]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/modules/services/misc/sourcehut/dispatch.nix
nix: update inputs
[sourcephile-nix.git] / nixos / modules / services / misc / sourcehut / dispatch.nix
1 { config, lib, pkgs, ... }:
2
3 with lib;
4 let
5 cfg = config.services.sourcehut;
6 cfgIni = cfg.settings;
7 scfg = cfg.dispatch;
8 iniKey = "dispatch.sr.ht";
9 statePath = "/var/lib/sourcehut/dispatchsrht";
10
11 drv = pkgs.sourcehut.dispatchsrht;
12 in
13 {
14 options.services.sourcehut.dispatch = {
15 enable = mkEnableOption "dispatch service";
16
17 user = mkOption {
18 type = types.str;
19 default = "dispatchsrht";
20 description = ''
21 User for dispatch.sr.ht.
22 '';
23 };
24
25 port = mkOption {
26 type = types.port;
27 default = 5005;
28 description = ''
29 Port on which the "dispatch" module should listen.
30 '';
31 };
32
33 database = mkOption {
34 type = types.str;
35 default = "dispatch.sr.ht";
36 description = ''
37 PostgreSQL database name for dispatch.sr.ht.
38 '';
39 };
40
41 };
42
43 config = with scfg; lib.mkIf (cfg.enable && scfg.enable) {
44
45 users = {
46 users = {
47 "${user}" = {
48 isSystemUser = true;
49 group = user;
50 description = "dispatch.sr.ht user";
51 };
52 };
53
54 groups = {
55 "${user}" = { };
56 };
57 };
58
59 services.postgresql = {
60 authentication = ''
61 local ${database} ${user} trust
62 '';
63 ensureDatabases = [ database ];
64 ensureUsers = [
65 {
66 name = user;
67 ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
68 }
69 ];
70 };
71
72 systemd = {
73 services.dispatchsrht = import ./service.nix { inherit config pkgs lib; initDB = true; } scfg drv iniKey {
74 after = [ "postgresql.service" "network.target" ];
75 requires = [ "postgresql.service" ];
76 wantedBy = [ "multi-user.target" ];
77
78 description = "dispatch.sr.ht website service";
79
80 serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
81 };
82 };
83
84 services.nginx.virtualHosts."dispatch.${cfg.originBase}" = {
85 forceSSL = true;
86 locations."/".proxyPass = "http://${cfg.address}:${toString port}";
87 locations."/query".proxyPass = cfgIni."meta.sr.ht".api-origin;
88 locations."/static".root = "${pkgs.sourcehut.dispatchsrht}/${pkgs.sourcehut.python.sitePackages}/dispatchsrht";
89 };
90 };
91 }