]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/modules/services/misc/sourcehut/lists.nix
sourcehut: use systemd timers instead of cron
[sourcephile-nix.git] / nixos / modules / services / misc / sourcehut / lists.nix
1 # Email setup is fairly involved, useful references:
2 # https://drewdevault.com/2018/08/05/Local-mail-server.html
3
4 { config, lib, pkgs, ... }:
5
6 with lib;
7 let
8 cfg = config.services.sourcehut;
9 cfgIni = cfg.settings;
10 scfg = cfg.lists;
11 iniKey = "lists.sr.ht";
12 statePath = "/var/lib/sourcehut/listssrht";
13
14 rcfg = config.services.redis;
15 drv = pkgs.sourcehut.listssrht;
16 in
17 {
18 options.services.sourcehut.lists = {
19 enable = mkEnableOption "lists service";
20
21 user = mkOption {
22 type = types.str;
23 default = "listssrht";
24 description = ''
25 User for lists.sr.ht.
26 '';
27 };
28
29 port = mkOption {
30 type = types.port;
31 default = 5006;
32 description = ''
33 Port on which the "lists" module should listen.
34 '';
35 };
36
37 database = mkOption {
38 type = types.str;
39 default = "lists.sr.ht";
40 description = ''
41 PostgreSQL database name for lists.sr.ht.
42 '';
43 };
44 };
45
46 config = with scfg; lib.mkIf (cfg.enable && scfg.enable) {
47 users = {
48 users = {
49 "${user}" = {
50 isSystemUser = true;
51 group = user;
52 extraGroups = [ "postfix" ];
53 description = "lists.sr.ht user";
54 };
55 };
56 groups = {
57 "${user}" = { };
58 };
59 };
60
61 services.postgresql = {
62 authentication = ''
63 local ${database} ${user} trust
64 '';
65 ensureDatabases = [ database ];
66 ensureUsers = [
67 {
68 name = user;
69 ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
70 }
71 ];
72 };
73
74 systemd = {
75 services = {
76 listssrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
77 after = [ "postgresql.service" "network.target" ];
78 requires = [ "postgresql.service" ];
79 wantedBy = [ "multi-user.target" ];
80
81 description = "lists.sr.ht website service";
82
83 serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
84 };
85
86 listssrht-process = {
87 after = [ "postgresql.service" "network.target" ];
88 requires = [ "postgresql.service" ];
89 wantedBy = [ "multi-user.target" ];
90
91 description = "lists.sr.ht process service";
92 serviceConfig = {
93 Type = "simple";
94 User = user;
95 Restart = "always";
96 ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.process worker --loglevel INFO --pool eventlet";
97 };
98 };
99
100 listssrht-lmtp = {
101 after = [ "postgresql.service" "network.target" ];
102 requires = [ "postgresql.service" ];
103 wantedBy = [ "multi-user.target" ];
104
105 description = "lists.sr.ht process service";
106 serviceConfig = {
107 Type = "simple";
108 User = user;
109 Restart = "always";
110 ExecStart = "${cfg.python}/bin/listssrht-lmtp";
111 };
112 };
113
114
115 listssrht-webhooks = {
116 after = [ "postgresql.service" "network.target" ];
117 requires = [ "postgresql.service" ];
118 wantedBy = [ "multi-user.target" ];
119
120 description = "lists.sr.ht webhooks service";
121 serviceConfig = {
122 Type = "simple";
123 User = user;
124 Restart = "always";
125 ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel INFO --pool eventlet";
126 };
127 };
128 };
129 };
130
131 services.nginx.virtualHosts."lists.${cfg.originBase}" = {
132 forceSSL = true;
133 locations."/".proxyPass = "http://${cfg.address}:${toString port}";
134 locations."/query".proxyPass = cfgIni."meta.sr.ht".api-origin;
135 locations."/static".root = "${pkgs.sourcehut.listssrht}/${pkgs.sourcehut.python.sitePackages}/listssrht";
136 };
137 };
138 }