1 { config, pkgs, lib, ... }:
5 cfg = config.services.sourcehut;
7 settingsFormat = pkgs.formats.ini { };
9 # Specialized python containing all the modules
10 python = pkgs.sourcehut.python.withPackages (ps: with ps; [
40 (mkRemovedOptionModule [ "services" "sourcehut" "nginx" "enable" ] ''
41 The sourcehut module supports `nginx` as a local reverse-proxy by default and doesn't
42 support other reverse-proxies officially.
44 However it's possible to use an alternative reverse-proxy by
47 * adjusting the relevant settings for server addresses and ports directly
49 Further details about this can be found in the `Sourcehut`-section of the NixOS-manual.
53 options.services.sourcehut = {
54 enable = mkEnableOption ''
55 sourcehut - git hosting, continuous integration, mailing list, ticket tracking,
56 task dispatching, wiki and account management services
60 type = types.nonEmptyListOf (types.enum [ "builds" "dispatch" "git" "hub" "hg" "lists" "man" "meta" "paste" "todo" ]);
61 default = [ "man" "meta" "paste" ];
62 example = [ "builds" "dispatch" "git" "hub" "hg" "lists" "man" "meta" "paste" "todo" ];
64 Services to enable on the sourcehut network.
68 originBase = mkOption {
70 default = with config.networking; hostName + lib.optionalString (domain != null) ".${domain}";
72 Host name used by reverse-proxy and for default settings. Will host services at git."''${originBase}". For example: git.sr.ht
78 default = "127.0.0.1";
89 The python package to use. It should contain references to the *srht modules and also
94 statePath = mkOption {
96 default = "/var/lib/sourcehut";
98 Root state path for the sourcehut network. If left as the default value
99 this directory will automatically be created before the sourcehut server
100 starts, otherwise the sysadmin is responsible for ensuring the
101 directory exists with appropriate ownership and permissions.
105 settings = mkOption {
106 type = lib.types.submodule {
107 freeformType = settingsFormat.type;
111 The configuration for the sourcehut network.
116 config = mkIf cfg.enable {
120 assertion = with cfgIni.webhooks; private-key != null && stringLength private-key == 44;
121 message = "The webhook's private key must be defined and of a 44 byte length.";
125 assertion = hasAttrByPath [ "meta.sr.ht" "origin" ] cfgIni && cfgIni."meta.sr.ht".origin != null;
126 message = "meta.sr.ht's origin must be defined.";
130 environment.etc."sr.ht/config.ini".source =
131 settingsFormat.generate "sourcehut-config.ini" (mapAttrsRecursive
133 path: v: if v == null then "" else v
137 environment.systemPackages = [ pkgs.sourcehut.coresrht ];
140 services.postgresql.enable = mkOverride 999 true;
142 services.postfix.enable = mkOverride 999 true;
144 services.cron.enable = mkOverride 999 true;
146 services.redis.enable = mkOverride 999 true;
147 services.redis.bind = mkOverride 999 "127.0.0.1";
149 services.sourcehut.settings = {
150 # The name of your network of sr.ht-based sites
151 "sr.ht".site-name = mkDefault "sourcehut";
152 # The top-level info page for your site
153 "sr.ht".site-info = mkDefault "https://sourcehut.org";
154 # {{ site-name }}, {{ site-blurb }}
155 "sr.ht".site-blurb = mkDefault "the hacker's forge";
156 # If this != production, we add a banner to each page
157 "sr.ht".environment = mkDefault "development";
158 # Contact information for the site owners
159 "sr.ht".owner-name = mkDefault "Drew DeVault";
160 "sr.ht".owner-email = mkDefault "sir@cmpwn.com";
161 # The source code for your fork of sr.ht
162 "sr.ht".source-url = mkDefault "https://git.sr.ht/~sircmpwn/srht";
163 # A secret key to encrypt session cookies with
164 "sr.ht".secret-key = mkDefault null;
165 "sr.ht".global-domain = mkDefault null;
167 # Outgoing SMTP settings
168 mail.smtp-host = mkDefault null;
169 mail.smtp-port = mkDefault null;
170 mail.smtp-user = mkDefault null;
171 mail.smtp-password = mkDefault null;
172 mail.smtp-from = mkDefault null;
173 # Application exceptions are emailed to this address
174 mail.error-to = mkDefault null;
175 mail.error-from = mkDefault null;
176 # Your PGP key information (DO NOT mix up pub and priv here)
177 # You must remove the password from your secret key, if present.
178 # You can do this with gpg --edit-key [key-id], then use the passwd
179 # command and do not enter a new password.
180 mail.pgp-privkey = mkDefault null;
181 mail.pgp-pubkey = mkDefault null;
182 mail.pgp-key-id = mkDefault null;
184 # base64-encoded Ed25519 key for signing webhook payloads. This should be
185 # consistent for all *.sr.ht sites, as we'll use this key to verify signatures
186 # from other sites in your network.
188 # Use the srht-webhook-keygen command to generate a key.
189 webhooks.private-key = mkDefault null;
192 meta.doc = ./sourcehut.xml;
193 meta.maintainers = with maintainers; [ tomberek ];