
+          ldap:
+              enable: true
+              host: ldap.immae.eu
+              port: 636
+              only_ldap: true
+              mail_attribute: mail
+              skip_email_confirmation: true
+              use_bind_dn: true
+              bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu"
+              bind_pw: "${env.ldap.password}"
+              search_base: "dc=immae,dc=eu"
+              search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))"
+        production:
+          environment:
+        development:
+          environment:
+        '';
+      }
+      {
+        dest = "webapps/diaspora/database.yml";
+        user = "diaspora";
+        group = "diaspora";
+        permissions = "0400";
+        text = ''
+        postgresql: &postgresql
+          adapter: postgresql
+          host: "${env.postgresql.socket}"
+          port: "${env.postgresql.port}"
+          username: "${env.postgresql.user}"
+          password: "${env.postgresql.password}"
+          encoding: unicode
+        common: &common
+          <<: *postgresql
+        combined: &combined
+          <<: *common
+        development:
+          <<: *combined
+          database: diaspora_development
+        production:
+          <<: *combined
+          database: ${env.postgresql.database}
+        test:
+          <<: *combined
+          database: "diaspora_test"
+        integration1:
+          <<: *combined
+          database: diaspora_integration1
+        integration2:
+          <<: *combined
+          database: diaspora_integration2
+        '';
+      }
+      {
+        dest = "webapps/diaspora/secret_token.rb";
+        user = "diaspora";
+        group = "diaspora";
+        permissions = "0400";
+        text = ''
+          Diaspora::Application.config.secret_key_base = '${env.secret_token}'
+        '';
+      }
+    ];
+
+    services.diaspora = {
+      enable = true;
+      package = pkgs.webapps.diaspora.override { ldap = true; };
+      dataDir = "/var/lib/diaspora_immae";
+      adminEmail = "diaspora@tools.immae.eu";
+      configDir = "/var/secrets/webapps/diaspora";
+    };
+
+    services.websites.tools.modules = [
+      "headers" "proxy" "proxy_http"
+    ];
+    system.extraSystemBuilderCmds = ''
+      mkdir -p $out/webapps
+      ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora
+      '';
+    services.websites.tools.vhostConfs.diaspora = {
+      certName    = "eldiron";
+      addToCerts  = true;
+      hosts       = [ "diaspora.immae.eu" ];
+      root        = root;
+      extraConfig = [ ''
+        RewriteEngine On
+        RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
+        RewriteRule ^/(.*)$ unix://${dcfg.sockets.rails}|http://diaspora.immae.eu/%{REQUEST_URI} [P,NE,QSA,L]
+
+        ProxyRequests Off
+        ProxyVia On
+        ProxyPreserveHost On
+        RequestHeader set X_FORWARDED_PROTO https
+
+        <Proxy *>
+            Require all granted
+        </Proxy>
+
+        <Directory ${root}>
+            Require all granted
+            Options -MultiViews
+        </Directory>
+      '' ];
+    };
+  };
+}
-- 
cgit v1.2.3