]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/modules/services/misc/sourcehut/man.nix
rspamd: fix DKIM signing
[sourcephile-nix.git] / nixos / modules / services / misc / sourcehut / man.nix
1 { config, lib, pkgs, ... }:
2
3 with lib;
4 let
5 cfg = config.services.sourcehut;
6 cfgIni = cfg.settings;
7 scfg = cfg.man;
8 iniKey = "man.sr.ht";
9 statePath = "/var/lib/sourcehut/mansrht";
10
11 drv = pkgs.sourcehut.mansrht;
12 in
13 {
14 options.services.sourcehut.man = {
15 user = mkOption {
16 type = types.str;
17 default = "mansrht";
18 description = ''
19 User for man.sr.ht.
20 '';
21 };
22
23 port = mkOption {
24 type = types.port;
25 default = 5004;
26 description = ''
27 Port on which the "man" module should listen.
28 '';
29 };
30
31 database = mkOption {
32 type = types.str;
33 default = "man.sr.ht";
34 description = ''
35 PostgreSQL database name for man.sr.ht.
36 '';
37 };
38 };
39
40 config = with scfg; lib.mkIf (cfg.enable && elem "man" cfg.services) {
41 assertions =
42 [
43 {
44 assertion = hasAttrByPath [ "git.sr.ht" "oauth-client-id" ] cfgIni;
45 message = "man.sr.ht needs access to git.sr.ht.";
46 }
47 ];
48
49 users = {
50 users = {
51 "${user}" = {
52 isSystemUser = true;
53 group = user;
54 description = "man.sr.ht user";
55 };
56 };
57
58 groups = {
59 "${user}" = { };
60 };
61 };
62
63 services.postgresql = {
64 authentication = ''
65 local ${database} ${user} trust
66 '';
67 ensureDatabases = [ database ];
68 ensureUsers = [
69 {
70 name = user;
71 ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
72 }
73 ];
74 };
75
76 systemd = {
77 services.mansrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
78 after = [ "postgresql.service" "network.target" ];
79 requires = [ "postgresql.service" ];
80 wantedBy = [ "multi-user.target" ];
81
82 description = "man.sr.ht website service";
83
84 serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
85 };
86 };
87
88 services.nginx.virtualHosts."man.${cfg.originBase}" = {
89 forceSSL = true;
90 locations."/".proxyPass = "http://${cfg.address}:${toString port}";
91 locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
92 locations."/static".root = "${pkgs.sourcehut.mansrht}/${pkgs.sourcehut.python.sitePackages}/mansrht";
93 };
94 };
95 }