1 { config, lib, pkgs, ... }:
5 cfg = config.services.sourcehut;
8 iniKey = "paste.sr.ht";
10 rcfg = config.services.redis;
11 drv = pkgs.sourcehut.pastesrht;
14 options.services.sourcehut.paste = {
17 default = "pastesrht";
27 Port on which the "paste" module should listen.
33 default = "paste.sr.ht";
35 PostgreSQL database name for paste.sr.ht.
39 statePath = mkOption {
41 default = "${cfg.statePath}/pastesrht";
43 State path for pastesrht.sr.ht.
48 config = with scfg; lib.mkIf (cfg.enable && elem "paste" cfg.services) {
54 description = "paste.sr.ht user";
63 services.postgresql = {
65 local ${database} ${user} trust
67 ensureDatabases = [ database ];
71 ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
78 "d ${statePath} 0750 ${user} ${user} -"
82 pastesrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
83 after = [ "postgresql.service" "network.target" ];
84 requires = [ "postgresql.service" ];
85 wantedBy = [ "multi-user.target" ];
87 description = "paste.sr.ht website service";
89 serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
92 pastesrht-webhooks = {
93 after = [ "postgresql.service" "network.target" ];
94 requires = [ "postgresql.service" ];
95 wantedBy = [ "multi-user.target" ];
97 description = "paste.sr.ht webhooks service";
102 ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel INFO --pool eventlet";
109 services.sourcehut.settings = {
110 # URL paste.sr.ht is being served at (protocol://domain)
111 "paste.sr.ht".origin = mkDefault "http://paste.${cfg.originBase}";
112 # Address and port to bind the debug server to
113 "paste.sr.ht".debug-host = mkDefault "0.0.0.0";
114 "paste.sr.ht".debug-port = mkDefault port;
115 # Configures the SQLAlchemy connection string for the database.
116 "paste.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
117 # paste.sr.ht's OAuth client ID and secret for meta.sr.ht
118 # Register your client at meta.example.org/oauth
119 "paste.sr.ht".oauth-client-id = mkDefault null;
120 "paste.sr.ht".oauth-client-secret = mkDefault null;
121 "paste.sr.ht".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/5";
124 services.nginx.virtualHosts."paste.${cfg.originBase}" = {
126 locations."/".proxyPass = "http://${cfg.address}:${toString port}";
127 locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
128 locations."/static".root = "${pkgs.sourcehut.pastesrht}/${pkgs.sourcehut.python.sitePackages}/pastesrht";