]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/modules/services/misc/sourcehut/man.nix
mermet: backup: fix path to zfs
[sourcephile-nix.git] / nixos / modules / services / misc / sourcehut / man.nix
1 { config, lib, pkgs, ... }:
2
3 with lib;
4 let
5 cfg = config.services.sourcehut;
6 cfgIni = cfg.settings;
7 scfg = cfg.man;
8 iniKey = "man.sr.ht";
9 statePath = "/var/lib/sourcehut/mansrht";
10
11 drv = pkgs.sourcehut.mansrht;
12 in
13 {
14 options.services.sourcehut.man = {
15 enable = mkEnableOption "man service";
16
17 user = mkOption {
18 type = types.str;
19 default = "mansrht";
20 description = ''
21 User for man.sr.ht.
22 '';
23 };
24
25 port = mkOption {
26 type = types.port;
27 default = 5004;
28 description = ''
29 Port on which the "man" module should listen.
30 '';
31 };
32
33 database = mkOption {
34 type = types.str;
35 default = "man.sr.ht";
36 description = ''
37 PostgreSQL database name for man.sr.ht.
38 '';
39 };
40 };
41
42 config = with scfg; lib.mkIf (cfg.enable && scfg.enable) {
43 assertions =
44 [
45 {
46 assertion = hasAttrByPath [ "git.sr.ht" "oauth-client-id" ] cfgIni;
47 message = "man.sr.ht needs access to git.sr.ht.";
48 }
49 ];
50
51 users = {
52 users = {
53 "${user}" = {
54 isSystemUser = true;
55 group = user;
56 description = "man.sr.ht user";
57 };
58 };
59
60 groups = {
61 "${user}" = { };
62 };
63 };
64
65 services.postgresql = {
66 authentication = ''
67 local ${database} ${user} trust
68 '';
69 ensureDatabases = [ database ];
70 ensureUsers = [
71 {
72 name = user;
73 ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
74 }
75 ];
76 };
77
78 systemd = {
79 services.mansrht = import ./service.nix { inherit config pkgs lib; initDB = true; } scfg drv iniKey {
80 after = [ "postgresql.service" "network.target" ];
81 requires = [ "postgresql.service" ];
82 wantedBy = [ "multi-user.target" ];
83
84 description = "man.sr.ht website service";
85
86 serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
87 };
88 };
89
90 services.nginx.virtualHosts."man.${cfg.originBase}" = {
91 forceSSL = true;
92 locations."/".proxyPass = "http://${cfg.address}:${toString port}";
93 locations."/query".proxyPass = cfgIni."meta.sr.ht".api-origin;
94 locations."/static".root = "${pkgs.sourcehut.mansrht}/${pkgs.sourcehut.python.sitePackages}/mansrht";
95 };
96 };
97 }