]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/losurdo/sourcehut.nix
sourcehut: initialize OAuth only for enabled services
[sourcephile-nix.git] / hosts / losurdo / sourcehut.nix
1 { pkgs, lib, config, ... }:
2 let
3 inherit (config.services) sourcehut;
4 inherit (config.users) groups;
5 domain = "sourcephile.wg";
6 in
7 {
8 #boot.isContainer = true;
9 #networking.firewall.allowedTCPPorts = [ 80 ];
10 networking.hosts = {
11 "192.168.42.2" = [domain] ++ map (d: "${d}.${domain}") sourcehut.services;
12 };
13 services.sourcehut = {
14 enable = true;
15 originBase = "${domain}";
16 address = domain;
17 services = [
18 #"builds"
19 "git"
20 #"hub"
21 #"man"
22 "meta"
23 ];
24 /*
25 builds = {
26 enableWorker = true;
27 };
28 */
29 git = {
30 };
31 meta = {
32 port = 5000;
33 };
34 settings = {
35 "sr.ht" = {
36 environment = "production";
37 global-domain = "${domain}";
38 origin = "http://${domain}";
39 # nix shell nixpkgs#sourcehut.coresrht -c srht-keygen network
40 network-key = "OeXzQ6A8Vcgt5QJkXScuxeXCtfdKzKev99BRNb3_CWQ=";
41 # nix shell nixpkgs#sourcehut.coresrht -c srht-keygen service
42 service-key = "62427596fed00fa48c19f95bc85c14d0c618a5f8c130b53ba9a6a6b403bf1507";
43 };
44 # nix shell nixpkgs#sourcehut.metasrht -c metasrht-manageuser -t admin -e mymail@gmail.com misuzu
45 "meta.sr.ht" = {
46 origin = "http://meta.${domain}";
47 api-origin = "http://meta.${domain}:5100";
48 };
49 "meta.sr.ht::settings" = {
50 onboarding-redirect = "http://meta.${domain}";
51 registration = "yes";
52 };
53 # nix shell nixpkgs#sourcehut.coresrht -c srht-keygen webhook
54 webhooks.private-key= "U7yd/8mGs/v0O3kId4jpeSghUCa9tqP1fYQwSV8UOqo=";
55 "builds.sr.ht" = {
56 origin = "http://builds.${domain}";
57 oauth-client-secret = "8f5fc39b5948907e62c737f6b48462dc";
58 oauth-client-id = "299db9f9c2013170";
59 };
60 };
61 };
62 services.nginx.virtualHosts = {
63 #"builds.${domain}".forceSSL = lib.mkForce false;
64 "git.${domain}".forceSSL = lib.mkForce false;
65 "hub.${domain}".forceSSL = lib.mkForce false;
66 "logs.${domain}".forceSSL = lib.mkForce false;
67 "man.${domain}".forceSSL = lib.mkForce false;
68 "meta.${domain}".forceSSL = lib.mkForce false;
69 "${domain}".forceSSL = lib.mkForce false;
70 };
71 users.groups."postgres".members = map (n: sourcehut.${n}.user) sourcehut.services;
72 systemd.services.postgresql = {
73 /*
74 connection_limit=64 \
75 encoding=UTF8 \
76 lc_collate=fr_FR.UTF-8 \
77 lc_type=fr_FR.UTF-8 \
78 owner="${sourcehut.git.database}" \
79 pg_createdb "${sourcehut.git.database}" >/dev/null </dev/null
80
81 pg_adduser "${sourcehut.git.database}" "${sourcehut.git.database}" >/dev/null
82 */
83 postStart = lib.mkAfter ''
84 $PSQL -d "${sourcehut.meta.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
85 GRANT USAGE,CREATE ON schema public TO "${sourcehut.git.user}";
86 GRANT USAGE,CREATE ON schema public TO "${sourcehut.meta.user}";
87 EOF
88 '';
89 };
90 }