]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/losurdo/sourcehut.nix
networking: add patate to wg-intra
[sourcephile-nix.git] / hosts / losurdo / sourcehut.nix
1 { pkgs, lib, config, ... }:
2 let
3 inherit (config.services) sourcehut;
4 inherit (config.users) groups;
5 domain = "sourcephile.wg";
6 in
7 {
8 #boot.isContainer = true;
9 #networking.firewall.allowedTCPPorts = [ 80 ];
10 networking.hosts = {
11 "192.168.42.2" = [domain] ++ map (d: "${d}.${domain}") sourcehut.services;
12 };
13 networking.nftables.ruleset = ''
14 add rule inet filter fw2net meta skuid ${sourcehut.meta.user} tcp dport 25 counter accept comment "SMTP"
15 '';
16 services.sourcehut = {
17 enable = true;
18 originBase = domain;
19 address = domain;
20 services = [
21 #"builds"
22 "dispatch"
23 "git"
24 "hub"
25 "lists"
26 "man"
27 "meta"
28 "todo"
29 "paste"
30 ];
31 /*
32 builds = {
33 enableWorker = true;
34 };
35 */
36 git = {
37 };
38 meta = {
39 port = 5000;
40 };
41 settings = {
42 "sr.ht" = {
43 environment = "production";
44 global-domain = domain;
45 origin = "http://${domain}";
46 owner-email = "julm+srht@sourcephile.fr";
47 owner-name = "Sourcephile";
48 site-blurb = "forge";
49 site-info = "http://${domain}";
50 site-name = "Sourcephile's sourcehut";
51 # nix shell nixpkgs#sourcehut.coresrht -c srht-keygen network
52 network-key = "OeXzQ6A8Vcgt5QJkXScuxeXCtfdKzKev99BRNb3_CWQ=";
53 # nix shell nixpkgs#sourcehut.coresrht -c srht-keygen service
54 service-key = "62427596fed00fa48c19f95bc85c14d0c618a5f8c130b53ba9a6a6b403bf1507";
55 };
56 # nix shell nixpkgs#sourcehut.metasrht -c metasrht-manageuser -t admin -e mymail@gmail.com misuzu
57 "builds.sr.ht" = {
58 origin = "http://builds.${domain}";
59 oauth-client-secret = "8f5fc39b5948907e62c737f6b48462dc";
60 oauth-client-id = "299db9f9c2013170";
61 };
62 "dispatch.sr.ht" = {
63 origin = "http://dispatch.${domain}";
64 oauth-client-secret = "8f5fc39b5948907e62c737f6b48462dc";
65 oauth-client-id = "299db9f9c2013170";
66 };
67 "paste.sr.ht" = {
68 origin = "http://paste.${domain}";
69 oauth-client-secret = "8f5fc39b5948907e62c737f6b48462dc";
70 oauth-client-id = "299db9f9c2013170";
71 };
72 "man.sr.ht" = {
73 origin = "http://man.${domain}";
74 oauth-client-secret = "8f5fc39b5948907e62c737f6b48462dc";
75 oauth-client-id = "299db9f9c2013170";
76 };
77 "meta.sr.ht" = {
78 origin = "http://meta.${domain}";
79 api-origin = "http://meta.${domain}:5100";
80 };
81 "meta.sr.ht::settings" = {
82 onboarding-redirect = "http://meta.${domain}";
83 registration = true;
84 internal-ipnet = "127.0.0.0/8,192.168.42.0/24";
85 };
86 "meta.sr.ht::api" = {
87 internal-ipnet= [ "127.0.0.0/8" "::1/128" "192.168.0.0/16" "10.0.0.0/8"];
88 };
89 "todo.sr.ht" = {
90 origin = "http://todo.${domain}";
91 oauth-client-secret = "8f5fc39b5948907e62c737f6b48462dc";
92 oauth-client-id = "299db9f9c2013170";
93 };
94 "git.sr.ht" = {
95 origin = "http://git.${domain}";
96 oauth-client-secret = "8f5fc39b5948907e62c737f6b48462dc";
97 oauth-client-id = "299db9f9c2013170";
98 };
99 "hub.sr.ht" = {
100 origin = "http://hub.${domain}";
101 oauth-client-secret = "8f5fc39b5948907e62c737f6b48462dc";
102 oauth-client-id = "299db9f9c2013170";
103 };
104 "lists.sr.ht::worker" = {
105 #sock = "/var/lib/postfix/queue/private/srht-lmtp";
106 };
107 "lists.sr.ht" = {
108 origin = "http://lists.${domain}";
109 oauth-client-secret = "8f5fc39b5948907e62c737f6b48462dc";
110 oauth-client-id = "299db9f9c2013170";
111 };
112 # nix shell nixpkgs#sourcehut.coresrht -c srht-keygen webhook
113 webhooks.private-key= "U7yd/8mGs/v0O3kId4jpeSghUCa9tqP1fYQwSV8UOqo=";
114 mail = {
115 smtp-host = "localhost";
116 smtp-port = 25;
117 smtp-user = null;
118 smtp-password = null;
119 smtp-from = "sourcehut@sourcephile.fr";
120 error-to = "julm+sourcehut+error@sourcephile.fr";
121 error-from = "sourcehut+error@sourcephile.fr";
122 pgp-privkey = null;
123 pgp-pubkey = null;
124 pgp-key-id = null;
125 };
126 };
127 };
128 services.nginx.virtualHosts = {
129 #"builds.${domain}".forceSSL = lib.mkForce false;
130 "dispatch.${domain}".forceSSL = lib.mkForce false;
131 "git.${domain}".forceSSL = lib.mkForce false;
132 "hub.${domain}".forceSSL = lib.mkForce false;
133 "lists.${domain}".forceSSL = lib.mkForce false;
134 "logs.${domain}".forceSSL = lib.mkForce false;
135 "man.${domain}".forceSSL = lib.mkForce false;
136 "paste.${domain}".forceSSL = lib.mkForce false;
137 "todo.${domain}".forceSSL = lib.mkForce false;
138 "meta.${domain}" = {
139 forceSSL = lib.mkForce false;
140 /*
141 extraConfig = ''
142 access_log /var/log/nginx/${domain}/meta/access.log json;
143 error_log /var/log/nginx/${domain}/meta/error.log warn;
144 '';
145 */
146 };
147 "${domain}".forceSSL = lib.mkForce false;
148 };
149 systemd.services.nginx.serviceConfig.LogsDirectory =
150 lib.mkForce ["/var/log/nginx/${domain}/meta"];
151 users.groups."postgres".members = map (n: sourcehut.${n}.user) sourcehut.services;
152 systemd.services.postgresql = {
153 /*
154 connection_limit=64 \
155 encoding=UTF8 \
156 lc_collate=fr_FR.UTF-8 \
157 lc_type=fr_FR.UTF-8 \
158 owner="${sourcehut.git.database}" \
159 pg_createdb "${sourcehut.git.database}" >/dev/null </dev/null
160
161 pg_adduser "${sourcehut.git.database}" "${sourcehut.git.database}" >/dev/null
162 */
163 postStart = lib.mkAfter ''
164 $PSQL -d "${sourcehut.dispatch.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
165 GRANT USAGE,CREATE ON schema public TO "${sourcehut.dispatch.user}";
166 EOF
167 $PSQL -d "${sourcehut.git.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
168 GRANT USAGE,CREATE ON schema public TO "${sourcehut.git.user}";
169 EOF
170 $PSQL -d "${sourcehut.hub.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
171 GRANT USAGE,CREATE ON schema public TO "${sourcehut.hub.user}";
172 EOF
173 $PSQL -d "${sourcehut.man.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
174 GRANT USAGE,CREATE ON schema public TO "${sourcehut.man.user}";
175 EOF
176 $PSQL -d "${sourcehut.meta.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
177 GRANT USAGE,CREATE ON schema public TO "${sourcehut.meta.user}";
178 EOF
179 $PSQL -d "${sourcehut.paste.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
180 GRANT USAGE,CREATE ON schema public TO "${sourcehut.paste.user}";
181 EOF
182 $PSQL -d "${sourcehut.todo.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
183 GRANT USAGE,CREATE ON schema public TO "${sourcehut.todo.user}";
184 EOF
185 $PSQL -d "${sourcehut.lists.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
186 GRANT USAGE,CREATE ON schema public TO "${sourcehut.lists.user}";
187 EOF
188 '';
189 };
190 }