blob: 23670dcbc396bcd51b9d3f60cf693b6f3f749d86 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
{ lib, pkgs, config, mylibs, ... }:
let
diaspora = pkgs.callPackage ./diaspora.nix {
inherit (mylibs) fetchedGithub checkEnv;
};
cfg = config.services.myWebsites.tools.diaspora;
in {
options.services.myWebsites.tools.diaspora = {
enable = lib.mkEnableOption "enable diaspora's website";
};
config = lib.mkIf cfg.enable {
# FIXME: Can we use dynamic users from systemd?
# nixos/modules/misc/ids.nix
ids.uids.diaspora = 398;
ids.gids.diaspora = 398;
users.users.diaspora = {
name = "diaspora";
uid = config.ids.uids.diaspora;
group = "diaspora";
description = "Diaspora user";
home = diaspora.railsRoot;
useDefaultShell = true;
packages = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby ];
};
users.groups.diaspora.gid = config.ids.gids.diaspora;
systemd.services.diaspora = {
description = "Diaspora";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "redis.service" "postgresql.service" ];
wants = [ "redis.service" "postgresql.service" ];
environment.RAILS_ENV = "production";
environment.BUNDLE_PATH = "${diaspora.gems}/lib/ruby/gems/2.4.0";
environment.BUNDLE_GEMFILE = "${diaspora.gems.confFiles}/Gemfile";
environment.EYE_SOCK = "${diaspora.socketsDir}/eye.sock";
environment.EYE_PID = "${diaspora.socketsDir}/eye.pid";
path = [ diaspora.gems pkgs.nodejs diaspora.gems.ruby pkgs.curl pkgs.which pkgs.gawk ];
preStart = ''
./bin/bundle exec rails db:migrate
'';
script = ''
exec ${diaspora.railsRoot}/script/server
'';
serviceConfig = {
User = "diaspora";
PrivateTmp = true;
Restart = "always";
Type = "simple";
WorkingDirectory = diaspora.railsRoot;
StandardInput = "null";
KillMode = "control-group";
};
unitConfig.RequiresMountsFor = diaspora.varDir;
};
# FIXME: initial sync
# FIXME: touch ${diaspora.varDir}/schedule.yml
system.activationScripts.diaspora = {
deps = [ "users" ];
text = ''
install -m 0755 -o diaspora -g diaspora -d ${diaspora.socketsDir}
install -m 0755 -o diaspora -g diaspora -d ${diaspora.varDir} \
${diaspora.varDir}/uploads ${diaspora.varDir}/tmp \
${diaspora.varDir}/log
install -m 0700 -o diaspora -g diaspora -d ${diaspora.varDir}/tmp/pids
if [ ! -f ${diaspora.varDir}/schedule.yml ]; then
echo "{}" | $wrapperDir/sudo -u diaspora tee ${diaspora.varDir}/schedule.yml
fi
'';
};
services.myWebsites.tools.modules = [
"headers" "proxy" "proxy_http" "proxy_balancer"
# FIXME: probably only one balancer method is needed:
"lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat"
];
security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null;
services.myWebsites.tools.vhostConfs.diaspora = {
certName = "eldiron";
hosts = [ "diaspora.immae.eu" ];
root = "${diaspora.railsRoot}/public/";
extraConfig = [ ''
RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ balancer://thinservers%{REQUEST_URI} [P,QSA,L]
<Proxy balancer://thinservers>
BalancerMember unix://${diaspora.railsSocket}|http://
</Proxy>
ProxyRequests Off
ProxyVia On
ProxyPreserveHost On
RequestHeader set X_FORWARDED_PROTO https
<Proxy *>
Require all granted
</Proxy>
<Directory ${diaspora.railsRoot}/public>
Require all granted
Options -MultiViews
</Directory>
'' ];
};
};
}
|
