nixos/modules/services/misc/sourcehut/hub.nix

   1 { config, lib, pkgs, ... }:
   2
   3 with lib;
   4 let
   5   cfg = config.services.sourcehut;
   6   cfgIni = cfg.settings;
   7   scfg = cfg.hub;
   8   iniKey = "hub.sr.ht";
   9
  10   drv = pkgs.sourcehut.hubsrht;
  11 in
  12 {
  13   options.services.sourcehut.hub = {
  14     user = mkOption {
  15       type = types.str;
  16       default = "hubsrht";
  17       description = ''
  18         User for hub.sr.ht.
  19       '';
  20     };
  21
  22     port = mkOption {
  23       type = types.port;
  24       default = 5014;
  25       description = ''
  26         Port on which the "hub" module should listen.
  27       '';
  28     };
  29
  30     database = mkOption {
  31       type = types.str;
  32       default = "hub.sr.ht";
  33       description = ''
  34         PostgreSQL database name for hub.sr.ht.
  35       '';
  36     };
  37
  38     statePath = mkOption {
  39       type = types.path;
  40       default = "${cfg.statePath}/hubsrht";
  41       description = ''
  42         State path for hub.sr.ht.
  43       '';
  44     };
  45   };
  46
  47   config = with scfg; lib.mkIf (cfg.enable && elem "hub" cfg.services) {
  48     users = {
  49       users = {
  50         "${user}" = {
  51           isSystemUser = true;
  52           group = user;
  53           description = "hub.sr.ht user";
  54         };
  55       };
  56
  57       groups = {
  58         "${user}" = { };
  59       };
  60     };
  61
  62     services.postgresql = {
  63       authentication = ''
  64         local ${database} ${user} trust
  65       '';
  66       ensureDatabases = [ database ];
  67       ensureUsers = [
  68         {
  69           name = user;
  70           ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
  71         }
  72       ];
  73     };
  74
  75     systemd = {
  76       tmpfiles.rules = [
  77         "d ${statePath} 0750 ${user} ${user} -"
  78       ];
  79
  80       services.hubsrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
  81         after = [ "postgresql.service" "network.target" ];
  82         requires = [ "postgresql.service" ];
  83         wantedBy = [ "multi-user.target" ];
  84
  85         description = "hub.sr.ht website service";
  86
  87         serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
  88       };
  89     };
  90
  91     services.nginx.virtualHosts."${cfg.originBase}" = {
  92       forceSSL = true;
  93       locations."/".proxyPass = "http://${cfg.address}:${toString port}";
  94       locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
  95       locations."/static".root = "${pkgs.sourcehut.hubsrht}/${pkgs.sourcehut.python.sitePackages}/hubsrht";
  96     };
  97     services.nginx.virtualHosts."hub.${cfg.originBase}" = {
  98       globalRedirect = "${cfg.originBase}";
  99       forceSSL = true;
 100     };
 101   };
 102 }