]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/modules/services/misc/sourcehut/dispatch.nix
rspamd: fix DKIM signing
[sourcephile-nix.git] / nixos / modules / services / misc / sourcehut / dispatch.nix
1 { config, lib, pkgs, ... }:
2
3 with lib;
4 let
5 cfg = config.services.sourcehut;
6 cfgIni = cfg.settings;
7 scfg = cfg.dispatch;
8 iniKey = "dispatch.sr.ht";
9 statePath = "/var/lib/sourcehut/dispatchsrht";
10
11 drv = pkgs.sourcehut.dispatchsrht;
12 in
13 {
14 options.services.sourcehut.dispatch = {
15 user = mkOption {
16 type = types.str;
17 default = "dispatchsrht";
18 description = ''
19 User for dispatch.sr.ht.
20 '';
21 };
22
23 port = mkOption {
24 type = types.port;
25 default = 5005;
26 description = ''
27 Port on which the "dispatch" module should listen.
28 '';
29 };
30
31 database = mkOption {
32 type = types.str;
33 default = "dispatch.sr.ht";
34 description = ''
35 PostgreSQL database name for dispatch.sr.ht.
36 '';
37 };
38
39 };
40
41 config = with scfg; lib.mkIf (cfg.enable && elem "dispatch" cfg.services) {
42
43 users = {
44 users = {
45 "${user}" = {
46 isSystemUser = true;
47 group = user;
48 description = "dispatch.sr.ht user";
49 };
50 };
51
52 groups = {
53 "${user}" = { };
54 };
55 };
56
57 services.postgresql = {
58 authentication = ''
59 local ${database} ${user} trust
60 '';
61 ensureDatabases = [ database ];
62 ensureUsers = [
63 {
64 name = user;
65 ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
66 }
67 ];
68 };
69
70 systemd = {
71 services.dispatchsrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
72 after = [ "postgresql.service" "network.target" ];
73 requires = [ "postgresql.service" ];
74 wantedBy = [ "multi-user.target" ];
75
76 description = "dispatch.sr.ht website service";
77
78 serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
79 };
80 };
81
82 services.nginx.virtualHosts."dispatch.${cfg.originBase}" = {
83 forceSSL = true;
84 locations."/".proxyPass = "http://${cfg.address}:${toString port}";
85 locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
86 locations."/static".root = "${pkgs.sourcehut.dispatchsrht}/${pkgs.sourcehut.python.sitePackages}/dispatchsrht";
87 };
88 };
89 }