1 { config, pkgs, lib, ... }:
5 cfg = config.services.sourcehut;
7 settingsFormat = pkgs.formats.ini { };
9 # Specialized python containing all the modules
10 python = pkgs.sourcehut.python.withPackages (ps: with ps; [
40 (mkRemovedOptionModule [ "services" "sourcehut" "nginx" "enable" ] ''
41 The sourcehut module supports `nginx` as a local reverse-proxy by default and doesn't
42 support other reverse-proxies officially.
44 However it's possible to use an alternative reverse-proxy by
47 * adjusting the relevant settings for server addresses and ports directly
49 Further details about this can be found in the `Sourcehut`-section of the NixOS-manual.
53 options.services.sourcehut = {
58 Enable sourcehut - git hosting, continuous integration, mailing list, ticket tracking,
59 task dispatching, wiki and account management services
64 type = types.nonEmptyListOf (types.enum [ "builds" "dispatch" "git" "hub" "hg" "lists" "man" "meta" "paste" "todo" ]);
65 default = [ "man" "meta" "paste" ];
66 example = [ "builds" "dispatch" "git" "hub" "hg" "lists" "man" "meta" "paste" "todo" ];
68 Services to enable on the sourcehut network.
72 originBase = mkOption {
74 default = with config.networking; hostName + lib.optionalString (domain != null) ".${domain}";
76 Host name used by reverse-proxy and for default settings. Will host services at git."''${originBase}". For example: git.sr.ht
82 default = "127.0.0.1";
93 The python package to use. It should contain references to the *srht modules and also
98 statePath = mkOption {
100 default = "/var/lib/sourcehut";
102 Root state path for the sourcehut network. If left as the default value
103 this directory will automatically be created before the sourcehut server
104 starts, otherwise the sysadmin is responsible for ensuring the
105 directory exists with appropriate ownership and permissions.
109 settings = mkOption {
110 type = lib.types.submodule {
111 freeformType = settingsFormat.type;
115 The configuration for the sourcehut network.
120 config = mkIf cfg.enable {
124 assertion = with cfgIni.webhooks; private-key != null && stringLength private-key == 44;
125 message = "The webhook's private key must be defined and of a 44 byte length.";
129 assertion = hasAttrByPath [ "meta.sr.ht" "origin" ] cfgIni && cfgIni."meta.sr.ht".origin != null;
130 message = "meta.sr.ht's origin must be defined.";
134 environment.etc."sr.ht/config.ini".source =
135 settingsFormat.generate "sourcehut-config.ini" (mapAttrsRecursive
137 path: v: if v == null then "" else v
141 environment.systemPackages = [ pkgs.sourcehut.coresrht ];
144 services.postgresql.enable = mkOverride 999 true;
146 services.postfix.enable = mkOverride 999 true;
148 services.cron.enable = mkOverride 999 true;
150 services.redis.enable = mkOverride 999 true;
151 services.redis.bind = mkOverride 999 "127.0.0.1";
153 services.sourcehut.settings = {
154 # The name of your network of sr.ht-based sites
155 "sr.ht".site-name = mkDefault "sourcehut";
156 # The top-level info page for your site
157 "sr.ht".site-info = mkDefault "https://sourcehut.org";
158 # {{ site-name }}, {{ site-blurb }}
159 "sr.ht".site-blurb = mkDefault "the hacker's forge";
160 # If this != production, we add a banner to each page
161 "sr.ht".environment = mkDefault "development";
162 # Contact information for the site owners
163 "sr.ht".owner-name = mkDefault "Drew DeVault";
164 "sr.ht".owner-email = mkDefault "sir@cmpwn.com";
165 # The source code for your fork of sr.ht
166 "sr.ht".source-url = mkDefault "https://git.sr.ht/~sircmpwn/srht";
167 # A secret key to encrypt session cookies with
168 "sr.ht".secret-key = mkDefault null;
169 "sr.ht".global-domain = mkDefault null;
171 # Outgoing SMTP settings
172 mail.smtp-host = mkDefault null;
173 mail.smtp-port = mkDefault null;
174 mail.smtp-user = mkDefault null;
175 mail.smtp-password = mkDefault null;
176 mail.smtp-from = mkDefault null;
177 # Application exceptions are emailed to this address
178 mail.error-to = mkDefault null;
179 mail.error-from = mkDefault null;
180 # Your PGP key information (DO NOT mix up pub and priv here)
181 # You must remove the password from your secret key, if present.
182 # You can do this with gpg --edit-key [key-id], then use the passwd
183 # command and do not enter a new password.
184 mail.pgp-privkey = mkDefault null;
185 mail.pgp-pubkey = mkDefault null;
186 mail.pgp-key-id = mkDefault null;
188 # base64-encoded Ed25519 key for signing webhook payloads. This should be
189 # consistent for all *.sr.ht sites, as we'll use this key to verify signatures
190 # from other sites in your network.
192 # Use the srht-webhook-keygen command to generate a key.
193 webhooks.private-key = mkDefault null;
196 meta.doc = ./sourcehut.xml;
197 meta.maintainers = with maintainers; [ tomberek ];