]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/modules/services/misc/sourcehut/lists.nix
sourcephile / git / sourcephile-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
sourcehut: type-check migrate-on-upgrade
[sourcephile-nix.git] / nixos / modules / services / misc / sourcehut / lists.nix
1 # Email setup is fairly involved, useful references:
2 # https://drewdevault.com/2018/08/05/Local-mail-server.html
3
4 { config, lib, pkgs, ... }:
5
6 with lib;
7 let
8 cfg = config.services.sourcehut;
9 cfgIni = cfg.settings;
10 scfg = cfg.lists;
11 iniKey = "lists.sr.ht";
12
13 rcfg = config.services.redis;
14 drv = pkgs.sourcehut.listssrht;
15 in
16 {
17 options.services.sourcehut.lists = {
18 user = mkOption {
19 type = types.str;
20 default = "listssrht";
21 description = ''
22 User for lists.sr.ht.
23 '';
24 };
25
26 port = mkOption {
27 type = types.port;
28 default = 5006;
29 description = ''
30 Port on which the "lists" module should listen.
31 '';
32 };
33
34 database = mkOption {
35 type = types.str;
36 default = "lists.sr.ht";
37 description = ''
38 PostgreSQL database name for lists.sr.ht.
39 '';
40 };
41
42 statePath = mkOption {
43 type = types.path;
44 default = "${cfg.statePath}/listssrht";
45 description = ''
46 State path for lists.sr.ht.
47 '';
48 };
49 };
50
51 config = with scfg; lib.mkIf (cfg.enable && elem "lists" cfg.services) {
52 users = {
53 users = {
54 "${user}" = {
55 isSystemUser = true;
56 group = user;
57 extraGroups = [ "postfix" ];
58 description = "lists.sr.ht user";
59 };
60 };
61 groups = {
62 "${user}" = { };
63 };
64 };
65
66 services.postgresql = {
67 authentication = ''
68 local ${database} ${user} trust
69 '';
70 ensureDatabases = [ database ];
71 ensureUsers = [
72 {
73 name = user;
74 ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
75 }
76 ];
77 };
78
79 systemd = {
80 tmpfiles.rules = [
81 "d ${statePath} 0750 ${user} ${user} -"
82 ];
83
84 services = {
85 listssrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
86 after = [ "postgresql.service" "network.target" ];
87 requires = [ "postgresql.service" ];
88 wantedBy = [ "multi-user.target" ];
89
90 description = "lists.sr.ht website service";
91
92 serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
93 };
94
95 listssrht-process = {
96 after = [ "postgresql.service" "network.target" ];
97 requires = [ "postgresql.service" ];
98 wantedBy = [ "multi-user.target" ];
99
100 description = "lists.sr.ht process service";
101 serviceConfig = {
102 Type = "simple";
103 User = user;
104 Restart = "always";
105 ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.process worker --loglevel INFO --pool eventlet";
106 };
107 };
108
109 listssrht-lmtp = {
110 after = [ "postgresql.service" "network.target" ];
111 requires = [ "postgresql.service" ];
112 wantedBy = [ "multi-user.target" ];
113
114 description = "lists.sr.ht process service";
115 serviceConfig = {
116 Type = "simple";
117 User = user;
118 Restart = "always";
119 ExecStart = "${cfg.python}/bin/listssrht-lmtp";
120 };
121 };
122
123
124 listssrht-webhooks = {
125 after = [ "postgresql.service" "network.target" ];
126 requires = [ "postgresql.service" ];
127 wantedBy = [ "multi-user.target" ];
128
129 description = "lists.sr.ht webhooks service";
130 serviceConfig = {
131 Type = "simple";
132 User = user;
133 Restart = "always";
134 ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel INFO --pool eventlet";
135 };
136 };
137 };
138 };
139
140 services.sourcehut.settings = {
141 # URL lists.sr.ht is being served at (protocol://domain)
142 "lists.sr.ht".origin = mkDefault "http://lists.${cfg.originBase}";
143 # Address and port to bind the debug server to
144 "lists.sr.ht".debug-host = mkDefault "0.0.0.0";
145 "lists.sr.ht".debug-port = mkDefault port;
146 # Configures the SQLAlchemy connection string for the database.
147 "lists.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
148 # lists.sr.ht's OAuth client ID and secret for meta.sr.ht
149 # Register your client at meta.example.org/oauth
150 "lists.sr.ht".oauth-client-id = mkDefault null;
151 "lists.sr.ht".oauth-client-secret = mkDefault null;
152 # Outgoing email for notifications generated by users
153 "lists.sr.ht".notify-from = mkDefault "CHANGEME@example.org";
154 # The redis connection used for the webhooks worker
155 "lists.sr.ht".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/2";
156 # The redis connection used for the celery worker
157 "lists.sr.ht".redis = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/4";
158 # Network-key
159 "lists.sr.ht".network-key = mkDefault null;
160 # Allow creation
161 "lists.sr.ht".allow-new-lists = mkDefault "no";
162 # Posting Domain
163 "lists.sr.ht".posting-domain = mkDefault "lists.${cfg.originBase}";
164
165 # Path for the lmtp daemon's unix socket. Direct incoming mail to this socket.
166 # Alternatively, specify IP:PORT and an SMTP server will be run instead.
167 "lists.sr.ht::worker".sock = mkDefault "/tmp/lists.sr.ht-lmtp.sock";
168 # The lmtp daemon will make the unix socket group-read/write for users in this
169 # group.
170 "lists.sr.ht::worker".sock-group = mkDefault "postfix";
171 "lists.sr.ht::worker".reject-url = mkDefault "https://man.sr.ht/lists.sr.ht/etiquette.md";
172 "lists.sr.ht::worker".reject-mimetypes = mkDefault "text/html";
173
174 };
175
176 services.nginx.virtualHosts."lists.${cfg.originBase}" = {
177 forceSSL = true;
178 locations."/".proxyPass = "http://${cfg.address}:${toString port}";
179 locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
180 locations."/static".root = "${pkgs.sourcehut.listssrht}/${pkgs.sourcehut.python.sitePackages}/listssrht";
181 };
182 };
183 }
NixOS configurations for Sourcephile's infrastructure