diff --git a/nixos/modules/services/misc/sourcehut/builds.nix b/nixos/modules/services/misc/sourcehut/builds.nix deleted file mode 100644 index 685a132d350..00000000000 --- a/nixos/modules/services/misc/sourcehut/builds.nix +++ /dev/null @@ -1,236 +0,0 @@ -{ config, lib, options, pkgs, ... }: - -with lib; -let - cfg = config.services.sourcehut; - opt = options.services.sourcehut; - scfg = cfg.builds; - rcfg = config.services.redis; - iniKey = "builds.sr.ht"; - - drv = pkgs.sourcehut.buildsrht; -in -{ - options.services.sourcehut.builds = { - user = mkOption { - type = types.str; - default = "buildsrht"; - description = '' - User for builds.sr.ht. - ''; - }; - - port = mkOption { - type = types.port; - default = 5002; - description = '' - Port on which the "builds" module should listen. - ''; - }; - - database = mkOption { - type = types.str; - default = "builds.sr.ht"; - description = '' - PostgreSQL database name for builds.sr.ht. - ''; - }; - - statePath = mkOption { - type = types.path; - default = "${cfg.statePath}/buildsrht"; - defaultText = literalExpression ''"''${config.${opt.statePath}}/buildsrht"''; - description = '' - State path for builds.sr.ht. - ''; - }; - - enableWorker = mkOption { - type = types.bool; - default = false; - description = '' - Run workers for builds.sr.ht. - ''; - }; - - images = mkOption { - type = types.attrsOf (types.attrsOf (types.attrsOf types.package)); - default = { }; - example = lib.literalExpression ''(let - # Pinning unstable to allow usage with flakes and limit rebuilds. - pkgs_unstable = builtins.fetchGit { - url = "https://github.com/NixOS/nixpkgs"; - rev = "ff96a0fa5635770390b184ae74debea75c3fd534"; - ref = "nixos-unstable"; - }; - image_from_nixpkgs = pkgs_unstable: (import ("''${pkgs.sourcehut.buildsrht}/lib/images/nixos/image.nix") { - pkgs = (import pkgs_unstable {}); - }); - in - { - nixos.unstable.x86_64 = image_from_nixpkgs pkgs_unstable; - } - )''; - description = '' - Images for builds.sr.ht. Each package should be distro.release.arch and point to a /nix/store/package/root.img.qcow2. - ''; - }; - - }; - - config = with scfg; let - image_dirs = lib.lists.flatten ( - lib.attrsets.mapAttrsToList - (distro: revs: - lib.attrsets.mapAttrsToList - (rev: archs: - lib.attrsets.mapAttrsToList - (arch: image: - pkgs.runCommand "buildsrht-images" { } '' - mkdir -p $out/${distro}/${rev}/${arch} - ln -s ${image}/*.qcow2 $out/${distro}/${rev}/${arch}/root.img.qcow2 - '') - archs) - revs) - scfg.images); - image_dir_pre = pkgs.symlinkJoin { - name = "builds.sr.ht-worker-images-pre"; - paths = image_dirs ++ [ - "${pkgs.sourcehut.buildsrht}/lib/images" - ]; - }; - image_dir = pkgs.runCommand "builds.sr.ht-worker-images" { } '' - mkdir -p $out/images - cp -Lr ${image_dir_pre}/* $out/images - ''; - in - lib.mkIf (cfg.enable && elem "builds" cfg.services) { - users = { - users = { - "${user}" = { - isSystemUser = true; - group = user; - extraGroups = lib.optionals cfg.builds.enableWorker [ "docker" ]; - description = "builds.sr.ht user"; - }; - }; - - groups = { - "${user}" = { }; - }; - }; - - services.postgresql = { - authentication = '' - local ${database} ${user} trust - ''; - ensureDatabases = [ database ]; - ensureUsers = [ - { - name = user; - ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; }; - } - ]; - }; - - systemd = { - tmpfiles.rules = [ - "d ${statePath} 0755 ${user} ${user} -" - ] ++ (lib.optionals cfg.builds.enableWorker - [ "d ${statePath}/logs 0775 ${user} ${user} - -" ] - ); - - services = { - buildsrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey - { - after = [ "postgresql.service" "network.target" ]; - requires = [ "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - - description = "builds.sr.ht website service"; - - serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}"; - - # Hack to bypass this hack: https://git.sr.ht/~sircmpwn/core.sr.ht/tree/master/item/srht-update-profiles#L6 - } // { preStart = " "; }; - - buildsrht-worker = { - enable = scfg.enableWorker; - after = [ "postgresql.service" "network.target" ]; - requires = [ "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - partOf = [ "buildsrht.service" ]; - description = "builds.sr.ht worker service"; - path = [ pkgs.openssh pkgs.docker ]; - preStart = let qemuPackage = pkgs.qemu_kvm; - in '' - if [[ "$(docker images -q qemu:latest 2> /dev/null)" == "" || "$(cat ${statePath}/docker-image-qemu 2> /dev/null || true)" != "${qemuPackage.version}" ]]; then - # Create and import qemu:latest image for docker - ${ - pkgs.dockerTools.streamLayeredImage { - name = "qemu"; - tag = "latest"; - contents = [ qemuPackage ]; - } - } | docker load - # Mark down current package version - printf "%s" "${qemuPackage.version}" > ${statePath}/docker-image-qemu - fi - ''; - serviceConfig = { - Type = "simple"; - User = user; - Group = "nginx"; - Restart = "always"; - }; - serviceConfig.ExecStart = "${pkgs.sourcehut.buildsrht}/bin/builds.sr.ht-worker"; - }; - }; - }; - - services.sourcehut.settings = { - # URL builds.sr.ht is being served at (protocol://domain) - "builds.sr.ht".origin = mkDefault "http://builds.${cfg.originBase}"; - # Address and port to bind the debug server to - "builds.sr.ht".debug-host = mkDefault "0.0.0.0"; - "builds.sr.ht".debug-port = mkDefault port; - # Configures the SQLAlchemy connection string for the database. - "builds.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql"; - # Set to "yes" to automatically run migrations on package upgrade. - "builds.sr.ht".migrate-on-upgrade = mkDefault "yes"; - # builds.sr.ht's OAuth client ID and secret for meta.sr.ht - # Register your client at meta.example.org/oauth - "builds.sr.ht".oauth-client-id = mkDefault null; - "builds.sr.ht".oauth-client-secret = mkDefault null; - # The redis connection used for the celery worker - "builds.sr.ht".redis = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/3"; - # The shell used for ssh - "builds.sr.ht".shell = mkDefault "runner-shell"; - # Register the builds.sr.ht dispatcher - "git.sr.ht::dispatch".${builtins.unsafeDiscardStringContext "${pkgs.sourcehut.buildsrht}/bin/buildsrht-keys"} = mkDefault "${user}:${user}"; - - # Location for build logs, images, and control command - } // lib.attrsets.optionalAttrs scfg.enableWorker { - # Default worker stores logs that are accessible via this address:port - "builds.sr.ht::worker".name = mkDefault "127.0.0.1:5020"; - "builds.sr.ht::worker".buildlogs = mkDefault "${scfg.statePath}/logs"; - "builds.sr.ht::worker".images = mkDefault "${image_dir}/images"; - "builds.sr.ht::worker".controlcmd = mkDefault "${image_dir}/images/control"; - "builds.sr.ht::worker".timeout = mkDefault "3m"; - }; - - services.nginx.virtualHosts."logs.${cfg.originBase}" = - if scfg.enableWorker then { - listen = with builtins; let address = split ":" cfg.settings."builds.sr.ht::worker".name; - in [{ addr = elemAt address 0; port = lib.toInt (elemAt address 2); }]; - locations."/logs".root = "${scfg.statePath}"; - } else { }; - - services.nginx.virtualHosts."builds.${cfg.originBase}" = { - forceSSL = true; - locations."/".proxyPass = "http://${cfg.address}:${toString port}"; - locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}"; - locations."/static".root = "${pkgs.sourcehut.buildsrht}/${pkgs.sourcehut.python.sitePackages}/buildsrht"; - }; - }; -} diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index 5a6d011a729..f5e4742d902 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -83,7 +83,7 @@ let python = pkgs.sourcehut.python.withPackages (ps: with ps; [ gunicorn eventlet - # For monitoring Celery: sudo -u listssrht celery --app listssrht.process -b redis+socket:///run/redis-sourcehut/redis.sock?virtual_host=5 flower + # For monitoring Celery: sudo -u listssrht celery --app listssrht.process -b redis+socket:///run/redis-sourcehut/redis.sock?virtual_host=1 flower flower # Sourcehut services srht @@ -905,6 +905,11 @@ in inherit configIniOfService; srvsrht = "buildsrht"; port = 5002; + extraServices.buildsrht-api = { + serviceConfig.Restart = "always"; + serviceConfig.RestartSec = "2s"; + serviceConfig.ExecStart = "${pkgs.sourcehut.buildsrht}/bin/buildsrht-api -b ${cfg.listenAddress}:${toString (cfg.builds.port + 100)}"; + }; # TODO: a celery worker on the master and worker are apparently needed extraServices.buildsrht-worker = let qemuPackage = pkgs.qemu_kvm; @@ -928,13 +933,13 @@ in fi ''; serviceConfig = { - ExecStart = "${pkgs.sourcehut.buildsrht}/bin/builds.sr.ht-worker"; + ExecStart = "${pkgs.sourcehut.buildsrht}/bin/buildsrht-worker"; BindPaths = [ cfg.settings."builds.sr.ht::worker".buildlogs ]; LogsDirectory = [ "sourcehut/${serviceName}" ]; RuntimeDirectory = [ "sourcehut/${serviceName}/subdir" ]; StateDirectory = [ "sourcehut/${serviceName}" ]; TimeoutStartSec = "1800s"; - # builds.sr.ht-worker looks up ../config.ini + # buildsrht-worker looks up ../config.ini WorkingDirectory = "-"+"/run/sourcehut/${serviceName}/subdir"; }; }; @@ -952,12 +957,12 @@ in ) cfg.builds.images ); image_dir_pre = pkgs.symlinkJoin { - name = "builds.sr.ht-worker-images-pre"; + name = "buildsrht-worker-images-pre"; paths = image_dirs; # FIXME: not working, apparently because ubuntu/latest is a broken link # ++ [ "${pkgs.sourcehut.buildsrht}/lib/images" ]; }; - image_dir = pkgs.runCommand "builds.sr.ht-worker-images" { } '' + image_dir = pkgs.runCommand "buildsrht-worker-images" { } '' mkdir -p $out/images cp -Lr ${image_dir_pre}/* $out/images ''; @@ -1081,6 +1086,11 @@ in }; }) ]; + extraServices.gitsrht-api = { + serviceConfig.Restart = "always"; + serviceConfig.RestartSec = "2s"; + serviceConfig.ExecStart = "${pkgs.sourcehut.gitsrht}/bin/gitsrht-api -b ${cfg.listenAddress}:${toString (cfg.git.port + 100)}"; + }; extraServices.gitsrht-fcgiwrap = mkIf cfg.nginx.enable { serviceConfig = { # Socket is passed by gitsrht-fcgiwrap.socket @@ -1124,6 +1134,11 @@ in timerConfig.OnCalendar = ["daily"]; timerConfig.AccuracySec = "1h"; }; + extraServices.hgsrht-api = { + serviceConfig.Restart = "always"; + serviceConfig.RestartSec = "2s"; + serviceConfig.ExecStart = "${pkgs.sourcehut.hgsrht}/bin/hgsrht-api -b ${cfg.listenAddress}:${toString (cfg.hg.port + 100)}"; + }; extraConfig = mkMerge [ { users.users.${cfg.hg.user}.shell = pkgs.bash; @@ -1184,6 +1199,11 @@ in inherit configIniOfService; port = 5006; webhooks = true; + extraServices.listssrht-api = { + serviceConfig.Restart = "always"; + serviceConfig.RestartSec = "2s"; + serviceConfig.ExecStart = "${pkgs.sourcehut.listssrht}/bin/listssrht-api -b ${cfg.listenAddress}:${toString (cfg.lists.port + 100)}"; + }; # Receive the mail from Postfix and enqueue them into Redis and PostgreSQL extraServices.listssrht-lmtp = { wants = [ "postfix.service" ]; @@ -1232,6 +1252,10 @@ in inherit configIniOfService; port = 5000; webhooks = true; + extraTimers.metasrht-daily.timerConfig = { + OnCalendar = ["daily"]; + AccuracySec = "1h"; + }; extraServices.metasrht-api = { serviceConfig.Restart = "always"; serviceConfig.RestartSec = "2s"; @@ -1248,10 +1272,6 @@ in ) cfg.settings)); serviceConfig.ExecStart = "${pkgs.sourcehut.metasrht}/bin/metasrht-api -b ${cfg.listenAddress}:${toString (cfg.meta.port + 100)}"; }; - extraTimers.metasrht-daily.timerConfig = { - OnCalendar = ["daily"]; - AccuracySec = "1h"; - }; extraConfig = mkMerge [ { assertions = [ @@ -1348,6 +1368,11 @@ in inherit configIniOfService; port = 5003; webhooks = true; + extraServices.todosrht-api = { + serviceConfig.Restart = "always"; + serviceConfig.RestartSec = "2s"; + serviceConfig.ExecStart = "${pkgs.sourcehut.todosrht}/bin/todosrht-api -b ${cfg.listenAddress}:${toString (cfg.todo.port + 100)}"; + }; extraServices.todosrht-lmtp = { wants = [ "postfix.service" ]; unitConfig.JoinsNamespaceOf = optional cfg.postfix.enable "postfix.service"; diff --git a/nixos/modules/services/misc/sourcehut/dispatch.nix b/nixos/modules/services/misc/sourcehut/dispatch.nix deleted file mode 100644 index 292a51d3e1c..00000000000 --- a/nixos/modules/services/misc/sourcehut/dispatch.nix +++ /dev/null @@ -1,127 +0,0 @@ -{ config, lib, options, pkgs, ... }: - -with lib; -let - cfg = config.services.sourcehut; - opt = options.services.sourcehut; - cfgIni = cfg.settings; - scfg = cfg.dispatch; - iniKey = "dispatch.sr.ht"; - - drv = pkgs.sourcehut.dispatchsrht; -in -{ - options.services.sourcehut.dispatch = { - user = mkOption { - type = types.str; - default = "dispatchsrht"; - description = '' - User for dispatch.sr.ht. - ''; - }; - - port = mkOption { - type = types.port; - default = 5005; - description = '' - Port on which the "dispatch" module should listen. - ''; - }; - - database = mkOption { - type = types.str; - default = "dispatch.sr.ht"; - description = '' - PostgreSQL database name for dispatch.sr.ht. - ''; - }; - - statePath = mkOption { - type = types.path; - default = "${cfg.statePath}/dispatchsrht"; - defaultText = literalExpression ''"''${config.${opt.statePath}}/dispatchsrht"''; - description = '' - State path for dispatch.sr.ht. - ''; - }; - }; - - config = with scfg; lib.mkIf (cfg.enable && elem "dispatch" cfg.services) { - - users = { - users = { - "${user}" = { - isSystemUser = true; - group = user; - description = "dispatch.sr.ht user"; - }; - }; - - groups = { - "${user}" = { }; - }; - }; - - services.postgresql = { - authentication = '' - local ${database} ${user} trust - ''; - ensureDatabases = [ database ]; - ensureUsers = [ - { - name = user; - ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; }; - } - ]; - }; - - systemd = { - tmpfiles.rules = [ - "d ${statePath} 0750 ${user} ${user} -" - ]; - - services.dispatchsrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey { - after = [ "postgresql.service" "network.target" ]; - requires = [ "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - - description = "dispatch.sr.ht website service"; - - serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}"; - }; - }; - - services.sourcehut.settings = { - # URL dispatch.sr.ht is being served at (protocol://domain) - "dispatch.sr.ht".origin = mkDefault "http://dispatch.${cfg.originBase}"; - # Address and port to bind the debug server to - "dispatch.sr.ht".debug-host = mkDefault "0.0.0.0"; - "dispatch.sr.ht".debug-port = mkDefault port; - # Configures the SQLAlchemy connection string for the database. - "dispatch.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql"; - # Set to "yes" to automatically run migrations on package upgrade. - "dispatch.sr.ht".migrate-on-upgrade = mkDefault "yes"; - # dispatch.sr.ht's OAuth client ID and secret for meta.sr.ht - # Register your client at meta.example.org/oauth - "dispatch.sr.ht".oauth-client-id = mkDefault null; - "dispatch.sr.ht".oauth-client-secret = mkDefault null; - - # Github Integration - "dispatch.sr.ht::github".oauth-client-id = mkDefault null; - "dispatch.sr.ht::github".oauth-client-secret = mkDefault null; - - # Gitlab Integration - "dispatch.sr.ht::gitlab".enabled = mkDefault null; - "dispatch.sr.ht::gitlab".canonical-upstream = mkDefault "gitlab.com"; - "dispatch.sr.ht::gitlab".repo-cache = mkDefault "./repo-cache"; - # "dispatch.sr.ht::gitlab"."gitlab.com" = mkDefault "GitLab:application id:secret"; - }; - - services.nginx.virtualHosts."dispatch.${cfg.originBase}" = { - forceSSL = true; - locations."/".proxyPass = "http://${cfg.address}:${toString port}"; - locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}"; - locations."/static".root = "${pkgs.sourcehut.dispatchsrht}/${pkgs.sourcehut.python.sitePackages}/dispatchsrht"; - }; - }; -} diff --git a/nixos/modules/services/misc/sourcehut/git.nix b/nixos/modules/services/misc/sourcehut/git.nix deleted file mode 100644 index ff110905d18..00000000000 --- a/nixos/modules/services/misc/sourcehut/git.nix +++ /dev/null @@ -1,217 +0,0 @@ -{ config, lib, options, pkgs, ... }: - -with lib; -let - cfg = config.services.sourcehut; - opt = options.services.sourcehut; - scfg = cfg.git; - iniKey = "git.sr.ht"; - - rcfg = config.services.redis; - drv = pkgs.sourcehut.gitsrht; -in -{ - options.services.sourcehut.git = { - user = mkOption { - type = types.str; - visible = false; - internal = true; - readOnly = true; - default = "git"; - description = '' - User for git.sr.ht. - ''; - }; - - port = mkOption { - type = types.port; - default = 5001; - description = '' - Port on which the "git" module should listen. - ''; - }; - - database = mkOption { - type = types.str; - default = "git.sr.ht"; - description = '' - PostgreSQL database name for git.sr.ht. - ''; - }; - - statePath = mkOption { - type = types.path; - default = "${cfg.statePath}/gitsrht"; - defaultText = literalExpression ''"''${config.${opt.statePath}}/gitsrht"''; - description = '' - State path for git.sr.ht. - ''; - }; - - package = mkOption { - type = types.package; - default = pkgs.git; - defaultText = literalExpression "pkgs.git"; - example = literalExpression "pkgs.gitFull"; - description = '' - Git package for git.sr.ht. This can help silence collisions. - ''; - }; - }; - - config = with scfg; lib.mkIf (cfg.enable && elem "git" cfg.services) { - # sshd refuses to run with `Unsafe AuthorizedKeysCommand ... bad ownership or modes for directory /nix/store` - environment.etc."ssh/gitsrht-dispatch" = { - mode = "0755"; - text = '' - #! ${pkgs.stdenv.shell} - ${cfg.python}/bin/gitsrht-dispatch "$@" - ''; - }; - - # Needs this in the $PATH when sshing into the server - environment.systemPackages = [ cfg.git.package ]; - - users = { - users = { - "${user}" = { - isSystemUser = true; - group = user; - # https://stackoverflow.com/questions/22314298/git-push-results-in-fatal-protocol-error-bad-line-length-character-this - # Probably could use gitsrht-shell if output is restricted to just parameters... - shell = pkgs.bash; - description = "git.sr.ht user"; - }; - }; - - groups = { - "${user}" = { }; - }; - }; - - services = { - cron.systemCronJobs = [ "*/20 * * * * ${cfg.python}/bin/gitsrht-periodic" ]; - fcgiwrap.enable = true; - - openssh.authorizedKeysCommand = ''/etc/ssh/gitsrht-dispatch "%u" "%h" "%t" "%k"''; - openssh.authorizedKeysCommandUser = "root"; - openssh.extraConfig = '' - PermitUserEnvironment SRHT_* - ''; - - postgresql = { - authentication = '' - local ${database} ${user} trust - ''; - ensureDatabases = [ database ]; - ensureUsers = [ - { - name = user; - ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; }; - } - ]; - }; - }; - - systemd = { - tmpfiles.rules = [ - # /var/log is owned by root - "f /var/log/git-srht-shell 0644 ${user} ${user} -" - - "d ${statePath} 0750 ${user} ${user} -" - "d ${cfg.settings."${iniKey}".repos} 2755 ${user} ${user} -" - ]; - - services = { - gitsrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey { - after = [ "redis.service" "postgresql.service" "network.target" ]; - requires = [ "redis.service" "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - - # Needs internally to create repos at the very least - path = [ pkgs.git ]; - description = "git.sr.ht website service"; - - serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}"; - }; - - gitsrht-webhooks = { - after = [ "postgresql.service" "network.target" ]; - requires = [ "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - - description = "git.sr.ht webhooks service"; - serviceConfig = { - Type = "simple"; - User = user; - Restart = "always"; - }; - - serviceConfig.ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel=info"; - }; - }; - }; - - services.sourcehut.settings = { - # URL git.sr.ht is being served at (protocol://domain) - "git.sr.ht".origin = mkDefault "http://git.${cfg.originBase}"; - # Address and port to bind the debug server to - "git.sr.ht".debug-host = mkDefault "0.0.0.0"; - "git.sr.ht".debug-port = mkDefault port; - # Configures the SQLAlchemy connection string for the database. - "git.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql"; - # Set to "yes" to automatically run migrations on package upgrade. - "git.sr.ht".migrate-on-upgrade = mkDefault "yes"; - # The redis connection used for the webhooks worker - "git.sr.ht".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/1"; - - # A post-update script which is installed in every git repo. - "git.sr.ht".post-update-script = mkDefault "${pkgs.sourcehut.gitsrht}/bin/gitsrht-update-hook"; - - # git.sr.ht's OAuth client ID and secret for meta.sr.ht - # Register your client at meta.example.org/oauth - "git.sr.ht".oauth-client-id = mkDefault null; - "git.sr.ht".oauth-client-secret = mkDefault null; - # Path to git repositories on disk - "git.sr.ht".repos = mkDefault "/var/lib/git"; - - "git.sr.ht".outgoing-domain = mkDefault "http://git.${cfg.originBase}"; - - # The authorized keys hook uses this to dispatch to various handlers - # The format is a program to exec into as the key, and the user to match as the - # value. When someone tries to log in as this user, this program is executed - # and is expected to omit an AuthorizedKeys file. - # - # Discard of the string context is in order to allow derivation-derived strings. - # This is safe if the relevant package is installed which will be the case if the setting is utilized. - "git.sr.ht::dispatch".${builtins.unsafeDiscardStringContext "${pkgs.sourcehut.gitsrht}/bin/gitsrht-keys"} = mkDefault "${user}:${user}"; - }; - - services.nginx.virtualHosts."git.${cfg.originBase}" = { - forceSSL = true; - locations."/".proxyPass = "http://${cfg.address}:${toString port}"; - locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}"; - locations."/static".root = "${pkgs.sourcehut.gitsrht}/${pkgs.sourcehut.python.sitePackages}/gitsrht"; - extraConfig = '' - location = /authorize { - proxy_pass http://${cfg.address}:${toString port}; - proxy_pass_request_body off; - proxy_set_header Content-Length ""; - proxy_set_header X-Original-URI $request_uri; - } - location ~ ^/([^/]+)/([^/]+)/(HEAD|info/refs|objects/info/.*|git-upload-pack).*$ { - auth_request /authorize; - root /var/lib/git; - fastcgi_pass unix:/run/fcgiwrap.sock; - fastcgi_param SCRIPT_FILENAME ${pkgs.git}/bin/git-http-backend; - fastcgi_param PATH_INFO $uri; - fastcgi_param GIT_PROJECT_ROOT $document_root; - fastcgi_read_timeout 500s; - include ${config.services.nginx.package}/conf/fastcgi_params; - gzip off; - } - ''; - - }; - }; -} diff --git a/nixos/modules/services/misc/sourcehut/hg.nix b/nixos/modules/services/misc/sourcehut/hg.nix deleted file mode 100644 index 6ba1df8b6dd..00000000000 --- a/nixos/modules/services/misc/sourcehut/hg.nix +++ /dev/null @@ -1,175 +0,0 @@ -{ config, lib, options, pkgs, ... }: - -with lib; -let - cfg = config.services.sourcehut; - opt = options.services.sourcehut; - scfg = cfg.hg; - iniKey = "hg.sr.ht"; - - rcfg = config.services.redis; - drv = pkgs.sourcehut.hgsrht; -in -{ - options.services.sourcehut.hg = { - user = mkOption { - type = types.str; - internal = true; - readOnly = true; - default = "hg"; - description = '' - User for hg.sr.ht. - ''; - }; - - port = mkOption { - type = types.port; - default = 5010; - description = '' - Port on which the "hg" module should listen. - ''; - }; - - database = mkOption { - type = types.str; - default = "hg.sr.ht"; - description = '' - PostgreSQL database name for hg.sr.ht. - ''; - }; - - statePath = mkOption { - type = types.path; - default = "${cfg.statePath}/hgsrht"; - defaultText = literalExpression ''"''${config.${opt.statePath}}/hgsrht"''; - description = '' - State path for hg.sr.ht. - ''; - }; - - cloneBundles = mkOption { - type = types.bool; - default = false; - description = '' - Generate clonebundles (which require more disk space but dramatically speed up cloning large repositories). - ''; - }; - }; - - config = with scfg; lib.mkIf (cfg.enable && elem "hg" cfg.services) { - # In case it ever comes into being - environment.etc."ssh/hgsrht-dispatch" = { - mode = "0755"; - text = '' - #! ${pkgs.stdenv.shell} - ${cfg.python}/bin/gitsrht-dispatch $@ - ''; - }; - - environment.systemPackages = [ pkgs.mercurial ]; - - users = { - users = { - "${user}" = { - isSystemUser = true; - group = user; - # Assuming hg.sr.ht needs this too - shell = pkgs.bash; - description = "hg.sr.ht user"; - }; - }; - - groups = { - "${user}" = { }; - }; - }; - - services = { - cron.systemCronJobs = [ "*/20 * * * * ${cfg.python}/bin/hgsrht-periodic" ] - ++ optional cloneBundles "0 * * * * ${cfg.python}/bin/hgsrht-clonebundles"; - - openssh.authorizedKeysCommand = ''/etc/ssh/hgsrht-dispatch "%u" "%h" "%t" "%k"''; - openssh.authorizedKeysCommandUser = "root"; - openssh.extraConfig = '' - PermitUserEnvironment SRHT_* - ''; - - postgresql = { - authentication = '' - local ${database} ${user} trust - ''; - ensureDatabases = [ database ]; - ensureUsers = [ - { - name = user; - ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; }; - } - ]; - }; - }; - - systemd = { - tmpfiles.rules = [ - # /var/log is owned by root - "f /var/log/hg-srht-shell 0644 ${user} ${user} -" - - "d ${statePath} 0750 ${user} ${user} -" - "d ${cfg.settings."${iniKey}".repos} 2755 ${user} ${user} -" - ]; - - services.hgsrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey { - after = [ "redis.service" "postgresql.service" "network.target" ]; - requires = [ "redis.service" "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - - path = [ pkgs.mercurial ]; - description = "hg.sr.ht website service"; - - serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}"; - }; - }; - - services.sourcehut.settings = { - # URL hg.sr.ht is being served at (protocol://domain) - "hg.sr.ht".origin = mkDefault "http://hg.${cfg.originBase}"; - # Address and port to bind the debug server to - "hg.sr.ht".debug-host = mkDefault "0.0.0.0"; - "hg.sr.ht".debug-port = mkDefault port; - # Configures the SQLAlchemy connection string for the database. - "hg.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql"; - # The redis connection used for the webhooks worker - "hg.sr.ht".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/1"; - # A post-update script which is installed in every mercurial repo. - "hg.sr.ht".changegroup-script = mkDefault "${cfg.python}/bin/hgsrht-hook-changegroup"; - # hg.sr.ht's OAuth client ID and secret for meta.sr.ht - # Register your client at meta.example.org/oauth - "hg.sr.ht".oauth-client-id = mkDefault null; - "hg.sr.ht".oauth-client-secret = mkDefault null; - # Path to mercurial repositories on disk - "hg.sr.ht".repos = mkDefault "/var/lib/hg"; - # Path to the srht mercurial extension - # (defaults to where the hgsrht code is) - # "hg.sr.ht".srhtext = mkDefault null; - # .hg/store size (in MB) past which the nightly job generates clone bundles. - # "hg.sr.ht".clone_bundle_threshold = mkDefault 50; - # Path to hg-ssh (if not in $PATH) - # "hg.sr.ht".hg_ssh = mkDefault /path/to/hg-ssh; - - # The authorized keys hook uses this to dispatch to various handlers - # The format is a program to exec into as the key, and the user to match as the - # value. When someone tries to log in as this user, this program is executed - # and is expected to omit an AuthorizedKeys file. - # - # Uncomment the relevant lines to enable the various sr.ht dispatchers. - "hg.sr.ht::dispatch"."/run/current-system/sw/bin/hgsrht-keys" = mkDefault "${user}:${user}"; - }; - - # TODO: requires testing and addition of hg-specific requirements - services.nginx.virtualHosts."hg.${cfg.originBase}" = { - forceSSL = true; - locations."/".proxyPass = "http://${cfg.address}:${toString port}"; - locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}"; - locations."/static".root = "${pkgs.sourcehut.hgsrht}/${pkgs.sourcehut.python.sitePackages}/hgsrht"; - }; - }; -} diff --git a/nixos/modules/services/misc/sourcehut/hub.nix b/nixos/modules/services/misc/sourcehut/hub.nix deleted file mode 100644 index 7d137a76505..00000000000 --- a/nixos/modules/services/misc/sourcehut/hub.nix +++ /dev/null @@ -1,120 +0,0 @@ -{ config, lib, options, pkgs, ... }: - -with lib; -let - cfg = config.services.sourcehut; - opt = options.services.sourcehut; - cfgIni = cfg.settings; - scfg = cfg.hub; - iniKey = "hub.sr.ht"; - - drv = pkgs.sourcehut.hubsrht; -in -{ - options.services.sourcehut.hub = { - user = mkOption { - type = types.str; - default = "hubsrht"; - description = '' - User for hub.sr.ht. - ''; - }; - - port = mkOption { - type = types.port; - default = 5014; - description = '' - Port on which the "hub" module should listen. - ''; - }; - - database = mkOption { - type = types.str; - default = "hub.sr.ht"; - description = '' - PostgreSQL database name for hub.sr.ht. - ''; - }; - - statePath = mkOption { - type = types.path; - default = "${cfg.statePath}/hubsrht"; - defaultText = literalExpression ''"''${config.${opt.statePath}}/hubsrht"''; - description = '' - State path for hub.sr.ht. - ''; - }; - }; - - config = with scfg; lib.mkIf (cfg.enable && elem "hub" cfg.services) { - users = { - users = { - "${user}" = { - isSystemUser = true; - group = user; - description = "hub.sr.ht user"; - }; - }; - - groups = { - "${user}" = { }; - }; - }; - - services.postgresql = { - authentication = '' - local ${database} ${user} trust - ''; - ensureDatabases = [ database ]; - ensureUsers = [ - { - name = user; - ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; }; - } - ]; - }; - - systemd = { - tmpfiles.rules = [ - "d ${statePath} 0750 ${user} ${user} -" - ]; - - services.hubsrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey { - after = [ "postgresql.service" "network.target" ]; - requires = [ "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - - description = "hub.sr.ht website service"; - - serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}"; - }; - }; - - services.sourcehut.settings = { - # URL hub.sr.ht is being served at (protocol://domain) - "hub.sr.ht".origin = mkDefault "http://hub.${cfg.originBase}"; - # Address and port to bind the debug server to - "hub.sr.ht".debug-host = mkDefault "0.0.0.0"; - "hub.sr.ht".debug-port = mkDefault port; - # Configures the SQLAlchemy connection string for the database. - "hub.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql"; - # Set to "yes" to automatically run migrations on package upgrade. - "hub.sr.ht".migrate-on-upgrade = mkDefault "yes"; - # hub.sr.ht's OAuth client ID and secret for meta.sr.ht - # Register your client at meta.example.org/oauth - "hub.sr.ht".oauth-client-id = mkDefault null; - "hub.sr.ht".oauth-client-secret = mkDefault null; - }; - - services.nginx.virtualHosts."${cfg.originBase}" = { - forceSSL = true; - locations."/".proxyPass = "http://${cfg.address}:${toString port}"; - locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}"; - locations."/static".root = "${pkgs.sourcehut.hubsrht}/${pkgs.sourcehut.python.sitePackages}/hubsrht"; - }; - services.nginx.virtualHosts."hub.${cfg.originBase}" = { - globalRedirect = "${cfg.originBase}"; - forceSSL = true; - }; - }; -} diff --git a/nixos/modules/services/misc/sourcehut/lists.nix b/nixos/modules/services/misc/sourcehut/lists.nix deleted file mode 100644 index 76f155caa05..00000000000 --- a/nixos/modules/services/misc/sourcehut/lists.nix +++ /dev/null @@ -1,187 +0,0 @@ -# Email setup is fairly involved, useful references: -# https://drewdevault.com/2018/08/05/Local-mail-server.html - -{ config, lib, options, pkgs, ... }: - -with lib; -let - cfg = config.services.sourcehut; - opt = options.services.sourcehut; - cfgIni = cfg.settings; - scfg = cfg.lists; - iniKey = "lists.sr.ht"; - - rcfg = config.services.redis; - drv = pkgs.sourcehut.listssrht; -in -{ - options.services.sourcehut.lists = { - user = mkOption { - type = types.str; - default = "listssrht"; - description = '' - User for lists.sr.ht. - ''; - }; - - port = mkOption { - type = types.port; - default = 5006; - description = '' - Port on which the "lists" module should listen. - ''; - }; - - database = mkOption { - type = types.str; - default = "lists.sr.ht"; - description = '' - PostgreSQL database name for lists.sr.ht. - ''; - }; - - statePath = mkOption { - type = types.path; - default = "${cfg.statePath}/listssrht"; - defaultText = literalExpression ''"''${config.${opt.statePath}}/listssrht"''; - description = '' - State path for lists.sr.ht. - ''; - }; - }; - - config = with scfg; lib.mkIf (cfg.enable && elem "lists" cfg.services) { - users = { - users = { - "${user}" = { - isSystemUser = true; - group = user; - extraGroups = [ "postfix" ]; - description = "lists.sr.ht user"; - }; - }; - groups = { - "${user}" = { }; - }; - }; - - services.postgresql = { - authentication = '' - local ${database} ${user} trust - ''; - ensureDatabases = [ database ]; - ensureUsers = [ - { - name = user; - ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; }; - } - ]; - }; - - systemd = { - tmpfiles.rules = [ - "d ${statePath} 0750 ${user} ${user} -" - ]; - - services = { - listssrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey { - after = [ "postgresql.service" "network.target" ]; - requires = [ "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - - description = "lists.sr.ht website service"; - - serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}"; - }; - - listssrht-process = { - after = [ "postgresql.service" "network.target" ]; - requires = [ "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - - description = "lists.sr.ht process service"; - serviceConfig = { - Type = "simple"; - User = user; - Restart = "always"; - ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.process worker --loglevel=info"; - }; - }; - - listssrht-lmtp = { - after = [ "postgresql.service" "network.target" ]; - requires = [ "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - - description = "lists.sr.ht process service"; - serviceConfig = { - Type = "simple"; - User = user; - Restart = "always"; - ExecStart = "${cfg.python}/bin/listssrht-lmtp"; - }; - }; - - - listssrht-webhooks = { - after = [ "postgresql.service" "network.target" ]; - requires = [ "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - - description = "lists.sr.ht webhooks service"; - serviceConfig = { - Type = "simple"; - User = user; - Restart = "always"; - ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel=info"; - }; - }; - }; - }; - - services.sourcehut.settings = { - # URL lists.sr.ht is being served at (protocol://domain) - "lists.sr.ht".origin = mkDefault "http://lists.${cfg.originBase}"; - # Address and port to bind the debug server to - "lists.sr.ht".debug-host = mkDefault "0.0.0.0"; - "lists.sr.ht".debug-port = mkDefault port; - # Configures the SQLAlchemy connection string for the database. - "lists.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql"; - # Set to "yes" to automatically run migrations on package upgrade. - "lists.sr.ht".migrate-on-upgrade = mkDefault "yes"; - # lists.sr.ht's OAuth client ID and secret for meta.sr.ht - # Register your client at meta.example.org/oauth - "lists.sr.ht".oauth-client-id = mkDefault null; - "lists.sr.ht".oauth-client-secret = mkDefault null; - # Outgoing email for notifications generated by users - "lists.sr.ht".notify-from = mkDefault "CHANGEME@example.org"; - # The redis connection used for the webhooks worker - "lists.sr.ht".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/2"; - # The redis connection used for the celery worker - "lists.sr.ht".redis = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/4"; - # Network-key - "lists.sr.ht".network-key = mkDefault null; - # Allow creation - "lists.sr.ht".allow-new-lists = mkDefault "no"; - # Posting Domain - "lists.sr.ht".posting-domain = mkDefault "lists.${cfg.originBase}"; - - # Path for the lmtp daemon's unix socket. Direct incoming mail to this socket. - # Alternatively, specify IP:PORT and an SMTP server will be run instead. - "lists.sr.ht::worker".sock = mkDefault "/tmp/lists.sr.ht-lmtp.sock"; - # The lmtp daemon will make the unix socket group-read/write for users in this - # group. - "lists.sr.ht::worker".sock-group = mkDefault "postfix"; - "lists.sr.ht::worker".reject-url = mkDefault "https://man.sr.ht/lists.sr.ht/etiquette.md"; - "lists.sr.ht::worker".reject-mimetypes = mkDefault "text/html"; - - }; - - services.nginx.virtualHosts."lists.${cfg.originBase}" = { - forceSSL = true; - locations."/".proxyPass = "http://${cfg.address}:${toString port}"; - locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}"; - locations."/static".root = "${pkgs.sourcehut.listssrht}/${pkgs.sourcehut.python.sitePackages}/listssrht"; - }; - }; -} diff --git a/nixos/modules/services/misc/sourcehut/man.nix b/nixos/modules/services/misc/sourcehut/man.nix deleted file mode 100644 index 8ca271c32ee..00000000000 --- a/nixos/modules/services/misc/sourcehut/man.nix +++ /dev/null @@ -1,124 +0,0 @@ -{ config, lib, options, pkgs, ... }: - -with lib; -let - cfg = config.services.sourcehut; - opt = options.services.sourcehut; - cfgIni = cfg.settings; - scfg = cfg.man; - iniKey = "man.sr.ht"; - - drv = pkgs.sourcehut.mansrht; -in -{ - options.services.sourcehut.man = { - user = mkOption { - type = types.str; - default = "mansrht"; - description = '' - User for man.sr.ht. - ''; - }; - - port = mkOption { - type = types.port; - default = 5004; - description = '' - Port on which the "man" module should listen. - ''; - }; - - database = mkOption { - type = types.str; - default = "man.sr.ht"; - description = '' - PostgreSQL database name for man.sr.ht. - ''; - }; - - statePath = mkOption { - type = types.path; - default = "${cfg.statePath}/mansrht"; - defaultText = literalExpression ''"''${config.${opt.statePath}}/mansrht"''; - description = '' - State path for man.sr.ht. - ''; - }; - }; - - config = with scfg; lib.mkIf (cfg.enable && elem "man" cfg.services) { - assertions = - [ - { - assertion = hasAttrByPath [ "git.sr.ht" "oauth-client-id" ] cfgIni; - message = "man.sr.ht needs access to git.sr.ht."; - } - ]; - - users = { - users = { - "${user}" = { - isSystemUser = true; - group = user; - description = "man.sr.ht user"; - }; - }; - - groups = { - "${user}" = { }; - }; - }; - - services.postgresql = { - authentication = '' - local ${database} ${user} trust - ''; - ensureDatabases = [ database ]; - ensureUsers = [ - { - name = user; - ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; }; - } - ]; - }; - - systemd = { - tmpfiles.rules = [ - "d ${statePath} 0750 ${user} ${user} -" - ]; - - services.mansrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey { - after = [ "postgresql.service" "network.target" ]; - requires = [ "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - - description = "man.sr.ht website service"; - - serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}"; - }; - }; - - services.sourcehut.settings = { - # URL man.sr.ht is being served at (protocol://domain) - "man.sr.ht".origin = mkDefault "http://man.${cfg.originBase}"; - # Address and port to bind the debug server to - "man.sr.ht".debug-host = mkDefault "0.0.0.0"; - "man.sr.ht".debug-port = mkDefault port; - # Configures the SQLAlchemy connection string for the database. - "man.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql"; - # Set to "yes" to automatically run migrations on package upgrade. - "man.sr.ht".migrate-on-upgrade = mkDefault "yes"; - # man.sr.ht's OAuth client ID and secret for meta.sr.ht - # Register your client at meta.example.org/oauth - "man.sr.ht".oauth-client-id = mkDefault null; - "man.sr.ht".oauth-client-secret = mkDefault null; - }; - - services.nginx.virtualHosts."man.${cfg.originBase}" = { - forceSSL = true; - locations."/".proxyPass = "http://${cfg.address}:${toString port}"; - locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}"; - locations."/static".root = "${pkgs.sourcehut.mansrht}/${pkgs.sourcehut.python.sitePackages}/mansrht"; - }; - }; -} diff --git a/nixos/modules/services/misc/sourcehut/meta.nix b/nixos/modules/services/misc/sourcehut/meta.nix deleted file mode 100644 index 33e4f2332b5..00000000000 --- a/nixos/modules/services/misc/sourcehut/meta.nix +++ /dev/null @@ -1,213 +0,0 @@ -{ config, lib, options, pkgs, ... }: - -with lib; -let - cfg = config.services.sourcehut; - opt = options.services.sourcehut; - cfgIni = cfg.settings; - scfg = cfg.meta; - iniKey = "meta.sr.ht"; - - rcfg = config.services.redis; - drv = pkgs.sourcehut.metasrht; -in -{ - options.services.sourcehut.meta = { - user = mkOption { - type = types.str; - default = "metasrht"; - description = '' - User for meta.sr.ht. - ''; - }; - - port = mkOption { - type = types.port; - default = 5000; - description = '' - Port on which the "meta" module should listen. - ''; - }; - - database = mkOption { - type = types.str; - default = "meta.sr.ht"; - description = '' - PostgreSQL database name for meta.sr.ht. - ''; - }; - - statePath = mkOption { - type = types.path; - default = "${cfg.statePath}/metasrht"; - defaultText = literalExpression ''"''${config.${opt.statePath}}/metasrht"''; - description = '' - State path for meta.sr.ht. - ''; - }; - }; - - config = with scfg; lib.mkIf (cfg.enable && elem "meta" cfg.services) { - assertions = - [ - { - assertion = with cfgIni."meta.sr.ht::billing"; enabled == "yes" -> (stripe-public-key != null && stripe-secret-key != null); - message = "If meta.sr.ht::billing is enabled, the keys should be defined."; - } - ]; - - users = { - users = { - ${user} = { - isSystemUser = true; - group = user; - description = "meta.sr.ht user"; - }; - }; - - groups = { - "${user}" = { }; - }; - }; - - services.cron.systemCronJobs = [ "0 0 * * * ${cfg.python}/bin/metasrht-daily" ]; - services.postgresql = { - authentication = '' - local ${database} ${user} trust - ''; - ensureDatabases = [ database ]; - ensureUsers = [ - { - name = user; - ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; }; - } - ]; - }; - - systemd = { - tmpfiles.rules = [ - "d ${statePath} 0750 ${user} ${user} -" - ]; - - services = { - metasrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey { - after = [ "postgresql.service" "network.target" ]; - requires = [ "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - - description = "meta.sr.ht website service"; - - preStart = '' - # Configure client(s) as "preauthorized" - ${concatMapStringsSep "\n\n" - (attr: '' - if ! test -e "${statePath}/${attr}.oauth" || [ "$(cat ${statePath}/${attr}.oauth)" != "${cfgIni."${attr}".oauth-client-id}" ]; then - # Configure ${attr}'s OAuth client as "preauthorized" - psql ${database} \ - -c "UPDATE oauthclient SET preauthorized = true WHERE client_id = '${cfgIni."${attr}".oauth-client-id}'" - - printf "%s" "${cfgIni."${attr}".oauth-client-id}" > "${statePath}/${attr}.oauth" - fi - '') - (builtins.attrNames (filterAttrs - (k: v: !(hasInfix "::" k) && builtins.hasAttr "oauth-client-id" v && v.oauth-client-id != null) - cfg.settings))} - ''; - - serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}"; - }; - - metasrht-api = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey { - after = [ "postgresql.service" "network.target" ]; - requires = [ "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - - description = "meta.sr.ht api service"; - - preStart = '' - # Configure client(s) as "preauthorized" - ${concatMapStringsSep "\n\n" - (attr: '' - if ! test -e "${statePath}/${attr}.oauth" || [ "$(cat ${statePath}/${attr}.oauth)" != "${cfgIni."${attr}".oauth-client-id}" ]; then - # Configure ${attr}'s OAuth client as "preauthorized" - psql ${database} \ - -c "UPDATE oauthclient SET preauthorized = true WHERE client_id = '${cfgIni."${attr}".oauth-client-id}'" - - printf "%s" "${cfgIni."${attr}".oauth-client-id}" > "${statePath}/${attr}.oauth" - fi - '') - (builtins.attrNames (filterAttrs - (k: v: !(hasInfix "::" k) && builtins.hasAttr "oauth-client-id" v && v.oauth-client-id != null) - cfg.settings))} - ''; - - serviceConfig.ExecStart = "${pkgs.sourcehut.metasrht}/bin/metasrht-api -b :${toString (port + 100)}"; - }; - - metasrht-webhooks = { - after = [ "postgresql.service" "network.target" ]; - requires = [ "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - - description = "meta.sr.ht webhooks service"; - serviceConfig = { - Type = "simple"; - User = user; - Restart = "always"; - ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel=info"; - }; - - }; - }; - }; - - services.sourcehut.settings = { - # URL meta.sr.ht is being served at (protocol://domain) - "meta.sr.ht".origin = mkDefault "https://meta.${cfg.originBase}"; - # Address and port to bind the debug server to - "meta.sr.ht".debug-host = mkDefault "0.0.0.0"; - "meta.sr.ht".debug-port = mkDefault port; - # Configures the SQLAlchemy connection string for the database. - "meta.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql"; - # Set to "yes" to automatically run migrations on package upgrade. - "meta.sr.ht".migrate-on-upgrade = mkDefault "yes"; - # If "yes", the user will be sent the stock sourcehut welcome emails after - # signup (requires cron to be configured properly). These are specific to the - # sr.ht instance so you probably want to patch these before enabling this. - "meta.sr.ht".welcome-emails = mkDefault "no"; - - # The redis connection used for the webhooks worker - "meta.sr.ht".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/6"; - - # If "no", public registration will not be permitted. - "meta.sr.ht::settings".registration = mkDefault "no"; - # Where to redirect new users upon registration - "meta.sr.ht::settings".onboarding-redirect = mkDefault "https://meta.${cfg.originBase}"; - # How many invites each user is issued upon registration (only applicable if - # open registration is disabled) - "meta.sr.ht::settings".user-invites = mkDefault 5; - - # Origin URL for API, 100 more than web - "meta.sr.ht".api-origin = mkDefault "http://localhost:5100"; - - # You can add aliases for the client IDs of commonly used OAuth clients here. - # - # Example: - "meta.sr.ht::aliases" = mkDefault { }; - # "meta.sr.ht::aliases"."git.sr.ht" = 12345; - - # "yes" to enable the billing system - "meta.sr.ht::billing".enabled = mkDefault "no"; - # Get your keys at https://dashboard.stripe.com/account/apikeys - "meta.sr.ht::billing".stripe-public-key = mkDefault null; - "meta.sr.ht::billing".stripe-secret-key = mkDefault null; - }; - - services.nginx.virtualHosts."meta.${cfg.originBase}" = { - forceSSL = true; - locations."/".proxyPass = "http://${cfg.address}:${toString port}"; - locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}"; - locations."/static".root = "${pkgs.sourcehut.metasrht}/${pkgs.sourcehut.python.sitePackages}/metasrht"; - }; - }; -} diff --git a/nixos/modules/services/misc/sourcehut/paste.nix b/nixos/modules/services/misc/sourcehut/paste.nix deleted file mode 100644 index b481ebaf891..00000000000 --- a/nixos/modules/services/misc/sourcehut/paste.nix +++ /dev/null @@ -1,135 +0,0 @@ -{ config, lib, options, pkgs, ... }: - -with lib; -let - cfg = config.services.sourcehut; - opt = options.services.sourcehut; - cfgIni = cfg.settings; - scfg = cfg.paste; - iniKey = "paste.sr.ht"; - - rcfg = config.services.redis; - drv = pkgs.sourcehut.pastesrht; -in -{ - options.services.sourcehut.paste = { - user = mkOption { - type = types.str; - default = "pastesrht"; - description = '' - User for paste.sr.ht. - ''; - }; - - port = mkOption { - type = types.port; - default = 5011; - description = '' - Port on which the "paste" module should listen. - ''; - }; - - database = mkOption { - type = types.str; - default = "paste.sr.ht"; - description = '' - PostgreSQL database name for paste.sr.ht. - ''; - }; - - statePath = mkOption { - type = types.path; - default = "${cfg.statePath}/pastesrht"; - defaultText = literalExpression ''"''${config.${opt.statePath}}/pastesrht"''; - description = '' - State path for pastesrht.sr.ht. - ''; - }; - }; - - config = with scfg; lib.mkIf (cfg.enable && elem "paste" cfg.services) { - users = { - users = { - "${user}" = { - isSystemUser = true; - group = user; - description = "paste.sr.ht user"; - }; - }; - - groups = { - "${user}" = { }; - }; - }; - - services.postgresql = { - authentication = '' - local ${database} ${user} trust - ''; - ensureDatabases = [ database ]; - ensureUsers = [ - { - name = user; - ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; }; - } - ]; - }; - - systemd = { - tmpfiles.rules = [ - "d ${statePath} 0750 ${user} ${user} -" - ]; - - services = { - pastesrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey { - after = [ "postgresql.service" "network.target" ]; - requires = [ "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - - description = "paste.sr.ht website service"; - - serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}"; - }; - - pastesrht-webhooks = { - after = [ "postgresql.service" "network.target" ]; - requires = [ "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - - description = "paste.sr.ht webhooks service"; - serviceConfig = { - Type = "simple"; - User = user; - Restart = "always"; - ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel=info"; - }; - - }; - }; - }; - - services.sourcehut.settings = { - # URL paste.sr.ht is being served at (protocol://domain) - "paste.sr.ht".origin = mkDefault "http://paste.${cfg.originBase}"; - # Address and port to bind the debug server to - "paste.sr.ht".debug-host = mkDefault "0.0.0.0"; - "paste.sr.ht".debug-port = mkDefault port; - # Configures the SQLAlchemy connection string for the database. - "paste.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql"; - # Set to "yes" to automatically run migrations on package upgrade. - "paste.sr.ht".migrate-on-upgrade = mkDefault "yes"; - # paste.sr.ht's OAuth client ID and secret for meta.sr.ht - # Register your client at meta.example.org/oauth - "paste.sr.ht".oauth-client-id = mkDefault null; - "paste.sr.ht".oauth-client-secret = mkDefault null; - "paste.sr.ht".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/5"; - }; - - services.nginx.virtualHosts."paste.${cfg.originBase}" = { - forceSSL = true; - locations."/".proxyPass = "http://${cfg.address}:${toString port}"; - locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}"; - locations."/static".root = "${pkgs.sourcehut.pastesrht}/${pkgs.sourcehut.python.sitePackages}/pastesrht"; - }; - }; -} diff --git a/nixos/modules/services/misc/sourcehut/service.nix b/nixos/modules/services/misc/sourcehut/service.nix index f1706ad0a6a..4ecc7a72669 100644 --- a/nixos/modules/services/misc/sourcehut/service.nix +++ b/nixos/modules/services/misc/sourcehut/service.nix @@ -148,7 +148,7 @@ in redis = { host = mkOption { type = types.str; - default = "unix:/run/redis-sourcehut-${srvsrht}/redis.sock?db=0"; + default = "unix:///run/redis-sourcehut-${srvsrht}/redis.sock?db=0"; example = "redis://shared.wireguard:6379/0"; description = '' The redis host URL. This is used for caching and temporary storage, and must diff --git a/nixos/modules/services/misc/sourcehut/todo.nix b/nixos/modules/services/misc/sourcehut/todo.nix deleted file mode 100644 index 262fa48f59d..00000000000 --- a/nixos/modules/services/misc/sourcehut/todo.nix +++ /dev/null @@ -1,163 +0,0 @@ -{ config, lib, options, pkgs, ... }: - -with lib; -let - cfg = config.services.sourcehut; - opt = options.services.sourcehut; - cfgIni = cfg.settings; - scfg = cfg.todo; - iniKey = "todo.sr.ht"; - - rcfg = config.services.redis; - drv = pkgs.sourcehut.todosrht; -in -{ - options.services.sourcehut.todo = { - user = mkOption { - type = types.str; - default = "todosrht"; - description = '' - User for todo.sr.ht. - ''; - }; - - port = mkOption { - type = types.port; - default = 5003; - description = '' - Port on which the "todo" module should listen. - ''; - }; - - database = mkOption { - type = types.str; - default = "todo.sr.ht"; - description = '' - PostgreSQL database name for todo.sr.ht. - ''; - }; - - statePath = mkOption { - type = types.path; - default = "${cfg.statePath}/todosrht"; - defaultText = literalExpression ''"''${config.${opt.statePath}}/todosrht"''; - description = '' - State path for todo.sr.ht. - ''; - }; - }; - - config = with scfg; lib.mkIf (cfg.enable && elem "todo" cfg.services) { - users = { - users = { - "${user}" = { - isSystemUser = true; - group = user; - extraGroups = [ "postfix" ]; - description = "todo.sr.ht user"; - }; - }; - groups = { - "${user}" = { }; - }; - }; - - services.postgresql = { - authentication = '' - local ${database} ${user} trust - ''; - ensureDatabases = [ database ]; - ensureUsers = [ - { - name = user; - ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; }; - } - ]; - }; - - systemd = { - tmpfiles.rules = [ - "d ${statePath} 0750 ${user} ${user} -" - ]; - - services = { - todosrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey { - after = [ "postgresql.service" "network.target" ]; - requires = [ "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - - description = "todo.sr.ht website service"; - - serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}"; - }; - - todosrht-lmtp = { - after = [ "postgresql.service" "network.target" ]; - bindsTo = [ "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - - description = "todo.sr.ht process service"; - serviceConfig = { - Type = "simple"; - User = user; - Restart = "always"; - ExecStart = "${cfg.python}/bin/todosrht-lmtp"; - }; - }; - - todosrht-webhooks = { - after = [ "postgresql.service" "network.target" ]; - requires = [ "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - - description = "todo.sr.ht webhooks service"; - serviceConfig = { - Type = "simple"; - User = user; - Restart = "always"; - ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel=info"; - }; - - }; - }; - }; - - services.sourcehut.settings = { - # URL todo.sr.ht is being served at (protocol://domain) - "todo.sr.ht".origin = mkDefault "http://todo.${cfg.originBase}"; - # Address and port to bind the debug server to - "todo.sr.ht".debug-host = mkDefault "0.0.0.0"; - "todo.sr.ht".debug-port = mkDefault port; - # Configures the SQLAlchemy connection string for the database. - "todo.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql"; - # Set to "yes" to automatically run migrations on package upgrade. - "todo.sr.ht".migrate-on-upgrade = mkDefault "yes"; - # todo.sr.ht's OAuth client ID and secret for meta.sr.ht - # Register your client at meta.example.org/oauth - "todo.sr.ht".oauth-client-id = mkDefault null; - "todo.sr.ht".oauth-client-secret = mkDefault null; - # Outgoing email for notifications generated by users - "todo.sr.ht".notify-from = mkDefault "CHANGEME@example.org"; - # The redis connection used for the webhooks worker - "todo.sr.ht".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/1"; - # Network-key - "todo.sr.ht".network-key = mkDefault null; - - # Path for the lmtp daemon's unix socket. Direct incoming mail to this socket. - # Alternatively, specify IP:PORT and an SMTP server will be run instead. - "todo.sr.ht::mail".sock = mkDefault "/tmp/todo.sr.ht-lmtp.sock"; - # The lmtp daemon will make the unix socket group-read/write for users in this - # group. - "todo.sr.ht::mail".sock-group = mkDefault "postfix"; - - "todo.sr.ht::mail".posting-domain = mkDefault "todo.${cfg.originBase}"; - }; - - services.nginx.virtualHosts."todo.${cfg.originBase}" = { - forceSSL = true; - locations."/".proxyPass = "http://${cfg.address}:${toString port}"; - locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}"; - locations."/static".root = "${pkgs.sourcehut.todosrht}/${pkgs.sourcehut.python.sitePackages}/todosrht"; - }; - }; -} diff --git a/nixos/tests/sourcehut.nix b/nixos/tests/sourcehut.nix index 34a60247e00..6998f4f0c10 100644 --- a/nixos/tests/sourcehut.nix +++ b/nixos/tests/sourcehut.nix @@ -195,6 +195,7 @@ in # Testing metasrht machine.wait_for_unit("metasrht-api.service") machine.wait_for_unit("metasrht.service") + machine.wait_for_unit("metasrht-webhooks.service") machine.wait_for_open_port(5000) machine.succeed("curl -sL http://localhost:5000 | grep meta.${domain}") machine.succeed("curl -sL http://meta.${domain} | grep meta.${domain}") diff --git a/pkgs/applications/version-management/sourcehut/builds.nix b/pkgs/applications/version-management/sourcehut/builds.nix index 350afd07fe1..99d6a05c4eb 100644 --- a/pkgs/applications/version-management/sourcehut/builds.nix +++ b/pkgs/applications/version-management/sourcehut/builds.nix @@ -1,7 +1,7 @@ { lib , fetchFromSourcehut -, buildPythonPackage , buildGoModule +, buildPythonPackage , srht , redis , celery @@ -9,21 +9,29 @@ , markdown , ansi2html , python +, unzip }: let - version = "0.75.2"; + version = "0.80.0"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "builds.sr.ht"; rev = version; - sha256 = "sha256-SwyxMzmp9baRQ0vceuEn/OpfIv7z7jwq/l67hdOHXjM="; + sha256 = "sha256-SzA9bOXiXULRD4Eq9xBbbmMUpXT8egOtooZFF4p79ms="; }; - buildWorker = src: buildGoModule { + buildsrht-api = buildGoModule ({ inherit src version; - pname = "builds-sr-ht-worker"; + pname = "buildsrht-api"; + modRoot = "api"; + vendorSha256 = "sha256-roTwqtg4Y846PNtLdRN/LV3Jd0LVElqjFy3DJcrwoaI="; + } // import ./fix-gqlgen-trimpath.nix {inherit unzip;}); + buildsrht-worker = buildGoModule { + inherit src version; + sourceRoot = "source/worker"; + pname = "buildsrht-worker"; vendorSha256 = "sha256-Pf1M9a43eK4jr6QMi6kRHA8DodXQU0pqq9ua5VC3ER0="; }; in @@ -31,10 +39,10 @@ buildPythonPackage rec { inherit src version; pname = "buildsrht"; - patches = [ - # Revert change breaking Unix socket support for Redis - patches/redis-socket/build/0001-Revert-Add-build-submission-and-queue-monitoring.patch - ]; + postPatch = '' + substituteInPlace Makefile \ + --replace "all: api worker" "" + ''; nativeBuildInputs = srht.nativeBuildInputs; @@ -58,7 +66,8 @@ buildPythonPackage rec { cp -r images $out/lib cp contrib/submit_image_build $out/bin/builds.sr.ht - cp ${buildWorker "${src}/worker"}/bin/worker $out/bin/builds.sr.ht-worker + ln -s ${buildsrht-api}/bin/api $out/bin/buildsrht-api + ln -s ${buildsrht-worker}/bin/worker $out/bin/buildsrht-worker ''; pythonImportsCheck = [ "buildsrht" ]; diff --git a/pkgs/applications/version-management/sourcehut/core.nix b/pkgs/applications/version-management/sourcehut/core.nix index 805da8c3282..0648f21910f 100644 --- a/pkgs/applications/version-management/sourcehut/core.nix +++ b/pkgs/applications/version-management/sourcehut/core.nix @@ -1,5 +1,5 @@ { lib -, fetchgit +, fetchFromSourcehut , fetchNodeModules , buildPythonPackage , pgpy @@ -29,12 +29,13 @@ buildPythonPackage rec { pname = "srht"; - version = "0.68.14"; + version = "0.68.24"; - src = fetchgit { - url = "https://git.sr.ht/~sircmpwn/core.sr.ht"; + src = fetchFromSourcehut { + owner = "~sircmpwn"; + repo = "core.sr.ht"; rev = version; - sha256 = "sha256-BY3W2rwrg0mhH3CltgUqg6Xv8Ve5VZNY/lI1cfbAjYM="; + sha256 = "sha256-ipukga6vfBgDIXOQCejCkU/iTmBt5egIjB+NlJyL2yo="; fetchSubmodules = true; }; @@ -47,6 +48,8 @@ buildPythonPackage rec { patches = [ # Disable check for npm ./disable-npm-install.patch + # Fix Unix socket support in RedisQueueCollector + patches/redis-socket/core/0001-Fix-Unix-socket-support-in-RedisQueueCollector.patch ]; nativeBuildInputs = [ diff --git a/pkgs/applications/version-management/sourcehut/default.nix b/pkgs/applications/version-management/sourcehut/default.nix index 00810f208cc..aee65dee3bb 100644 --- a/pkgs/applications/version-management/sourcehut/default.nix +++ b/pkgs/applications/version-management/sourcehut/default.nix @@ -2,6 +2,7 @@ , openssl , callPackage , recurseIntoAttrs +, nixosTests }: # To expose the *srht modules, they have to be a python module so we use `buildPythonModule` @@ -44,4 +45,7 @@ with python.pkgs; recurseIntoAttrs { pagessrht = pagessrht; pastesrht = toPythonApplication pastesrht; todosrht = toPythonApplication todosrht; + passthru.tests = { + nixos-sourcehut = nixosTests.sourcehut; + }; } diff --git a/pkgs/applications/version-management/sourcehut/fix-gqlgen-trimpath.nix b/pkgs/applications/version-management/sourcehut/fix-gqlgen-trimpath.nix new file mode 100644 index 00000000000..1f94913292e --- /dev/null +++ b/pkgs/applications/version-management/sourcehut/fix-gqlgen-trimpath.nix @@ -0,0 +1,32 @@ +{ unzip }: +{ + overrideModAttrs = (_: { + # No need to workaround -trimpath: it's not used in go-modules, + # but do download `go generate`'s dependencies nonetheless. + preBuild = '' + set -x + go generate ./loaders + go generate ./graph + set +x + ''; + }); + + # Workaround: + # go: git.sr.ht/~emersion/go-emailthreads@v0.0.0-20220412093310-4fd792e343ba: module lookup disabled by GOPROXY=off + # tidy failed: go mod tidy failed: exit status 1 + # graph/generate.go:10: running "go": exit status 1 + proxyVendor = true; + + # Workaround -trimpath in the package derivation: + # https://github.com/99designs/gqlgen/issues/1537 + # This is to give `go generate ./graph` access to gqlgen's *.gotpl files + # If it fails, the gqlgenVersion may have to be updated. + preBuild = let gqlgenVersion = "0.17.2"; in '' + set -x + ${unzip}/bin/unzip ''${GOPROXY#"file://"}/github.com/99designs/gqlgen/@v/v${gqlgenVersion}.zip + go generate ./loaders + go generate ./graph + rm -rf github.com + set +x + ''; +} diff --git a/pkgs/applications/version-management/sourcehut/git.nix b/pkgs/applications/version-management/sourcehut/git.nix index 318bee4cf51..a721da0ecd3 100644 --- a/pkgs/applications/version-management/sourcehut/git.nix +++ b/pkgs/applications/version-management/sourcehut/git.nix @@ -1,57 +1,67 @@ { lib , fetchFromSourcehut -, buildPythonPackage , buildGoModule +, buildPythonPackage , python , srht , pygit2 , scmsrht +, unzip }: let - version = "0.77.3"; + version = "0.78.18"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "git.sr.ht"; rev = version; - sha256 = "sha256-eJvXCcmdiUzTK0EqNJkLEZsAfr6toD/378HObnMbOWM="; + sha256 = "sha256-pGWphdFKaOIBIKWMxfNAFqXZQx/qHcrwb5Ylj9uag7s="; }; - buildShell = src: buildGoModule { + gitApi = buildGoModule ({ inherit src version; - pname = "gitsrht-shell"; - vendorSha256 = "sha256-aqUFICp0C2reqb2p6JCPAUIRsxzSv0t9BHoNWrTYfqk="; - }; + pname = "gitsrht-api"; + modRoot = "api"; + vendorSha256 = "sha256-0YI20liP0X1McfiSUy29zJk2UqqAPBIfIfPLoJOE1uI="; + } // import ./fix-gqlgen-trimpath.nix {inherit unzip;}); - buildDispatcher = src: buildGoModule { + gitDispatch = buildGoModule { inherit src version; - pname = "gitsrht-dispatcher"; + pname = "gitsrht-dispatch"; + modRoot = "gitsrht-dispatch"; vendorSha256 = "sha256-qWXPHo86s6iuRBhRMtmD5jxnAWKdrWHtA/iSUkdw89M="; }; - buildKeys = src: buildGoModule { + gitKeys = buildGoModule { inherit src version; pname = "gitsrht-keys"; + modRoot = "gitsrht-keys"; vendorSha256 = "sha256-9pojS69HCKVHUceyOpGtv9ewcxFD4WsOVsEzkmWJkF4="; }; - buildUpdateHook = src: buildGoModule { + gitShell = buildGoModule { inherit src version; - pname = "gitsrht-update-hook"; - vendorSha256 = "sha256-sBlG7EFqdDm7CkAHVX50Mf4N3sl1rPNmWExG/bfbfGA="; + pname = "gitsrht-shell"; + modRoot = "gitsrht-shell"; + vendorSha256 = "sha256-WqfvSPuVsOHA//86u33atMfeA11+DJhjLmWy8Ivq0NI="; }; - updateHook = buildUpdateHook "${src}/gitsrht-update-hook"; + gitUpdateHook = buildGoModule { + inherit src version; + pname = "gitsrht-update-hook"; + modRoot = "gitsrht-update-hook"; + vendorSha256 = "sha256-Bc3yPabS2S+qiroHFKrtkII/CfzBDYQ6xWxKHAME+Tc="; + }; in buildPythonPackage rec { inherit src version; pname = "gitsrht"; - patches = [ - # Revert change breaking Unix socket support for Redis - patches/redis-socket/git/0001-Revert-Add-webhook-queue-monitoring.patch - ]; + postPatch = '' + substituteInPlace Makefile \ + --replace "all: api gitsrht-dispatch gitsrht-keys gitsrht-shell gitsrht-update-hook" "" + ''; nativeBuildInputs = srht.nativeBuildInputs; @@ -68,14 +78,12 @@ buildPythonPackage rec { postInstall = '' mkdir -p $out/bin - cp ${buildShell "${src}/gitsrht-shell"}/bin/gitsrht-shell $out/bin/gitsrht-shell - cp ${buildDispatcher "${src}/gitsrht-dispatch"}/bin/gitsrht-dispatch $out/bin/gitsrht-dispatch - cp ${buildKeys "${src}/gitsrht-keys"}/bin/gitsrht-keys $out/bin/gitsrht-keys - cp ${updateHook}/bin/gitsrht-update-hook $out/bin/gitsrht-update-hook + ln -s ${gitApi}/bin/api $out/bin/gitsrht-api + ln -s ${gitDispatch}/bin/gitsrht-dispatch $out/bin/gitsrht-dispatch + ln -s ${gitKeys}/bin/gitsrht-keys $out/bin/gitsrht-keys + ln -s ${gitShell}/bin/gitsrht-shell $out/bin/gitsrht-shell + ln -s ${gitUpdateHook}/bin/gitsrht-update-hook $out/bin/gitsrht-update-hook ''; - passthru = { - inherit updateHook; - }; pythonImportsCheck = [ "gitsrht" ]; diff --git a/pkgs/applications/version-management/sourcehut/hg.nix b/pkgs/applications/version-management/sourcehut/hg.nix index f3e778b2f31..2aa4cc2c505 100644 --- a/pkgs/applications/version-management/sourcehut/hg.nix +++ b/pkgs/applications/version-management/sourcehut/hg.nix @@ -1,21 +1,41 @@ { lib , fetchhg +, buildGoModule , buildPythonPackage , srht , hglib , scmsrht , unidiff , python +, unzip }: buildPythonPackage rec { pname = "hgsrht"; - version = "0.29.4"; + version = "0.31.2"; src = fetchhg { url = "https://hg.sr.ht/~sircmpwn/hg.sr.ht"; rev = version; - sha256 = "Jn9M/R5tJK/GeJDWGo3LWCK2nwsfI9zh+/yo2M+X6Sk="; + sha256 = "F0dBykSSrlis+mumULLxvKNxD75DWR9+IDTYbmhkMDI="; + }; + postPatch = '' + substituteInPlace Makefile \ + --replace "all: api hgsrht-keys" "" + ''; + + hgsrht-api = buildGoModule ({ + inherit src version; + pname = "hgsrht-api"; + modRoot = "api"; + vendorSha256 = "sha256-W7A22qSIgJgcfS7xYNrmbYKaZBXbDtPilM9I6DxmTeU="; + } // import ./fix-gqlgen-trimpath.nix {inherit unzip;}); + + hgsrht-keys = buildGoModule { + inherit src version; + pname = "hgsrht-keys"; + modRoot = "hgsrht-keys"; + vendorSha256 = "sha256-7ti8xCjSrxsslF7/1X/GY4FDl+69hPL4UwCDfjxmJLU="; }; nativeBuildInputs = srht.nativeBuildInputs; @@ -32,6 +52,11 @@ buildPythonPackage rec { export SRHT_PATH=${srht}/${python.sitePackages}/srht ''; + postInstall = '' + ln -s ${hgsrht-api}/bin/api $out/bin/hgsrht-api + ln -s ${hgsrht-keys}/bin/hgsrht-keys $out/bin/hgsrht-keys + ''; + pythonImportsCheck = [ "hgsrht" ]; meta = with lib; { diff --git a/pkgs/applications/version-management/sourcehut/hub.nix b/pkgs/applications/version-management/sourcehut/hub.nix index 511ec359fc4..75d9efe5bd9 100644 --- a/pkgs/applications/version-management/sourcehut/hub.nix +++ b/pkgs/applications/version-management/sourcehut/hub.nix @@ -6,13 +6,13 @@ buildPythonPackage rec { pname = "hubsrht"; - version = "0.14.4"; + version = "0.14.14"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "hub.sr.ht"; rev = version; - sha256 = "sha256-7HF+jykWGqzPWA0YtJZQZU7pnID1yexcqLkEf2HpnSs="; + sha256 = "sha256-4n6oQ+AAvdJY/5KflxAp62chjyrlSUkmt319DKZk33w="; }; nativeBuildInputs = srht.nativeBuildInputs; diff --git a/pkgs/applications/version-management/sourcehut/lists.nix b/pkgs/applications/version-management/sourcehut/lists.nix index 3ba6375a913..b9a00ffd213 100644 --- a/pkgs/applications/version-management/sourcehut/lists.nix +++ b/pkgs/applications/version-management/sourcehut/lists.nix @@ -1,5 +1,6 @@ { lib , fetchFromSourcehut +, buildGoModule , buildPythonPackage , srht , asyncpg @@ -8,23 +9,31 @@ , emailthreads , redis , python +, unzip }: buildPythonPackage rec { pname = "listssrht"; - version = "0.51.7"; + version = "0.51.10"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "lists.sr.ht"; rev = version; - sha256 = "sha256-oNY5A98oVoL2JKO0fU/8YVl8u7ywmHb/RHD8A6z9yIM="; + sha256 = "sha256-f8KvMctDva31W5c6uAIDDZ0eUrRL5ha10ew2pLEnJtw="; }; - patches = [ - # Revert change breaking Unix socket support for Redis - patches/redis-socket/lists/0001-Revert-Add-webhook-queue-monitoring.patch - ]; + listssrht-api = buildGoModule ({ + inherit src version; + pname = "listssrht-api"; + modRoot = "api"; + vendorSha256 = "sha256-xnmMkRSokbhWD+kz0XQ9AinYdm6/50FRBISURPvlzD0="; + } // import ./fix-gqlgen-trimpath.nix {inherit unzip;}); + + postPatch = '' + substituteInPlace Makefile \ + --replace "all: api" "" + ''; nativeBuildInputs = srht.nativeBuildInputs; @@ -42,6 +51,10 @@ buildPythonPackage rec { export SRHT_PATH=${srht}/${python.sitePackages}/srht ''; + postInstall = '' + ln -s ${listssrht-api}/bin/api $out/bin/listssrht-api + ''; + pythonImportsCheck = [ "listssrht" ]; meta = with lib; { diff --git a/pkgs/applications/version-management/sourcehut/man.nix b/pkgs/applications/version-management/sourcehut/man.nix index 8d43f297a4f..ccee76defde 100644 --- a/pkgs/applications/version-management/sourcehut/man.nix +++ b/pkgs/applications/version-management/sourcehut/man.nix @@ -8,13 +8,13 @@ buildPythonPackage rec { pname = "mansrht"; - version = "0.15.23"; + version = "0.15.25"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "man.sr.ht"; rev = version; - sha256 = "sha256-xrBptXdwMee+YkPup/BYL/iXBhCzSUQ5htSHIw/1Ncc="; + sha256 = "sha256-Mq3IHsqSkFHVdmy3g0E+9oLnKORthgv3lqvWyrKMIuU="; }; nativeBuildInputs = srht.nativeBuildInputs; diff --git a/pkgs/applications/version-management/sourcehut/meta.nix b/pkgs/applications/version-management/sourcehut/meta.nix index ab19cc88d25..896279addd3 100644 --- a/pkgs/applications/version-management/sourcehut/meta.nix +++ b/pkgs/applications/version-management/sourcehut/meta.nix @@ -16,32 +16,34 @@ , weasyprint , prometheus-client , python +, unzip }: let - version = "0.57.5"; + version = "0.58.8"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "meta.sr.ht"; rev = version; - sha256 = "sha256-qsCwZaCiqvY445U053OCWD98jlIUi9NB2jWVP2oW3Vk="; + sha256 = "sha256-lnEt5UoQBd5qlkD+nE6KL5DP4jf1FrAjgA06/mgRxTs="; }; - buildApi = src: buildGoModule { + metasrht-api = buildGoModule ({ inherit src version; pname = "metasrht-api"; - vendorSha256 = "sha256-8Ubrr9qRlgW2wsLHrPHwulSWLz+gp4VPcTvOZpg8TYM="; - }; + modRoot = "api"; + vendorSha256 = "sha256-3s9PYUy4qS06zyTIRDvnAmhfrjVLBa/03Nu3tMcIReI="; + } // import ./fix-gqlgen-trimpath.nix {inherit unzip;}); in buildPythonPackage rec { pname = "metasrht"; inherit version src; - patches = [ - # Revert change breaking Unix socket support for Redis - patches/redis-socket/meta/0001-Revert-Add-webhook-queue-monitoring.patch - ]; + postPatch = '' + substituteInPlace Makefile \ + --replace "all: api" "" + ''; nativeBuildInputs = srht.nativeBuildInputs; @@ -68,7 +70,7 @@ buildPythonPackage rec { postInstall = '' mkdir -p $out/bin - cp ${buildApi "${src}/api/"}/bin/api $out/bin/metasrht-api + ln -s ${metasrht-api}/bin/api $out/bin/metasrht-api ''; pythonImportsCheck = [ "metasrht" ]; diff --git a/pkgs/applications/version-management/sourcehut/pages.nix b/pkgs/applications/version-management/sourcehut/pages.nix index b6a18b5bda7..faa6dbb4d49 100644 --- a/pkgs/applications/version-management/sourcehut/pages.nix +++ b/pkgs/applications/version-management/sourcehut/pages.nix @@ -1,20 +1,21 @@ { lib , fetchFromSourcehut , buildGoModule +, unzip }: -buildGoModule rec { +buildGoModule (rec { pname = "pagessrht"; - version = "0.6.2"; + version = "0.7.3"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "pages.sr.ht"; rev = version; - sha256 = "sha256-ob0+t9V2o8lhVC6fXbi1rNm0Mnbs+GoyAmhBqVZ13PA="; + sha256 = "sha256-fHhf4VQ82/k4g8pzyuN9Pr2f8mxT8zw+2Nq0nw1Msks="; }; - vendorSha256 = "sha256-b0sHSH0jkKoIVq045N96wszuLJDegkkj0v50nuDFleU="; + vendorSha256 = "sha256-/+XVl6PZUMOZIiuO6vEu0dacefz2hDSObaP8JsItSTw="; postInstall = '' mkdir -p $out/share/sql/ @@ -27,4 +28,6 @@ buildGoModule rec { license = licenses.agpl3Only; maintainers = with maintainers; [ eadwu ]; }; -} + # There is no ./loaders but this does not cause troubles + # to go generate +} // import ./fix-gqlgen-trimpath.nix {inherit unzip;}) diff --git a/pkgs/applications/version-management/sourcehut/paste.nix b/pkgs/applications/version-management/sourcehut/paste.nix index c411f8e8c95..fbbc5fcd6a9 100644 --- a/pkgs/applications/version-management/sourcehut/paste.nix +++ b/pkgs/applications/version-management/sourcehut/paste.nix @@ -8,13 +8,13 @@ buildPythonPackage rec { pname = "pastesrht"; - version = "0.13.6"; + version = "0.13.7"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "paste.sr.ht"; rev = version; - sha256 = "sha256-Khcqk86iD9nxiKXN3+8mSLNoDau2qXNFOrLdkVu+rH8="; + sha256 = "sha256-EzcS6Zbh+wJinC/GKJOSWUPORODpKEA3tLpLGqoVGBU="; }; nativeBuildInputs = srht.nativeBuildInputs; diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/build/0001-Revert-Add-build-submission-and-queue-monitoring.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/build/0001-Revert-Add-build-submission-and-queue-monitoring.patch deleted file mode 100644 index ae8e95ddc0c..00000000000 --- a/pkgs/applications/version-management/sourcehut/patches/redis-socket/build/0001-Revert-Add-build-submission-and-queue-monitoring.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 069b03f85847ed4a9223183b62ee53f420838911 Mon Sep 17 00:00:00 2001 -From: Julien Moutinho -Date: Thu, 16 Dec 2021 04:54:24 +0100 -Subject: [PATCH builds.sr.ht] Revert "Add build submission and queue - monitoring" - -This reverts commit 690f1aa16c77e418dc40109cd5e8fdf4a7ed947a. - -This has broken Unix socket support for Redis -See https://lists.sr.ht/~sircmpwn/sr.ht-dev/%3C20211208082636.65665-1-me%40ignaskiela.eu%3E#%3C20211216033723.wefibfulfjhqnhem@sourcephile.fr%3E ---- - buildsrht/app.py | 3 --- - buildsrht/runner.py | 9 +-------- - 2 files changed, 1 insertion(+), 11 deletions(-) - -diff --git a/buildsrht/app.py b/buildsrht/app.py -index e5321a2..7c9977c 100644 ---- a/buildsrht/app.py -+++ b/buildsrht/app.py -@@ -36,9 +36,6 @@ class BuildApp(SrhtFlask): - self.register_blueprint(secrets) - self.register_blueprint(gql_blueprint) - -- from buildsrht.runner import builds_queue_metrics_collector -- self.metrics_registry.register(builds_queue_metrics_collector) -- - @self.context_processor - def inject(): - return { -diff --git a/buildsrht/runner.py b/buildsrht/runner.py -index 7773452..0389c8e 100644 ---- a/buildsrht/runner.py -+++ b/buildsrht/runner.py -@@ -5,13 +5,10 @@ from srht.config import cfg - from srht.database import db - from srht.email import send_email - from srht.oauth import UserType --from srht.metrics import RedisQueueCollector --from prometheus_client import Counter - - allow_free = cfg("builds.sr.ht", "allow-free", default="no") == "yes" - --builds_broker = cfg("builds.sr.ht", "redis") --runner = Celery('builds', broker=builds_broker, config_source={ -+runner = Celery('builds', broker=cfg("builds.sr.ht", "redis"), config_source={ - "CELERY_TASK_SERIALIZER": "json", - "CELERY_ACCEPT_CONTENT": ["json"], - "CELERY_RESULT_SERIALIZER": "json", -@@ -19,9 +16,6 @@ runner = Celery('builds', broker=builds_broker, config_source={ - "CELERY_TASK_PROTOCOL": 1 - }) - --builds_queue_metrics_collector = RedisQueueCollector(builds_broker, "buildsrht_builds", "Number of builds currently in queue") --builds_submitted = Counter("buildsrht_builds_submited", "Number of builds submitted") -- - def queue_build(job, manifest): - from buildsrht.types import JobStatus - job.status = JobStatus.queued -@@ -34,7 +28,6 @@ def queue_build(job, manifest): - cfg("sr.ht", "owner-email"), - "Cryptocurrency mining attempt on builds.sr.ht") - else: -- builds_submitted.inc() - run_build.delay(job.id, manifest.to_dict()) - - def requires_payment(user): --- -2.34.0 - diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/core/0001-Fix-Unix-socket-support-in-RedisQueueCollector.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/core/0001-Fix-Unix-socket-support-in-RedisQueueCollector.patch new file mode 100644 index 00000000000..889331f3e07 --- /dev/null +++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/core/0001-Fix-Unix-socket-support-in-RedisQueueCollector.patch @@ -0,0 +1,42 @@ +From 76dd636151735671be74ba9d55f773e190e22827 Mon Sep 17 00:00:00 2001 +From: Julien Moutinho +Date: Fri, 13 May 2022 22:40:46 +0200 +Subject: [PATCH core.sr.ht] Fix Unix socket support in RedisQueueCollector + +The broker URL is not necessarily in the format expected by Redis.from_url + +Especially, Redis.from_url supports this format for Unix sockets: + unix:///run/redis-sourcehut-metasrht/redis.sock?db=0 +See https://redis-py.readthedocs.io/en/stable/#redis.ConnectionPool.from_url + +Whereas Celery+Kombu support Redis but also other transports +and thus expect another scheme: + redis+socket:///run/redis-sourcehut-metasrht/redis.sock?virtual_host=1 +See https://docs.celeryproject.org/en/stable/userguide/configuration.html#redis-backend-settings +and https://github.com/celery/celery/blob/e5d99801e4b56a02af4a2e183879c767228d2817/celery/backends/redis.py#L299-L352 +and https://github.com/celery/kombu/blob/master/kombu/utils/url.py +--- + srht/metrics.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/srht/metrics.py b/srht/metrics.py +index 68caf8e..2df5777 100644 +--- a/srht/metrics.py ++++ b/srht/metrics.py +@@ -1,11 +1,12 @@ + import time ++from celery import Celery + from prometheus_client.metrics_core import GaugeMetricFamily + from redis import Redis, ResponseError + + + class RedisQueueCollector: + def __init__(self, broker, name, documentation, queue_name="celery"): +- self.redis = Redis.from_url(broker) ++ self.redis = Celery("collector", broker=broker).connection_for_read().channel().client + self.queue_name = queue_name + self.name = name + self.documentation = documentation +-- +2.35.1 + diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/0001-Revert-Add-webhook-queue-monitoring.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/0001-Revert-Add-webhook-queue-monitoring.patch deleted file mode 100644 index 4c526dd23e1..00000000000 --- a/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/0001-Revert-Add-webhook-queue-monitoring.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 5ccb5386304c26f25b0a9eb10ce9edb6da32f91a Mon Sep 17 00:00:00 2001 -From: Julien Moutinho -Date: Sat, 12 Feb 2022 00:11:59 +0100 -Subject: [PATCH git.sr.ht] Revert "Add webhook queue monitoring" - -This reverts commit 7ea630b776947ab82438d0ffa263b0f9d33ebff3. - -Which has broken Unix socket support for Redis. -See https://lists.sr.ht/~sircmpwn/sr.ht-dev/%3C20211208082636.65665-1-me%40ignaskiela.eu%3E#%3C20211216033723.wefibfulfjhqnhem@sourcephile.fr%3E ---- - gitsrht/app.py | 3 --- - gitsrht/webhooks.py | 5 +---- - 2 files changed, 1 insertion(+), 7 deletions(-) - -diff --git a/gitsrht/app.py b/gitsrht/app.py -index e9ccb56..4928851 100644 ---- a/gitsrht/app.py -+++ b/gitsrht/app.py -@@ -48,9 +48,6 @@ class GitApp(ScmSrhtFlask): - self.add_template_filter(url_quote) - self.add_template_filter(commit_links) - -- from gitsrht.webhooks import webhook_metrics_collector -- self.metrics_registry.register(webhook_metrics_collector) -- - @self.context_processor - def inject(): - notice = session.get("notice") -diff --git a/gitsrht/webhooks.py b/gitsrht/webhooks.py -index 8a203fe..6240d50 100644 ---- a/gitsrht/webhooks.py -+++ b/gitsrht/webhooks.py -@@ -7,13 +7,10 @@ if not hasattr(db, "session"): - db.init() - from srht.webhook import Event - from srht.webhook.celery import CeleryWebhook, make_worker --from srht.metrics import RedisQueueCollector - from scmsrht.webhooks import UserWebhook - import sqlalchemy as sa - --webhook_broker = cfg("git.sr.ht", "webhooks") --worker = make_worker(broker=webhook_broker) --webhook_metrics_collector = RedisQueueCollector(webhook_broker, "srht_webhooks", "Webhook queue length") -+worker = make_worker(broker=cfg("git.sr.ht", "webhooks")) - - class RepoWebhook(CeleryWebhook): - events = [ --- -2.34.1 - diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/lists/0001-Revert-Add-webhook-queue-monitoring.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/lists/0001-Revert-Add-webhook-queue-monitoring.patch deleted file mode 100644 index 872d285b9bb..00000000000 --- a/pkgs/applications/version-management/sourcehut/patches/redis-socket/lists/0001-Revert-Add-webhook-queue-monitoring.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 730e090f31b150d42be4b4722751f8e4610835b0 Mon Sep 17 00:00:00 2001 -From: Julien Moutinho -Date: Sat, 12 Feb 2022 00:38:12 +0100 -Subject: [PATCH lists.sr.ht] Revert "Add webhook queue monitoring" - -This reverts commit e74e344808e8d523a9786cefcbf64c9a247d7a0e. - -Which has broken Unix socket support for Redis. -See https://lists.sr.ht/~sircmpwn/sr.ht-dev/%3C20211208082636.65665-1-me%40ignaskiela.eu%3E#%3C20211216033723.wefibfulfjhqnhem@sourcephile.fr%3E ---- - listssrht/app.py | 3 --- - listssrht/webhooks.py | 5 +---- - 2 files changed, 1 insertion(+), 7 deletions(-) - -diff --git a/listssrht/app.py b/listssrht/app.py -index aec59f3..83a355d 100644 ---- a/listssrht/app.py -+++ b/listssrht/app.py -@@ -29,9 +29,6 @@ class ListsApp(SrhtFlask): - self.register_blueprint(user) - self.register_blueprint(gql_blueprint) - -- from listssrht.webhooks import webhook_metrics_collector -- self.metrics_registry.register(webhook_metrics_collector) -- - @self.context_processor - def inject(): - from listssrht.types import ListAccess -diff --git a/listssrht/webhooks.py b/listssrht/webhooks.py -index ae5b1cb..86421ba 100644 ---- a/listssrht/webhooks.py -+++ b/listssrht/webhooks.py -@@ -8,11 +8,8 @@ if not hasattr(db, "session"): - db.init() - from srht.webhook import Event - from srht.webhook.celery import CeleryWebhook, make_worker --from srht.metrics import RedisQueueCollector - --webhook_broker = cfg("lists.sr.ht", "webhooks") --worker = make_worker(broker=webhook_broker) --webhook_metrics_collector = RedisQueueCollector(webhook_broker, "srht_webhooks", "Webhook queue length") -+worker = make_worker(broker=cfg("lists.sr.ht", "webhooks")) - - class ListWebhook(CeleryWebhook): - events = [ --- -2.34.1 - diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/meta/0001-Revert-Add-webhook-queue-monitoring.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/meta/0001-Revert-Add-webhook-queue-monitoring.patch deleted file mode 100644 index 9ec37670b06..00000000000 --- a/pkgs/applications/version-management/sourcehut/patches/redis-socket/meta/0001-Revert-Add-webhook-queue-monitoring.patch +++ /dev/null @@ -1,48 +0,0 @@ -From d88bee195797c6c294320617ff14798da94cd0f3 Mon Sep 17 00:00:00 2001 -From: Julien Moutinho -Date: Thu, 16 Dec 2021 04:52:08 +0100 -Subject: [PATCH meta.sr.ht] Revert "Add webhook queue monitoring" - -This reverts commit 9931df3c23094af5179df9ef019ca732b8125dac. - -This has broken Unix socket support for Redis. -See https://lists.sr.ht/~sircmpwn/sr.ht-dev/%3C20211208082636.65665-1-me%40ignaskiela.eu%3E#%3C20211216033723.wefibfulfjhqnhem@sourcephile.fr%3E ---- - metasrht/app.py | 3 --- - metasrht/webhooks.py | 5 +---- - 2 files changed, 1 insertion(+), 7 deletions(-) - -diff --git a/metasrht/app.py b/metasrht/app.py -index b190875..89c59bc 100644 ---- a/metasrht/app.py -+++ b/metasrht/app.py -@@ -49,9 +49,6 @@ class MetaApp(SrhtFlask): - from metasrht.blueprints.billing import billing - self.register_blueprint(billing) - -- from metasrht.webhooks import webhook_metrics_collector -- self.metrics_registry.register(webhook_metrics_collector) -- - @self.context_processor - def inject(): - return { -diff --git a/metasrht/webhooks.py b/metasrht/webhooks.py -index 3e1149e..3f0ba01 100644 ---- a/metasrht/webhooks.py -+++ b/metasrht/webhooks.py -@@ -7,11 +7,8 @@ if not hasattr(db, "session"): - db.init() - from srht.webhook import Event - from srht.webhook.celery import CeleryWebhook, make_worker --from srht.metrics import RedisQueueCollector - --webhook_broker = cfg("meta.sr.ht", "webhooks", "redis://") --worker = make_worker(broker=webhook_broker) --webhook_metrics_collector = RedisQueueCollector(webhook_broker, "srht_webhooks", "Webhook queue length") -+worker = make_worker(broker=cfg("meta.sr.ht", "webhooks", "redis://")) - - class UserWebhook(CeleryWebhook): - events = [ --- -2.34.0 - diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/todo/0001-Revert-Add-webhook-queue-monitoring.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/todo/0001-Revert-Add-webhook-queue-monitoring.patch deleted file mode 100644 index 861608c1184..00000000000 --- a/pkgs/applications/version-management/sourcehut/patches/redis-socket/todo/0001-Revert-Add-webhook-queue-monitoring.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 42a27ea60d8454552d54e1f51f1b976d1067fc32 Mon Sep 17 00:00:00 2001 -From: Julien Moutinho -Date: Sat, 12 Feb 2022 00:30:29 +0100 -Subject: [PATCH todo.sr.ht] Revert "Add webhook queue monitoring" - -This reverts commit 320a5e8f7cd16ca43928c36f0320593f84d986fa. - -Which has broken Unix socket support for Redis. -See https://lists.sr.ht/~sircmpwn/sr.ht-dev/%3C20211208082636.65665-1-me%40ignaskiela.eu%3E#%3C20211216033723.wefibfulfjhqnhem@sourcephile.fr%3E ---- - todosrht/flask.py | 3 --- - todosrht/webhooks.py | 6 +----- - 2 files changed, 1 insertion(+), 8 deletions(-) - -diff --git a/todosrht/flask.py b/todosrht/flask.py -index 5e8ac66..9d0fd27 100644 ---- a/todosrht/flask.py -+++ b/todosrht/flask.py -@@ -43,9 +43,6 @@ class TodoApp(SrhtFlask): - self.add_template_filter(urls.tracker_url) - self.add_template_filter(urls.user_url) - -- from todosrht.webhooks import webhook_metrics_collector -- self.metrics_registry.register(webhook_metrics_collector) -- - @self.context_processor - def inject(): - return { -diff --git a/todosrht/webhooks.py b/todosrht/webhooks.py -index eb8e08a..950047f 100644 ---- a/todosrht/webhooks.py -+++ b/todosrht/webhooks.py -@@ -7,13 +7,9 @@ if not hasattr(db, "session"): - db.init() - from srht.webhook import Event - from srht.webhook.celery import CeleryWebhook, make_worker --from srht.metrics import RedisQueueCollector - import sqlalchemy as sa - -- --webhooks_broker = cfg("todo.sr.ht", "webhooks") --worker = make_worker(broker=webhooks_broker) --webhook_metrics_collector = RedisQueueCollector(webhooks_broker, "srht_webhooks", "Webhook queue length") -+worker = make_worker(broker=cfg("todo.sr.ht", "webhooks")) - - import todosrht.tracker_import - --- -2.34.1 - diff --git a/pkgs/applications/version-management/sourcehut/scm.nix b/pkgs/applications/version-management/sourcehut/scm.nix index 10da3018843..49eea05a7a7 100644 --- a/pkgs/applications/version-management/sourcehut/scm.nix +++ b/pkgs/applications/version-management/sourcehut/scm.nix @@ -9,13 +9,13 @@ buildPythonPackage rec { pname = "scmsrht"; - version = "0.22.19"; # Untagged version + version = "0.22.22"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "scm.sr.ht"; rev = version; - sha256 = "sha256-/QryPjWJ2S0Ov9DTdrwbM81HYucHiYcLh0oKacflywI="; + sha256 = "sha256-iSzzyI8HZOpOb4dyt520MV/wds14fNag2+UOF09KS7w="; }; nativeBuildInputs = srht.nativeBuildInputs; diff --git a/pkgs/applications/version-management/sourcehut/todo.nix b/pkgs/applications/version-management/sourcehut/todo.nix index 1446e68fa69..67367b71ff9 100644 --- a/pkgs/applications/version-management/sourcehut/todo.nix +++ b/pkgs/applications/version-management/sourcehut/todo.nix @@ -1,5 +1,6 @@ { lib , fetchFromSourcehut +, buildGoModule , buildPythonPackage , srht , redis @@ -8,23 +9,31 @@ , pytest , factory_boy , python +, unzip }: buildPythonPackage rec { pname = "todosrht"; - version = "0.67.2"; + version = "0.71.2"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "todo.sr.ht"; rev = version; - sha256 = "sha256-/QHsMlhzyah85ubZyx8j4GDUoITuWcLDJKosbZGeOZU="; + sha256 = "sha256-m7FY+jXpwPnK1+b1iQiDGe8JPfAFQp65BzGH6WvNwhM="; }; - patches = [ - # Revert change breaking Unix socket support for Redis - patches/redis-socket/todo/0001-Revert-Add-webhook-queue-monitoring.patch - ]; + postPatch = '' + substituteInPlace Makefile \ + --replace "all: api" "" + ''; + + todosrht-api = buildGoModule ({ + inherit src version; + pname = "todosrht-api"; + modRoot = "api"; + vendorSha256 = "sha256-ttGT7lUh8O+9KvbaEGWUsthefXQ2ATeli0tnlXCjZFk="; + } // import ./fix-gqlgen-trimpath.nix {inherit unzip;}); nativeBuildInputs = srht.nativeBuildInputs; @@ -40,6 +49,10 @@ buildPythonPackage rec { export SRHT_PATH=${srht}/${python.sitePackages}/srht ''; + postInstall = '' + ln -s ${todosrht-api}/bin/api $out/bin/todosrht-api + ''; + # pytest tests fail checkInputs = [ pytest