]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/modules/services/misc/sourcehut/hub.nix
sourcehut: add metasrht-manageuser to systemPackages
[sourcephile-nix.git] / nixos / modules / services / misc / sourcehut / hub.nix
1 { config, lib, pkgs, ... }:
2
3 with lib;
4 let
5 cfg = config.services.sourcehut;
6 cfgIni = cfg.settings;
7 scfg = cfg.hub;
8 iniKey = "hub.sr.ht";
9 statePath = "/var/lib/sourcehut/hubsrht";
10
11 drv = pkgs.sourcehut.hubsrht;
12 in
13 {
14 options.services.sourcehut.hub = {
15 user = mkOption {
16 type = types.str;
17 default = "hubsrht";
18 description = ''
19 User for hub.sr.ht.
20 '';
21 };
22
23 port = mkOption {
24 type = types.port;
25 default = 5014;
26 description = ''
27 Port on which the "hub" module should listen.
28 '';
29 };
30
31 database = mkOption {
32 type = types.str;
33 default = "hub.sr.ht";
34 description = ''
35 PostgreSQL database name for hub.sr.ht.
36 '';
37 };
38 };
39
40 config = with scfg; lib.mkIf (cfg.enable && elem "hub" cfg.services) {
41 users = {
42 users = {
43 "${user}" = {
44 isSystemUser = true;
45 group = user;
46 description = "hub.sr.ht user";
47 };
48 };
49
50 groups = {
51 "${user}" = { };
52 };
53 };
54
55 services.postgresql = {
56 authentication = ''
57 local ${database} ${user} trust
58 '';
59 ensureDatabases = [ database ];
60 ensureUsers = [
61 {
62 name = user;
63 ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
64 }
65 ];
66 };
67
68 systemd = {
69 services.hubsrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
70 after = [ "postgresql.service" "network.target" ];
71 requires = [ "postgresql.service" ];
72 wantedBy = [ "multi-user.target" ];
73
74 description = "hub.sr.ht website service";
75
76 serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
77 };
78 };
79
80 services.nginx.virtualHosts."${cfg.originBase}" = {
81 forceSSL = true;
82 locations."/".proxyPass = "http://${cfg.address}:${toString port}";
83 locations."/query".proxyPass = cfgIni."meta.sr.ht".api-origin;
84 locations."/static".root = "${pkgs.sourcehut.hubsrht}/${pkgs.sourcehut.python.sitePackages}/hubsrht";
85 };
86 services.nginx.virtualHosts."hub.${cfg.originBase}" = {
87 globalRedirect = "${cfg.originBase}";
88 forceSSL = true;
89 };
90 };
91 }