]> Git — Sourcephile - sourcephile-nix.git/blob - install/logical/friot/redmine.nix
gpg: improve backup
[sourcephile-nix.git] / install / logical / friot / redmine.nix
1 {pkgs, lib, config, ...}:
2 let inherit (builtins.extraBuiltins) pass;
3 inherit (config) networking;
4 inherit (config.services) redmine postgresql gitolite;
5 redmine_git_hosting_settings = pkgs.writeText "settings.yml" ''
6 ---
7 # Gitolite SSH Config
8 gitolite_user: '${gitolite.user}'
9 gitolite_server_host: 'localhost'
10 gitolite_server_port: '22'
11 #gitolite_ssh_private_key: <%= Rails.root.join('plugins', 'redmine_git_hosting', 'ssh_keys', 'redmine_gitolite_admin_id_rsa') %>
12 #gitolite_ssh_public_key: <%= Rails.root.join('plugins', 'redmine_git_hosting', 'ssh_keys', 'redmine_gitolite_admin_id_rsa.pub') %>
13 gitolite_ssh_private_key: '${redmine.stateDir}/.ssh/id_ed25519'
14 gitolite_ssh_public_key: '${redmine.stateDir}/.ssh/id_ed25519.pub'
15
16 # Gitolite Storage Config
17 gitolite_global_storage_dir: 'repositories/'
18 gitolite_redmine_storage_dir: ""
19 gitolite_recycle_bin_dir: 'recycle_bin/'
20 gitolite_lib_dir: '${pkgs.gitolite}/bin/lib'
21 gitolite_local_code_dir: 'local/'
22
23 # Gitolite Config File
24 gitolite_config_file: 'gitolite.conf'
25 gitolite_identifier_prefix: 'redmine_'
26 gitolite_identifier_strip_user_id: 'false'
27
28 # Gitolite Global Config
29 gitolite_temp_dir: <%= Rails.root.join('tmp', 'redmine_git_hosting') %>
30 gitolite_recycle_bin_expiration_time: '24.0'
31 gitolite_log_level: 'info'
32 git_config_username: 'Redmine Git Hosting'
33 git_config_email: 'redmine@${networking.domain}'
34
35 # Gitolite Hooks Config
36 gitolite_overwrite_existing_hooks: 'true'
37 gitolite_hooks_are_asynchronous: 'false'
38 gitolite_hooks_debug: 'false'
39 gitolite_hooks_url: 'http://localhost:3000'
40
41 # Gitolite Cache Config
42 gitolite_cache_max_time: '86400'
43 gitolite_cache_max_size: '16'
44 gitolite_cache_max_elements: '2000'
45 gitolite_cache_adapter: 'database'
46
47 # Gitolite Access Config
48 ssh_server_domain: 'localhost'
49 http_server_domain: 'localhost'
50 https_server_domain: 'localhost'
51 http_server_subdir: ""
52 show_repositories_url: 'true'
53 gitolite_daemon_by_default: 'false'
54 gitolite_http_by_default: '1'
55
56 # Redmine Config
57 redmine_has_rw_access_on_all_repos: 'true'
58 all_projects_use_git: 'false'
59 init_repositories_on_create: 'false'
60 delete_git_repositories: 'true'
61
62 # This params work together!
63 # When hierarchical_organisation = true unique_repo_identifier MUST be false
64 # When hierarchical_organisation = false unique_repo_identifier MUST be true
65 hierarchical_organisation: 'true'
66 unique_repo_identifier: 'false'
67
68 # Download Revision Config
69 download_revision_enabled: 'true'
70
71 # Git Mailing List Config
72 gitolite_notify_by_default: 'false'
73 gitolite_notify_global_prefix: '[REDMINE]'
74 gitolite_notify_global_sender_address: 'redmine@${networking.domain}'
75 gitolite_notify_global_include: []
76 gitolite_notify_global_exclude: []
77
78 # Sidekiq Config
79 gitolite_use_sidekiq: 'false'
80 '';
81 in
82 {
83 config = {
84 services = {
85 redmine = {
86 enable = true;
87 package = with pkgs.redmine.plugins; pkgs.redmineWithPlugins [
88 #redmine_git_hosting
89 #clipboard_image_paste
90 #redmine_revision_branches
91 ];
92 database = {
93 type = "postgresql";
94 host = "/tmp";
95 port = postgresql.port;
96 };
97 config = {
98 "configuration.yml" = lib.mkForce ''
99 default:
100 scm_git_command: ${pkgs.git}/bin/git
101 '';
102 };
103 };
104 postgresql = {
105 users."${redmine.user}" = {
106 auth = "unix";
107 };
108 databases."${redmine.database.name}" = {
109 owner = redmine.user;
110 users = [ redmine.user ];
111 extraConfig = ''
112 GRANT USAGE ON SCHEMA pg_catalog TO ${redmine.user};
113 GRANT SELECT ON ALL TABLES IN SCHEMA pg_catalog TO ${redmine.user};
114 '';
115 };
116 };
117 nginx = {
118 upstreams."redmine" = {
119 servers = { "localhost:3000" = {}; };
120 };
121 virtualHosts."redmine" = {
122 serverName = "redmine.${networking.domain}";
123 serverAliases =
124 map (domainAlias: "redmine." + domainAlias)
125 config.networking.domainAliases;
126 locations = {
127 "/" = {
128 extraConfig = ''
129 proxy_next_upstream error timeout
130 invalid_header http_500 http_502 http_503;
131 proxy_pass http://localhost:3000;
132 '';
133 };
134 };
135 };
136 };
137 };
138 systemd.services.redmine = {
139 path = lib.mkForce [
140 pkgs.gitAndTools.git
141 pkgs.imagemagickBig
142 pkgs.coreutils
143 pkgs.findutils
144 pkgs.gnused
145 /*
146 pkgs.gitolite
147 pkgs.coreutils
148 pkgs.openssh
149 (config.security.wrapperDir + "/..")
150 */
151 ];
152 #environment.REDMINE_LANG = lib.mkForce "fr";
153 /*
154 path = [
155 pkgs.gitolite
156 pkgs.coreutils
157 pkgs.openssh
158 (config.security.wrapperDir + "/..")
159 ];
160 after = [ "keys.target" ];
161 preStart = ''
162 # comply with openssh's strict mode
163 install -D -d -o ${redmine.user} -g ${redmine.group} -m 0700 \
164 ${redmine.stateDir}/.ssh
165 install -o ${redmine.user} -g ${redmine.group} -m 0400 \
166 /run/keys/redmine_git_hosting_id_ed25519 \
167 ${redmine.stateDir}/.ssh/id_ed25519
168 install -o ${redmine.user} -g ${redmine.group} -m 0400 \
169 ${pkgs.writeText "redmine_git_hosting_id_ed25519.pub"
170 (builtins.readFile ../../../sec/var/ssh/redmine_git_hosting/id_ed25519.pub)} \
171 ${redmine.stateDir}/.ssh/id_ed25519.pub
172 install -o ${redmine.user} -g ${redmine.group} -m 0400 \
173 ${pkgs.writeText "config" ''
174 Host localhost
175 PasswordAuthentication no
176 PreferredAuthentications publickey
177 StrictHostKeyChecking no
178 UserKnownHostsFile /dev/null
179 ''} \
180 ${redmine.stateDir}/.ssh/config
181
182 # push settings.yml
183 ln -fns ${redmine_git_hosting_settings} \
184 ${redmine.stateDir}/redmine_git_hosting.yml
185 ${redmine.stateDir}/bundle exec rake redmine_git_hosting:update_settings
186 install hooks and parameters
187 ${redmine.stateDir}/bundle exec rake redmine_git_hosting:install_gitolite_hooks
188 '';
189 */
190 };
191 users.users."${redmine.user}" = {
192 extraGroups = [
193 gitolite.group
194 ];
195 };
196 deployment.keys.redmine_git_hosting_id_ed25519 = {
197 text = pass "${networking.domain}/${networking.hostName}/redmine_git_hosting/ssh" + "\n";
198 #destDir = "${redmine.stateDir}/.ssh";
199 #path = "${redmine.stateDir}/.ssh/id_ed25519";
200 user = redmine.user;
201 group = redmine.group;
202 permissions = "0400"; # XXX: not enforced when deployment.storeKeysOnMachine = true
203 };
204 security.sudo.extraRules = [
205 { users = [ redmine.user ];
206 groups = [ redmine.group ];
207 runAs = gitolite.user;
208 commands = [ { command = "ALL"; options = [ "SETENV" "NOPASSWD" ]; } ];
209 }
210 ];
211 };
212 }