1 { config, lib, pkgs, ... }:
5 cfg = config.services.sourcehut;
10 rcfg = config.services.redis;
11 drv = pkgs.sourcehut.metasrht;
14 options.services.sourcehut.meta = {
27 Port on which the "meta" module should listen.
33 default = "meta.sr.ht";
35 PostgreSQL database name for meta.sr.ht.
39 statePath = mkOption {
41 default = "${cfg.statePath}/metasrht";
43 State path for meta.sr.ht.
48 config = with scfg; lib.mkIf (cfg.enable && elem "meta" cfg.services) {
52 assertion = with cfgIni."meta.sr.ht::billing"; enabled == "yes" -> (stripe-public-key != null && stripe-secret-key != null);
53 message = "If meta.sr.ht::billing is enabled, the keys should be defined.";
62 description = "meta.sr.ht user";
71 services.cron.systemCronJobs = [ "0 0 * * * ${cfg.python}/bin/metasrht-daily" ];
72 services.postgresql = {
74 local ${database} ${user} trust
76 ensureDatabases = [ database ];
80 ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
87 "d ${statePath} 0750 ${user} ${user} -"
92 # Configure client(s) as "preauthorized"
93 ${concatMapStringsSep "\n\n"
95 if ! test -e "${statePath}/${attr}.oauth" || [ "$(cat ${statePath}/${attr}.oauth)" != "${cfgIni."${attr}".oauth-client-id}" ]; then
96 # Configure ${attr}'s OAuth client as "preauthorized"
98 -c "UPDATE oauthclient SET preauthorized = true WHERE client_id = '${cfgIni."${attr}".oauth-client-id}'"
100 printf "%s" "${cfgIni."${attr}".oauth-client-id}" > "${statePath}/${attr}.oauth"
103 (builtins.attrNames (filterAttrs
104 (k: v: !(hasInfix "::" k) && (v.oauth-client-id or null) != null)
108 metasrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
109 after = [ "postgresql.service" "network.target" ];
110 requires = [ "postgresql.service" ];
111 wantedBy = [ "multi-user.target" ];
113 description = "meta.sr.ht website service";
115 preStart = commonPreStart;
117 serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
120 metasrht-api = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
121 after = [ "postgresql.service" "network.target" ];
122 requires = [ "postgresql.service" ];
123 wantedBy = [ "multi-user.target" ];
125 description = "meta.sr.ht api service";
127 preStart = commonPreStart;
129 serviceConfig.ExecStart = "${pkgs.sourcehut.metasrht}/bin/metasrht-api -b :${toString (port + 100)}";
132 metasrht-webhooks = {
133 after = [ "postgresql.service" "network.target" ];
134 requires = [ "postgresql.service" ];
135 wantedBy = [ "multi-user.target" ];
137 description = "meta.sr.ht webhooks service";
142 ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel INFO --pool eventlet";
149 services.sourcehut.settings = {
150 # URL meta.sr.ht is being served at (protocol://domain)
151 "meta.sr.ht".origin = mkDefault "https://meta.${cfg.originBase}";
152 # Address and port to bind the debug server to
153 "meta.sr.ht".debug-host = mkDefault "0.0.0.0";
154 "meta.sr.ht".debug-port = mkDefault port;
155 # Configures the SQLAlchemy connection string for the database.
156 "meta.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
157 # If "yes", the user will be sent the stock sourcehut welcome emails after
158 # signup (requires cron to be configured properly). These are specific to the
159 # sr.ht instance so you probably want to patch these before enabling this.
160 "meta.sr.ht".welcome-emails = mkDefault "no";
162 # The redis connection used for the webhooks worker
163 "meta.sr.ht".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/6";
165 # If "no", public registration will not be permitted.
166 "meta.sr.ht::settings".registration = mkDefault "no";
167 # Where to redirect new users upon registration
168 "meta.sr.ht::settings".onboarding-redirect = mkDefault "https://meta.${cfg.originBase}";
169 # How many invites each user is issued upon registration (only applicable if
170 # open registration is disabled)
171 "meta.sr.ht::settings".user-invites = mkDefault 5;
173 # Origin URL for API, 100 more than web
174 "meta.sr.ht".api-origin = mkDefault "http://localhost:5100";
176 # You can add aliases for the client IDs of commonly used OAuth clients here.
179 "meta.sr.ht::aliases" = mkDefault { };
180 # "meta.sr.ht::aliases"."git.sr.ht" = 12345;
182 # "yes" to enable the billing system
183 "meta.sr.ht::billing".enabled = mkDefault "no";
184 # Get your keys at https://dashboard.stripe.com/account/apikeys
185 "meta.sr.ht::billing".stripe-public-key = mkDefault null;
186 "meta.sr.ht::billing".stripe-secret-key = mkDefault null;
189 services.nginx.virtualHosts."meta.${cfg.originBase}" = {
191 locations."/".proxyPass = "http://${cfg.address}:${toString port}";
192 locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
193 locations."/static".root = "${pkgs.sourcehut.metasrht}/${pkgs.sourcehut.python.sitePackages}/metasrht";