nixos/modules/services/misc/sourcehut/todo.nix

   1 { config, lib, pkgs, ... }:
   2
   3 with lib;
   4 let
   5   cfg = config.services.sourcehut;
   6   cfgIni = cfg.settings;
   7   scfg = cfg.todo;
   8   iniKey = "todo.sr.ht";
   9   statePath = "/var/lib/sourcehut/todosrht";
  10
  11   rcfg = config.services.redis;
  12   drv = pkgs.sourcehut.todosrht;
  13 in
  14 {
  15   options.services.sourcehut.todo = {
  16     user = mkOption {
  17       type = types.str;
  18       default = "todosrht";
  19       description = ''
  20         User for todo.sr.ht.
  21       '';
  22     };
  23
  24     port = mkOption {
  25       type = types.port;
  26       default = 5003;
  27       description = ''
  28         Port on which the "todo" module should listen.
  29       '';
  30     };
  31
  32     database = mkOption {
  33       type = types.str;
  34       default = "todo.sr.ht";
  35       description = ''
  36         PostgreSQL database name for todo.sr.ht.
  37       '';
  38     };
  39   };
  40
  41   config = with scfg; lib.mkIf (cfg.enable && elem "todo" cfg.services) {
  42     users = {
  43       users = {
  44         "${user}" = {
  45           isSystemUser = true;
  46           group = user;
  47           extraGroups = [ "postfix" ];
  48           description = "todo.sr.ht user";
  49         };
  50       };
  51       groups = {
  52         "${user}" = { };
  53       };
  54     };
  55
  56     services.postgresql = {
  57       authentication = ''
  58         local ${database} ${user} trust
  59       '';
  60       ensureDatabases = [ database ];
  61       ensureUsers = [
  62         {
  63           name = user;
  64           ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
  65         }
  66       ];
  67     };
  68
  69     systemd = {
  70       services = {
  71         todosrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
  72           after = [ "postgresql.service" "network.target" ];
  73           requires = [ "postgresql.service" ];
  74           wantedBy = [ "multi-user.target" ];
  75
  76           description = "todo.sr.ht website service";
  77
  78           serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
  79         };
  80
  81        todosrht-lmtp = {
  82          after = [ "postgresql.service" "network.target" ];
  83          bindsTo = [ "postgresql.service" ];
  84          wantedBy = [ "multi-user.target" ];
  85
  86          description = "todo.sr.ht process service";
  87          serviceConfig = {
  88            Type = "simple";
  89            User = user;
  90            Restart = "always";
  91            ExecStart = "${cfg.python}/bin/todosrht-lmtp";
  92          };
  93        };
  94
  95         todosrht-webhooks = {
  96           after = [ "postgresql.service" "network.target" ];
  97           requires = [ "postgresql.service" ];
  98           wantedBy = [ "multi-user.target" ];
  99
 100           description = "todo.sr.ht webhooks service";
 101           serviceConfig = {
 102             Type = "simple";
 103             User = user;
 104             Restart = "always";
 105             ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel INFO --pool eventlet";
 106           };
 107
 108         };
 109       };
 110     };
 111
 112     services.nginx.virtualHosts."todo.${cfg.originBase}" = {
 113       forceSSL = true;
 114       locations."/".proxyPass = "http://${cfg.address}:${toString port}";
 115       locations."/query".proxyPass = cfgIni."meta.sr.ht".api-origin;
 116       locations."/static".root = "${pkgs.sourcehut.todosrht}/${pkgs.sourcehut.python.sitePackages}/todosrht";
 117     };
 118   };
 119 }