]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/modules/services/misc/sourcehut/lists.nix
rspamd: fix DKIM signing
[sourcephile-nix.git] / nixos / modules / services / misc / sourcehut / lists.nix
1 # Email setup is fairly involved, useful references:
2 # https://drewdevault.com/2018/08/05/Local-mail-server.html
3
4 { config, lib, pkgs, ... }:
5
6 with lib;
7 let
8 cfg = config.services.sourcehut;
9 cfgIni = cfg.settings;
10 scfg = cfg.lists;
11 iniKey = "lists.sr.ht";
12 statePath = "/var/lib/sourcehut/listssrht";
13
14 rcfg = config.services.redis;
15 drv = pkgs.sourcehut.listssrht;
16 in
17 {
18 options.services.sourcehut.lists = {
19 user = mkOption {
20 type = types.str;
21 default = "listssrht";
22 description = ''
23 User for lists.sr.ht.
24 '';
25 };
26
27 port = mkOption {
28 type = types.port;
29 default = 5006;
30 description = ''
31 Port on which the "lists" module should listen.
32 '';
33 };
34
35 database = mkOption {
36 type = types.str;
37 default = "lists.sr.ht";
38 description = ''
39 PostgreSQL database name for lists.sr.ht.
40 '';
41 };
42 };
43
44 config = with scfg; lib.mkIf (cfg.enable && elem "lists" cfg.services) {
45 users = {
46 users = {
47 "${user}" = {
48 isSystemUser = true;
49 group = user;
50 extraGroups = [ "postfix" ];
51 description = "lists.sr.ht user";
52 };
53 };
54 groups = {
55 "${user}" = { };
56 };
57 };
58
59 services.postgresql = {
60 authentication = ''
61 local ${database} ${user} trust
62 '';
63 ensureDatabases = [ database ];
64 ensureUsers = [
65 {
66 name = user;
67 ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
68 }
69 ];
70 };
71
72 systemd = {
73 services = {
74 listssrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
75 after = [ "postgresql.service" "network.target" ];
76 requires = [ "postgresql.service" ];
77 wantedBy = [ "multi-user.target" ];
78
79 description = "lists.sr.ht website service";
80
81 serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
82 };
83
84 listssrht-process = {
85 after = [ "postgresql.service" "network.target" ];
86 requires = [ "postgresql.service" ];
87 wantedBy = [ "multi-user.target" ];
88
89 description = "lists.sr.ht process service";
90 serviceConfig = {
91 Type = "simple";
92 User = user;
93 Restart = "always";
94 ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.process worker --loglevel INFO --pool eventlet";
95 };
96 };
97
98 listssrht-lmtp = {
99 after = [ "postgresql.service" "network.target" ];
100 requires = [ "postgresql.service" ];
101 wantedBy = [ "multi-user.target" ];
102
103 description = "lists.sr.ht process service";
104 serviceConfig = {
105 Type = "simple";
106 User = user;
107 Restart = "always";
108 ExecStart = "${cfg.python}/bin/listssrht-lmtp";
109 };
110 };
111
112
113 listssrht-webhooks = {
114 after = [ "postgresql.service" "network.target" ];
115 requires = [ "postgresql.service" ];
116 wantedBy = [ "multi-user.target" ];
117
118 description = "lists.sr.ht webhooks service";
119 serviceConfig = {
120 Type = "simple";
121 User = user;
122 Restart = "always";
123 ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel INFO --pool eventlet";
124 };
125 };
126 };
127 };
128
129 services.nginx.virtualHosts."lists.${cfg.originBase}" = {
130 forceSSL = true;
131 locations."/".proxyPass = "http://${cfg.address}:${toString port}";
132 locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
133 locations."/static".root = "${pkgs.sourcehut.listssrht}/${pkgs.sourcehut.python.sitePackages}/listssrht";
134 };
135 };
136 }