nixos/modules/services/misc/sourcehut/man.nix

   1 { config, lib, pkgs, ... }:
   2
   3 with lib;
   4 let
   5   cfg = config.services.sourcehut;
   6   cfgIni = cfg.settings;
   7   scfg = cfg.man;
   8   iniKey = "man.sr.ht";
   9
  10   drv = pkgs.sourcehut.mansrht;
  11 in
  12 {
  13   options.services.sourcehut.man = {
  14     user = mkOption {
  15       type = types.str;
  16       default = "mansrht";
  17       description = ''
  18         User for man.sr.ht.
  19       '';
  20     };
  21
  22     port = mkOption {
  23       type = types.port;
  24       default = 5004;
  25       description = ''
  26         Port on which the "man" module should listen.
  27       '';
  28     };
  29
  30     database = mkOption {
  31       type = types.str;
  32       default = "man.sr.ht";
  33       description = ''
  34         PostgreSQL database name for man.sr.ht.
  35       '';
  36     };
  37
  38     statePath = mkOption {
  39       type = types.path;
  40       default = "${cfg.statePath}/mansrht";
  41       description = ''
  42         State path for man.sr.ht.
  43       '';
  44     };
  45   };
  46
  47   config = with scfg; lib.mkIf (cfg.enable && elem "man" cfg.services) {
  48     assertions =
  49       [
  50         {
  51           assertion = hasAttrByPath [ "git.sr.ht" "oauth-client-id" ] cfgIni;
  52           message = "man.sr.ht needs access to git.sr.ht.";
  53         }
  54       ];
  55
  56     users = {
  57       users = {
  58         "${user}" = {
  59           isSystemUser = true;
  60           group = user;
  61           description = "man.sr.ht user";
  62         };
  63       };
  64
  65       groups = {
  66         "${user}" = { };
  67       };
  68     };
  69
  70     services.postgresql = {
  71       authentication = ''
  72         local ${database} ${user} trust
  73       '';
  74       ensureDatabases = [ database ];
  75       ensureUsers = [
  76         {
  77           name = user;
  78           ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
  79         }
  80       ];
  81     };
  82
  83     systemd = {
  84       tmpfiles.rules = [
  85         "d ${statePath} 0750 ${user} ${user} -"
  86       ];
  87
  88       services.mansrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
  89         after = [ "postgresql.service" "network.target" ];
  90         requires = [ "postgresql.service" ];
  91         wantedBy = [ "multi-user.target" ];
  92
  93         description = "man.sr.ht website service";
  94
  95         serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
  96       };
  97     };
  98
  99     services.sourcehut.settings = {
 100       # URL man.sr.ht is being served at (protocol://domain)
 101       "man.sr.ht".origin = mkDefault "http://man.${cfg.originBase}";
 102       # Address and port to bind the debug server to
 103       "man.sr.ht".debug-host = mkDefault "0.0.0.0";
 104       "man.sr.ht".debug-port = mkDefault port;
 105       # Configures the SQLAlchemy connection string for the database.
 106       "man.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
 107       # man.sr.ht's OAuth client ID and secret for meta.sr.ht
 108       # Register your client at meta.example.org/oauth
 109       "man.sr.ht".oauth-client-id = mkDefault null;
 110       "man.sr.ht".oauth-client-secret = mkDefault null;
 111     };
 112
 113     services.nginx.virtualHosts."man.${cfg.originBase}" = {
 114       forceSSL = true;
 115       locations."/".proxyPass = "http://${cfg.address}:${toString port}";
 116       locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
 117       locations."/static".root = "${pkgs.sourcehut.mansrht}/${pkgs.sourcehut.python.sitePackages}/mansrht";
 118     };
 119   };
 120 }