nixos/modules/services/misc/sourcehut/todo.nix

   1 { config, lib, pkgs, ... }:
   2
   3 with lib;
   4 let
   5   cfg = config.services.sourcehut;
   6   cfgIni = cfg.settings;
   7   scfg = cfg.todo;
   8   iniKey = "todo.sr.ht";
   9   statePath = "/var/lib/sourcehut/todosrht";
  10
  11   rcfg = config.services.redis;
  12   drv = pkgs.sourcehut.todosrht;
  13 in
  14 {
  15   options.services.sourcehut.todo = {
  16     enable = mkEnableOption "todo service";
  17
  18     user = mkOption {
  19       type = types.str;
  20       default = "todosrht";
  21       description = ''
  22         User for todo.sr.ht.
  23       '';
  24     };
  25
  26     port = mkOption {
  27       type = types.port;
  28       default = 5003;
  29       description = ''
  30         Port on which the "todo" module should listen.
  31       '';
  32     };
  33
  34     database = mkOption {
  35       type = types.str;
  36       default = "todo.sr.ht";
  37       description = ''
  38         PostgreSQL database name for todo.sr.ht.
  39       '';
  40     };
  41   };
  42
  43   config = with scfg; lib.mkIf (cfg.enable && scfg.enable) {
  44     users = {
  45       users = {
  46         "${user}" = {
  47           isSystemUser = true;
  48           group = user;
  49           extraGroups = [ "postfix" ];
  50           description = "todo.sr.ht user";
  51         };
  52       };
  53       groups = {
  54         "${user}" = { };
  55       };
  56     };
  57
  58     services.postgresql = {
  59       authentication = ''
  60         local ${database} ${user} trust
  61       '';
  62       ensureDatabases = [ database ];
  63       ensureUsers = [
  64         {
  65           name = user;
  66           ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
  67         }
  68       ];
  69     };
  70
  71     systemd = {
  72       services = {
  73         todosrht = import ./service.nix { inherit config pkgs lib; initDB = true; } scfg drv iniKey {
  74           after = [ "postgresql.service" "network.target" ];
  75           requires = [ "postgresql.service" ];
  76           wantedBy = [ "multi-user.target" ];
  77
  78           description = "todo.sr.ht website service";
  79
  80           serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
  81         };
  82
  83        todosrht-lmtp = {
  84          after = [ "postgresql.service" "network.target" ];
  85          bindsTo = [ "postgresql.service" ];
  86          wantedBy = [ "multi-user.target" ];
  87
  88          description = "todo.sr.ht process service";
  89          serviceConfig = {
  90            Type = "simple";
  91            User = user;
  92            Restart = "always";
  93            ExecStart = "${cfg.python}/bin/todosrht-lmtp";
  94          };
  95        };
  96
  97         todosrht-webhooks = {
  98           after = [ "postgresql.service" "network.target" ];
  99           requires = [ "postgresql.service" ];
 100           wantedBy = [ "multi-user.target" ];
 101
 102           description = "todo.sr.ht webhooks service";
 103           serviceConfig = {
 104             Type = "simple";
 105             User = user;
 106             Restart = "always";
 107             ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel INFO --pool eventlet";
 108           };
 109
 110         };
 111       };
 112     };
 113
 114     services.nginx.virtualHosts."todo.${cfg.originBase}" = {
 115       forceSSL = true;
 116       locations."/".proxyPass = "http://${cfg.address}:${toString port}";
 117       locations."/query".proxyPass = cfgIni."meta.sr.ht".api-origin;
 118       locations."/static".root = "${pkgs.sourcehut.todosrht}/${pkgs.sourcehut.python.sitePackages}/todosrht";
 119     };
 120   };
 121 }