1 { config, lib, pkgs, ... }:
5 cfg = config.services.sourcehut;
10 drv = pkgs.sourcehut.metasrht;
13 options.services.sourcehut.meta = {
26 Port on which the "meta" module should listen.
32 default = "meta.sr.ht";
34 PostgreSQL database name for meta.sr.ht.
38 statePath = mkOption {
40 default = "${cfg.statePath}/metasrht";
42 State path for meta.sr.ht.
47 config = with scfg; lib.mkIf (cfg.enable && elem "meta" cfg.services) {
51 assertion = with cfgIni."meta.sr.ht::billing"; enabled == "yes" -> (stripe-public-key != null && stripe-secret-key != null);
52 message = "If meta.sr.ht::billing is enabled, the keys should be defined.";
61 description = "meta.sr.ht user";
70 services.cron.systemCronJobs = [ "0 0 * * * ${cfg.python}/bin/metasrht-daily" ];
71 services.postgresql = {
73 local ${database} ${user} trust
75 ensureDatabases = [ database ];
79 ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
86 "d ${statePath} 0750 ${user} ${user} -"
91 # Configure client(s) as "preauthorized"
92 ${concatMapStringsSep "\n\n"
94 if ! test -e "${statePath}/${attr}.oauth" || [ "$(cat ${statePath}/${attr}.oauth)" != "${cfgIni."${attr}".oauth-client-id}" ]; then
95 # Configure ${attr}'s OAuth client as "preauthorized"
97 -c "UPDATE oauthclient SET preauthorized = true WHERE client_id = '${cfgIni."${attr}".oauth-client-id}'"
99 printf "%s" "${cfgIni."${attr}".oauth-client-id}" > "${statePath}/${attr}.oauth"
102 (builtins.attrNames (filterAttrs
103 (k: v: !(hasInfix "::" k) && (v.oauth-client-id or null) != null)
107 metasrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
108 after = [ "postgresql.service" "network.target" ];
109 requires = [ "postgresql.service" ];
110 wantedBy = [ "multi-user.target" ];
112 description = "meta.sr.ht website service";
114 preStart = commonPreStart;
116 serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
119 metasrht-api = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
120 after = [ "postgresql.service" "network.target" ];
121 requires = [ "postgresql.service" ];
122 wantedBy = [ "multi-user.target" ];
124 description = "meta.sr.ht api service";
126 preStart = commonPreStart;
128 serviceConfig.ExecStart = "${pkgs.sourcehut.metasrht}/bin/metasrht-api -b :${toString (port + 100)}";
131 metasrht-webhooks = {
132 after = [ "postgresql.service" "network.target" ];
133 requires = [ "postgresql.service" ];
134 wantedBy = [ "multi-user.target" ];
136 description = "meta.sr.ht webhooks service";
141 ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel INFO --pool eventlet";
148 services.nginx.virtualHosts."meta.${cfg.originBase}" = {
150 locations."/".proxyPass = "http://${cfg.address}:${toString port}";
151 locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
152 locations."/static".root = "${pkgs.sourcehut.metasrht}/${pkgs.sourcehut.python.sitePackages}/metasrht";