nixos/modules/services/misc/sourcehut/todo.nix

   1 { config, lib, pkgs, ... }:
   2
   3 with lib;
   4 let
   5   cfg = config.services.sourcehut;
   6   cfgIni = cfg.settings;
   7   scfg = cfg.todo;
   8   iniKey = "todo.sr.ht";
   9
  10   rcfg = config.services.redis;
  11   drv = pkgs.sourcehut.todosrht;
  12 in
  13 {
  14   options.services.sourcehut.todo = {
  15     user = mkOption {
  16       type = types.str;
  17       default = "todosrht";
  18       description = ''
  19         User for todo.sr.ht.
  20       '';
  21     };
  22
  23     port = mkOption {
  24       type = types.port;
  25       default = 5003;
  26       description = ''
  27         Port on which the "todo" module should listen.
  28       '';
  29     };
  30
  31     database = mkOption {
  32       type = types.str;
  33       default = "todo.sr.ht";
  34       description = ''
  35         PostgreSQL database name for todo.sr.ht.
  36       '';
  37     };
  38
  39     statePath = mkOption {
  40       type = types.path;
  41       default = "${cfg.statePath}/todosrht";
  42       description = ''
  43         State path for todo.sr.ht.
  44       '';
  45     };
  46   };
  47
  48   config = with scfg; lib.mkIf (cfg.enable && elem "todo" cfg.services) {
  49     users = {
  50       users = {
  51         "${user}" = {
  52           isSystemUser = true;
  53           group = user;
  54           extraGroups = [ "postfix" ];
  55           description = "todo.sr.ht user";
  56         };
  57       };
  58       groups = {
  59         "${user}" = { };
  60       };
  61     };
  62
  63     services.postgresql = {
  64       authentication = ''
  65         local ${database} ${user} trust
  66       '';
  67       ensureDatabases = [ database ];
  68       ensureUsers = [
  69         {
  70           name = user;
  71           ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
  72         }
  73       ];
  74     };
  75
  76     systemd = {
  77       tmpfiles.rules = [
  78         "d ${statePath} 0750 ${user} ${user} -"
  79       ];
  80
  81       services = {
  82         todosrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
  83           after = [ "postgresql.service" "network.target" ];
  84           requires = [ "postgresql.service" ];
  85           wantedBy = [ "multi-user.target" ];
  86
  87           description = "todo.sr.ht website service";
  88
  89           serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
  90         };
  91
  92        todosrht-lmtp = {
  93          after = [ "postgresql.service" "network.target" ];
  94          bindsTo = [ "postgresql.service" ];
  95          wantedBy = [ "multi-user.target" ];
  96
  97          description = "todo.sr.ht process service";
  98          serviceConfig = {
  99            Type = "simple";
 100            User = user;
 101            Restart = "always";
 102            ExecStart = "${cfg.python}/bin/todosrht-lmtp";
 103          };
 104        };
 105
 106         todosrht-webhooks = {
 107           after = [ "postgresql.service" "network.target" ];
 108           requires = [ "postgresql.service" ];
 109           wantedBy = [ "multi-user.target" ];
 110
 111           description = "todo.sr.ht webhooks service";
 112           serviceConfig = {
 113             Type = "simple";
 114             User = user;
 115             Restart = "always";
 116             ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel INFO --pool eventlet";
 117           };
 118
 119         };
 120       };
 121     };
 122
 123     services.sourcehut.settings = {
 124       # URL todo.sr.ht is being served at (protocol://domain)
 125       "todo.sr.ht".origin = mkDefault "http://todo.${cfg.originBase}";
 126       # Address and port to bind the debug server to
 127       "todo.sr.ht".debug-host = mkDefault "0.0.0.0";
 128       "todo.sr.ht".debug-port = mkDefault port;
 129       # Configures the SQLAlchemy connection string for the database.
 130       "todo.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
 131       # todo.sr.ht's OAuth client ID and secret for meta.sr.ht
 132       # Register your client at meta.example.org/oauth
 133       "todo.sr.ht".oauth-client-id = mkDefault null;
 134       "todo.sr.ht".oauth-client-secret = mkDefault null;
 135       # Outgoing email for notifications generated by users
 136       "todo.sr.ht".notify-from = mkDefault "CHANGEME@example.org";
 137       # The redis connection used for the webhooks worker
 138       "todo.sr.ht".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/1";
 139       # Network-key
 140       "todo.sr.ht".network-key = mkDefault null;
 141
 142       # Path for the lmtp daemon's unix socket. Direct incoming mail to this socket.
 143       # Alternatively, specify IP:PORT and an SMTP server will be run instead.
 144       "todo.sr.ht::mail".sock = mkDefault "/tmp/todo.sr.ht-lmtp.sock";
 145       # The lmtp daemon will make the unix socket group-read/write for users in this
 146       # group.
 147       "todo.sr.ht::mail".sock-group = mkDefault "postfix";
 148
 149       "todo.sr.ht::mail".posting-domain = mkDefault "todo.${cfg.originBase}";
 150     };
 151
 152     services.nginx.virtualHosts."todo.${cfg.originBase}" = {
 153       forceSSL = true;
 154       locations."/".proxyPass = "http://${cfg.address}:${toString port}";
 155       locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
 156       locations."/static".root = "${pkgs.sourcehut.todosrht}/${pkgs.sourcehut.python.sitePackages}/todosrht";
 157     };
 158   };
 159 }