]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/modules/services/misc/sourcehut/default.nix
sourcehut: use mkEnableOption
[sourcephile-nix.git] / nixos / modules / services / misc / sourcehut / default.nix
1 { config, pkgs, lib, ... }:
2
3 with lib;
4 let
5 cfg = config.services.sourcehut;
6 cfgIni = cfg.settings;
7 settingsFormat = pkgs.formats.ini { };
8
9 # Specialized python containing all the modules
10 python = pkgs.sourcehut.python.withPackages (ps: with ps; [
11 gunicorn
12 eventlet
13 # Sourcehut services
14 srht
15 buildsrht
16 dispatchsrht
17 gitsrht
18 hgsrht
19 hubsrht
20 listssrht
21 mansrht
22 metasrht
23 pastesrht
24 todosrht
25 ]);
26 in
27 {
28 imports =
29 [
30 ./git.nix
31 ./hg.nix
32 ./hub.nix
33 ./todo.nix
34 ./man.nix
35 ./meta.nix
36 ./paste.nix
37 ./builds.nix
38 ./lists.nix
39 ./dispatch.nix
40 (mkRemovedOptionModule [ "services" "sourcehut" "nginx" "enable" ] ''
41 The sourcehut module supports `nginx` as a local reverse-proxy by default and doesn't
42 support other reverse-proxies officially.
43
44 However it's possible to use an alternative reverse-proxy by
45
46 * disabling nginx
47 * adjusting the relevant settings for server addresses and ports directly
48
49 Further details about this can be found in the `Sourcehut`-section of the NixOS-manual.
50 '')
51 ];
52
53 options.services.sourcehut = {
54 enable = mkEnableOption ''
55 sourcehut - git hosting, continuous integration, mailing list, ticket tracking,
56 task dispatching, wiki and account management services
57 '';
58
59 services = mkOption {
60 type = types.nonEmptyListOf (types.enum [ "builds" "dispatch" "git" "hub" "hg" "lists" "man" "meta" "paste" "todo" ]);
61 default = [ "man" "meta" "paste" ];
62 example = [ "builds" "dispatch" "git" "hub" "hg" "lists" "man" "meta" "paste" "todo" ];
63 description = ''
64 Services to enable on the sourcehut network.
65 '';
66 };
67
68 originBase = mkOption {
69 type = types.str;
70 default = with config.networking; hostName + lib.optionalString (domain != null) ".${domain}";
71 description = ''
72 Host name used by reverse-proxy and for default settings. Will host services at git."''${originBase}". For example: git.sr.ht
73 '';
74 };
75
76 address = mkOption {
77 type = types.str;
78 default = "127.0.0.1";
79 description = ''
80 Address to bind to.
81 '';
82 };
83
84 python = mkOption {
85 internal = true;
86 type = types.package;
87 default = python;
88 description = ''
89 The python package to use. It should contain references to the *srht modules and also
90 gunicorn.
91 '';
92 };
93
94 statePath = mkOption {
95 type = types.path;
96 default = "/var/lib/sourcehut";
97 description = ''
98 Root state path for the sourcehut network. If left as the default value
99 this directory will automatically be created before the sourcehut server
100 starts, otherwise the sysadmin is responsible for ensuring the
101 directory exists with appropriate ownership and permissions.
102 '';
103 };
104
105 settings = mkOption {
106 type = lib.types.submodule {
107 freeformType = settingsFormat.type;
108 };
109 default = { };
110 description = ''
111 The configuration for the sourcehut network.
112 '';
113 };
114 };
115
116 config = mkIf cfg.enable {
117 assertions =
118 [
119 {
120 assertion = with cfgIni.webhooks; private-key != null && stringLength private-key == 44;
121 message = "The webhook's private key must be defined and of a 44 byte length.";
122 }
123
124 {
125 assertion = hasAttrByPath [ "meta.sr.ht" "origin" ] cfgIni && cfgIni."meta.sr.ht".origin != null;
126 message = "meta.sr.ht's origin must be defined.";
127 }
128 ];
129
130 environment.etc."sr.ht/config.ini".source =
131 settingsFormat.generate "sourcehut-config.ini" (mapAttrsRecursive
132 (
133 path: v: if v == null then "" else v
134 )
135 cfg.settings);
136
137 environment.systemPackages = [ pkgs.sourcehut.coresrht ];
138
139 # PostgreSQL server
140 services.postgresql.enable = mkOverride 999 true;
141 # Mail server
142 services.postfix.enable = mkOverride 999 true;
143 # Cron daemon
144 services.cron.enable = mkOverride 999 true;
145 # Redis server
146 services.redis.enable = mkOverride 999 true;
147 services.redis.bind = mkOverride 999 "127.0.0.1";
148
149 services.sourcehut.settings = {
150 # The name of your network of sr.ht-based sites
151 "sr.ht".site-name = mkDefault "sourcehut";
152 # The top-level info page for your site
153 "sr.ht".site-info = mkDefault "https://sourcehut.org";
154 # {{ site-name }}, {{ site-blurb }}
155 "sr.ht".site-blurb = mkDefault "the hacker's forge";
156 # If this != production, we add a banner to each page
157 "sr.ht".environment = mkDefault "development";
158 # Contact information for the site owners
159 "sr.ht".owner-name = mkDefault "Drew DeVault";
160 "sr.ht".owner-email = mkDefault "sir@cmpwn.com";
161 # The source code for your fork of sr.ht
162 "sr.ht".source-url = mkDefault "https://git.sr.ht/~sircmpwn/srht";
163 # A secret key to encrypt session cookies with
164 "sr.ht".secret-key = mkDefault null;
165 "sr.ht".global-domain = mkDefault null;
166
167 # Outgoing SMTP settings
168 mail.smtp-host = mkDefault null;
169 mail.smtp-port = mkDefault null;
170 mail.smtp-user = mkDefault null;
171 mail.smtp-password = mkDefault null;
172 mail.smtp-from = mkDefault null;
173 # Application exceptions are emailed to this address
174 mail.error-to = mkDefault null;
175 mail.error-from = mkDefault null;
176 # Your PGP key information (DO NOT mix up pub and priv here)
177 # You must remove the password from your secret key, if present.
178 # You can do this with gpg --edit-key [key-id], then use the passwd
179 # command and do not enter a new password.
180 mail.pgp-privkey = mkDefault null;
181 mail.pgp-pubkey = mkDefault null;
182 mail.pgp-key-id = mkDefault null;
183
184 # base64-encoded Ed25519 key for signing webhook payloads. This should be
185 # consistent for all *.sr.ht sites, as we'll use this key to verify signatures
186 # from other sites in your network.
187 #
188 # Use the srht-webhook-keygen command to generate a key.
189 webhooks.private-key = mkDefault null;
190 };
191 };
192 meta.doc = ./sourcehut.xml;
193 meta.maintainers = with maintainers; [ tomberek ];
194 }