]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/modules/services/misc/sourcehut/dispatch.nix
sourcephile / git / sourcephile-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
sourcehut: commit upstream NixOS modules
[sourcephile-nix.git] / nixos / modules / services / misc / sourcehut / dispatch.nix
1 { config, lib, pkgs, ... }:
2
3 with lib;
4 let
5 cfg = config.services.sourcehut;
6 cfgIni = cfg.settings;
7 scfg = cfg.dispatch;
8 iniKey = "dispatch.sr.ht";
9
10 drv = pkgs.sourcehut.dispatchsrht;
11 in
12 {
13 options.services.sourcehut.dispatch = {
14 user = mkOption {
15 type = types.str;
16 default = "dispatchsrht";
17 description = ''
18 User for dispatch.sr.ht.
19 '';
20 };
21
22 port = mkOption {
23 type = types.port;
24 default = 5005;
25 description = ''
26 Port on which the "dispatch" module should listen.
27 '';
28 };
29
30 database = mkOption {
31 type = types.str;
32 default = "dispatch.sr.ht";
33 description = ''
34 PostgreSQL database name for dispatch.sr.ht.
35 '';
36 };
37
38 statePath = mkOption {
39 type = types.path;
40 default = "${cfg.statePath}/dispatchsrht";
41 description = ''
42 State path for dispatch.sr.ht.
43 '';
44 };
45 };
46
47 config = with scfg; lib.mkIf (cfg.enable && elem "dispatch" cfg.services) {
48
49 users = {
50 users = {
51 "${user}" = {
52 isSystemUser = true;
53 group = user;
54 description = "dispatch.sr.ht user";
55 };
56 };
57
58 groups = {
59 "${user}" = { };
60 };
61 };
62
63 services.postgresql = {
64 authentication = ''
65 local ${database} ${user} trust
66 '';
67 ensureDatabases = [ database ];
68 ensureUsers = [
69 {
70 name = user;
71 ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
72 }
73 ];
74 };
75
76 systemd = {
77 tmpfiles.rules = [
78 "d ${statePath} 0750 ${user} ${user} -"
79 ];
80
81 services.dispatchsrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
82 after = [ "postgresql.service" "network.target" ];
83 requires = [ "postgresql.service" ];
84 wantedBy = [ "multi-user.target" ];
85
86 description = "dispatch.sr.ht website service";
87
88 serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
89 };
90 };
91
92 services.sourcehut.settings = {
93 # URL dispatch.sr.ht is being served at (protocol://domain)
94 "dispatch.sr.ht".origin = mkDefault "http://dispatch.${cfg.originBase}";
95 # Address and port to bind the debug server to
96 "dispatch.sr.ht".debug-host = mkDefault "0.0.0.0";
97 "dispatch.sr.ht".debug-port = mkDefault port;
98 # Configures the SQLAlchemy connection string for the database.
99 "dispatch.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
100 # Set to "yes" to automatically run migrations on package upgrade.
101 "dispatch.sr.ht".migrate-on-upgrade = mkDefault "yes";
102 # dispatch.sr.ht's OAuth client ID and secret for meta.sr.ht
103 # Register your client at meta.example.org/oauth
104 "dispatch.sr.ht".oauth-client-id = mkDefault null;
105 "dispatch.sr.ht".oauth-client-secret = mkDefault null;
106
107 # Github Integration
108 "dispatch.sr.ht::github".oauth-client-id = mkDefault null;
109 "dispatch.sr.ht::github".oauth-client-secret = mkDefault null;
110
111 # Gitlab Integration
112 "dispatch.sr.ht::gitlab".enabled = mkDefault null;
113 "dispatch.sr.ht::gitlab".canonical-upstream = mkDefault "gitlab.com";
114 "dispatch.sr.ht::gitlab".repo-cache = mkDefault "./repo-cache";
115 # "dispatch.sr.ht::gitlab"."gitlab.com" = mkDefault "GitLab:application id:secret";
116 };
117
118 services.nginx.virtualHosts."dispatch.${cfg.originBase}" = {
119 forceSSL = true;
120 locations."/".proxyPass = "http://${cfg.address}:${toString port}";
121 locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
122 locations."/static".root = "${pkgs.sourcehut.dispatchsrht}/${pkgs.sourcehut.python.sitePackages}/dispatchsrht";
123 };
124 };
125 }
NixOS configurations for Sourcephile's infrastructure