nixos/modules/services/misc/sourcehut/default.nix

   1 { config, pkgs, lib, ... }:
   2
   3 with lib;
   4 let
   5   cfg = config.services.sourcehut;
   6   cfgIni = cfg.settings;
   7   settingsFormat = pkgs.formats.ini { };
   8
   9   # Specialized python containing all the modules
  10   python = pkgs.sourcehut.python.withPackages (ps: with ps; [
  11     gunicorn
  12     eventlet
  13     # Sourcehut services
  14     srht
  15     buildsrht
  16     dispatchsrht
  17     gitsrht
  18     hgsrht
  19     hubsrht
  20     listssrht
  21     mansrht
  22     metasrht
  23     pastesrht
  24     todosrht
  25   ]);
  26 in
  27 {
  28   imports =
  29     [
  30       ./git.nix
  31       ./hg.nix
  32       ./hub.nix
  33       ./todo.nix
  34       ./man.nix
  35       ./meta.nix
  36       ./paste.nix
  37       ./builds.nix
  38       ./lists.nix
  39       ./dispatch.nix
  40       (mkRemovedOptionModule [ "services" "sourcehut" "nginx" "enable" ] ''
  41         The sourcehut module supports `nginx` as a local reverse-proxy by default and doesn't
  42         support other reverse-proxies officially.
  43
  44         However it's possible to use an alternative reverse-proxy by
  45
  46           * disabling nginx
  47           * adjusting the relevant settings for server addresses and ports directly
  48
  49         Further details about this can be found in the `Sourcehut`-section of the NixOS-manual.
  50       '')
  51     ];
  52
  53   options.services.sourcehut = {
  54     enable = mkOption {
  55       type = types.bool;
  56       default = false;
  57       description = ''
  58         Enable sourcehut - git hosting, continuous integration, mailing list, ticket tracking,
  59         task dispatching, wiki and account management services
  60       '';
  61     };
  62
  63     services = mkOption {
  64       type = types.nonEmptyListOf (types.enum [ "builds" "dispatch" "git" "hub" "hg" "lists" "man" "meta" "paste" "todo" ]);
  65       default = [ "man" "meta" "paste" ];
  66       example = [ "builds" "dispatch" "git" "hub" "hg" "lists" "man" "meta" "paste" "todo" ];
  67       description = ''
  68         Services to enable on the sourcehut network.
  69       '';
  70     };
  71
  72     originBase = mkOption {
  73       type = types.str;
  74       default = with config.networking; hostName + lib.optionalString (domain != null) ".${domain}";
  75       description = ''
  76         Host name used by reverse-proxy and for default settings. Will host services at git."''${originBase}". For example: git.sr.ht
  77       '';
  78     };
  79
  80     address = mkOption {
  81       type = types.str;
  82       default = "127.0.0.1";
  83       description = ''
  84         Address to bind to.
  85       '';
  86     };
  87
  88     python = mkOption {
  89       internal = true;
  90       type = types.package;
  91       default = python;
  92       description = ''
  93         The python package to use. It should contain references to the *srht modules and also
  94         gunicorn.
  95       '';
  96     };
  97
  98     statePath = mkOption {
  99       type = types.path;
 100       default = "/var/lib/sourcehut";
 101       description = ''
 102         Root state path for the sourcehut network. If left as the default value
 103         this directory will automatically be created before the sourcehut server
 104         starts, otherwise the sysadmin is responsible for ensuring the
 105         directory exists with appropriate ownership and permissions.
 106       '';
 107     };
 108
 109     settings = mkOption {
 110       type = lib.types.submodule {
 111         freeformType = settingsFormat.type;
 112       };
 113       default = { };
 114       description = ''
 115         The configuration for the sourcehut network.
 116       '';
 117     };
 118   };
 119
 120   config = mkIf cfg.enable {
 121     assertions =
 122       [
 123         {
 124           assertion = with cfgIni.webhooks; private-key != null && stringLength private-key == 44;
 125           message = "The webhook's private key must be defined and of a 44 byte length.";
 126         }
 127
 128         {
 129           assertion = hasAttrByPath [ "meta.sr.ht" "origin" ] cfgIni && cfgIni."meta.sr.ht".origin != null;
 130           message = "meta.sr.ht's origin must be defined.";
 131         }
 132       ];
 133
 134     environment.etc."sr.ht/config.ini".source =
 135       settingsFormat.generate "sourcehut-config.ini" (mapAttrsRecursive
 136         (
 137           path: v: if v == null then "" else v
 138         )
 139         cfg.settings);
 140
 141     environment.systemPackages = [ pkgs.sourcehut.coresrht ];
 142
 143     # PostgreSQL server
 144     services.postgresql.enable = mkOverride 999 true;
 145     # Mail server
 146     services.postfix.enable = mkOverride 999 true;
 147     # Cron daemon
 148     services.cron.enable = mkOverride 999 true;
 149     # Redis server
 150     services.redis.enable = mkOverride 999 true;
 151     services.redis.bind = mkOverride 999 "127.0.0.1";
 152
 153     services.sourcehut.settings = {
 154       # The name of your network of sr.ht-based sites
 155       "sr.ht".site-name = mkDefault "sourcehut";
 156       # The top-level info page for your site
 157       "sr.ht".site-info = mkDefault "https://sourcehut.org";
 158       # {{ site-name }}, {{ site-blurb }}
 159       "sr.ht".site-blurb = mkDefault "the hacker's forge";
 160       # If this != production, we add a banner to each page
 161       "sr.ht".environment = mkDefault "development";
 162       # Contact information for the site owners
 163       "sr.ht".owner-name = mkDefault "Drew DeVault";
 164       "sr.ht".owner-email = mkDefault "sir@cmpwn.com";
 165       # The source code for your fork of sr.ht
 166       "sr.ht".source-url = mkDefault "https://git.sr.ht/~sircmpwn/srht";
 167       # A secret key to encrypt session cookies with
 168       "sr.ht".secret-key = mkDefault null;
 169       "sr.ht".global-domain = mkDefault null;
 170
 171       # Outgoing SMTP settings
 172       mail.smtp-host = mkDefault null;
 173       mail.smtp-port = mkDefault null;
 174       mail.smtp-user = mkDefault null;
 175       mail.smtp-password = mkDefault null;
 176       mail.smtp-from = mkDefault null;
 177       # Application exceptions are emailed to this address
 178       mail.error-to = mkDefault null;
 179       mail.error-from = mkDefault null;
 180       # Your PGP key information (DO NOT mix up pub and priv here)
 181       # You must remove the password from your secret key, if present.
 182       # You can do this with gpg --edit-key [key-id], then use the passwd
 183       # command and do not enter a new password.
 184       mail.pgp-privkey = mkDefault null;
 185       mail.pgp-pubkey = mkDefault null;
 186       mail.pgp-key-id = mkDefault null;
 187
 188       # base64-encoded Ed25519 key for signing webhook payloads. This should be
 189       # consistent for all *.sr.ht sites, as we'll use this key to verify signatures
 190       # from other sites in your network.
 191       #
 192       # Use the srht-webhook-keygen command to generate a key.
 193       webhooks.private-key = mkDefault null;
 194     };
 195   };
 196   meta.doc = ./sourcehut.xml;
 197   meta.maintainers = with maintainers; [ tomberek ];
 198 }