nixos/modules/services/misc/sourcehut/default.nix

   1 { config, pkgs, lib, ... }:
   2
   3 with lib;
   4 let
   5   cfg = config.services.sourcehut;
   6   cfgIni = cfg.settings;
   7   settingsFormat = pkgs.formats.ini { };
   8
   9   # Specialized python containing all the modules
  10   python = pkgs.sourcehut.python.withPackages (ps: with ps; [
  11     gunicorn
  12     eventlet
  13     # Sourcehut services
  14     srht
  15     buildsrht
  16     dispatchsrht
  17     gitsrht
  18     hgsrht
  19     hubsrht
  20     listssrht
  21     mansrht
  22     metasrht
  23     pastesrht
  24     todosrht
  25   ]);
  26 in
  27 {
  28   imports =
  29     [
  30       ./git.nix
  31       ./hg.nix
  32       ./hub.nix
  33       ./todo.nix
  34       ./man.nix
  35       ./meta.nix
  36       ./paste.nix
  37       ./builds.nix
  38       ./lists.nix
  39       ./dispatch.nix
  40       (mkRemovedOptionModule [ "services" "sourcehut" "nginx" "enable" ] ''
  41         The sourcehut module supports `nginx` as a local reverse-proxy by default and doesn't
  42         support other reverse-proxies officially.
  43
  44         However it's possible to use an alternative reverse-proxy by
  45
  46           * disabling nginx
  47           * adjusting the relevant settings for server addresses and ports directly
  48
  49         Further details about this can be found in the `Sourcehut`-section of the NixOS-manual.
  50       '')
  51     ];
  52
  53   options.services.sourcehut = {
  54     enable = mkEnableOption ''
  55       sourcehut - git hosting, continuous integration, mailing list, ticket tracking,
  56       task dispatching, wiki and account management services
  57     '';
  58
  59     services = mkOption {
  60       type = types.nonEmptyListOf (types.enum [ "builds" "dispatch" "git" "hub" "hg" "lists" "man" "meta" "paste" "todo" ]);
  61       default = [ "man" "meta" "paste" ];
  62       example = [ "builds" "dispatch" "git" "hub" "hg" "lists" "man" "meta" "paste" "todo" ];
  63       description = ''
  64         Services to enable on the sourcehut network.
  65       '';
  66     };
  67
  68     originBase = mkOption {
  69       type = types.str;
  70       default = with config.networking; hostName + lib.optionalString (domain != null) ".${domain}";
  71       description = ''
  72         Host name used by reverse-proxy and for default settings. Will host services at git."''${originBase}". For example: git.sr.ht
  73       '';
  74     };
  75
  76     address = mkOption {
  77       type = types.str;
  78       default = "127.0.0.1";
  79       description = ''
  80         Address to bind to.
  81       '';
  82     };
  83
  84     python = mkOption {
  85       internal = true;
  86       type = types.package;
  87       default = python;
  88       description = ''
  89         The python package to use. It should contain references to the *srht modules and also
  90         gunicorn.
  91       '';
  92     };
  93
  94     statePath = mkOption {
  95       type = types.path;
  96       default = "/var/lib/sourcehut";
  97       description = ''
  98         Root state path for the sourcehut network. If left as the default value
  99         this directory will automatically be created before the sourcehut server
 100         starts, otherwise the sysadmin is responsible for ensuring the
 101         directory exists with appropriate ownership and permissions.
 102       '';
 103     };
 104
 105     settings = mkOption {
 106       type = lib.types.submodule {
 107         freeformType = settingsFormat.type;
 108       };
 109       default = { };
 110       description = ''
 111         The configuration for the sourcehut network.
 112       '';
 113     };
 114   };
 115
 116   config = mkIf cfg.enable {
 117     assertions =
 118       [
 119         {
 120           assertion = with cfgIni.webhooks; private-key != null && stringLength private-key == 44;
 121           message = "The webhook's private key must be defined and of a 44 byte length.";
 122         }
 123
 124         {
 125           assertion = hasAttrByPath [ "meta.sr.ht" "origin" ] cfgIni && cfgIni."meta.sr.ht".origin != null;
 126           message = "meta.sr.ht's origin must be defined.";
 127         }
 128       ];
 129
 130     environment.etc."sr.ht/config.ini".source =
 131       settingsFormat.generate "sourcehut-config.ini" (mapAttrsRecursive
 132         (
 133           path: v: if v == null then "" else v
 134         )
 135         cfg.settings);
 136
 137     environment.systemPackages = [ pkgs.sourcehut.coresrht ];
 138
 139     # PostgreSQL server
 140     services.postgresql.enable = mkOverride 999 true;
 141     # Mail server
 142     services.postfix.enable = mkOverride 999 true;
 143     # Cron daemon
 144     services.cron.enable = mkOverride 999 true;
 145     # Redis server
 146     services.redis.enable = mkOverride 999 true;
 147     services.redis.bind = mkOverride 999 "127.0.0.1";
 148
 149     services.sourcehut.settings = {
 150       # The name of your network of sr.ht-based sites
 151       "sr.ht".site-name = mkDefault "sourcehut";
 152       # The top-level info page for your site
 153       "sr.ht".site-info = mkDefault "https://sourcehut.org";
 154       # {{ site-name }}, {{ site-blurb }}
 155       "sr.ht".site-blurb = mkDefault "the hacker's forge";
 156       # If this != production, we add a banner to each page
 157       "sr.ht".environment = mkDefault "development";
 158       # Contact information for the site owners
 159       "sr.ht".owner-name = mkDefault "Drew DeVault";
 160       "sr.ht".owner-email = mkDefault "sir@cmpwn.com";
 161       # The source code for your fork of sr.ht
 162       "sr.ht".source-url = mkDefault "https://git.sr.ht/~sircmpwn/srht";
 163       # A secret key to encrypt session cookies with
 164       "sr.ht".secret-key = mkDefault null;
 165       "sr.ht".global-domain = mkDefault null;
 166
 167       # Outgoing SMTP settings
 168       mail.smtp-host = mkDefault null;
 169       mail.smtp-port = mkDefault null;
 170       mail.smtp-user = mkDefault null;
 171       mail.smtp-password = mkDefault null;
 172       mail.smtp-from = mkDefault null;
 173       # Application exceptions are emailed to this address
 174       mail.error-to = mkDefault null;
 175       mail.error-from = mkDefault null;
 176       # Your PGP key information (DO NOT mix up pub and priv here)
 177       # You must remove the password from your secret key, if present.
 178       # You can do this with gpg --edit-key [key-id], then use the passwd
 179       # command and do not enter a new password.
 180       mail.pgp-privkey = mkDefault null;
 181       mail.pgp-pubkey = mkDefault null;
 182       mail.pgp-key-id = mkDefault null;
 183
 184       # base64-encoded Ed25519 key for signing webhook payloads. This should be
 185       # consistent for all *.sr.ht sites, as we'll use this key to verify signatures
 186       # from other sites in your network.
 187       #
 188       # Use the srht-webhook-keygen command to generate a key.
 189       webhooks.private-key = mkDefault null;
 190     };
 191   };
 192   meta.doc = ./sourcehut.xml;
 193   meta.maintainers = with maintainers; [ tomberek ];
 194 }