From a7f7fdae99f7617fb7fdabe1e65423e02a4982b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Mon, 14 Jan 2019 18:05:03 +0100 Subject: Add diaspora services --- .../modules/websites/tools/diaspora/default.nix | 117 +++++++++++++++++++++ 1 file changed, 117 insertions(+) create mode 100644 virtual/modules/websites/tools/diaspora/default.nix (limited to 'virtual/modules/websites/tools/diaspora/default.nix') diff --git a/virtual/modules/websites/tools/diaspora/default.nix b/virtual/modules/websites/tools/diaspora/default.nix new file mode 100644 index 0000000..23670dc --- /dev/null +++ b/virtual/modules/websites/tools/diaspora/default.nix @@ -0,0 +1,117 @@ +{ lib, pkgs, config, mylibs, ... }: +let + diaspora = pkgs.callPackage ./diaspora.nix { + inherit (mylibs) fetchedGithub checkEnv; + }; + + cfg = config.services.myWebsites.tools.diaspora; +in { + options.services.myWebsites.tools.diaspora = { + enable = lib.mkEnableOption "enable diaspora's website"; + }; + + config = lib.mkIf cfg.enable { + # FIXME: Can we use dynamic users from systemd? + # nixos/modules/misc/ids.nix + ids.uids.diaspora = 398; + ids.gids.diaspora = 398; + + users.users.diaspora = { + name = "diaspora"; + uid = config.ids.uids.diaspora; + group = "diaspora"; + description = "Diaspora user"; + home = diaspora.railsRoot; + useDefaultShell = true; + packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ]; + }; + + users.groups.diaspora.gid = config.ids.gids.diaspora; + + systemd.services.diaspora = { + description = "Diaspora"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "redis.service" "postgresql.service" ]; + wants = [ "redis.service" "postgresql.service" ]; + + environment.RAILS_ENV = "production"; + environment.BUNDLE_PATH = "${diaspora.gems}/lib/ruby/gems/2.4.0"; + environment.BUNDLE_GEMFILE = "${diaspora.gems.confFiles}/Gemfile"; + environment.EYE_SOCK = "${diaspora.socketsDir}/eye.sock"; + environment.EYE_PID = "${diaspora.socketsDir}/eye.pid"; + + path = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby pkgs.curl pkgs.which pkgs.gawk ]; + + preStart = '' + ./bin/bundle exec rails db:migrate + ''; + + script = '' + exec ${diaspora.railsRoot}/script/server + ''; + + serviceConfig = { + User = "diaspora"; + PrivateTmp = true; + Restart = "always"; + Type = "simple"; + WorkingDirectory = diaspora.railsRoot; + StandardInput = "null"; + KillMode = "control-group"; + }; + + unitConfig.RequiresMountsFor = diaspora.varDir; + }; + + # FIXME: initial sync + # FIXME: touch ${diaspora.varDir}/schedule.yml + system.activationScripts.diaspora = { + deps = [ "users" ]; + text = '' + install -m 0755 -o diaspora -g diaspora -d ${diaspora.socketsDir} + install -m 0755 -o diaspora -g diaspora -d ${diaspora.varDir} \ + ${diaspora.varDir}/uploads ${diaspora.varDir}/tmp \ + ${diaspora.varDir}/log + install -m 0700 -o diaspora -g diaspora -d ${diaspora.varDir}/tmp/pids + if [ ! -f ${diaspora.varDir}/schedule.yml ]; then + echo "{}" | $wrapperDir/sudo -u diaspora tee ${diaspora.varDir}/schedule.yml + fi + ''; + }; + + services.myWebsites.tools.modules = [ + "headers" "proxy" "proxy_http" "proxy_balancer" + # FIXME: probably only one balancer method is needed: + "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat" + ]; + security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null; + services.myWebsites.tools.vhostConfs.diaspora = { + certName = "eldiron"; + hosts = [ "diaspora.immae.eu" ]; + root = "${diaspora.railsRoot}/public/"; + extraConfig = [ '' + RewriteEngine On + RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f + RewriteRule ^/(.*)$ balancer://thinservers%{REQUEST_URI} [P,QSA,L] + + + BalancerMember unix://${diaspora.railsSocket}|http:// + + + ProxyRequests Off + ProxyVia On + ProxyPreserveHost On + RequestHeader set X_FORWARDED_PROTO https + + + Require all granted + + + + Require all granted + Options -MultiViews + + '' ]; + }; + }; +} -- cgit v1.2.3