diff --git a/nixos/lib/make-options-doc/options-to-docbook.xsl b/nixos/lib/make-options-doc/options-to-docbook.xsl
index da4cd164bf2..30190788f33 100644
--- a/nixos/lib/make-options-doc/options-to-docbook.xsl
+++ b/nixos/lib/make-options-doc/options-to-docbook.xsl
@@ -20,7 +20,7 @@
<title>Configuration Options</title>
<variablelist xml:id="configuration-variable-list">
<xsl:for-each select="attrs">
- <xsl:variable name="id" select="concat('opt-', str:replace(str:replace(str:replace(attr[@name = 'name']/string/@value, '*', '_'), '<', '_'), '>', '_'))" />
+ <xsl:variable name="id" select="concat('opt-', str:replace(str:replace(str:replace(str:replace(attr[@name = 'name']/string/@value, '*', '_'), '<', '_'), '>', '_'), ':', '_'))" />
<varlistentry>
<term xlink:href="#{$id}">
<xsl:attribute name="xml:id"><xsl:value-of select="$id"/></xsl:attribute>
diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix
index 578d9d9ec8d..e7ca0d4e34c 100644
--- a/nixos/modules/services/databases/redis.nix
+++ b/nixos/modules/services/databases/redis.nix
@@ -5,17 +5,18 @@ with lib;
let
cfg = config.services.redis;
- ulimitNofile = cfg.maxclients + 32;
-
mkValueString = value:
if value == true then "yes"
else if value == false then "no"
else generators.mkValueStringDefault { } value;
- redisConfig = pkgs.writeText "redis.conf" (generators.toKeyValue {
+ redisConfig = settings: pkgs.writeText "redis.conf" (generators.toKeyValue {
listsAsDuplicateKeys = true;
mkKeyValue = generators.mkKeyValueDefault { inherit mkValueString; } " ";
- } cfg.settings);
+ } settings);
+
+ redisName = name: "redis" + optionalString (name != "") ("-"+name);
+ enabledServers = filterAttrs (name: conf: conf.enable) config.services.redis.servers;
in {
imports = [
@@ -25,6 +26,27 @@ in {
(mkRemovedOptionModule [ "services" "redis" "appendOnlyFilename" ] "This option was never used.")
(mkRemovedOptionModule [ "services" "redis" "pidFile" ] "This option was removed.")
(mkRemovedOptionModule [ "services" "redis" "extraConfig" ] "Use services.redis.settings instead.")
+ (mkRenamedOptionModule [ "services" "redis" "enable"] [ "services" "redis" "servers" "" "enable" ])
+ (mkRenamedOptionModule [ "services" "redis" "port"] [ "services" "redis" "servers" "" "port" ])
+ (mkRenamedOptionModule [ "services" "redis" "openFirewall"] [ "services" "redis" "servers" "" "openFirewall" ])
+ (mkRenamedOptionModule [ "services" "redis" "bind"] [ "services" "redis" "servers" "" "bind" ])
+ (mkRenamedOptionModule [ "services" "redis" "unixSocket"] [ "services" "redis" "servers" "" "unixSocket" ])
+ (mkRenamedOptionModule [ "services" "redis" "unixSocketPerm"] [ "services" "redis" "servers" "" "unixSocketPerm" ])
+ (mkRenamedOptionModule [ "services" "redis" "logLevel"] [ "services" "redis" "servers" "" "logLevel" ])
+ (mkRenamedOptionModule [ "services" "redis" "logfile"] [ "services" "redis" "servers" "" "logfile" ])
+ (mkRenamedOptionModule [ "services" "redis" "syslog"] [ "services" "redis" "servers" "" "syslog" ])
+ (mkRenamedOptionModule [ "services" "redis" "databases"] [ "services" "redis" "servers" "" "databases" ])
+ (mkRenamedOptionModule [ "services" "redis" "maxclients"] [ "services" "redis" "servers" "" "maxclients" ])
+ (mkRenamedOptionModule [ "services" "redis" "save"] [ "services" "redis" "servers" "" "save" ])
+ (mkRenamedOptionModule [ "services" "redis" "slaveOf"] [ "services" "redis" "servers" "" "slaveOf" ])
+ (mkRenamedOptionModule [ "services" "redis" "masterAuth"] [ "services" "redis" "servers" "" "masterAuth" ])
+ (mkRenamedOptionModule [ "services" "redis" "requirePass"] [ "services" "redis" "servers" "" "requirePass" ])
+ (mkRenamedOptionModule [ "services" "redis" "requirePassFile"] [ "services" "redis" "servers" "" "requirePassFile" ])
+ (mkRenamedOptionModule [ "services" "redis" "appendOnly"] [ "services" "redis" "servers" "" "appendOnly" ])
+ (mkRenamedOptionModule [ "services" "redis" "appendFsync"] [ "services" "redis" "servers" "" "appendFsync" ])
+ (mkRenamedOptionModule [ "services" "redis" "slowLogLogSlowerThan"] [ "services" "redis" "servers" "" "slowLogLogSlowerThan" ])
+ (mkRenamedOptionModule [ "services" "redis" "slowLogMaxLen"] [ "services" "redis" "servers" "" "slowLogMaxLen" ])
+ (mkRenamedOptionModule [ "services" "redis" "settings"] [ "services" "redis" "servers" "" "settings" ])
];
###### interface
@@ -32,18 +54,6 @@ in {
options = {
services.redis = {
-
- enable = mkOption {
- type = types.bool;
- default = false;
- description = ''
- Whether to enable the Redis server. Note that the NixOS module for
- Redis disables kernel support for Transparent Huge Pages (THP),
- because this features causes major performance problems for Redis,
- e.g. (https://redis.io/topics/latency).
- '';
- };
-
package = mkOption {
type = types.package;
default = pkgs.redis;
@@ -51,176 +61,226 @@ in {
description = "Which Redis derivation to use.";
};
- port = mkOption {
- type = types.port;
- default = 6379;
- description = "The port for Redis to listen to.";
- };
+ vmOverCommit = mkEnableOption ''
+ setting of vm.overcommit_memory to 1
+ (Suggested for Background Saving: http://redis.io/topics/faq)
+ '';
- vmOverCommit = mkOption {
- type = types.bool;
- default = false;
- description = ''
- Set vm.overcommit_memory to 1 (Suggested for Background Saving: http://redis.io/topics/faq)
- '';
- };
-
- openFirewall = mkOption {
- type = types.bool;
- default = false;
- description = ''
- Whether to open ports in the firewall for the server.
- '';
- };
-
- bind = mkOption {
- type = with types; nullOr str;
- default = "127.0.0.1";
- description = ''
- The IP interface to bind to.
- <literal>null</literal> means "all interfaces".
- '';
- example = "192.0.2.1";
- };
-
- unixSocket = mkOption {
- type = with types; nullOr path;
- default = null;
- description = "The path to the socket to bind to.";
- example = "/run/redis/redis.sock";
- };
-
- unixSocketPerm = mkOption {
- type = types.int;
- default = 750;
- description = "Change permissions for the socket";
- example = 700;
- };
-
- logLevel = mkOption {
- type = types.str;
- default = "notice"; # debug, verbose, notice, warning
- example = "debug";
- description = "Specify the server verbosity level, options: debug, verbose, notice, warning.";
- };
-
- logfile = mkOption {
- type = types.str;
- default = "/dev/null";
- description = "Specify the log file name. Also 'stdout' can be used to force Redis to log on the standard output.";
- example = "/var/log/redis.log";
- };
-
- syslog = mkOption {
- type = types.bool;
- default = true;
- description = "Enable logging to the system logger.";
- };
-
- databases = mkOption {
- type = types.int;
- default = 16;
- description = "Set the number of databases.";
- };
-
- maxclients = mkOption {
- type = types.int;
- default = 10000;
- description = "Set the max number of connected clients at the same time.";
- };
-
- save = mkOption {
- type = with types; listOf (listOf int);
- default = [ [900 1] [300 10] [60 10000] ];
- description = "The schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes.";
- };
-
- slaveOf = mkOption {
- type = with types; nullOr (submodule ({ ... }: {
+ servers = mkOption {
+ type = with types; attrsOf (submodule ({config, name, ...}@args: {
options = {
- ip = mkOption {
- type = str;
- description = "IP of the Redis master";
- example = "192.168.1.100";
+ enable = mkEnableOption ''
+ Redis server.
+
+ Note that the NixOS module for Redis disables kernel support
+ for Transparent Huge Pages (THP),
+ because this features causes major performance problems for Redis,
+ e.g. (https://redis.io/topics/latency).
+ '';
+
+ user = mkOption {
+ type = types.str;
+ default = redisName name;
+ defaultText = "\"redis\" or \"redis-\${name}\" if name != \"\"";
+ description = "The username and groupname for redis-server.";
};
port = mkOption {
- type = port;
- description = "port of the Redis master";
+ type = types.port;
default = 6379;
+ description = "The port for Redis to listen to.";
+ };
+
+ openFirewall = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Whether to open ports in the firewall for the server.
+ '';
+ };
+
+ bind = mkOption {
+ type = with types; nullOr str;
+ default = if name == "" then "127.0.0.1" else null;
+ defaultText = "127.0.0.1 or null if name != \"\"";
+ description = ''
+ The IP interface to bind to.
+ <literal>null</literal> means "all interfaces".
+ '';
+ example = "192.0.2.1";
+ };
+
+ unixSocket = mkOption {
+ type = with types; nullOr path;
+ default = "/run/${redisName name}/redis.sock";
+ defaultText = "\"/run/redis/redis.sock\" or \"/run/redis-\${name}/redis.sock\" if name != \"\"";
+ description = "The path to the socket to bind to.";
+ };
+
+ unixSocketPerm = mkOption {
+ type = types.int;
+ default = 660;
+ description = "Change permissions for the socket";
+ example = 600;
+ };
+
+ logLevel = mkOption {
+ type = types.str;
+ default = "notice"; # debug, verbose, notice, warning
+ example = "debug";
+ description = "Specify the server verbosity level, options: debug, verbose, notice, warning.";
+ };
+
+ logfile = mkOption {
+ type = types.str;
+ default = "/dev/null";
+ description = "Specify the log file name. Also 'stdout' can be used to force Redis to log on the standard output.";
+ example = "/var/log/redis.log";
+ };
+
+ syslog = mkOption {
+ type = types.bool;
+ default = true;
+ description = "Enable logging to the system logger.";
+ };
+
+ databases = mkOption {
+ type = types.int;
+ default = 16;
+ description = "Set the number of databases.";
+ };
+
+ maxclients = mkOption {
+ type = types.int;
+ default = 10000;
+ description = "Set the max number of connected clients at the same time.";
+ };
+
+ save = mkOption {
+ type = with types; listOf (listOf int);
+ default = [ [900 1] [300 10] [60 10000] ];
+ description = "The schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes.";
+ };
+
+ slaveOf = mkOption {
+ type = with types; nullOr (submodule ({ ... }: {
+ options = {
+ ip = mkOption {
+ type = str;
+ description = "IP of the Redis master";
+ example = "192.168.1.100";
+ };
+
+ port = mkOption {
+ type = port;
+ description = "port of the Redis master";
+ default = 6379;
+ };
+ };
+ }));
+
+ default = null;
+ description = "IP and port to which this redis instance acts as a slave.";
+ example = { ip = "192.168.1.100"; port = 6379; };
+ };
+
+ masterAuth = mkOption {
+ type = with types; nullOr str;
+ default = null;
+ description = ''If the master is password protected (using the requirePass configuration)
+ it is possible to tell the slave to authenticate before starting the replication synchronization
+ process, otherwise the master will refuse the slave request.
+ (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)'';
+ };
+
+ requirePass = mkOption {
+ type = with types; nullOr str;
+ default = null;
+ description = ''
+ Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE).
+ Use requirePassFile to store it outside of the nix store in a dedicated file.
+ '';
+ example = "letmein!";
+ };
+
+ requirePassFile = mkOption {
+ type = with types; nullOr path;
+ default = null;
+ description = "File with password for the database.";
+ example = "/run/keys/redis-password";
+ };
+
+ appendOnly = mkOption {
+ type = types.bool;
+ default = false;
+ description = "By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.";
+ };
+
+ appendFsync = mkOption {
+ type = types.str;
+ default = "everysec"; # no, always, everysec
+ description = "How often to fsync the append-only log, options: no, always, everysec.";
+ };
+
+ slowLogLogSlowerThan = mkOption {
+ type = types.int;
+ default = 10000;
+ description = "Log queries whose execution take longer than X in milliseconds.";
+ example = 1000;
+ };
+
+ slowLogMaxLen = mkOption {
+ type = types.int;
+ default = 128;
+ description = "Maximum number of items to keep in slow log.";
+ };
+
+ settings = mkOption {
+ # TODO: this should be converted to freeformType
+ type = with types; attrsOf (oneOf [ bool int str (listOf str) ]);
+ default = {};
+ description = ''
+ Redis configuration. Refer to
+ <link xlink:href="https://redis.io/topics/config"/>
+ for details on supported values.
+ '';
+ example = literalExpression ''
+ {
+ loadmodule = [ "/path/to/my_module.so" "/path/to/other_module.so" ];
+ }
+ '';
};
};
+ config.settings = mkMerge [
+ {
+ port = if config.bind == null then 0 else config.port;
+ daemonize = false;
+ supervised = "systemd";
+ loglevel = config.logLevel;
+ logfile = config.logfile;
+ syslog-enabled = config.syslog;
+ databases = config.databases;
+ maxclients = config.maxclients;
+ save = map (d: "${toString (builtins.elemAt d 0)} ${toString (builtins.elemAt d 1)}") config.save;
+ dbfilename = "dump.rdb";
+ dir = "/var/lib/${redisName name}";
+ appendOnly = config.appendOnly;
+ appendfsync = config.appendFsync;
+ slowlog-log-slower-than = config.slowLogLogSlowerThan;
+ slowlog-max-len = config.slowLogMaxLen;
+ }
+ (mkIf (config.bind != null) { bind = config.bind; })
+ (mkIf (config.unixSocket != null) {
+ unixsocket = config.unixSocket;
+ unixsocketperm = toString config.unixSocketPerm;
+ })
+ (mkIf (config.slaveOf != null) { slaveof = "${config.slaveOf.ip} ${toString config.slaveOf.port}"; })
+ (mkIf (config.masterAuth != null) { masterauth = config.masterAuth; })
+ (mkIf (config.requirePass != null) { requirepass = config.requirePass; })
+ ];
}));
-
- default = null;
- description = "IP and port to which this redis instance acts as a slave.";
- example = { ip = "192.168.1.100"; port = 6379; };
- };
-
- masterAuth = mkOption {
- type = with types; nullOr str;
- default = null;
- description = ''If the master is password protected (using the requirePass configuration)
- it is possible to tell the slave to authenticate before starting the replication synchronization
- process, otherwise the master will refuse the slave request.
- (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)'';
- };
-
- requirePass = mkOption {
- type = with types; nullOr str;
- default = null;
- description = ''
- Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE).
- Use requirePassFile to store it outside of the nix store in a dedicated file.
- '';
- example = "letmein!";
- };
-
- requirePassFile = mkOption {
- type = with types; nullOr path;
- default = null;
- description = "File with password for the database.";
- example = "/run/keys/redis-password";
- };
-
- appendOnly = mkOption {
- type = types.bool;
- default = false;
- description = "By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.";
- };
-
- appendFsync = mkOption {
- type = types.str;
- default = "everysec"; # no, always, everysec
- description = "How often to fsync the append-only log, options: no, always, everysec.";
- };
-
- slowLogLogSlowerThan = mkOption {
- type = types.int;
- default = 10000;
- description = "Log queries whose execution take longer than X in milliseconds.";
- example = 1000;
- };
-
- slowLogMaxLen = mkOption {
- type = types.int;
- default = 128;
- description = "Maximum number of items to keep in slow log.";
- };
-
- settings = mkOption {
- type = with types; attrsOf (oneOf [ bool int str (listOf str) ]);
+ description = "Configuration of multiple <literal>redis-server</literal> instances.";
default = {};
- description = ''
- Redis configuration. Refer to
- <link xlink:href="https://redis.io/topics/config"/>
- for details on supported values.
- '';
- example = literalExpression ''
- {
- loadmodule = [ "/path/to/my_module.so" "/path/to/other_module.so" ];
- }
- '';
};
};
@@ -229,78 +289,61 @@ in {
###### implementation
- config = mkIf config.services.redis.enable {
- assertions = [{
- assertion = cfg.requirePass != null -> cfg.requirePassFile == null;
- message = "You can only set one services.redis.requirePass or services.redis.requirePassFile";
- }];
- boot.kernel.sysctl = (mkMerge [
+ config = mkIf (enabledServers != {}) {
+
+ assertions = attrValues (mapAttrs (name: conf: {
+ assertion = conf.requirePass != null -> conf.requirePassFile == null;
+ message = ''
+ You can only set one services.redis.servers.${name}.requirePass
+ or services.redis.servers.${name}.requirePassFile
+ '';
+ }) enabledServers);
+
+ boot.kernel.sysctl = mkMerge [
{ "vm.nr_hugepages" = "0"; }
( mkIf cfg.vmOverCommit { "vm.overcommit_memory" = "1"; } )
- ]);
+ ];
- networking.firewall = mkIf cfg.openFirewall {
- allowedTCPPorts = [ cfg.port ];
- };
-
- users.users.redis = {
- description = "Redis database user";
- group = "redis";
- isSystemUser = true;
- };
- users.groups.redis = {};
+ networking.firewall.allowedTCPPorts = concatMap (conf:
+ optional conf.openFirewall conf.port
+ ) (attrValues enabledServers);
environment.systemPackages = [ cfg.package ];
- services.redis.settings = mkMerge [
- {
- port = cfg.port;
- daemonize = false;
- supervised = "systemd";
- loglevel = cfg.logLevel;
- logfile = cfg.logfile;
- syslog-enabled = cfg.syslog;
- databases = cfg.databases;
- maxclients = cfg.maxclients;
- save = map (d: "${toString (builtins.elemAt d 0)} ${toString (builtins.elemAt d 1)}") cfg.save;
- dbfilename = "dump.rdb";
- dir = "/var/lib/redis";
- appendOnly = cfg.appendOnly;
- appendfsync = cfg.appendFsync;
- slowlog-log-slower-than = cfg.slowLogLogSlowerThan;
- slowlog-max-len = cfg.slowLogMaxLen;
- }
- (mkIf (cfg.bind != null) { bind = cfg.bind; })
- (mkIf (cfg.unixSocket != null) { unixsocket = cfg.unixSocket; unixsocketperm = "${toString cfg.unixSocketPerm}"; })
- (mkIf (cfg.slaveOf != null) { slaveof = "${cfg.slaveOf.ip} ${toString cfg.slaveOf.port}"; })
- (mkIf (cfg.masterAuth != null) { masterauth = cfg.masterAuth; })
- (mkIf (cfg.requirePass != null) { requirepass = cfg.requirePass; })
- ];
+ users.users = mapAttrs' (name: conf: nameValuePair (redisName name) {
+ description = "System user for the redis-server instance ${name}";
+ isSystemUser = true;
+ group = redisName name;
+ }) enabledServers;
+ users.groups = mapAttrs' (name: conf: nameValuePair (redisName name) {
+ }) enabledServers;
- systemd.services.redis = {
- description = "Redis Server";
+ systemd.services = mapAttrs' (name: conf: nameValuePair (redisName name) {
+ description = "Redis Server - ${redisName name}";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
- preStart = ''
- install -m 600 ${redisConfig} /run/redis/redis.conf
- '' + optionalString (cfg.requirePassFile != null) ''
- password=$(cat ${escapeShellArg cfg.requirePassFile})
- echo "requirePass $password" >> /run/redis/redis.conf
- '';
-
serviceConfig = {
- ExecStart = "${cfg.package}/bin/redis-server /run/redis/redis.conf";
+ ExecStart = "${cfg.package}/bin/redis-server /run/${redisName name}/redis.conf";
+ ExecStartPre = [("+"+pkgs.writeShellScript "${redisName name}-credentials" (''
+ install -o '${conf.user}' -m 600 ${redisConfig conf.settings} /run/${redisName name}/redis.conf
+ '' + optionalString (conf.requirePassFile != null) ''
+ {
+ printf requirePass' '
+ cat ${escapeShellArg conf.requirePassFile}
+ } >>/run/${redisName name}/redis.conf
+ '')
+ )];
Type = "notify";
# User and group
- User = "redis";
- Group = "redis";
+ User = conf.user;
+ Group = conf.user;
# Runtime directory and mode
- RuntimeDirectory = "redis";
+ RuntimeDirectory = redisName name;
RuntimeDirectoryMode = "0750";
# State directory and mode
- StateDirectory = "redis";
+ StateDirectory = redisName name;
StateDirectoryMode = "0700";
# Access write directories
UMask = "0077";
@@ -309,7 +352,7 @@ in {
# Security
NoNewPrivileges = true;
# Process Properties
- LimitNOFILE = "${toString ulimitNofile}";
+ LimitNOFILE = mkDefault "${toString (conf.maxclients + 32)}";
# Sandboxing
ProtectSystem = "strict";
ProtectHome = true;
@@ -322,7 +365,9 @@ in {
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
- RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
+ RestrictAddressFamilies =
+ optionals (conf.bind != null) ["AF_INET" "AF_INET6"] ++
+ optional (conf.unixSocket != null) "AF_UNIX";
RestrictNamespaces = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
@@ -333,6 +378,7 @@ in {
SystemCallArchitectures = "native";
SystemCallFilter = "~@cpu-emulation @debug @keyring @memlock @mount @obsolete @privileged @resources @setuid";
};
- };
+ }) enabledServers;
+
};
}
diff --git a/nixos/modules/services/misc/sourcehut/builds.nix b/nixos/modules/services/misc/sourcehut/builds.nix
deleted file mode 100644
index f806e8c51b9..00000000000
--- a/nixos/modules/services/misc/sourcehut/builds.nix
+++ /dev/null
@@ -1,234 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.services.sourcehut;
- scfg = cfg.builds;
- rcfg = config.services.redis;
- iniKey = "builds.sr.ht";
-
- drv = pkgs.sourcehut.buildsrht;
-in
-{
- options.services.sourcehut.builds = {
- user = mkOption {
- type = types.str;
- default = "buildsrht";
- description = ''
- User for builds.sr.ht.
- '';
- };
-
- port = mkOption {
- type = types.port;
- default = 5002;
- description = ''
- Port on which the "builds" module should listen.
- '';
- };
-
- database = mkOption {
- type = types.str;
- default = "builds.sr.ht";
- description = ''
- PostgreSQL database name for builds.sr.ht.
- '';
- };
-
- statePath = mkOption {
- type = types.path;
- default = "${cfg.statePath}/buildsrht";
- description = ''
- State path for builds.sr.ht.
- '';
- };
-
- enableWorker = mkOption {
- type = types.bool;
- default = false;
- description = ''
- Run workers for builds.sr.ht.
- '';
- };
-
- images = mkOption {
- type = types.attrsOf (types.attrsOf (types.attrsOf types.package));
- default = { };
- example = lib.literalExpression ''(let
- # Pinning unstable to allow usage with flakes and limit rebuilds.
- pkgs_unstable = builtins.fetchGit {
- url = "https://github.com/NixOS/nixpkgs";
- rev = "ff96a0fa5635770390b184ae74debea75c3fd534";
- ref = "nixos-unstable";
- };
- image_from_nixpkgs = pkgs_unstable: (import ("${pkgs.sourcehut.buildsrht}/lib/images/nixos/image.nix") {
- pkgs = (import pkgs_unstable {});
- });
- in
- {
- nixos.unstable.x86_64 = image_from_nixpkgs pkgs_unstable;
- }
- )'';
- description = ''
- Images for builds.sr.ht. Each package should be distro.release.arch and point to a /nix/store/package/root.img.qcow2.
- '';
- };
-
- };
-
- config = with scfg; let
- image_dirs = lib.lists.flatten (
- lib.attrsets.mapAttrsToList
- (distro: revs:
- lib.attrsets.mapAttrsToList
- (rev: archs:
- lib.attrsets.mapAttrsToList
- (arch: image:
- pkgs.runCommand "buildsrht-images" { } ''
- mkdir -p $out/${distro}/${rev}/${arch}
- ln -s ${image}/*.qcow2 $out/${distro}/${rev}/${arch}/root.img.qcow2
- '')
- archs)
- revs)
- scfg.images);
- image_dir_pre = pkgs.symlinkJoin {
- name = "builds.sr.ht-worker-images-pre";
- paths = image_dirs ++ [
- "${pkgs.sourcehut.buildsrht}/lib/images"
- ];
- };
- image_dir = pkgs.runCommand "builds.sr.ht-worker-images" { } ''
- mkdir -p $out/images
- cp -Lr ${image_dir_pre}/* $out/images
- '';
- in
- lib.mkIf (cfg.enable && elem "builds" cfg.services) {
- users = {
- users = {
- "${user}" = {
- isSystemUser = true;
- group = user;
- extraGroups = lib.optionals cfg.builds.enableWorker [ "docker" ];
- description = "builds.sr.ht user";
- };
- };
-
- groups = {
- "${user}" = { };
- };
- };
-
- services.postgresql = {
- authentication = ''
- local ${database} ${user} trust
- '';
- ensureDatabases = [ database ];
- ensureUsers = [
- {
- name = user;
- ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
- }
- ];
- };
-
- systemd = {
- tmpfiles.rules = [
- "d ${statePath} 0755 ${user} ${user} -"
- ] ++ (lib.optionals cfg.builds.enableWorker
- [ "d ${statePath}/logs 0775 ${user} ${user} - -" ]
- );
-
- services = {
- buildsrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey
- {
- after = [ "postgresql.service" "network.target" ];
- requires = [ "postgresql.service" ];
- wantedBy = [ "multi-user.target" ];
-
- description = "builds.sr.ht website service";
-
- serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
-
- # Hack to bypass this hack: https://git.sr.ht/~sircmpwn/core.sr.ht/tree/master/item/srht-update-profiles#L6
- } // { preStart = " "; };
-
- buildsrht-worker = {
- enable = scfg.enableWorker;
- after = [ "postgresql.service" "network.target" ];
- requires = [ "postgresql.service" ];
- wantedBy = [ "multi-user.target" ];
- partOf = [ "buildsrht.service" ];
- description = "builds.sr.ht worker service";
- path = [ pkgs.openssh pkgs.docker ];
- preStart = let qemuPackage = pkgs.qemu_kvm;
- in ''
- if [[ "$(docker images -q qemu:latest 2> /dev/null)" == "" || "$(cat ${statePath}/docker-image-qemu 2> /dev/null || true)" != "${qemuPackage.version}" ]]; then
- # Create and import qemu:latest image for docker
- ${
- pkgs.dockerTools.streamLayeredImage {
- name = "qemu";
- tag = "latest";
- contents = [ qemuPackage ];
- }
- } | docker load
- # Mark down current package version
- printf "%s" "${qemuPackage.version}" > ${statePath}/docker-image-qemu
- fi
- '';
- serviceConfig = {
- Type = "simple";
- User = user;
- Group = "nginx";
- Restart = "always";
- };
- serviceConfig.ExecStart = "${pkgs.sourcehut.buildsrht}/bin/builds.sr.ht-worker";
- };
- };
- };
-
- services.sourcehut.settings = {
- # URL builds.sr.ht is being served at (protocol://domain)
- "builds.sr.ht".origin = mkDefault "http://builds.${cfg.originBase}";
- # Address and port to bind the debug server to
- "builds.sr.ht".debug-host = mkDefault "0.0.0.0";
- "builds.sr.ht".debug-port = mkDefault port;
- # Configures the SQLAlchemy connection string for the database.
- "builds.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
- # Set to "yes" to automatically run migrations on package upgrade.
- "builds.sr.ht".migrate-on-upgrade = mkDefault "yes";
- # builds.sr.ht's OAuth client ID and secret for meta.sr.ht
- # Register your client at meta.example.org/oauth
- "builds.sr.ht".oauth-client-id = mkDefault null;
- "builds.sr.ht".oauth-client-secret = mkDefault null;
- # The redis connection used for the celery worker
- "builds.sr.ht".redis = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/3";
- # The shell used for ssh
- "builds.sr.ht".shell = mkDefault "runner-shell";
- # Register the builds.sr.ht dispatcher
- "git.sr.ht::dispatch".${builtins.unsafeDiscardStringContext "${pkgs.sourcehut.buildsrht}/bin/buildsrht-keys"} = mkDefault "${user}:${user}";
-
- # Location for build logs, images, and control command
- } // lib.attrsets.optionalAttrs scfg.enableWorker {
- # Default worker stores logs that are accessible via this address:port
- "builds.sr.ht::worker".name = mkDefault "127.0.0.1:5020";
- "builds.sr.ht::worker".buildlogs = mkDefault "${scfg.statePath}/logs";
- "builds.sr.ht::worker".images = mkDefault "${image_dir}/images";
- "builds.sr.ht::worker".controlcmd = mkDefault "${image_dir}/images/control";
- "builds.sr.ht::worker".timeout = mkDefault "3m";
- };
-
- services.nginx.virtualHosts."logs.${cfg.originBase}" =
- if scfg.enableWorker then {
- listen = with builtins; let address = split ":" cfg.settings."builds.sr.ht::worker".name;
- in [{ addr = elemAt address 0; port = lib.toInt (elemAt address 2); }];
- locations."/logs".root = "${scfg.statePath}";
- } else { };
-
- services.nginx.virtualHosts."builds.${cfg.originBase}" = {
- forceSSL = true;
- locations."/".proxyPass = "http://${cfg.address}:${toString port}";
- locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
- locations."/static".root = "${pkgs.sourcehut.buildsrht}/${pkgs.sourcehut.python.sitePackages}/buildsrht";
- };
- };
-}
diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix
index 9c812d6b043..d4d8b2218e8 100644
--- a/nixos/modules/services/misc/sourcehut/default.nix
+++ b/nixos/modules/services/misc/sourcehut/default.nix
@@ -1,14 +1,90 @@
{ config, pkgs, lib, ... }:
-
with lib;
let
+ inherit (config.services) nginx postfix postgresql redis;
+ inherit (config.users) users groups;
cfg = config.services.sourcehut;
- cfgIni = cfg.settings;
- settingsFormat = pkgs.formats.ini { };
+ domain = cfg.settings."sr.ht".global-domain;
+ settingsFormat = pkgs.formats.ini {
+ listToValue = concatMapStringsSep "," (generators.mkValueStringDefault {});
+ mkKeyValue = k: v:
+ if v == null then ""
+ else generators.mkKeyValueDefault {
+ mkValueString = v:
+ if v == true then "yes"
+ else if v == false then "no"
+ else generators.mkValueStringDefault {} v;
+ } "=" k v;
+ };
+ configIniOfService = srv: settingsFormat.generate "sourcehut-${srv}-config.ini"
+ # Each service needs access to only a subset of sections (and secrets).
+ (filterAttrs (k: v: v != null)
+ (mapAttrs (section: v:
+ let srvMatch = builtins.match "^([a-z]*)\\.sr\\.ht(::.*)?$" section; in
+ if srvMatch == null # Include sections shared by all services
+ || head srvMatch == srv # Include sections for the service being configured
+ then v
+ # Enable Web links and integrations between services.
+ else if tail srvMatch == [ null ] && elem (head srvMatch) cfg.services
+ then {
+ inherit (v) origin;
+ # mansrht crashes without it
+ oauth-client-id = v.oauth-client-id or null;
+ }
+ # Drop sub-sections of other services
+ else null)
+ (recursiveUpdate cfg.settings {
+ # Those paths are mounted using BindPaths= or BindReadOnlyPaths=
+ # for services needing access to them.
+ "builds.sr.ht::worker".buildlogs = "/var/log/sourcehut/buildsrht/logs";
+ "git.sr.ht".post-update-script = "/var/lib/sourcehut/gitsrht/bin/post-update-script";
+ "git.sr.ht".repos = "/var/lib/sourcehut/gitsrht/repos";
+ "hg.sr.ht".changegroup-script = "/var/lib/sourcehut/hgsrht/bin/changegroup-script";
+ "hg.sr.ht".repos = "/var/lib/sourcehut/hgsrht/repos";
+ # Making this a per service option despite being in a global section,
+ # so that it uses the redis-server used by the service.
+ "sr.ht".redis-host = cfg.${srv}.redis.host;
+ })));
+ commonServiceSettings = srv: {
+ origin = mkOption {
+ description = "URL ${srv}.sr.ht is being served at (protocol://domain)";
+ type = types.str;
+ default = "https://${srv}.${domain}";
+ defaultText = "https://${srv}.example.com";
+ };
+ debug-host = mkOption {
+ description = "Address to bind the debug server to.";
+ type = with types; nullOr str;
+ default = null;
+ };
+ debug-port = mkOption {
+ description = "Port to bind the debug server to.";
+ type = with types; nullOr str;
+ default = null;
+ };
+ connection-string = mkOption {
+ description = "SQLAlchemy connection string for the database.";
+ type = types.str;
+ default = "postgresql:///localhost?user=${srv}srht&host=/run/postgresql";
+ };
+ migrate-on-upgrade = mkEnableOption "automatic migrations on package upgrade" // { default = true; };
+ oauth-client-id = mkOption {
+ description = "${srv}.sr.ht's OAuth client id for meta.sr.ht.";
+ type = types.str;
+ };
+ oauth-client-secret = mkOption {
+ description = "${srv}.sr.ht's OAuth client secret for meta.sr.ht.";
+ type = types.path;
+ apply = s: "<" + toString s;
+ };
+ };
# Specialized python containing all the modules
python = pkgs.sourcehut.python.withPackages (ps: with ps; [
gunicorn
+ eventlet
+ # For monitoring Celery: sudo -u listssrht celery --app listssrht.process -b redis+socket:///run/redis-sourcehut/redis.sock?virtual_host=5 flower
+ flower
# Sourcehut services
srht
buildsrht
@@ -19,69 +95,37 @@ let
listssrht
mansrht
metasrht
+ # Not a python package
+ #pagessrht
pastesrht
todosrht
]);
+ mkOptionNullOrStr = description: mkOption {
+ inherit description;
+ type = with types; nullOr str;
+ default = null;
+ };
in
{
- imports =
- [
- ./git.nix
- ./hg.nix
- ./hub.nix
- ./todo.nix
- ./man.nix
- ./meta.nix
- ./paste.nix
- ./builds.nix
- ./lists.nix
- ./dispatch.nix
- (mkRemovedOptionModule [ "services" "sourcehut" "nginx" "enable" ] ''
- The sourcehut module supports `nginx` as a local reverse-proxy by default and doesn't
- support other reverse-proxies officially.
-
- However it's possible to use an alternative reverse-proxy by
-
- * disabling nginx
- * adjusting the relevant settings for server addresses and ports directly
-
- Further details about this can be found in the `Sourcehut`-section of the NixOS-manual.
- '')
- ];
-
options.services.sourcehut = {
- enable = mkOption {
- type = types.bool;
- default = false;
- description = ''
- Enable sourcehut - git hosting, continuous integration, mailing list, ticket tracking,
- task dispatching, wiki and account management services
- '';
- };
+ enable = mkEnableOption ''
+ sourcehut - git hosting, continuous integration, mailing list, ticket tracking,
+ task dispatching, wiki and account management services
+ '';
services = mkOption {
- type = types.nonEmptyListOf (types.enum [ "builds" "dispatch" "git" "hub" "hg" "lists" "man" "meta" "paste" "todo" ]);
- default = [ "man" "meta" "paste" ];
- example = [ "builds" "dispatch" "git" "hub" "hg" "lists" "man" "meta" "paste" "todo" ];
+ type = with types; listOf (enum
+ [ "builds" "dispatch" "git" "hg" "hub" "lists" "man" "meta" "pages" "paste" "todo" ]);
+ defaultText = "locally enabled services";
description = ''
- Services to enable on the sourcehut network.
+ Services that may be displayed as links in the title bar of the Web interface.
'';
};
- originBase = mkOption {
+ listenAddress = mkOption {
type = types.str;
- default = with config.networking; hostName + lib.optionalString (domain != null) ".${domain}";
- description = ''
- Host name used by reverse-proxy and for default settings. Will host services at git."''${originBase}". For example: git.sr.ht
- '';
- };
-
- address = mkOption {
- type = types.str;
- default = "127.0.0.1";
- description = ''
- Address to bind to.
- '';
+ default = "localhost";
+ description = "Address to bind to.";
};
python = mkOption {
@@ -94,105 +138,1212 @@ in
'';
};
- statePath = mkOption {
- type = types.path;
- default = "/var/lib/sourcehut";
- description = ''
- Root state path for the sourcehut network. If left as the default value
- this directory will automatically be created before the sourcehut server
- starts, otherwise the sysadmin is responsible for ensuring the
- directory exists with appropriate ownership and permissions.
- '';
+ minio = {
+ enable = mkEnableOption ''local minio integration'';
+ };
+
+ nginx = {
+ enable = mkEnableOption ''local nginx integration'';
+ virtualHost = mkOption {
+ type = types.attrs;
+ default = {};
+ description = "Virtual-host configuration merged with all Sourcehut's virtual-hosts.";
+ };
+ };
+
+ postfix = {
+ enable = mkEnableOption ''local postfix integration'';
+ };
+
+ postgresql = {
+ enable = mkEnableOption ''local postgresql integration'';
+ };
+
+ redis = {
+ enable = mkEnableOption ''local redis integration in a dedicated redis-server'';
};
settings = mkOption {
type = lib.types.submodule {
freeformType = settingsFormat.type;
+ options."sr.ht" = {
+ global-domain = mkOption {
+ description = "Global domain name.";
+ type = types.str;
+ example = "example.com";
+ };
+ environment = mkOption {
+ description = "Values other than \"production\" adds a banner to each page.";
+ type = types.enum [ "development" "production" ];
+ default = "development";
+ };
+ network-key = mkOption {
+ description = ''
+ An absolute file path (which should be outside the Nix-store)
+ to a secret key to encrypt internal messages with. Use <code>srht-keygen network</code> to
+ generate this key. It must be consistent between all services and nodes.
+ '';
+ type = types.path;
+ apply = s: "<" + toString s;
+ };
+ owner-email = mkOption {
+ description = "Owner's email.";
+ type = types.str;
+ default = "contact@example.com";
+ };
+ owner-name = mkOption {
+ description = "Owner's name.";
+ type = types.str;
+ default = "John Doe";
+ };
+ site-blurb = mkOption {
+ description = "Blurb for your site.";
+ type = types.str;
+ default = "the hacker's forge";
+ };
+ site-info = mkOption {
+ description = "The top-level info page for your site.";
+ type = types.str;
+ default = "https://sourcehut.org";
+ };
+ service-key = mkOption {
+ description = ''
+ An absolute file path (which should be outside the Nix-store)
+ to a key used for encrypting session cookies. Use <code>srht-keygen service</code> to
+ generate the service key. This must be shared between each node of the same
+ service (e.g. git1.sr.ht and git2.sr.ht), but different services may use
+ different keys. If you configure all of your services with the same
+ config.ini, you may use the same service-key for all of them.
+ '';
+ type = types.path;
+ apply = s: "<" + toString s;
+ };
+ site-name = mkOption {
+ description = "The name of your network of sr.ht-based sites.";
+ type = types.str;
+ default = "sourcehut";
+ };
+ source-url = mkOption {
+ description = "The source code for your fork of sr.ht.";
+ type = types.str;
+ default = "https://git.sr.ht/~sircmpwn/srht";
+ };
+ };
+ options.mail = {
+ smtp-host = mkOptionNullOrStr "Outgoing SMTP host.";
+ smtp-port = mkOption {
+ description = "Outgoing SMTP port.";
+ type = with types; nullOr port;
+ default = null;
+ };
+ smtp-user = mkOptionNullOrStr "Outgoing SMTP user.";
+ smtp-password = mkOptionNullOrStr "Outgoing SMTP password.";
+ smtp-from = mkOptionNullOrStr "Outgoing SMTP FROM.";
+ error-to = mkOptionNullOrStr "Address receiving application exceptions";
+ error-from = mkOptionNullOrStr "Address sending application exceptions";
+ pgp-privkey = mkOptionNullOrStr ''
+ An absolute file path (which should be outside the Nix-store)
+ to an OpenPGP private key.
+
+ Your PGP key information (DO NOT mix up pub and priv here)
+ You must remove the password from your secret key, if present.
+ You can do this with <code>gpg --edit-key [key-id]</code>,
+ then use the <code>passwd</code> command and do not enter a new password.
+ '';
+ pgp-pubkey = mkOptionNullOrStr "OpenPGP public key.";
+ pgp-key-id = mkOptionNullOrStr "OpenPGP key identifier.";
+ };
+ options.objects = {
+ s3-upstream = mkOption {
+ description = "Configure the S3-compatible object storage service.";
+ type = with types; nullOr str;
+ default = null;
+ };
+ s3-access-key = mkOption {
+ description = "Access key to the S3-compatible object storage service";
+ type = with types; nullOr str;
+ default = null;
+ };
+ s3-secret-key = mkOption {
+ description = ''
+ An absolute file path (which should be outside the Nix-store)
+ to the secret key of the S3-compatible object storage service.
+ '';
+ type = with types; nullOr path;
+ default = null;
+ apply = mapNullable (s: "<" + toString s);
+ };
+ };
+ options.webhooks = {
+ private-key = mkOption {
+ description = ''
+ An absolute file path (which should be outside the Nix-store)
+ to a base64-encoded Ed25519 key for signing webhook payloads.
+ This should be consistent for all *.sr.ht sites,
+ as this key will be used to verify signatures
+ from other sites in your network.
+ Use the <code>srht-keygen webhook</code> command to generate a key.
+ '';
+ type = types.path;
+ apply = s: "<" + toString s;
+ };
+ };
+
+ options."dispatch.sr.ht" = commonServiceSettings "dispatch" // {
+ };
+ options."dispatch.sr.ht::github" = {
+ oauth-client-id = mkOptionNullOrStr "OAuth client id.";
+ oauth-client-secret = mkOptionNullOrStr "OAuth client secret.";
+ };
+ options."dispatch.sr.ht::gitlab" = {
+ enabled = mkEnableOption "GitLab integration";
+ canonical-upstream = mkOption {
+ type = types.str;
+ description = "Canonical upstream.";
+ default = "gitlab.com";
+ };
+ repo-cache = mkOption {
+ type = types.str;
+ description = "Repository cache directory.";
+ default = "./repo-cache";
+ };
+ "gitlab.com" = mkOption {
+ type = with types; nullOr str;
+ description = "GitLab id and secret.";
+ default = null;
+ example = "GitLab:application id:secret";
+ };
+ };
+
+ options."builds.sr.ht" = commonServiceSettings "builds" // {
+ allow-free = mkEnableOption "nonpaying users to submit builds";
+ redis = mkOption {
+ description = "The Redis connection used for the Celery worker.";
+ type = types.str;
+ default = "redis+socket:///run/redis-sourcehut-buildsrht/redis.sock?virtual_host=2";
+ };
+ shell = mkOption {
+ description = ''
+ Scripts used to launch on SSH connection.
+ <literal>/usr/bin/master-shell</literal> on master,
+ <literal>/usr/bin/runner-shell</literal> on runner.
+ If master and worker are on the same system
+ set to <literal>/usr/bin/runner-shell</literal>.
+ '';
+ type = types.enum ["/usr/bin/master-shell" "/usr/bin/runner-shell"];
+ default = "/usr/bin/master-shell";
+ };
+ };
+ options."builds.sr.ht::worker" = {
+ bind-address = mkOption {
+ description = ''
+ HTTP bind address for serving local build information/monitoring.
+ '';
+ type = types.str;
+ default = "localhost:8080";
+ };
+ buildlogs = mkOption {
+ description = "Path to write build logs.";
+ type = types.str;
+ default = "/var/log/sourcehut/buildsrht";
+ };
+ name = mkOption {
+ description = ''
+ Listening address and listening port
+ of the build runner (with HTTP port if not 80).
+ '';
+ type = types.str;
+ default = "localhost:5020";
+ };
+ timeout = mkOption {
+ description = ''
+ Max build duration.
+ See <link xlink:href="https://golang.org/pkg/time/#ParseDuration"/>.
+ '';
+ type = types.str;
+ default = "3m";
+ };
+ };
+
+ options."git.sr.ht" = commonServiceSettings "git" // {
+ outgoing-domain = mkOption {
+ description = "Outgoing domain.";
+ type = types.str;
+ default = "https://git.localhost.localdomain";
+ };
+ post-update-script = mkOption {
+ description = ''
+ A post-update script which is installed in every git repo.
+ This setting is propagated to newer and existing repositories.
+ '';
+ type = types.path;
+ default = "${pkgs.sourcehut.gitsrht}/bin/gitsrht-update-hook";
+ defaultText = "\${pkgs.sourcehut.gitsrht}/bin/gitsrht-update-hook";
+ # Git hooks are run relative to their repository's directory,
+ # but gitsrht-update-hook looks up ../config.ini
+ apply = p: pkgs.writeShellScript "update-hook-wrapper" ''
+ set -e
+ test -e "''${PWD%/*}"/config.ini ||
+ ln -s /run/sourcehut/gitsrht/config.ini "''${PWD%/*}"/config.ini
+ exec -a "$0" '${p}' "$@"
+ '';
+ };
+ repos = mkOption {
+ description = ''
+ Path to git repositories on disk.
+ If changing the default, you must ensure that
+ the gitsrht's user as read and write access to it.
+ '';
+ type = types.str;
+ default = "/var/lib/sourcehut/gitsrht/repos";
+ };
+ webhooks = mkOption {
+ description = "The Redis connection used for the webhooks worker.";
+ type = types.str;
+ default = "redis+socket:///run/redis-sourcehut-gitsrht/redis.sock?virtual_host=1";
+ };
+ };
+ options."git.sr.ht::api" = {
+ internal-ipnet = mkOption {
+ description = ''
+ Set of IP subnets which are permitted to utilize internal API
+ authentication. This should be limited to the subnets
+ from which your *.sr.ht services are running.
+ See <xref linkend="opt-services.sourcehut.listenAddress"/>.
+ '';
+ type = with types; listOf str;
+ default = [ "127.0.0.0/8" "::1/128" ];
+ };
+ };
+
+ options."hg.sr.ht" = commonServiceSettings "hg" // {
+ changegroup-script = mkOption {
+ description = ''
+ A changegroup script which is installed in every mercurial repo.
+ This setting is propagated to newer and existing repositories.
+ '';
+ type = types.str;
+ default = "${cfg.python}/bin/hgsrht-hook-changegroup";
+ defaultText = "\${cfg.python}/bin/hgsrht-hook-changegroup";
+ # Mercurial's changegroup hooks are run relative to their repository's directory,
+ # but hgsrht-hook-changegroup looks up ./config.ini
+ apply = p: pkgs.writeShellScript "hook-changegroup-wrapper" ''
+ set -e
+ test -e "''$PWD"/config.ini ||
+ ln -s /run/sourcehut/hgsrht/config.ini "''$PWD"/config.ini
+ exec -a "$0" '${p}' "$@"
+ '';
+ };
+ repos = mkOption {
+ description = ''
+ Path to mercurial repositories on disk.
+ If changing the default, you must ensure that
+ the hgsrht's user as read and write access to it.
+ '';
+ type = types.str;
+ default = "/var/lib/sourcehut/hgsrht/repos";
+ };
+ srhtext = mkOptionNullOrStr ''
+ Path to the srht mercurial extension
+ (defaults to where the hgsrht code is)
+ '';
+ clone_bundle_threshold = mkOption {
+ description = ".hg/store size (in MB) past which the nightly job generates clone bundles.";
+ type = types.ints.unsigned;
+ default = 50;
+ };
+ hg_ssh = mkOption {
+ description = "Path to hg-ssh (if not in $PATH).";
+ type = types.str;
+ default = "${pkgs.mercurial}/bin/hg-ssh";
+ defaultText = "\${pkgs.mercurial}/bin/hg-ssh";
+ };
+ webhooks = mkOption {
+ description = "The Redis connection used for the webhooks worker.";
+ type = types.str;
+ default = "redis+socket:///run/redis-sourcehut-hgsrht/redis.sock?virtual_host=1";
+ };
+ };
+
+ options."hub.sr.ht" = commonServiceSettings "hub" // {
+ };
+
+ options."lists.sr.ht" = commonServiceSettings "lists" // {
+ allow-new-lists = mkEnableOption "Allow creation of new lists.";
+ notify-from = mkOption {
+ description = "Outgoing email for notifications generated by users.";
+ type = types.str;
+ default = "lists-notify@localhost.localdomain";
+ };
+ posting-domain = mkOption {
+ description = "Posting domain.";
+ type = types.str;
+ default = "lists.localhost.localdomain";
+ };
+ redis = mkOption {
+ description = "The Redis connection used for the Celery worker.";
+ type = types.str;
+ default = "redis+socket:///run/redis-sourcehut-listssrht/redis.sock?virtual_host=2";
+ };
+ webhooks = mkOption {
+ description = "The Redis connection used for the webhooks worker.";
+ type = types.str;
+ default = "redis+socket:///run/redis-sourcehut-listssrht/redis.sock?virtual_host=1";
+ };
+ };
+ options."lists.sr.ht::worker" = {
+ reject-mimetypes = mkOption {
+ description = ''
+ Comma-delimited list of Content-Types to reject. Messages with Content-Types
+ included in this list are rejected. Multipart messages are always supported,
+ and each part is checked against this list.
+
+ Uses fnmatch for wildcard expansion.
+ '';
+ type = with types; listOf str;
+ default = ["text/html"];
+ };
+ reject-url = mkOption {
+ description = "Reject URL.";
+ type = types.str;
+ default = "https://man.sr.ht/lists.sr.ht/etiquette.md";
+ };
+ sock = mkOption {
+ description = ''
+ Path for the lmtp daemon's unix socket. Direct incoming mail to this socket.
+ Alternatively, specify IP:PORT and an SMTP server will be run instead.
+ '';
+ type = types.str;
+ default = "/tmp/lists.sr.ht-lmtp.sock";
+ };
+ sock-group = mkOption {
+ description = ''
+ The lmtp daemon will make the unix socket group-read/write
+ for users in this group.
+ '';
+ type = types.str;
+ default = "postfix";
+ };
+ };
+
+ options."man.sr.ht" = commonServiceSettings "man" // {
+ };
+
+ options."meta.sr.ht" =
+ removeAttrs (commonServiceSettings "meta")
+ ["oauth-client-id" "oauth-client-secret"] // {
+ api-origin = mkOption {
+ description = "Origin URL for API, 100 more than web.";
+ type = types.str;
+ default = "http://${cfg.listenAddress}:${toString (cfg.meta.port + 100)}";
+ defaultText = ''http://<xref linkend="opt-services.sourcehut.listenAddress"/>:''${toString (<xref linkend="opt-services.sourcehut.meta.port"/> + 100)}'';
+ };
+ webhooks = mkOption {
+ description = "The Redis connection used for the webhooks worker.";
+ type = types.str;
+ default = "redis+socket:///run/redis-sourcehut-metasrht/redis.sock?virtual_host=1";
+ };
+ welcome-emails = mkEnableOption "sending stock sourcehut welcome emails after signup";
+ };
+ options."meta.sr.ht::api" = {
+ internal-ipnet = mkOption {
+ description = ''
+ Set of IP subnets which are permitted to utilize internal API
+ authentication. This should be limited to the subnets
+ from which your *.sr.ht services are running.
+ See <xref linkend="opt-services.sourcehut.listenAddress"/>.
+ '';
+ type = with types; listOf str;
+ default = [ "127.0.0.0/8" "::1/128" ];
+ };
+ };
+ options."meta.sr.ht::aliases" = mkOption {
+ description = "Aliases for the client IDs of commonly used OAuth clients.";
+ type = with types; attrsOf int;
+ default = {};
+ example = { "git.sr.ht" = 12345; };
+ };
+ options."meta.sr.ht::billing" = {
+ enabled = mkEnableOption "the billing system";
+ stripe-public-key = mkOptionNullOrStr "Public key for Stripe. Get your keys at https://dashboard.stripe.com/account/apikeys";
+ stripe-secret-key = mkOptionNullOrStr ''
+ An absolute file path (which should be outside the Nix-store)
+ to a secret key for Stripe. Get your keys at https://dashboard.stripe.com/account/apikeys
+ '' // {
+ apply = mapNullable (s: "<" + toString s);
+ };
+ };
+ options."meta.sr.ht::settings" = {
+ registration = mkEnableOption "public registration";
+ onboarding-redirect = mkOption {
+ description = "Where to redirect new users upon registration.";
+ type = types.str;
+ default = "https://meta.localhost.localdomain";
+ };
+ user-invites = mkOption {
+ description = ''
+ How many invites each user is issued upon registration
+ (only applicable if open registration is disabled).
+ '';
+ type = types.ints.unsigned;
+ default = 5;
+ };
+ };
+
+ options."pages.sr.ht" = commonServiceSettings "pages" // {
+ gemini-certs = mkOption {
+ description = ''
+ An absolute file path (which should be outside the Nix-store)
+ to Gemini certificates.
+ '';
+ type = with types; nullOr path;
+ default = null;
+ };
+ max-site-size = mkOption {
+ description = "Maximum size of any given site (post-gunzip), in MiB.";
+ type = types.int;
+ default = 1024;
+ };
+ user-domain = mkOption {
+ description = ''
+ Configures the user domain, if enabled.
+ All users are given <username>.this.domain.
+ '';
+ type = with types; nullOr str;
+ default = null;
+ };
+ };
+ options."pages.sr.ht::api" = {
+ internal-ipnet = mkOption {
+ description = ''
+ Set of IP subnets which are permitted to utilize internal API
+ authentication. This should be limited to the subnets
+ from which your *.sr.ht services are running.
+ See <xref linkend="opt-services.sourcehut.listenAddress"/>.
+ '';
+ type = with types; listOf str;
+ default = [ "127.0.0.0/8" "::1/128" ];
+ };
+ };
+
+ options."paste.sr.ht" = commonServiceSettings "paste" // {
+ };
+
+ options."todo.sr.ht" = commonServiceSettings "todo" // {
+ notify-from = mkOption {
+ description = "Outgoing email for notifications generated by users.";
+ type = types.str;
+ default = "todo-notify@localhost.localdomain";
+ };
+ webhooks = mkOption {
+ description = "The Redis connection used for the webhooks worker.";
+ type = types.str;
+ default = "redis+socket:///run/redis-sourcehut-todosrht/redis.sock?virtual_host=1";
+ };
+ };
+ options."todo.sr.ht::mail" = {
+ posting-domain = mkOption {
+ description = "Posting domain.";
+ type = types.str;
+ default = "todo.localhost.localdomain";
+ };
+ sock = mkOption {
+ description = ''
+ Path for the lmtp daemon's unix socket. Direct incoming mail to this socket.
+ Alternatively, specify IP:PORT and an SMTP server will be run instead.
+ '';
+ type = types.str;
+ default = "/tmp/todo.sr.ht-lmtp.sock";
+ };
+ sock-group = mkOption {
+ description = ''
+ The lmtp daemon will make the unix socket group-read/write
+ for users in this group.
+ '';
+ type = types.str;
+ default = "postfix";
+ };
+ };
};
default = { };
description = ''
The configuration for the sourcehut network.
'';
};
- };
- config = mkIf cfg.enable {
- assertions =
- [
- {
- assertion = with cfgIni.webhooks; private-key != null && stringLength private-key == 44;
- message = "The webhook's private key must be defined and of a 44 byte length.";
- }
+ builds = {
+ enableWorker = mkEnableOption "worker for builds.sr.ht";
- {
- assertion = hasAttrByPath [ "meta.sr.ht" "origin" ] cfgIni && cfgIni."meta.sr.ht".origin != null;
- message = "meta.sr.ht's origin must be defined.";
- }
- ];
+ images = mkOption {
+ type = with types; attrsOf (attrsOf (attrsOf package));
+ default = { };
+ example = lib.literalExpression ''(let
+ # Pinning unstable to allow usage with flakes and limit rebuilds.
+ pkgs_unstable = builtins.fetchGit {
+ url = "https://github.com/NixOS/nixpkgs";
+ rev = "ff96a0fa5635770390b184ae74debea75c3fd534";
+ ref = "nixos-unstable";
+ };
+ image_from_nixpkgs = (import ("${pkgs.sourcehut.buildsrht}/lib/images/nixos/image.nix") {
+ pkgs = (import pkgs_unstable {});
+ });
+ in
+ {
+ nixos.unstable.x86_64 = image_from_nixpkgs;
+ }
+ )'';
+ description = ''
+ Images for builds.sr.ht. Each package should be distro.release.arch and point to a /nix/store/package/root.img.qcow2.
+ '';
+ };
+ };
- virtualisation.docker.enable = true;
- environment.etc."sr.ht/config.ini".source =
- settingsFormat.generate "sourcehut-config.ini" (mapAttrsRecursive
- (
- path: v: if v == null then "" else v
- )
- cfg.settings);
+ git = {
+ package = mkOption {
+ type = types.package;
+ default = pkgs.git;
+ example = literalExpression "pkgs.gitFull";
+ description = ''
+ Git package for git.sr.ht. This can help silence collisions.
+ '';
+ };
+ fcgiwrap.preforkProcess = mkOption {
+ description = "Number of fcgiwrap processes to prefork.";
+ type = types.int;
+ default = 4;
+ };
+ };
- environment.systemPackages = [ pkgs.sourcehut.coresrht ];
+ hg = {
+ package = mkOption {
+ type = types.package;
+ default = pkgs.mercurial;
+ description = ''
+ Mercurial package for hg.sr.ht. This can help silence collisions.
+ '';
+ };
+ cloneBundles = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Generate clonebundles (which require more disk space but dramatically speed up cloning large repositories).
+ '';
+ };
+ };
- # PostgreSQL server
- services.postgresql.enable = mkOverride 999 true;
- # Mail server
- services.postfix.enable = mkOverride 999 true;
- # Cron daemon
- services.cron.enable = mkOverride 999 true;
- # Redis server
- services.redis.enable = mkOverride 999 true;
- services.redis.bind = mkOverride 999 "127.0.0.1";
-
- services.sourcehut.settings = {
- # The name of your network of sr.ht-based sites
- "sr.ht".site-name = mkDefault "sourcehut";
- # The top-level info page for your site
- "sr.ht".site-info = mkDefault "https://sourcehut.org";
- # {{ site-name }}, {{ site-blurb }}
- "sr.ht".site-blurb = mkDefault "the hacker's forge";
- # If this != production, we add a banner to each page
- "sr.ht".environment = mkDefault "development";
- # Contact information for the site owners
- "sr.ht".owner-name = mkDefault "Drew DeVault";
- "sr.ht".owner-email = mkDefault "sir@cmpwn.com";
- # The source code for your fork of sr.ht
- "sr.ht".source-url = mkDefault "https://git.sr.ht/~sircmpwn/srht";
- # A secret key to encrypt session cookies with
- "sr.ht".secret-key = mkDefault null;
- "sr.ht".global-domain = mkDefault null;
-
- # Outgoing SMTP settings
- mail.smtp-host = mkDefault null;
- mail.smtp-port = mkDefault null;
- mail.smtp-user = mkDefault null;
- mail.smtp-password = mkDefault null;
- mail.smtp-from = mkDefault null;
- # Application exceptions are emailed to this address
- mail.error-to = mkDefault null;
- mail.error-from = mkDefault null;
- # Your PGP key information (DO NOT mix up pub and priv here)
- # You must remove the password from your secret key, if present.
- # You can do this with gpg --edit-key [key-id], then use the passwd
- # command and do not enter a new password.
- mail.pgp-privkey = mkDefault null;
- mail.pgp-pubkey = mkDefault null;
- mail.pgp-key-id = mkDefault null;
-
- # base64-encoded Ed25519 key for signing webhook payloads. This should be
- # consistent for all *.sr.ht sites, as we'll use this key to verify signatures
- # from other sites in your network.
- #
- # Use the srht-webhook-keygen command to generate a key.
- webhooks.private-key = mkDefault null;
+ lists = {
+ process = {
+ extraArgs = mkOption {
+ type = with types; listOf str;
+ default = [ "--loglevel DEBUG" "--pool eventlet" "--without-heartbeat" ];
+ description = "Extra arguments passed to the Celery responsible for processing mails.";
+ };
+ celeryConfig = mkOption {
+ type = types.lines;
+ default = "";
+ description = "Content of the <literal>celeryconfig.py</literal> used by the Celery of <literal>listssrht-process</literal>.";
+ };
+ };
};
};
+
+ config = mkIf cfg.enable (mkMerge [
+ {
+ environment.systemPackages = [ pkgs.sourcehut.coresrht ];
+
+ services.sourcehut.settings = {
+ "git.sr.ht".outgoing-domain = mkDefault "https://git.${domain}";
+ "lists.sr.ht".notify-from = mkDefault "lists-notify@${domain}";
+ "lists.sr.ht".posting-domain = mkDefault "lists.${domain}";
+ "meta.sr.ht::settings".onboarding-redirect = mkDefault "https://meta.${domain}";
+ "todo.sr.ht".notify-from = mkDefault "todo-notify@${domain}";
+ "todo.sr.ht::mail".posting-domain = mkDefault "todo.${domain}";
+ };
+ }
+ (mkIf cfg.postgresql.enable {
+ assertions = [
+ { assertion = postgresql.enable;
+ message = "postgresql must be enabled and configured";
+ }
+ ];
+ })
+ (mkIf cfg.postfix.enable {
+ assertions = [
+ { assertion = postfix.enable;
+ message = "postfix must be enabled and configured";
+ }
+ ];
+ # Needed for sharing the LMTP sockets with JoinsNamespaceOf=
+ systemd.services.postfix.serviceConfig.PrivateTmp = true;
+ })
+ (mkIf cfg.redis.enable {
+ services.redis.vmOverCommit = mkDefault true;
+ })
+ (mkIf cfg.nginx.enable {
+ assertions = [
+ { assertion = nginx.enable;
+ message = "nginx must be enabled and configured";
+ }
+ ];
+ # For proxyPass= in virtual-hosts for Sourcehut services.
+ services.nginx.recommendedProxySettings = mkDefault true;
+ })
+ (mkIf (cfg.builds.enable || cfg.git.enable || cfg.hg.enable) {
+ services.openssh = {
+ # Note that sshd will continue to honor AuthorizedKeysFile.
+ # Note that you may want automatically rotate
+ # or link to /dev/null the following log files:
+ # - /var/log/gitsrht-dispatch
+ # - /var/log/{build,git,hg}srht-keys
+ # - /var/log/{git,hg}srht-shell
+ # - /var/log/gitsrht-update-hook
+ authorizedKeysCommand = ''/etc/ssh/sourcehut/subdir/srht-dispatch "%u" "%h" "%t" "%k"'';
+ # srht-dispatch will setuid/setgid according to [git.sr.ht::dispatch]
+ authorizedKeysCommandUser = "root";
+ extraConfig = ''
+ PermitUserEnvironment SRHT_*
+ '';
+ };
+ environment.etc."ssh/sourcehut/config.ini".source =
+ settingsFormat.generate "sourcehut-dispatch-config.ini"
+ (filterAttrs (k: v: k == "git.sr.ht::dispatch")
+ cfg.settings);
+ environment.etc."ssh/sourcehut/subdir/srht-dispatch" = {
+ # sshd_config(5): The program must be owned by root, not writable by group or others
+ mode = "0755";
+ source = pkgs.writeShellScript "srht-dispatch" ''
+ set -e
+ cd /etc/ssh/sourcehut/subdir
+ ${cfg.python}/bin/gitsrht-dispatch "$@"
+ '';
+ };
+ systemd.services.sshd = {
+ #path = optional cfg.git.enable [ cfg.git.package ];
+ serviceConfig = {
+ BindReadOnlyPaths =
+ # Note that those /usr/bin/* paths are hardcoded in multiple places in *.sr.ht,
+ # for instance to get the user from the [git.sr.ht::dispatch] settings.
+ # *srht-keys needs to:
+ # - access a redis-server in [sr.ht] redis-host,
+ # - access the PostgreSQL server in [*.sr.ht] connection-string,
+ # - query metasrht-api (through the HTTP API).
+ # Using this has the side effect of creating empty files in /usr/bin/
+ optionals cfg.builds.enable [
+ "${pkgs.writeShellScript "buildsrht-keys-wrapper" ''
+ set -ex
+ cd /run/sourcehut/buildsrht/subdir
+ exec -a "$0" ${pkgs.sourcehut.buildsrht}/bin/buildsrht-keys "$@"
+ ''}:/usr/bin/buildsrht-keys"
+ "${pkgs.sourcehut.buildsrht}/bin/master-shell:/usr/bin/master-shell"
+ "${pkgs.sourcehut.buildsrht}/bin/runner-shell:/usr/bin/runner-shell"
+ ] ++
+ optionals cfg.git.enable [
+ # /path/to/gitsrht-keys calls /path/to/gitsrht-shell,
+ # or [git.sr.ht] shell= if set.
+ "${pkgs.writeShellScript "gitsrht-keys-wrapper" ''
+ set -ex
+ cd /run/sourcehut/gitsrht/subdir
+ exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-keys "$@"
+ ''}:/usr/bin/gitsrht-keys"
+ "${pkgs.writeShellScript "gitsrht-shell-wrapper" ''
+ set -e
+ cd /run/sourcehut/gitsrht/subdir
+ exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-shell "$@"
+ ''}:/usr/bin/gitsrht-shell"
+ ] ++
+ optionals cfg.hg.enable [
+ # /path/to/hgsrht-keys calls /path/to/hgsrht-shell,
+ # or [hg.sr.ht] shell= if set.
+ "${pkgs.writeShellScript "hgsrht-keys-wrapper" ''
+ set -ex
+ cd /run/sourcehut/hgsrht/subdir
+ exec -a "$0" ${pkgs.sourcehut.hgsrht}/bin/hgsrht-keys "$@"
+ ''}:/usr/bin/hgsrht-keys"
+ ":/usr/bin/hgsrht-shell"
+ "${pkgs.writeShellScript "hgsrht-shell-wrapper" ''
+ set -e
+ cd /run/sourcehut/hgsrht/subdir
+ exec -a "$0" ${pkgs.sourcehut.hgsrht}/bin/hgsrht-shell "$@"
+ ''}:/usr/bin/hgsrht-shell"
+ ];
+ };
+ };
+ })
+ ]);
+
+ imports = [
+
+ (import ./service.nix "builds" {
+ inherit configIniOfService;
+ srvsrht = "buildsrht";
+ port = 5002;
+ # TODO: a celery worker on the master and worker are apparently needed
+ extraServices.buildsrht-worker = let
+ qemuPackage = pkgs.qemu_kvm;
+ serviceName = "buildsrht-worker";
+ statePath = "/var/lib/sourcehut/${serviceName}";
+ in mkIf cfg.builds.enableWorker {
+ path = [ pkgs.openssh pkgs.docker ];
+ preStart = ''
+ set -x
+ if test -z "$(docker images -q qemu:latest 2>/dev/null)" \
+ || test "$(cat ${statePath}/docker-image-qemu)" != "${qemuPackage.version}"
+ then
+ # Create and import qemu:latest image for docker
+ ${pkgs.dockerTools.streamLayeredImage {
+ name = "qemu";
+ tag = "latest";
+ contents = [ qemuPackage ];
+ }} | docker load
+ # Mark down current package version
+ echo '${qemuPackage.version}' >${statePath}/docker-image-qemu
+ fi
+ '';
+ serviceConfig = {
+ ExecStart = "${pkgs.sourcehut.buildsrht}/bin/builds.sr.ht-worker";
+ RuntimeDirectory = [ "sourcehut/${serviceName}/subdir" ];
+ # builds.sr.ht-worker looks up ../config.ini
+ LogsDirectory = [ "sourcehut/${serviceName}" ];
+ StateDirectory = [ "sourcehut/${serviceName}" ];
+ WorkingDirectory = "-"+"/run/sourcehut/${serviceName}/subdir";
+ };
+ };
+ extraConfig = let
+ image_dirs = flatten (
+ mapAttrsToList (distro: revs:
+ mapAttrsToList (rev: archs:
+ mapAttrsToList (arch: image:
+ pkgs.runCommand "buildsrht-images" { } ''
+ mkdir -p $out/${distro}/${rev}/${arch}
+ ln -s ${image}/*.qcow2 $out/${distro}/${rev}/${arch}/root.img.qcow2
+ ''
+ ) archs
+ ) revs
+ ) cfg.builds.images
+ );
+ image_dir_pre = pkgs.symlinkJoin {
+ name = "builds.sr.ht-worker-images-pre";
+ paths = image_dirs;
+ # FIXME: not working, apparently because ubuntu/latest is a broken link
+ # ++ [ "${pkgs.sourcehut.buildsrht}/lib/images" ];
+ };
+ image_dir = pkgs.runCommand "builds.sr.ht-worker-images" { } ''
+ mkdir -p $out/images
+ cp -Lr ${image_dir_pre}/* $out/images
+ '';
+ in mkMerge [
+ {
+ users.users.${cfg.builds.user}.shell = pkgs.bash;
+
+ virtualisation.docker.enable = true;
+
+ services.sourcehut.settings = mkMerge [
+ { # Note that git.sr.ht::dispatch is not a typo,
+ # gitsrht-dispatch always use this section
+ "git.sr.ht::dispatch"."/usr/bin/buildsrht-keys" =
+ mkDefault "${cfg.builds.user}:${cfg.builds.group}";
+ }
+ (mkIf cfg.builds.enableWorker {
+ "builds.sr.ht::worker".shell = "/usr/bin/runner-shell";
+ "builds.sr.ht::worker".images = mkDefault "${image_dir}/images";
+ "builds.sr.ht::worker".controlcmd = mkDefault "${image_dir}/images/control";
+ })
+ ];
+ }
+ (mkIf cfg.builds.enableWorker {
+ users.groups = {
+ docker.members = [ cfg.builds.user ];
+ };
+ })
+ (mkIf (cfg.builds.enableWorker && cfg.nginx.enable) {
+ # Allow nginx access to buildlogs
+ users.users.${nginx.user}.extraGroups = [ cfg.builds.group ];
+ systemd.services.nginx = {
+ serviceConfig.BindReadOnlyPaths = [ "${cfg.settings."builds.sr.ht::worker".buildlogs}:/var/log/nginx/buildsrht/logs" ];
+ };
+ services.nginx.virtualHosts."logs.${domain}" = mkMerge [ {
+ /* FIXME: is a listen needed?
+ listen = with builtins;
+ # FIXME: not compatible with IPv6
+ let address = split ":" cfg.settings."builds.sr.ht::worker".name; in
+ [{ addr = elemAt address 0; port = lib.toInt (elemAt address 2); }];
+ */
+ locations."/logs/".alias = "/var/log/nginx/buildsrht/logs/";
+ } cfg.nginx.virtualHost ];
+ })
+ ];
+ })
+
+ (import ./service.nix "dispatch" {
+ inherit configIniOfService;
+ port = 5005;
+ })
+
+ (import ./service.nix "git" (let
+ baseService = {
+ path = [ cfg.git.package ];
+ serviceConfig.BindPaths = [ "${cfg.settings."git.sr.ht".repos}:/var/lib/sourcehut/gitsrht/repos" ];
+ serviceConfig.BindReadOnlyPaths = [ "${cfg.settings."git.sr.ht".post-update-script}:/var/lib/sourcehut/gitsrht/bin/post-update-script" ];
+ };
+ in {
+ inherit configIniOfService;
+ mainService = mkMerge [ baseService {
+ serviceConfig.StateDirectory = [ "sourcehut/gitsrht" "sourcehut/gitsrht/repos" ];
+ } ];
+ port = 5001;
+ webhooks = true;
+ extraTimers.gitsrht-periodic = {
+ service = baseService;
+ timerConfig.OnCalendar = ["*:0/20"];
+ };
+ extraConfig = mkMerge [
+ {
+ # https://stackoverflow.com/questions/22314298/git-push-results-in-fatal-protocol-error-bad-line-length-character-this
+ # Probably could use gitsrht-shell if output is restricted to just parameters...
+ users.users.${cfg.git.user}.shell = pkgs.bash;
+ services.sourcehut.settings = {
+ "git.sr.ht::dispatch"."/usr/bin/gitsrht-keys" =
+ mkDefault "${cfg.git.user}:${cfg.git.group}";
+ };
+ systemd.services.sshd = baseService;
+ }
+ (mkIf cfg.nginx.enable {
+ services.nginx.virtualHosts."git.${domain}" = {
+ locations."/authorize" = {
+ proxyPass = "http://${cfg.listenAddress}:${toString cfg.git.port}";
+ extraConfig = ''
+ proxy_pass_request_body off;
+ proxy_set_header Content-Length "";
+ proxy_set_header X-Original-URI $request_uri;
+ '';
+ };
+ locations."~ ^/([^/]+)/([^/]+)/(HEAD|info/refs|objects/info/.*|git-upload-pack).*$" = {
+ root = "/var/lib/sourcehut/gitsrht/repos";
+ fastcgiParams = {
+ GIT_HTTP_EXPORT_ALL = "";
+ GIT_PROJECT_ROOT = "$document_root";
+ PATH_INFO = "$uri";
+ SCRIPT_FILENAME = "${cfg.git.package}/bin/git-http-backend";
+ };
+ extraConfig = ''
+ auth_request /authorize;
+ fastcgi_read_timeout 500s;
+ fastcgi_pass unix:/run/gitsrht-fcgiwrap.sock;
+ gzip off;
+ '';
+ };
+ };
+ systemd.sockets.gitsrht-fcgiwrap = {
+ before = [ "nginx.service" ];
+ wantedBy = [ "sockets.target" "gitsrht.service" ];
+ # This path remains accessible to nginx.service, which has no RootDirectory=
+ socketConfig.ListenStream = "/run/gitsrht-fcgiwrap.sock";
+ socketConfig.SocketUser = nginx.user;
+ socketConfig.SocketMode = "600";
+ };
+ })
+ ];
+ extraServices.gitsrht-fcgiwrap = mkIf cfg.nginx.enable {
+ serviceConfig = {
+ # Socket is passed by gitsrht-fcgiwrap.socket
+ ExecStart = "${pkgs.fcgiwrap}/sbin/fcgiwrap -c ${toString cfg.git.fcgiwrap.preforkProcess}";
+ # No need for config.ini
+ ExecStartPre = mkForce [];
+ User = null;
+ DynamicUser = true;
+ BindReadOnlyPaths = [ "${cfg.settings."git.sr.ht".repos}:/var/lib/sourcehut/gitsrht/repos" ];
+ IPAddressDeny = "any";
+ InaccessiblePaths = [ "-+/run/postgresql" "-+/run/redis-sourcehut" ];
+ PrivateNetwork = true;
+ RestrictAddressFamilies = mkForce [ "none" ];
+ SystemCallFilter = mkForce [
+ "@system-service"
+ "~@aio" "~@keyring" "~@memlock" "~@privileged" "~@resources" "~@setuid"
+ # @timer is needed for alarm()
+ ];
+ };
+ };
+ }))
+
+ (import ./service.nix "hg" (let
+ baseService = {
+ path = [ cfg.hg.package ];
+ serviceConfig.BindPaths = [ "${cfg.settings."hg.sr.ht".repos}:/var/lib/sourcehut/hgsrht/repos" ];
+ serviceConfig.BindReadOnlyPaths = [ "${cfg.settings."ht.sr.ht".changegroup-script}:/var/lib/sourcehut/hgsrht/bin/changegroup-script" ];
+ };
+ in {
+ inherit configIniOfService;
+ mainService = mkMerge [ baseService {
+ serviceConfig.StateDirectory = [ "sourcehut/hgsrht" "sourcehut/hgsrht/repos" ];
+ } ];
+ port = 5010;
+ webhooks = true;
+ extraTimers.hgsrht-periodic = {
+ service = baseService;
+ timerConfig.OnCalendar = ["*:0/20"];
+ };
+ extraTimers.hgsrht-clonebundles = mkIf cfg.hg.cloneBundles {
+ service = baseService;
+ timerConfig.OnCalendar = ["daily"];
+ timerConfig.AccuracySec = "1h";
+ };
+ extraConfig = mkMerge [
+ {
+ users.users.${cfg.hg.user}.shell = pkgs.bash;
+ services.sourcehut.settings = {
+ # Note that git.sr.ht::dispatch is not a typo,
+ # gitsrht-dispatch always uses this section.
+ "git.sr.ht::dispatch"."/usr/bin/hgsrht-keys" =
+ mkDefault "${cfg.hg.user}:${cfg.hg.group}";
+ };
+ systemd.services.sshd = baseService;
+ }
+ (mkIf cfg.nginx.enable {
+ # Allow nginx access to repositories
+ users.users.${nginx.user}.extraGroups = [ cfg.hg.group ];
+ services.nginx.virtualHosts."hg.${domain}" = {
+ locations."/authorize" = {
+ proxyPass = "http://${cfg.listenAddress}:${toString cfg.hg.port}";
+ extraConfig = ''
+ proxy_pass_request_body off;
+ proxy_set_header Content-Length "";
+ proxy_set_header X-Original-URI $request_uri;
+ '';
+ };
+ # Let clients reach pull bundles. We don't really need to lock this down even for
+ # private repos because the bundles are named after the revision hashes...
+ # so someone would need to know or guess a SHA value to download anything.
+ # TODO: proxyPass to an hg serve service?
+ locations."~ ^/[~^][a-z0-9_]+/[a-zA-Z0-9_.-]+/\\.hg/bundles/.*$" = {
+ root = "/var/lib/nginx/hgsrht/repos";
+ extraConfig = ''
+ auth_request /authorize;
+ gzip off;
+ '';
+ };
+ };
+ systemd.services.nginx = {
+ serviceConfig.BindReadOnlyPaths = [ "${cfg.settings."hg.sr.ht".repos}:/var/lib/nginx/hgsrht/repos" ];
+ };
+ })
+ ];
+ }))
+
+ (import ./service.nix "hub" {
+ inherit configIniOfService;
+ port = 5014;
+ extraConfig = {
+ services.nginx = mkIf cfg.nginx.enable {
+ virtualHosts."hub.${domain}" = mkMerge [ {
+ serverAliases = [ domain ];
+ } cfg.nginx.virtualHost ];
+ };
+ };
+ })
+
+ (import ./service.nix "lists" (let
+ srvsrht = "listssrht";
+ in {
+ inherit configIniOfService;
+ port = 5006;
+ webhooks = true;
+ # Receive the mail from Postfix and enqueue them into Redis and PostgreSQL
+ extraServices.listssrht-lmtp = {
+ wants = [ "postfix.service" ];
+ unitConfig.JoinsNamespaceOf = optional cfg.postfix.enable "postfix.service";
+ serviceConfig.ExecStart = "${cfg.python}/bin/listssrht-lmtp";
+ # Avoid crashing: os.chown(sock, os.getuid(), sock_gid)
+ serviceConfig.PrivateUsers = mkForce false;
+ };
+ # Dequeue the mails from Redis and dispatch them
+ extraServices.listssrht-process = {
+ serviceConfig = {
+ preStart = ''
+ cp ${pkgs.writeText "${srvsrht}-webhooks-celeryconfig.py" cfg.lists.process.celeryConfig} \
+ /run/sourcehut/${srvsrht}-webhooks/celeryconfig.py
+ '';
+ ExecStart = "${cfg.python}/bin/celery --app listssrht.process worker --hostname listssrht-process@%%h " + concatStringsSep " " cfg.lists.process.extraArgs;
+ # Avoid crashing: os.getloadavg()
+ ProcSubset = mkForce "all";
+ };
+ };
+ extraConfig = mkIf cfg.postfix.enable {
+ users.groups.${postfix.group}.members = [ cfg.lists.user ];
+ services.sourcehut.settings."lists.sr.ht::mail".sock-group = postfix.group;
+ services.postfix = {
+ destination = [ "lists.${domain}" ];
+ # FIXME: an accurate recipient list should be queried
+ # from the lists.sr.ht PostgreSQL database to avoid backscattering.
+ # But usernames are unfortunately not in that database but in meta.sr.ht.
+ # Note that two syntaxes are allowed:
+ # - ~username/list-name@lists.${domain}
+ # - u.username.list-name@lists.${domain}
+ localRecipients = [ "@lists.${domain}" ];
+ transport = ''
+ lists.${domain} lmtp:unix:${cfg.settings."lists.sr.ht::worker".sock}
+ '';
+ };
+ };
+ }))
+
+ (import ./service.nix "man" {
+ inherit configIniOfService;
+ port = 5004;
+ })
+
+ (import ./service.nix "meta" {
+ inherit configIniOfService;
+ port = 5000;
+ webhooks = true;
+ extraServices.metasrht-api = {
+ serviceConfig.Restart = "always";
+ serviceConfig.RestartSec = "2s";
+ preStart = "set -x\n" + concatStringsSep "\n\n" (attrValues (mapAttrs (k: s:
+ let srvMatch = builtins.match "^([a-z]*)\\.sr\\.ht$" k;
+ srv = head srvMatch;
+ in
+ # Configure client(s) as "preauthorized"
+ optionalString (srvMatch != null && cfg.${srv}.enable && ((s.oauth-client-id or null) != null)) ''
+ # Configure ${srv}'s OAuth client as "preauthorized"
+ ${postgresql.package}/bin/psql '${cfg.settings."meta.sr.ht".connection-string}' \
+ -c "UPDATE oauthclient SET preauthorized = true WHERE client_id = '${s.oauth-client-id}'"
+ ''
+ ) cfg.settings));
+ serviceConfig.ExecStart = "${pkgs.sourcehut.metasrht}/bin/metasrht-api -b ${cfg.listenAddress}:${toString (cfg.meta.port + 100)}";
+ };
+ extraTimers.metasrht-daily.timerConfig = {
+ OnCalendar = ["daily"];
+ AccuracySec = "1h";
+ };
+ extraConfig = mkMerge [
+ {
+ assertions = [
+ { assertion = let s = cfg.settings."meta.sr.ht::billing"; in
+ s.enabled == "yes" -> (s.stripe-public-key != null && s.stripe-secret-key != null);
+ message = "If meta.sr.ht::billing is enabled, the keys must be defined.";
+ }
+ ];
+ environment.systemPackages = optional cfg.meta.enable
+ (pkgs.writeShellScriptBin "metasrht-manageuser" ''
+ set -eux
+ if test "$(${pkgs.coreutils}/bin/id -n -u)" != '${cfg.meta.user}'
+ then exec sudo -u '${cfg.meta.user}' "$0" "$@"
+ else
+ # In order to load config.ini
+ if cd /run/sourcehut/metasrht
+ then exec ${cfg.python}/bin/metasrht-manageuser "$@"
+ else cat <<EOF
+ Please run: sudo systemctl start metasrht
+ EOF
+ exit 1
+ fi
+ fi
+ '');
+ }
+ (mkIf cfg.nginx.enable {
+ services.nginx.virtualHosts."meta.${domain}" = {
+ locations."/query" = {
+ proxyPass = cfg.settings."meta.sr.ht".api-origin;
+ extraConfig = ''
+ if ($request_method = 'OPTIONS') {
+ add_header 'Access-Control-Allow-Origin' '*';
+ add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+ add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+ add_header 'Access-Control-Max-Age' 1728000;
+ add_header 'Content-Type' 'text/plain; charset=utf-8';
+ add_header 'Content-Length' 0;
+ return 204;
+ }
+
+ add_header 'Access-Control-Allow-Origin' '*';
+ add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+ add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+ add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
+ '';
+ };
+ };
+ })
+ ];
+ })
+
+ (import ./service.nix "pages" {
+ inherit configIniOfService;
+ port = 5112;
+ mainService = let
+ srvsrht = "pagessrht";
+ version = pkgs.sourcehut.${srvsrht}.version;
+ stateDir = "/var/lib/sourcehut/${srvsrht}";
+ iniKey = "pages.sr.ht";
+ in {
+ preStart = mkBefore ''
+ set -x
+ # Use the /run/sourcehut/${srvsrht}/config.ini
+ # installed by a previous ExecStartPre= in baseService
+ cd /run/sourcehut/${srvsrht}
+
+ if test ! -e ${stateDir}/db; then
+ ${postgresql.package}/bin/psql '${cfg.settings.${iniKey}.connection-string}' -f ${pkgs.sourcehut.pagessrht}/share/sql/schema.sql
+ echo ${version} >${stateDir}/db
+ fi
+
+ ${optionalString cfg.settings.${iniKey}.migrate-on-upgrade ''
+ # Just try all the migrations because they're not linked to the version
+ for sql in ${pkgs.sourcehut.pagessrht}/share/sql/migrations/*.sql; do
+ ${postgresql.package}/bin/psql '${cfg.settings.${iniKey}.connection-string}' -f "$sql" || true
+ done
+ ''}
+
+ # Disable webhook
+ touch ${stateDir}/webhook
+ '';
+ serviceConfig = {
+ ExecStart = mkForce "${pkgs.sourcehut.pagessrht}/bin/pages.sr.ht -b ${cfg.listenAddress}:${toString cfg.pages.port}";
+ };
+ };
+ })
+
+ (import ./service.nix "paste" {
+ inherit configIniOfService;
+ port = 5011;
+ })
+
+ (import ./service.nix "todo" {
+ inherit configIniOfService;
+ port = 5003;
+ webhooks = true;
+ extraServices.todosrht-lmtp = {
+ wants = [ "postfix.service" ];
+ unitConfig.JoinsNamespaceOf = optional cfg.postfix.enable "postfix.service";
+ serviceConfig.ExecStart = "${cfg.python}/bin/todosrht-lmtp";
+ # Avoid crashing: os.chown(sock, os.getuid(), sock_gid)
+ serviceConfig.PrivateUsers = mkForce false;
+ };
+ extraConfig = mkIf cfg.postfix.enable {
+ users.groups.${postfix.group}.members = [ cfg.todo.user ];
+ services.sourcehut.settings."todo.sr.ht::mail".sock-group = postfix.group;
+ services.postfix = {
+ destination = [ "todo.${domain}" ];
+ # FIXME: an accurate recipient list should be queried
+ # from the todo.sr.ht PostgreSQL database to avoid backscattering.
+ # But usernames are unfortunately not in that database but in meta.sr.ht.
+ # Note that two syntaxes are allowed:
+ # - ~username/tracker-name@todo.${domain}
+ # - u.username.tracker-name@todo.${domain}
+ localRecipients = [ "@todo.${domain}" ];
+ transport = ''
+ todo.${domain} lmtp:unix:${cfg.settings."todo.sr.ht::mail".sock}
+ '';
+ };
+ };
+ })
+
+ (mkRenamedOptionModule [ "services" "sourcehut" "originBase" ]
+ [ "services" "sourcehut" "settings" "sr.ht" "global-domain" ])
+ (mkRenamedOptionModule [ "services" "sourcehut" "address" ]
+ [ "services" "sourcehut" "listenAddress" ])
+
+ ];
+
meta.doc = ./sourcehut.xml;
- meta.maintainers = with maintainers; [ tomberek ];
+ meta.maintainers = with maintainers; [ julm tomberek ];
}
diff --git a/nixos/modules/services/misc/sourcehut/dispatch.nix b/nixos/modules/services/misc/sourcehut/dispatch.nix
deleted file mode 100644
index a9db17bebe8..00000000000
--- a/nixos/modules/services/misc/sourcehut/dispatch.nix
+++ /dev/null
@@ -1,125 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.services.sourcehut;
- cfgIni = cfg.settings;
- scfg = cfg.dispatch;
- iniKey = "dispatch.sr.ht";
-
- drv = pkgs.sourcehut.dispatchsrht;
-in
-{
- options.services.sourcehut.dispatch = {
- user = mkOption {
- type = types.str;
- default = "dispatchsrht";
- description = ''
- User for dispatch.sr.ht.
- '';
- };
-
- port = mkOption {
- type = types.port;
- default = 5005;
- description = ''
- Port on which the "dispatch" module should listen.
- '';
- };
-
- database = mkOption {
- type = types.str;
- default = "dispatch.sr.ht";
- description = ''
- PostgreSQL database name for dispatch.sr.ht.
- '';
- };
-
- statePath = mkOption {
- type = types.path;
- default = "${cfg.statePath}/dispatchsrht";
- description = ''
- State path for dispatch.sr.ht.
- '';
- };
- };
-
- config = with scfg; lib.mkIf (cfg.enable && elem "dispatch" cfg.services) {
-
- users = {
- users = {
- "${user}" = {
- isSystemUser = true;
- group = user;
- description = "dispatch.sr.ht user";
- };
- };
-
- groups = {
- "${user}" = { };
- };
- };
-
- services.postgresql = {
- authentication = ''
- local ${database} ${user} trust
- '';
- ensureDatabases = [ database ];
- ensureUsers = [
- {
- name = user;
- ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
- }
- ];
- };
-
- systemd = {
- tmpfiles.rules = [
- "d ${statePath} 0750 ${user} ${user} -"
- ];
-
- services.dispatchsrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
- after = [ "postgresql.service" "network.target" ];
- requires = [ "postgresql.service" ];
- wantedBy = [ "multi-user.target" ];
-
- description = "dispatch.sr.ht website service";
-
- serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
- };
- };
-
- services.sourcehut.settings = {
- # URL dispatch.sr.ht is being served at (protocol://domain)
- "dispatch.sr.ht".origin = mkDefault "http://dispatch.${cfg.originBase}";
- # Address and port to bind the debug server to
- "dispatch.sr.ht".debug-host = mkDefault "0.0.0.0";
- "dispatch.sr.ht".debug-port = mkDefault port;
- # Configures the SQLAlchemy connection string for the database.
- "dispatch.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
- # Set to "yes" to automatically run migrations on package upgrade.
- "dispatch.sr.ht".migrate-on-upgrade = mkDefault "yes";
- # dispatch.sr.ht's OAuth client ID and secret for meta.sr.ht
- # Register your client at meta.example.org/oauth
- "dispatch.sr.ht".oauth-client-id = mkDefault null;
- "dispatch.sr.ht".oauth-client-secret = mkDefault null;
-
- # Github Integration
- "dispatch.sr.ht::github".oauth-client-id = mkDefault null;
- "dispatch.sr.ht::github".oauth-client-secret = mkDefault null;
-
- # Gitlab Integration
- "dispatch.sr.ht::gitlab".enabled = mkDefault null;
- "dispatch.sr.ht::gitlab".canonical-upstream = mkDefault "gitlab.com";
- "dispatch.sr.ht::gitlab".repo-cache = mkDefault "./repo-cache";
- # "dispatch.sr.ht::gitlab"."gitlab.com" = mkDefault "GitLab:application id:secret";
- };
-
- services.nginx.virtualHosts."dispatch.${cfg.originBase}" = {
- forceSSL = true;
- locations."/".proxyPass = "http://${cfg.address}:${toString port}";
- locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
- locations."/static".root = "${pkgs.sourcehut.dispatchsrht}/${pkgs.sourcehut.python.sitePackages}/dispatchsrht";
- };
- };
-}
diff --git a/nixos/modules/services/misc/sourcehut/git.nix b/nixos/modules/services/misc/sourcehut/git.nix
deleted file mode 100644
index 2653d77876d..00000000000
--- a/nixos/modules/services/misc/sourcehut/git.nix
+++ /dev/null
@@ -1,215 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.services.sourcehut;
- scfg = cfg.git;
- iniKey = "git.sr.ht";
-
- rcfg = config.services.redis;
- drv = pkgs.sourcehut.gitsrht;
-in
-{
- options.services.sourcehut.git = {
- user = mkOption {
- type = types.str;
- visible = false;
- internal = true;
- readOnly = true;
- default = "git";
- description = ''
- User for git.sr.ht.
- '';
- };
-
- port = mkOption {
- type = types.port;
- default = 5001;
- description = ''
- Port on which the "git" module should listen.
- '';
- };
-
- database = mkOption {
- type = types.str;
- default = "git.sr.ht";
- description = ''
- PostgreSQL database name for git.sr.ht.
- '';
- };
-
- statePath = mkOption {
- type = types.path;
- default = "${cfg.statePath}/gitsrht";
- description = ''
- State path for git.sr.ht.
- '';
- };
-
- package = mkOption {
- type = types.package;
- default = pkgs.git;
- defaultText = literalExpression "pkgs.git";
- example = literalExpression "pkgs.gitFull";
- description = ''
- Git package for git.sr.ht. This can help silence collisions.
- '';
- };
- };
-
- config = with scfg; lib.mkIf (cfg.enable && elem "git" cfg.services) {
- # sshd refuses to run with `Unsafe AuthorizedKeysCommand ... bad ownership or modes for directory /nix/store`
- environment.etc."ssh/gitsrht-dispatch" = {
- mode = "0755";
- text = ''
- #! ${pkgs.stdenv.shell}
- ${cfg.python}/bin/gitsrht-dispatch "$@"
- '';
- };
-
- # Needs this in the $PATH when sshing into the server
- environment.systemPackages = [ cfg.git.package ];
-
- users = {
- users = {
- "${user}" = {
- isSystemUser = true;
- group = user;
- # https://stackoverflow.com/questions/22314298/git-push-results-in-fatal-protocol-error-bad-line-length-character-this
- # Probably could use gitsrht-shell if output is restricted to just parameters...
- shell = pkgs.bash;
- description = "git.sr.ht user";
- };
- };
-
- groups = {
- "${user}" = { };
- };
- };
-
- services = {
- cron.systemCronJobs = [ "*/20 * * * * ${cfg.python}/bin/gitsrht-periodic" ];
- fcgiwrap.enable = true;
-
- openssh.authorizedKeysCommand = ''/etc/ssh/gitsrht-dispatch "%u" "%h" "%t" "%k"'';
- openssh.authorizedKeysCommandUser = "root";
- openssh.extraConfig = ''
- PermitUserEnvironment SRHT_*
- '';
-
- postgresql = {
- authentication = ''
- local ${database} ${user} trust
- '';
- ensureDatabases = [ database ];
- ensureUsers = [
- {
- name = user;
- ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
- }
- ];
- };
- };
-
- systemd = {
- tmpfiles.rules = [
- # /var/log is owned by root
- "f /var/log/git-srht-shell 0644 ${user} ${user} -"
-
- "d ${statePath} 0750 ${user} ${user} -"
- "d ${cfg.settings."${iniKey}".repos} 2755 ${user} ${user} -"
- ];
-
- services = {
- gitsrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
- after = [ "redis.service" "postgresql.service" "network.target" ];
- requires = [ "redis.service" "postgresql.service" ];
- wantedBy = [ "multi-user.target" ];
-
- # Needs internally to create repos at the very least
- path = [ pkgs.git ];
- description = "git.sr.ht website service";
-
- serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
- };
-
- gitsrht-webhooks = {
- after = [ "postgresql.service" "network.target" ];
- requires = [ "postgresql.service" ];
- wantedBy = [ "multi-user.target" ];
-
- description = "git.sr.ht webhooks service";
- serviceConfig = {
- Type = "simple";
- User = user;
- Restart = "always";
- };
-
- serviceConfig.ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel=info";
- };
- };
- };
-
- services.sourcehut.settings = {
- # URL git.sr.ht is being served at (protocol://domain)
- "git.sr.ht".origin = mkDefault "http://git.${cfg.originBase}";
- # Address and port to bind the debug server to
- "git.sr.ht".debug-host = mkDefault "0.0.0.0";
- "git.sr.ht".debug-port = mkDefault port;
- # Configures the SQLAlchemy connection string for the database.
- "git.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
- # Set to "yes" to automatically run migrations on package upgrade.
- "git.sr.ht".migrate-on-upgrade = mkDefault "yes";
- # The redis connection used for the webhooks worker
- "git.sr.ht".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/1";
-
- # A post-update script which is installed in every git repo.
- "git.sr.ht".post-update-script = mkDefault "${pkgs.sourcehut.gitsrht}/bin/gitsrht-update-hook";
-
- # git.sr.ht's OAuth client ID and secret for meta.sr.ht
- # Register your client at meta.example.org/oauth
- "git.sr.ht".oauth-client-id = mkDefault null;
- "git.sr.ht".oauth-client-secret = mkDefault null;
- # Path to git repositories on disk
- "git.sr.ht".repos = mkDefault "/var/lib/git";
-
- "git.sr.ht".outgoing-domain = mkDefault "http://git.${cfg.originBase}";
-
- # The authorized keys hook uses this to dispatch to various handlers
- # The format is a program to exec into as the key, and the user to match as the
- # value. When someone tries to log in as this user, this program is executed
- # and is expected to omit an AuthorizedKeys file.
- #
- # Discard of the string context is in order to allow derivation-derived strings.
- # This is safe if the relevant package is installed which will be the case if the setting is utilized.
- "git.sr.ht::dispatch".${builtins.unsafeDiscardStringContext "${pkgs.sourcehut.gitsrht}/bin/gitsrht-keys"} = mkDefault "${user}:${user}";
- };
-
- services.nginx.virtualHosts."git.${cfg.originBase}" = {
- forceSSL = true;
- locations."/".proxyPass = "http://${cfg.address}:${toString port}";
- locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
- locations."/static".root = "${pkgs.sourcehut.gitsrht}/${pkgs.sourcehut.python.sitePackages}/gitsrht";
- extraConfig = ''
- location = /authorize {
- proxy_pass http://${cfg.address}:${toString port};
- proxy_pass_request_body off;
- proxy_set_header Content-Length "";
- proxy_set_header X-Original-URI $request_uri;
- }
- location ~ ^/([^/]+)/([^/]+)/(HEAD|info/refs|objects/info/.*|git-upload-pack).*$ {
- auth_request /authorize;
- root /var/lib/git;
- fastcgi_pass unix:/run/fcgiwrap.sock;
- fastcgi_param SCRIPT_FILENAME ${pkgs.git}/bin/git-http-backend;
- fastcgi_param PATH_INFO $uri;
- fastcgi_param GIT_PROJECT_ROOT $document_root;
- fastcgi_read_timeout 500s;
- include ${pkgs.nginx}/conf/fastcgi_params;
- gzip off;
- }
- '';
-
- };
- };
-}
diff --git a/nixos/modules/services/misc/sourcehut/hg.nix b/nixos/modules/services/misc/sourcehut/hg.nix
deleted file mode 100644
index 5cd36bb0455..00000000000
--- a/nixos/modules/services/misc/sourcehut/hg.nix
+++ /dev/null
@@ -1,173 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.services.sourcehut;
- scfg = cfg.hg;
- iniKey = "hg.sr.ht";
-
- rcfg = config.services.redis;
- drv = pkgs.sourcehut.hgsrht;
-in
-{
- options.services.sourcehut.hg = {
- user = mkOption {
- type = types.str;
- internal = true;
- readOnly = true;
- default = "hg";
- description = ''
- User for hg.sr.ht.
- '';
- };
-
- port = mkOption {
- type = types.port;
- default = 5010;
- description = ''
- Port on which the "hg" module should listen.
- '';
- };
-
- database = mkOption {
- type = types.str;
- default = "hg.sr.ht";
- description = ''
- PostgreSQL database name for hg.sr.ht.
- '';
- };
-
- statePath = mkOption {
- type = types.path;
- default = "${cfg.statePath}/hgsrht";
- description = ''
- State path for hg.sr.ht.
- '';
- };
-
- cloneBundles = mkOption {
- type = types.bool;
- default = false;
- description = ''
- Generate clonebundles (which require more disk space but dramatically speed up cloning large repositories).
- '';
- };
- };
-
- config = with scfg; lib.mkIf (cfg.enable && elem "hg" cfg.services) {
- # In case it ever comes into being
- environment.etc."ssh/hgsrht-dispatch" = {
- mode = "0755";
- text = ''
- #! ${pkgs.stdenv.shell}
- ${cfg.python}/bin/gitsrht-dispatch $@
- '';
- };
-
- environment.systemPackages = [ pkgs.mercurial ];
-
- users = {
- users = {
- "${user}" = {
- isSystemUser = true;
- group = user;
- # Assuming hg.sr.ht needs this too
- shell = pkgs.bash;
- description = "hg.sr.ht user";
- };
- };
-
- groups = {
- "${user}" = { };
- };
- };
-
- services = {
- cron.systemCronJobs = [ "*/20 * * * * ${cfg.python}/bin/hgsrht-periodic" ]
- ++ optional cloneBundles "0 * * * * ${cfg.python}/bin/hgsrht-clonebundles";
-
- openssh.authorizedKeysCommand = ''/etc/ssh/hgsrht-dispatch "%u" "%h" "%t" "%k"'';
- openssh.authorizedKeysCommandUser = "root";
- openssh.extraConfig = ''
- PermitUserEnvironment SRHT_*
- '';
-
- postgresql = {
- authentication = ''
- local ${database} ${user} trust
- '';
- ensureDatabases = [ database ];
- ensureUsers = [
- {
- name = user;
- ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
- }
- ];
- };
- };
-
- systemd = {
- tmpfiles.rules = [
- # /var/log is owned by root
- "f /var/log/hg-srht-shell 0644 ${user} ${user} -"
-
- "d ${statePath} 0750 ${user} ${user} -"
- "d ${cfg.settings."${iniKey}".repos} 2755 ${user} ${user} -"
- ];
-
- services.hgsrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
- after = [ "redis.service" "postgresql.service" "network.target" ];
- requires = [ "redis.service" "postgresql.service" ];
- wantedBy = [ "multi-user.target" ];
-
- path = [ pkgs.mercurial ];
- description = "hg.sr.ht website service";
-
- serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
- };
- };
-
- services.sourcehut.settings = {
- # URL hg.sr.ht is being served at (protocol://domain)
- "hg.sr.ht".origin = mkDefault "http://hg.${cfg.originBase}";
- # Address and port to bind the debug server to
- "hg.sr.ht".debug-host = mkDefault "0.0.0.0";
- "hg.sr.ht".debug-port = mkDefault port;
- # Configures the SQLAlchemy connection string for the database.
- "hg.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
- # The redis connection used for the webhooks worker
- "hg.sr.ht".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/1";
- # A post-update script which is installed in every mercurial repo.
- "hg.sr.ht".changegroup-script = mkDefault "${cfg.python}/bin/hgsrht-hook-changegroup";
- # hg.sr.ht's OAuth client ID and secret for meta.sr.ht
- # Register your client at meta.example.org/oauth
- "hg.sr.ht".oauth-client-id = mkDefault null;
- "hg.sr.ht".oauth-client-secret = mkDefault null;
- # Path to mercurial repositories on disk
- "hg.sr.ht".repos = mkDefault "/var/lib/hg";
- # Path to the srht mercurial extension
- # (defaults to where the hgsrht code is)
- # "hg.sr.ht".srhtext = mkDefault null;
- # .hg/store size (in MB) past which the nightly job generates clone bundles.
- # "hg.sr.ht".clone_bundle_threshold = mkDefault 50;
- # Path to hg-ssh (if not in $PATH)
- # "hg.sr.ht".hg_ssh = mkDefault /path/to/hg-ssh;
-
- # The authorized keys hook uses this to dispatch to various handlers
- # The format is a program to exec into as the key, and the user to match as the
- # value. When someone tries to log in as this user, this program is executed
- # and is expected to omit an AuthorizedKeys file.
- #
- # Uncomment the relevant lines to enable the various sr.ht dispatchers.
- "hg.sr.ht::dispatch"."/run/current-system/sw/bin/hgsrht-keys" = mkDefault "${user}:${user}";
- };
-
- # TODO: requires testing and addition of hg-specific requirements
- services.nginx.virtualHosts."hg.${cfg.originBase}" = {
- forceSSL = true;
- locations."/".proxyPass = "http://${cfg.address}:${toString port}";
- locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
- locations."/static".root = "${pkgs.sourcehut.hgsrht}/${pkgs.sourcehut.python.sitePackages}/hgsrht";
- };
- };
-}
diff --git a/nixos/modules/services/misc/sourcehut/hub.nix b/nixos/modules/services/misc/sourcehut/hub.nix
deleted file mode 100644
index be3ea21011c..00000000000
--- a/nixos/modules/services/misc/sourcehut/hub.nix
+++ /dev/null
@@ -1,118 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.services.sourcehut;
- cfgIni = cfg.settings;
- scfg = cfg.hub;
- iniKey = "hub.sr.ht";
-
- drv = pkgs.sourcehut.hubsrht;
-in
-{
- options.services.sourcehut.hub = {
- user = mkOption {
- type = types.str;
- default = "hubsrht";
- description = ''
- User for hub.sr.ht.
- '';
- };
-
- port = mkOption {
- type = types.port;
- default = 5014;
- description = ''
- Port on which the "hub" module should listen.
- '';
- };
-
- database = mkOption {
- type = types.str;
- default = "hub.sr.ht";
- description = ''
- PostgreSQL database name for hub.sr.ht.
- '';
- };
-
- statePath = mkOption {
- type = types.path;
- default = "${cfg.statePath}/hubsrht";
- description = ''
- State path for hub.sr.ht.
- '';
- };
- };
-
- config = with scfg; lib.mkIf (cfg.enable && elem "hub" cfg.services) {
- users = {
- users = {
- "${user}" = {
- isSystemUser = true;
- group = user;
- description = "hub.sr.ht user";
- };
- };
-
- groups = {
- "${user}" = { };
- };
- };
-
- services.postgresql = {
- authentication = ''
- local ${database} ${user} trust
- '';
- ensureDatabases = [ database ];
- ensureUsers = [
- {
- name = user;
- ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
- }
- ];
- };
-
- systemd = {
- tmpfiles.rules = [
- "d ${statePath} 0750 ${user} ${user} -"
- ];
-
- services.hubsrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
- after = [ "postgresql.service" "network.target" ];
- requires = [ "postgresql.service" ];
- wantedBy = [ "multi-user.target" ];
-
- description = "hub.sr.ht website service";
-
- serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
- };
- };
-
- services.sourcehut.settings = {
- # URL hub.sr.ht is being served at (protocol://domain)
- "hub.sr.ht".origin = mkDefault "http://hub.${cfg.originBase}";
- # Address and port to bind the debug server to
- "hub.sr.ht".debug-host = mkDefault "0.0.0.0";
- "hub.sr.ht".debug-port = mkDefault port;
- # Configures the SQLAlchemy connection string for the database.
- "hub.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
- # Set to "yes" to automatically run migrations on package upgrade.
- "hub.sr.ht".migrate-on-upgrade = mkDefault "yes";
- # hub.sr.ht's OAuth client ID and secret for meta.sr.ht
- # Register your client at meta.example.org/oauth
- "hub.sr.ht".oauth-client-id = mkDefault null;
- "hub.sr.ht".oauth-client-secret = mkDefault null;
- };
-
- services.nginx.virtualHosts."${cfg.originBase}" = {
- forceSSL = true;
- locations."/".proxyPass = "http://${cfg.address}:${toString port}";
- locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
- locations."/static".root = "${pkgs.sourcehut.hubsrht}/${pkgs.sourcehut.python.sitePackages}/hubsrht";
- };
- services.nginx.virtualHosts."hub.${cfg.originBase}" = {
- globalRedirect = "${cfg.originBase}";
- forceSSL = true;
- };
- };
-}
diff --git a/nixos/modules/services/misc/sourcehut/lists.nix b/nixos/modules/services/misc/sourcehut/lists.nix
deleted file mode 100644
index 7b1fe9fd463..00000000000
--- a/nixos/modules/services/misc/sourcehut/lists.nix
+++ /dev/null
@@ -1,185 +0,0 @@
-# Email setup is fairly involved, useful references:
-# https://drewdevault.com/2018/08/05/Local-mail-server.html
-
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.services.sourcehut;
- cfgIni = cfg.settings;
- scfg = cfg.lists;
- iniKey = "lists.sr.ht";
-
- rcfg = config.services.redis;
- drv = pkgs.sourcehut.listssrht;
-in
-{
- options.services.sourcehut.lists = {
- user = mkOption {
- type = types.str;
- default = "listssrht";
- description = ''
- User for lists.sr.ht.
- '';
- };
-
- port = mkOption {
- type = types.port;
- default = 5006;
- description = ''
- Port on which the "lists" module should listen.
- '';
- };
-
- database = mkOption {
- type = types.str;
- default = "lists.sr.ht";
- description = ''
- PostgreSQL database name for lists.sr.ht.
- '';
- };
-
- statePath = mkOption {
- type = types.path;
- default = "${cfg.statePath}/listssrht";
- description = ''
- State path for lists.sr.ht.
- '';
- };
- };
-
- config = with scfg; lib.mkIf (cfg.enable && elem "lists" cfg.services) {
- users = {
- users = {
- "${user}" = {
- isSystemUser = true;
- group = user;
- extraGroups = [ "postfix" ];
- description = "lists.sr.ht user";
- };
- };
- groups = {
- "${user}" = { };
- };
- };
-
- services.postgresql = {
- authentication = ''
- local ${database} ${user} trust
- '';
- ensureDatabases = [ database ];
- ensureUsers = [
- {
- name = user;
- ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
- }
- ];
- };
-
- systemd = {
- tmpfiles.rules = [
- "d ${statePath} 0750 ${user} ${user} -"
- ];
-
- services = {
- listssrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
- after = [ "postgresql.service" "network.target" ];
- requires = [ "postgresql.service" ];
- wantedBy = [ "multi-user.target" ];
-
- description = "lists.sr.ht website service";
-
- serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
- };
-
- listssrht-process = {
- after = [ "postgresql.service" "network.target" ];
- requires = [ "postgresql.service" ];
- wantedBy = [ "multi-user.target" ];
-
- description = "lists.sr.ht process service";
- serviceConfig = {
- Type = "simple";
- User = user;
- Restart = "always";
- ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.process worker --loglevel=info";
- };
- };
-
- listssrht-lmtp = {
- after = [ "postgresql.service" "network.target" ];
- requires = [ "postgresql.service" ];
- wantedBy = [ "multi-user.target" ];
-
- description = "lists.sr.ht process service";
- serviceConfig = {
- Type = "simple";
- User = user;
- Restart = "always";
- ExecStart = "${cfg.python}/bin/listssrht-lmtp";
- };
- };
-
-
- listssrht-webhooks = {
- after = [ "postgresql.service" "network.target" ];
- requires = [ "postgresql.service" ];
- wantedBy = [ "multi-user.target" ];
-
- description = "lists.sr.ht webhooks service";
- serviceConfig = {
- Type = "simple";
- User = user;
- Restart = "always";
- ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel=info";
- };
- };
- };
- };
-
- services.sourcehut.settings = {
- # URL lists.sr.ht is being served at (protocol://domain)
- "lists.sr.ht".origin = mkDefault "http://lists.${cfg.originBase}";
- # Address and port to bind the debug server to
- "lists.sr.ht".debug-host = mkDefault "0.0.0.0";
- "lists.sr.ht".debug-port = mkDefault port;
- # Configures the SQLAlchemy connection string for the database.
- "lists.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
- # Set to "yes" to automatically run migrations on package upgrade.
- "lists.sr.ht".migrate-on-upgrade = mkDefault "yes";
- # lists.sr.ht's OAuth client ID and secret for meta.sr.ht
- # Register your client at meta.example.org/oauth
- "lists.sr.ht".oauth-client-id = mkDefault null;
- "lists.sr.ht".oauth-client-secret = mkDefault null;
- # Outgoing email for notifications generated by users
- "lists.sr.ht".notify-from = mkDefault "CHANGEME@example.org";
- # The redis connection used for the webhooks worker
- "lists.sr.ht".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/2";
- # The redis connection used for the celery worker
- "lists.sr.ht".redis = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/4";
- # Network-key
- "lists.sr.ht".network-key = mkDefault null;
- # Allow creation
- "lists.sr.ht".allow-new-lists = mkDefault "no";
- # Posting Domain
- "lists.sr.ht".posting-domain = mkDefault "lists.${cfg.originBase}";
-
- # Path for the lmtp daemon's unix socket. Direct incoming mail to this socket.
- # Alternatively, specify IP:PORT and an SMTP server will be run instead.
- "lists.sr.ht::worker".sock = mkDefault "/tmp/lists.sr.ht-lmtp.sock";
- # The lmtp daemon will make the unix socket group-read/write for users in this
- # group.
- "lists.sr.ht::worker".sock-group = mkDefault "postfix";
- "lists.sr.ht::worker".reject-url = mkDefault "https://man.sr.ht/lists.sr.ht/etiquette.md";
- "lists.sr.ht::worker".reject-mimetypes = mkDefault "text/html";
-
- };
-
- services.nginx.virtualHosts."lists.${cfg.originBase}" = {
- forceSSL = true;
- locations."/".proxyPass = "http://${cfg.address}:${toString port}";
- locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
- locations."/static".root = "${pkgs.sourcehut.listssrht}/${pkgs.sourcehut.python.sitePackages}/listssrht";
- };
- };
-}
diff --git a/nixos/modules/services/misc/sourcehut/man.nix b/nixos/modules/services/misc/sourcehut/man.nix
deleted file mode 100644
index 7693396d187..00000000000
--- a/nixos/modules/services/misc/sourcehut/man.nix
+++ /dev/null
@@ -1,122 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.services.sourcehut;
- cfgIni = cfg.settings;
- scfg = cfg.man;
- iniKey = "man.sr.ht";
-
- drv = pkgs.sourcehut.mansrht;
-in
-{
- options.services.sourcehut.man = {
- user = mkOption {
- type = types.str;
- default = "mansrht";
- description = ''
- User for man.sr.ht.
- '';
- };
-
- port = mkOption {
- type = types.port;
- default = 5004;
- description = ''
- Port on which the "man" module should listen.
- '';
- };
-
- database = mkOption {
- type = types.str;
- default = "man.sr.ht";
- description = ''
- PostgreSQL database name for man.sr.ht.
- '';
- };
-
- statePath = mkOption {
- type = types.path;
- default = "${cfg.statePath}/mansrht";
- description = ''
- State path for man.sr.ht.
- '';
- };
- };
-
- config = with scfg; lib.mkIf (cfg.enable && elem "man" cfg.services) {
- assertions =
- [
- {
- assertion = hasAttrByPath [ "git.sr.ht" "oauth-client-id" ] cfgIni;
- message = "man.sr.ht needs access to git.sr.ht.";
- }
- ];
-
- users = {
- users = {
- "${user}" = {
- isSystemUser = true;
- group = user;
- description = "man.sr.ht user";
- };
- };
-
- groups = {
- "${user}" = { };
- };
- };
-
- services.postgresql = {
- authentication = ''
- local ${database} ${user} trust
- '';
- ensureDatabases = [ database ];
- ensureUsers = [
- {
- name = user;
- ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
- }
- ];
- };
-
- systemd = {
- tmpfiles.rules = [
- "d ${statePath} 0750 ${user} ${user} -"
- ];
-
- services.mansrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
- after = [ "postgresql.service" "network.target" ];
- requires = [ "postgresql.service" ];
- wantedBy = [ "multi-user.target" ];
-
- description = "man.sr.ht website service";
-
- serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
- };
- };
-
- services.sourcehut.settings = {
- # URL man.sr.ht is being served at (protocol://domain)
- "man.sr.ht".origin = mkDefault "http://man.${cfg.originBase}";
- # Address and port to bind the debug server to
- "man.sr.ht".debug-host = mkDefault "0.0.0.0";
- "man.sr.ht".debug-port = mkDefault port;
- # Configures the SQLAlchemy connection string for the database.
- "man.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
- # Set to "yes" to automatically run migrations on package upgrade.
- "man.sr.ht".migrate-on-upgrade = mkDefault "yes";
- # man.sr.ht's OAuth client ID and secret for meta.sr.ht
- # Register your client at meta.example.org/oauth
- "man.sr.ht".oauth-client-id = mkDefault null;
- "man.sr.ht".oauth-client-secret = mkDefault null;
- };
-
- services.nginx.virtualHosts."man.${cfg.originBase}" = {
- forceSSL = true;
- locations."/".proxyPass = "http://${cfg.address}:${toString port}";
- locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
- locations."/static".root = "${pkgs.sourcehut.mansrht}/${pkgs.sourcehut.python.sitePackages}/mansrht";
- };
- };
-}
diff --git a/nixos/modules/services/misc/sourcehut/meta.nix b/nixos/modules/services/misc/sourcehut/meta.nix
deleted file mode 100644
index 56127a824eb..00000000000
--- a/nixos/modules/services/misc/sourcehut/meta.nix
+++ /dev/null
@@ -1,211 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.services.sourcehut;
- cfgIni = cfg.settings;
- scfg = cfg.meta;
- iniKey = "meta.sr.ht";
-
- rcfg = config.services.redis;
- drv = pkgs.sourcehut.metasrht;
-in
-{
- options.services.sourcehut.meta = {
- user = mkOption {
- type = types.str;
- default = "metasrht";
- description = ''
- User for meta.sr.ht.
- '';
- };
-
- port = mkOption {
- type = types.port;
- default = 5000;
- description = ''
- Port on which the "meta" module should listen.
- '';
- };
-
- database = mkOption {
- type = types.str;
- default = "meta.sr.ht";
- description = ''
- PostgreSQL database name for meta.sr.ht.
- '';
- };
-
- statePath = mkOption {
- type = types.path;
- default = "${cfg.statePath}/metasrht";
- description = ''
- State path for meta.sr.ht.
- '';
- };
- };
-
- config = with scfg; lib.mkIf (cfg.enable && elem "meta" cfg.services) {
- assertions =
- [
- {
- assertion = with cfgIni."meta.sr.ht::billing"; enabled == "yes" -> (stripe-public-key != null && stripe-secret-key != null);
- message = "If meta.sr.ht::billing is enabled, the keys should be defined.";
- }
- ];
-
- users = {
- users = {
- ${user} = {
- isSystemUser = true;
- group = user;
- description = "meta.sr.ht user";
- };
- };
-
- groups = {
- "${user}" = { };
- };
- };
-
- services.cron.systemCronJobs = [ "0 0 * * * ${cfg.python}/bin/metasrht-daily" ];
- services.postgresql = {
- authentication = ''
- local ${database} ${user} trust
- '';
- ensureDatabases = [ database ];
- ensureUsers = [
- {
- name = user;
- ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
- }
- ];
- };
-
- systemd = {
- tmpfiles.rules = [
- "d ${statePath} 0750 ${user} ${user} -"
- ];
-
- services = {
- metasrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
- after = [ "postgresql.service" "network.target" ];
- requires = [ "postgresql.service" ];
- wantedBy = [ "multi-user.target" ];
-
- description = "meta.sr.ht website service";
-
- preStart = ''
- # Configure client(s) as "preauthorized"
- ${concatMapStringsSep "\n\n"
- (attr: ''
- if ! test -e "${statePath}/${attr}.oauth" || [ "$(cat ${statePath}/${attr}.oauth)" != "${cfgIni."${attr}".oauth-client-id}" ]; then
- # Configure ${attr}'s OAuth client as "preauthorized"
- psql ${database} \
- -c "UPDATE oauthclient SET preauthorized = true WHERE client_id = '${cfgIni."${attr}".oauth-client-id}'"
-
- printf "%s" "${cfgIni."${attr}".oauth-client-id}" > "${statePath}/${attr}.oauth"
- fi
- '')
- (builtins.attrNames (filterAttrs
- (k: v: !(hasInfix "::" k) && builtins.hasAttr "oauth-client-id" v && v.oauth-client-id != null)
- cfg.settings))}
- '';
-
- serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
- };
-
- metasrht-api = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
- after = [ "postgresql.service" "network.target" ];
- requires = [ "postgresql.service" ];
- wantedBy = [ "multi-user.target" ];
-
- description = "meta.sr.ht api service";
-
- preStart = ''
- # Configure client(s) as "preauthorized"
- ${concatMapStringsSep "\n\n"
- (attr: ''
- if ! test -e "${statePath}/${attr}.oauth" || [ "$(cat ${statePath}/${attr}.oauth)" != "${cfgIni."${attr}".oauth-client-id}" ]; then
- # Configure ${attr}'s OAuth client as "preauthorized"
- psql ${database} \
- -c "UPDATE oauthclient SET preauthorized = true WHERE client_id = '${cfgIni."${attr}".oauth-client-id}'"
-
- printf "%s" "${cfgIni."${attr}".oauth-client-id}" > "${statePath}/${attr}.oauth"
- fi
- '')
- (builtins.attrNames (filterAttrs
- (k: v: !(hasInfix "::" k) && builtins.hasAttr "oauth-client-id" v && v.oauth-client-id != null)
- cfg.settings))}
- '';
-
- serviceConfig.ExecStart = "${pkgs.sourcehut.metasrht}/bin/metasrht-api -b :${toString (port + 100)}";
- };
-
- metasrht-webhooks = {
- after = [ "postgresql.service" "network.target" ];
- requires = [ "postgresql.service" ];
- wantedBy = [ "multi-user.target" ];
-
- description = "meta.sr.ht webhooks service";
- serviceConfig = {
- Type = "simple";
- User = user;
- Restart = "always";
- ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel=info";
- };
-
- };
- };
- };
-
- services.sourcehut.settings = {
- # URL meta.sr.ht is being served at (protocol://domain)
- "meta.sr.ht".origin = mkDefault "https://meta.${cfg.originBase}";
- # Address and port to bind the debug server to
- "meta.sr.ht".debug-host = mkDefault "0.0.0.0";
- "meta.sr.ht".debug-port = mkDefault port;
- # Configures the SQLAlchemy connection string for the database.
- "meta.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
- # Set to "yes" to automatically run migrations on package upgrade.
- "meta.sr.ht".migrate-on-upgrade = mkDefault "yes";
- # If "yes", the user will be sent the stock sourcehut welcome emails after
- # signup (requires cron to be configured properly). These are specific to the
- # sr.ht instance so you probably want to patch these before enabling this.
- "meta.sr.ht".welcome-emails = mkDefault "no";
-
- # The redis connection used for the webhooks worker
- "meta.sr.ht".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/6";
-
- # If "no", public registration will not be permitted.
- "meta.sr.ht::settings".registration = mkDefault "no";
- # Where to redirect new users upon registration
- "meta.sr.ht::settings".onboarding-redirect = mkDefault "https://meta.${cfg.originBase}";
- # How many invites each user is issued upon registration (only applicable if
- # open registration is disabled)
- "meta.sr.ht::settings".user-invites = mkDefault 5;
-
- # Origin URL for API, 100 more than web
- "meta.sr.ht".api-origin = mkDefault "http://localhost:5100";
-
- # You can add aliases for the client IDs of commonly used OAuth clients here.
- #
- # Example:
- "meta.sr.ht::aliases" = mkDefault { };
- # "meta.sr.ht::aliases"."git.sr.ht" = 12345;
-
- # "yes" to enable the billing system
- "meta.sr.ht::billing".enabled = mkDefault "no";
- # Get your keys at https://dashboard.stripe.com/account/apikeys
- "meta.sr.ht::billing".stripe-public-key = mkDefault null;
- "meta.sr.ht::billing".stripe-secret-key = mkDefault null;
- };
-
- services.nginx.virtualHosts."meta.${cfg.originBase}" = {
- forceSSL = true;
- locations."/".proxyPass = "http://${cfg.address}:${toString port}";
- locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
- locations."/static".root = "${pkgs.sourcehut.metasrht}/${pkgs.sourcehut.python.sitePackages}/metasrht";
- };
- };
-}
diff --git a/nixos/modules/services/misc/sourcehut/paste.nix b/nixos/modules/services/misc/sourcehut/paste.nix
deleted file mode 100644
index b2d5151969e..00000000000
--- a/nixos/modules/services/misc/sourcehut/paste.nix
+++ /dev/null
@@ -1,133 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.services.sourcehut;
- cfgIni = cfg.settings;
- scfg = cfg.paste;
- iniKey = "paste.sr.ht";
-
- rcfg = config.services.redis;
- drv = pkgs.sourcehut.pastesrht;
-in
-{
- options.services.sourcehut.paste = {
- user = mkOption {
- type = types.str;
- default = "pastesrht";
- description = ''
- User for paste.sr.ht.
- '';
- };
-
- port = mkOption {
- type = types.port;
- default = 5011;
- description = ''
- Port on which the "paste" module should listen.
- '';
- };
-
- database = mkOption {
- type = types.str;
- default = "paste.sr.ht";
- description = ''
- PostgreSQL database name for paste.sr.ht.
- '';
- };
-
- statePath = mkOption {
- type = types.path;
- default = "${cfg.statePath}/pastesrht";
- description = ''
- State path for pastesrht.sr.ht.
- '';
- };
- };
-
- config = with scfg; lib.mkIf (cfg.enable && elem "paste" cfg.services) {
- users = {
- users = {
- "${user}" = {
- isSystemUser = true;
- group = user;
- description = "paste.sr.ht user";
- };
- };
-
- groups = {
- "${user}" = { };
- };
- };
-
- services.postgresql = {
- authentication = ''
- local ${database} ${user} trust
- '';
- ensureDatabases = [ database ];
- ensureUsers = [
- {
- name = user;
- ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
- }
- ];
- };
-
- systemd = {
- tmpfiles.rules = [
- "d ${statePath} 0750 ${user} ${user} -"
- ];
-
- services = {
- pastesrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
- after = [ "postgresql.service" "network.target" ];
- requires = [ "postgresql.service" ];
- wantedBy = [ "multi-user.target" ];
-
- description = "paste.sr.ht website service";
-
- serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
- };
-
- pastesrht-webhooks = {
- after = [ "postgresql.service" "network.target" ];
- requires = [ "postgresql.service" ];
- wantedBy = [ "multi-user.target" ];
-
- description = "paste.sr.ht webhooks service";
- serviceConfig = {
- Type = "simple";
- User = user;
- Restart = "always";
- ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel=info";
- };
-
- };
- };
- };
-
- services.sourcehut.settings = {
- # URL paste.sr.ht is being served at (protocol://domain)
- "paste.sr.ht".origin = mkDefault "http://paste.${cfg.originBase}";
- # Address and port to bind the debug server to
- "paste.sr.ht".debug-host = mkDefault "0.0.0.0";
- "paste.sr.ht".debug-port = mkDefault port;
- # Configures the SQLAlchemy connection string for the database.
- "paste.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
- # Set to "yes" to automatically run migrations on package upgrade.
- "paste.sr.ht".migrate-on-upgrade = mkDefault "yes";
- # paste.sr.ht's OAuth client ID and secret for meta.sr.ht
- # Register your client at meta.example.org/oauth
- "paste.sr.ht".oauth-client-id = mkDefault null;
- "paste.sr.ht".oauth-client-secret = mkDefault null;
- "paste.sr.ht".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/5";
- };
-
- services.nginx.virtualHosts."paste.${cfg.originBase}" = {
- forceSSL = true;
- locations."/".proxyPass = "http://${cfg.address}:${toString port}";
- locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
- locations."/static".root = "${pkgs.sourcehut.pastesrht}/${pkgs.sourcehut.python.sitePackages}/pastesrht";
- };
- };
-}
diff --git a/nixos/modules/services/misc/sourcehut/service.nix b/nixos/modules/services/misc/sourcehut/service.nix
index 65b4ad020f9..b3c0efc07dd 100644
--- a/nixos/modules/services/misc/sourcehut/service.nix
+++ b/nixos/modules/services/misc/sourcehut/service.nix
@@ -1,66 +1,375 @@
-{ config, pkgs, lib }:
-serviceCfg: serviceDrv: iniKey: attrs:
+srv:
+{ configIniOfService
+, srvsrht ? "${srv}srht" # Because "buildsrht" does not follow that pattern (missing an "s").
+, iniKey ? "${srv}.sr.ht"
+, webhooks ? false
+, extraTimers ? {}
+, mainService ? {}
+, extraServices ? {}
+, extraConfig ? {}
+, port
+}:
+{ config, lib, pkgs, ... }:
+
+with lib;
let
+ inherit (config.services) postgresql;
+ redis = config.services.redis.servers."sourcehut-${srvsrht}";
+ inherit (config.users) users;
cfg = config.services.sourcehut;
- cfgIni = cfg.settings."${iniKey}";
- pgSuperUser = config.services.postgresql.superUser;
-
- setupDB = pkgs.writeScript "${serviceDrv.pname}-gen-db" ''
- #! ${cfg.python}/bin/python
- from ${serviceDrv.pname}.app import db
- db.create()
- '';
+ configIni = configIniOfService srv;
+ srvCfg = cfg.${srv};
+ baseService = serviceName: { allowStripe ? false }: extraService: let
+ runDir = "/run/sourcehut/${serviceName}";
+ rootDir = "/run/sourcehut/chroots/${serviceName}";
+ in
+ mkMerge [ extraService {
+ after = [ "network.target" ] ++
+ optional cfg.postgresql.enable "postgresql.service" ++
+ optional cfg.redis.enable "redis-sourcehut-${srvsrht}.service";
+ requires =
+ optional cfg.postgresql.enable "postgresql.service" ++
+ optional cfg.redis.enable "redis-sourcehut-${srvsrht}.service";
+ path = [ pkgs.gawk ];
+ environment.HOME = runDir;
+ serviceConfig = {
+ User = mkDefault srvCfg.user;
+ Group = mkDefault srvCfg.group;
+ RuntimeDirectory = [
+ "sourcehut/${serviceName}"
+ # Used by *srht-keys which reads ../config.ini
+ "sourcehut/${serviceName}/subdir"
+ "sourcehut/chroots/${serviceName}"
+ ];
+ RuntimeDirectoryMode = "2750";
+ # No need for the chroot path once inside the chroot
+ InaccessiblePaths = [ "-+${rootDir}" ];
+ # g+rx is for group members (eg. fcgiwrap or nginx)
+ # to read Git/Mercurial repositories, buildlogs, etc.
+ # o+x is for intermediate directories created by BindPaths= and like,
+ # as they're owned by root:root.
+ UMask = "0026";
+ RootDirectory = rootDir;
+ RootDirectoryStartOnly = true;
+ PrivateTmp = true;
+ MountAPIVFS = true;
+ # config.ini is looked up in there, before /etc/srht/config.ini
+ # Note that it fails to be set in ExecStartPre=
+ WorkingDirectory = mkDefault ("-"+runDir);
+ BindReadOnlyPaths = [
+ builtins.storeDir
+ "/etc"
+ "/run/booted-system"
+ "/run/current-system"
+ "/run/systemd"
+ ] ++
+ optional cfg.postgresql.enable "/run/postgresql" ++
+ optional cfg.redis.enable "/run/redis-sourcehut-${srvsrht}";
+ # LoadCredential= are unfortunately not available in ExecStartPre=
+ # Hence this one is run as root (the +) with RootDirectoryStartOnly=
+ # to reach credentials wherever they are.
+ # Note that each systemd service gets its own ${runDir}/config.ini file.
+ ExecStartPre = mkBefore [("+"+pkgs.writeShellScript "${serviceName}-credentials" ''
+ set -x
+ # Replace values begining with a '<' by the content of the file whose name is after.
+ gawk '{ if (match($0,/^([^=]+=)<(.+)/,m)) { getline f < m[2]; print m[1] f } else print $0 }' ${configIni} |
+ ${optionalString (!allowStripe) "gawk '!/^stripe-secret-key=/' |"}
+ install -o ${srvCfg.user} -g root -m 400 /dev/stdin ${runDir}/config.ini
+ '')];
+ # The following options are only for optimizing:
+ # systemd-analyze security
+ AmbientCapabilities = "";
+ CapabilityBoundingSet = "";
+ # ProtectClock= adds DeviceAllow=char-rtc r
+ DeviceAllow = "";
+ LockPersonality = true;
+ MemoryDenyWriteExecute = true;
+ NoNewPrivileges = true;
+ PrivateDevices = true;
+ PrivateMounts = true;
+ PrivateNetwork = mkDefault false;
+ PrivateUsers = true;
+ ProcSubset = "pid";
+ ProtectClock = true;
+ ProtectControlGroups = true;
+ ProtectHome = true;
+ ProtectHostname = true;
+ ProtectKernelLogs = true;
+ ProtectKernelModules = true;
+ ProtectKernelTunables = true;
+ ProtectProc = "invisible";
+ ProtectSystem = "strict";
+ RemoveIPC = true;
+ RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
+ RestrictNamespaces = true;
+ RestrictRealtime = true;
+ RestrictSUIDSGID = true;
+ #SocketBindAllow = [ "tcp:${toString srvCfg.port}" "tcp:${toString srvCfg.prometheusPort}" ];
+ #SocketBindDeny = "any";
+ SystemCallFilter = [
+ "@system-service"
+ "~@aio" "~@keyring" "~@memlock" "~@privileged" "~@resources" "~@timer"
+ "@chown" "@setuid"
+ ];
+ SystemCallArchitectures = "native";
+ };
+ } ];
in
-with serviceCfg; with lib; recursiveUpdate
{
- environment.HOME = statePath;
- path = [ config.services.postgresql.package ] ++ (attrs.path or [ ]);
- restartTriggers = [ config.environment.etc."sr.ht/config.ini".source ];
- serviceConfig = {
- Type = "simple";
- User = user;
- Group = user;
- Restart = "always";
- WorkingDirectory = statePath;
- } // (if (cfg.statePath == "/var/lib/sourcehut/${serviceDrv.pname}") then {
- StateDirectory = [ "sourcehut/${serviceDrv.pname}" ];
- } else {})
- ;
+ options.services.sourcehut.${srv} = {
+ enable = mkEnableOption "${srv} service";
- preStart = ''
- if ! test -e ${statePath}/db; then
- # Setup the initial database
- ${setupDB}
+ user = mkOption {
+ type = types.str;
+ default = srvsrht;
+ description = ''
+ User for ${srv}.sr.ht.
+ '';
+ };
- # Set the initial state of the database for future database upgrades
- if test -e ${cfg.python}/bin/${serviceDrv.pname}-migrate; then
- # Run alembic stamp head once to tell alembic the schema is up-to-date
- ${cfg.python}/bin/${serviceDrv.pname}-migrate stamp head
- fi
+ group = mkOption {
+ type = types.str;
+ default = srvsrht;
+ description = ''
+ Group for ${srv}.sr.ht.
+ Membership grants access to the Git/Mercurial repositories by default,
+ but not to the config.ini file (where secrets are).
+ '';
+ };
- printf "%s" "${serviceDrv.version}" > ${statePath}/db
- fi
+ port = mkOption {
+ type = types.port;
+ default = port;
+ description = ''
+ Port on which the "${srv}" backend should listen.
+ '';
+ };
- # Update copy of each users' profile to the latest
- # See https://lists.sr.ht/~sircmpwn/sr.ht-admins/<20190302181207.GA13778%40cirno.my.domain>
- if ! test -e ${statePath}/webhook; then
- # Update ${iniKey}'s users' profile copy to the latest
- ${cfg.python}/bin/srht-update-profiles ${iniKey}
+ redis = {
+ host = mkOption {
+ type = types.str;
+ default = "unix:/run/redis-sourcehut-${srvsrht}/redis.sock?db=0";
+ example = "redis://shared.wireguard:6379/0";
+ description = ''
+ The redis host URL. This is used for caching and temporary storage, and must
+ be shared between nodes (e.g. git1.sr.ht and git2.sr.ht), but need not be
+ shared between services. It may be shared between services, however, with no
+ ill effect, if this better suits your infrastructure.
+ '';
+ };
+ };
- touch ${statePath}/webhook
- fi
+ postgresql = {
+ database = mkOption {
+ type = types.str;
+ default = "${srv}.sr.ht";
+ description = ''
+ PostgreSQL database name for the ${srv}.sr.ht service,
+ used if <xref linkend="opt-services.sourcehut.postgresql.enable"/> is <literal>true</literal>.
+ '';
+ };
+ };
- ${optionalString (builtins.hasAttr "migrate-on-upgrade" cfgIni && cfgIni.migrate-on-upgrade == "yes") ''
- if [ "$(cat ${statePath}/db)" != "${serviceDrv.version}" ]; then
- # Manage schema migrations using alembic
- ${cfg.python}/bin/${serviceDrv.pname}-migrate -a upgrade head
+ gunicorn = {
+ extraArgs = mkOption {
+ type = with types; listOf str;
+ default = ["--timeout 120" "--workers 1" "--log-level=info"];
+ description = "Extra arguments passed to Gunicorn.";
+ };
+ };
+ } // optionalAttrs webhooks {
+ webhooks = {
+ extraArgs = mkOption {
+ type = with types; listOf str;
+ default = ["--loglevel DEBUG" "--pool eventlet" "--without-heartbeat"];
+ description = "Extra arguments passed to the Celery responsible for webhooks.";
+ };
+ celeryConfig = mkOption {
+ type = types.lines;
+ default = "";
+ description = "Content of the <literal>celeryconfig.py</literal> used by the Celery responsible for webhooks.";
+ };
+ };
+ };
- # Mark down current package version
- printf "%s" "${serviceDrv.version}" > ${statePath}/db
- fi
- ''}
+ config = lib.mkIf (cfg.enable && srvCfg.enable) (mkMerge [ extraConfig {
+ users = {
+ users = {
+ "${srvCfg.user}" = {
+ isSystemUser = true;
+ group = mkDefault srvCfg.group;
+ description = mkDefault "sourcehut user for ${srv}.sr.ht";
+ };
+ };
+ groups = {
+ "${srvCfg.group}" = { };
+ } // optionalAttrs (cfg.postgresql.enable
+ && hasSuffix "0" (postgresql.settings.unix_socket_permissions or "")) {
+ "postgres".members = [ srvCfg.user ];
+ } // optionalAttrs (cfg.redis.enable
+ && hasSuffix "0" (redis.settings.unixsocketperm or "")) {
+ "redis-sourcehut-${srvsrht}".members = [ srvCfg.user ];
+ };
+ };
- ${attrs.preStart or ""}
- '';
+ services.nginx = mkIf cfg.nginx.enable {
+ virtualHosts."${srv}.${cfg.settings."sr.ht".global-domain}" = mkMerge [ {
+ forceSSL = true;
+ locations."/".proxyPass = "http://${cfg.listenAddress}:${toString srvCfg.port}";
+ locations."/static" = {
+ root = "${pkgs.sourcehut.${srvsrht}}/${pkgs.sourcehut.python.sitePackages}/${srvsrht}";
+ extraConfig = mkDefault ''
+ expires 30d;
+ '';
+ };
+ } cfg.nginx.virtualHost ];
+ };
+
+ services.postgresql = mkIf cfg.postgresql.enable {
+ authentication = ''
+ local ${srvCfg.postgresql.database} ${srvCfg.user} trust
+ '';
+ ensureDatabases = [ srvCfg.postgresql.database ];
+ ensureUsers = map (name: {
+ inherit name;
+ ensurePermissions = { "DATABASE \"${srvCfg.postgresql.database}\"" = "ALL PRIVILEGES"; };
+ }) [srvCfg.user];
+ };
+
+ services.sourcehut.services = mkDefault (filter (s: cfg.${s}.enable)
+ [ "builds" "dispatch" "git" "hg" "hub" "lists" "man" "meta" "pages" "paste" "todo" ]);
+
+ services.sourcehut.settings = mkMerge [
+ {
+ "${srv}.sr.ht".origin = mkDefault "https://${srv}.${cfg.settings."sr.ht".global-domain}";
+ }
+
+ (mkIf cfg.postgresql.enable {
+ "${srv}.sr.ht".connection-string = mkDefault "postgresql:///${srvCfg.postgresql.database}?user=${srvCfg.user}&host=/run/postgresql";
+ })
+ ];
+
+ services.redis.servers."sourcehut-${srvsrht}" = mkIf cfg.redis.enable {
+ enable = true;
+ databases = 3;
+ syslog = true;
+ # TODO: set a more informed value
+ save = mkDefault [ [1800 10] [300 100] ];
+ settings = {
+ # TODO: set a more informed value
+ maxmemory = "128MB";
+ maxmemory-policy = "volatile-ttl";
+ };
+ };
+
+ systemd.services = mkMerge [
+ {
+ "${srvsrht}" = baseService srvsrht { allowStripe = srv == "meta"; } (mkMerge [
+ {
+ description = "sourcehut ${srv}.sr.ht website service";
+ before = optional cfg.nginx.enable "nginx.service";
+ wants = optional cfg.nginx.enable "nginx.service";
+ wantedBy = [ "multi-user.target" ];
+ path = optional cfg.postgresql.enable postgresql.package;
+ # Beware: change in credentials' content will not trigger restart.
+ restartTriggers = [ configIni ];
+ serviceConfig = {
+ Type = "simple";
+ Restart = mkDefault "always";
+ #RestartSec = mkDefault "2min";
+ StateDirectory = [ "sourcehut/${srvsrht}" ];
+ StateDirectoryMode = "2750";
+ ExecStart = "${cfg.python}/bin/gunicorn ${srvsrht}.app:app --name ${srvsrht} --bind ${cfg.listenAddress}:${toString srvCfg.port} " + concatStringsSep " " srvCfg.gunicorn.extraArgs;
+ };
+ preStart = let
+ version = pkgs.sourcehut.${srvsrht}.version;
+ stateDir = "/var/lib/sourcehut/${srvsrht}";
+ in mkBefore ''
+ set -x
+ # Use the /run/sourcehut/${srvsrht}/config.ini
+ # installed by a previous ExecStartPre= in baseService
+ cd /run/sourcehut/${srvsrht}
+
+ if test ! -e ${stateDir}/db; then
+ # Setup the initial database.
+ # Note that it stamps the alembic head afterward
+ ${cfg.python}/bin/${srvsrht}-initdb
+ echo ${version} >${stateDir}/db
+ fi
+
+ ${optionalString cfg.settings.${iniKey}.migrate-on-upgrade ''
+ if [ "$(cat ${stateDir}/db)" != "${version}" ]; then
+ # Manage schema migrations using alembic
+ ${cfg.python}/bin/${srvsrht}-migrate -a upgrade head
+ echo ${version} >${stateDir}/db
+ fi
+ ''}
+
+ # Update copy of each users' profile to the latest
+ # See https://lists.sr.ht/~sircmpwn/sr.ht-admins/<20190302181207.GA13778%40cirno.my.domain>
+ if test ! -e ${stateDir}/webhook; then
+ # Update ${iniKey}'s users' profile copy to the latest
+ ${cfg.python}/bin/srht-update-profiles ${iniKey}
+ touch ${stateDir}/webhook
+ fi
+ '';
+ } mainService ]);
+ }
+
+ (mkIf webhooks {
+ "${srvsrht}-webhooks" = baseService "${srvsrht}-webhooks" {}
+ {
+ description = "sourcehut ${srv}.sr.ht webhooks service";
+ after = [ "${srvsrht}.service" ];
+ wantedBy = [ "${srvsrht}.service" ];
+ partOf = [ "${srvsrht}.service" ];
+ preStart = ''
+ cp ${pkgs.writeText "${srvsrht}-webhooks-celeryconfig.py" srvCfg.webhooks.celeryConfig} \
+ /run/sourcehut/${srvsrht}-webhooks/celeryconfig.py
+ '';
+ serviceConfig = {
+ Type = "simple";
+ Restart = "always";
+ ExecStart = "${cfg.python}/bin/celery --app ${srvsrht}.webhooks worker --hostname ${srvsrht}-webhooks@%%h " + concatStringsSep " " srvCfg.webhooks.extraArgs;
+ # Avoid crashing: os.getloadavg()
+ ProcSubset = mkForce "all";
+ };
+ };
+ })
+
+ (mapAttrs (timerName: timer: (baseService timerName {} (mkMerge [
+ {
+ description = "sourcehut ${timerName} service";
+ after = [ "network.target" "${srvsrht}.service" ];
+ serviceConfig = {
+ Type = "oneshot";
+ ExecStart = "${cfg.python}/bin/${timerName}";
+ };
+ }
+ (timer.service or {})
+ ]))) extraTimers)
+
+ (mapAttrs (serviceName: extraService: baseService serviceName {} (mkMerge [
+ {
+ description = "sourcehut ${serviceName} service";
+ # So that extraServices have the PostgreSQL database initialized.
+ after = [ "${srvsrht}.service" ];
+ wantedBy = [ "${srvsrht}.service" ];
+ partOf = [ "${srvsrht}.service" ];
+ serviceConfig = {
+ Type = "simple";
+ Restart = mkDefault "always";
+ };
+ }
+ extraService
+ ])) extraServices)
+ ];
+
+ systemd.timers = mapAttrs (timerName: timer:
+ {
+ description = "sourcehut timer for ${timerName}";
+ wantedBy = [ "timers.target" ];
+ inherit (timer) timerConfig;
+ }) extraTimers;
+ } ]);
}
- (builtins.removeAttrs attrs [ "path" "preStart" ])
diff --git a/nixos/modules/services/misc/sourcehut/sourcehut.xml b/nixos/modules/services/misc/sourcehut/sourcehut.xml
index ab9a8c6cb4b..41094f65a94 100644
--- a/nixos/modules/services/misc/sourcehut/sourcehut.xml
+++ b/nixos/modules/services/misc/sourcehut/sourcehut.xml
@@ -14,13 +14,12 @@
<title>Basic usage</title>
<para>
Sourcehut is a Python and Go based set of applications.
- <literal><link linkend="opt-services.sourcehut.enable">services.sourcehut</link></literal>
- by default will use
+ This NixOS module also provides basic configuration integrating Sourcehut into locally running
<literal><link linkend="opt-services.nginx.enable">services.nginx</link></literal>,
- <literal><link linkend="opt-services.nginx.enable">services.redis</link></literal>,
- <literal><link linkend="opt-services.nginx.enable">services.cron</link></literal>,
+ <literal><link linkend="opt-services.redis.servers">services.redis.servers.sourcehut</link></literal>,
+ <literal><link linkend="opt-services.postfix.enable">services.postfix</link></literal>
and
- <literal><link linkend="opt-services.postgresql.enable">services.postgresql</link></literal>.
+ <literal><link linkend="opt-services.postgresql.enable">services.postgresql</link></literal> services.
</para>
<para>
@@ -42,18 +41,23 @@ in {
services.sourcehut = {
<link linkend="opt-services.sourcehut.enable">enable</link> = true;
- <link linkend="opt-services.sourcehut.originBase">originBase</link> = fqdn;
- <link linkend="opt-services.sourcehut.services">services</link> = [ "meta" "man" "git" ];
+ <link linkend="opt-services.sourcehut.git.enable">git.enable</link> = true;
+ <link linkend="opt-services.sourcehut.man.enable">man.enable</link> = true;
+ <link linkend="opt-services.sourcehut.meta.enable">meta.enable</link> = true;
+ <link linkend="opt-services.sourcehut.nginx.enable">nginx.enable</link> = true;
+ <link linkend="opt-services.sourcehut.postfix.enable">postfix.enable</link> = true;
+ <link linkend="opt-services.sourcehut.postgresql.enable">postgresql.enable</link> = true;
+ <link linkend="opt-services.sourcehut.redis.enable">redis.enable</link> = true;
<link linkend="opt-services.sourcehut.settings">settings</link> = {
"sr.ht" = {
environment = "production";
global-domain = fqdn;
origin = "https://${fqdn}";
# Produce keys with srht-keygen from <package>sourcehut.coresrht</package>.
- network-key = "SECRET";
- service-key = "SECRET";
+ network-key = "/run/keys/path/to/network-key";
+ service-key = "/run/keys/path/to/service-key";
};
- webhooks.private-key= "SECRET";
+ webhooks.private-key= "/run/keys/path/to/webhook-key";
};
};
diff --git a/nixos/modules/services/misc/sourcehut/todo.nix b/nixos/modules/services/misc/sourcehut/todo.nix
deleted file mode 100644
index aec773b0669..00000000000
--- a/nixos/modules/services/misc/sourcehut/todo.nix
+++ /dev/null
@@ -1,161 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- cfg = config.services.sourcehut;
- cfgIni = cfg.settings;
- scfg = cfg.todo;
- iniKey = "todo.sr.ht";
-
- rcfg = config.services.redis;
- drv = pkgs.sourcehut.todosrht;
-in
-{
- options.services.sourcehut.todo = {
- user = mkOption {
- type = types.str;
- default = "todosrht";
- description = ''
- User for todo.sr.ht.
- '';
- };
-
- port = mkOption {
- type = types.port;
- default = 5003;
- description = ''
- Port on which the "todo" module should listen.
- '';
- };
-
- database = mkOption {
- type = types.str;
- default = "todo.sr.ht";
- description = ''
- PostgreSQL database name for todo.sr.ht.
- '';
- };
-
- statePath = mkOption {
- type = types.path;
- default = "${cfg.statePath}/todosrht";
- description = ''
- State path for todo.sr.ht.
- '';
- };
- };
-
- config = with scfg; lib.mkIf (cfg.enable && elem "todo" cfg.services) {
- users = {
- users = {
- "${user}" = {
- isSystemUser = true;
- group = user;
- extraGroups = [ "postfix" ];
- description = "todo.sr.ht user";
- };
- };
- groups = {
- "${user}" = { };
- };
- };
-
- services.postgresql = {
- authentication = ''
- local ${database} ${user} trust
- '';
- ensureDatabases = [ database ];
- ensureUsers = [
- {
- name = user;
- ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
- }
- ];
- };
-
- systemd = {
- tmpfiles.rules = [
- "d ${statePath} 0750 ${user} ${user} -"
- ];
-
- services = {
- todosrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
- after = [ "postgresql.service" "network.target" ];
- requires = [ "postgresql.service" ];
- wantedBy = [ "multi-user.target" ];
-
- description = "todo.sr.ht website service";
-
- serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
- };
-
- todosrht-lmtp = {
- after = [ "postgresql.service" "network.target" ];
- bindsTo = [ "postgresql.service" ];
- wantedBy = [ "multi-user.target" ];
-
- description = "todo.sr.ht process service";
- serviceConfig = {
- Type = "simple";
- User = user;
- Restart = "always";
- ExecStart = "${cfg.python}/bin/todosrht-lmtp";
- };
- };
-
- todosrht-webhooks = {
- after = [ "postgresql.service" "network.target" ];
- requires = [ "postgresql.service" ];
- wantedBy = [ "multi-user.target" ];
-
- description = "todo.sr.ht webhooks service";
- serviceConfig = {
- Type = "simple";
- User = user;
- Restart = "always";
- ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel=info";
- };
-
- };
- };
- };
-
- services.sourcehut.settings = {
- # URL todo.sr.ht is being served at (protocol://domain)
- "todo.sr.ht".origin = mkDefault "http://todo.${cfg.originBase}";
- # Address and port to bind the debug server to
- "todo.sr.ht".debug-host = mkDefault "0.0.0.0";
- "todo.sr.ht".debug-port = mkDefault port;
- # Configures the SQLAlchemy connection string for the database.
- "todo.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
- # Set to "yes" to automatically run migrations on package upgrade.
- "todo.sr.ht".migrate-on-upgrade = mkDefault "yes";
- # todo.sr.ht's OAuth client ID and secret for meta.sr.ht
- # Register your client at meta.example.org/oauth
- "todo.sr.ht".oauth-client-id = mkDefault null;
- "todo.sr.ht".oauth-client-secret = mkDefault null;
- # Outgoing email for notifications generated by users
- "todo.sr.ht".notify-from = mkDefault "CHANGEME@example.org";
- # The redis connection used for the webhooks worker
- "todo.sr.ht".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/1";
- # Network-key
- "todo.sr.ht".network-key = mkDefault null;
-
- # Path for the lmtp daemon's unix socket. Direct incoming mail to this socket.
- # Alternatively, specify IP:PORT and an SMTP server will be run instead.
- "todo.sr.ht::mail".sock = mkDefault "/tmp/todo.sr.ht-lmtp.sock";
- # The lmtp daemon will make the unix socket group-read/write for users in this
- # group.
- "todo.sr.ht::mail".sock-group = mkDefault "postfix";
-
- "todo.sr.ht::mail".posting-domain = mkDefault "todo.${cfg.originBase}";
- };
-
- services.nginx.virtualHosts."todo.${cfg.originBase}" = {
- forceSSL = true;
- locations."/".proxyPass = "http://${cfg.address}:${toString port}";
- locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
- locations."/static".root = "${pkgs.sourcehut.todosrht}/${pkgs.sourcehut.python.sitePackages}/todosrht";
- };
- };
-}
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index a6eb2c03258..eb0238c0ca1 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -412,6 +412,7 @@ in
solanum = handleTest ./solanum.nix {};
solr = handleTest ./solr.nix {};
sonarr = handleTest ./sonarr.nix {};
+ sourcehut = handleTest ./sourcehut.nix {};
spacecookie = handleTest ./spacecookie.nix {};
spike = handleTest ./spike.nix {};
sslh = handleTest ./sslh.nix {};
diff --git a/nixos/tests/sourcehut.nix b/nixos/tests/sourcehut.nix
index b56a14ebf85..6492250bd57 100644
--- a/nixos/tests/sourcehut.nix
+++ b/nixos/tests/sourcehut.nix
@@ -12,10 +12,20 @@ import ./make-test-python.nix ({ pkgs, ... }:
services.sourcehut = {
enable = true;
services = [ "meta" ];
- originBase = "sourcehut";
- settings."sr.ht".service-key = "8888888888888888888888888888888888888888888888888888888888888888";
- settings."sr.ht".network-key = "0000000000000000000000000000000000000000000=";
- settings.webhooks.private-key = "0000000000000000000000000000000000000000000=";
+ redis.enable = true;
+ postgresql.enable = true;
+ meta.enable = true;
+ settings."sr.ht" = {
+ global-domain = "sourcehut";
+ service-key = pkgs.writeText "service-key" "8b327279b77e32a3620e2fc9aabce491cc46e7d821fd6713b2a2e650ce114d01";
+ network-key = pkgs.writeText "network-key" "cEEmc30BRBGkgQZcHFksiG7hjc6_dK1XR2Oo5Jb9_nQ=";
+ };
+ settings.webhooks.private-key = pkgs.writeText "webhook-key" "Ra3IjxgFiwG9jxgp4WALQIZw/BMYt30xWiOsqD0J7EA=";
+ };
+ services.postgresql = {
+ enable = true;
+ enableTCPIP = false;
+ settings.unix_socket_permissions = "0770";
};
};
diff --git a/pkgs/applications/version-management/sourcehut/builds.nix b/pkgs/applications/version-management/sourcehut/builds.nix
index c8163caf8ea..99f3946253b 100644
--- a/pkgs/applications/version-management/sourcehut/builds.nix
+++ b/pkgs/applications/version-management/sourcehut/builds.nix
@@ -11,26 +11,54 @@
, python
}:
let
- version = "0.66.7";
-
- buildWorker = src: buildGoModule {
- inherit src version;
- pname = "builds-sr-ht-worker";
-
- vendorSha256 = "sha256-giOaldV46aBqXyFH/cQVsbUr6Rb4VMhbBO86o48tRZY=";
- };
-in
-buildPythonPackage rec {
- inherit version;
- pname = "buildsrht";
+ version = "0.73.3";
src = fetchFromSourcehut {
owner = "~sircmpwn";
repo = "builds.sr.ht";
rev = version;
- sha256 = "sha256-2MLs/DOXHjEYarXDVUcPZe3o0fmZbzVxn528SE72lhM=";
+ sha256 = "sha256-/0KYQgl/pfZomD1EEF9iI9HnNR99a8OB3/n5IfgClQk=";
};
+ worker = buildGoModule {
+ inherit src version;
+ sourceRoot = "source/worker";
+ pname = "buildsrht-worker";
+
+ vendorSha256 = "sha256-7zlt5305P3KzGrs4wUyAU1+FpoBMyl+yjkLSzqUybxg=";
+
+ # What follows is only to update go-redis,
+ # and thus also using a patched srht-keys.
+ # go.{mod,sum} could be patched directly but that would be less resilient
+ # to changes from upstream, and thus harder to maintain the patching
+ # while it hasn't been merged upstream.
+
+ overrideModAttrs = old: {
+ preBuild = ''
+ go get github.com/go-redis/redis/v8
+ go get github.com/go-redis/redis@none
+ go mod tidy
+ '';
+ # Pass updated go.{mod,sum} from go-modules to worker's vendor/go.{mod,sum}
+ postInstall = ''
+ cp --reflink=auto go.* $out/
+ '';
+ };
+
+ patches = [
+ # Update go-redis to support Unix sockets
+ patches/redis-socket/build/v3-0001-worker-update-go-redis-to-support-Unix-sockets.patch
+ ];
+ patchFlags = ["-p2"];
+ postConfigure = ''
+ cp -v vendor/go.{mod,sum} .
+ '';
+ };
+in
+buildPythonPackage rec {
+ inherit src version;
+ pname = "buildsrht";
+
nativeBuildInputs = srht.nativeBuildInputs;
propagatedBuildInputs = [
@@ -53,13 +81,17 @@ buildPythonPackage rec {
cp -r images $out/lib
cp contrib/submit_image_build $out/bin/builds.sr.ht
- cp ${buildWorker "${src}/worker"}/bin/worker $out/bin/builds.sr.ht-worker
+ cp ${worker}/bin/worker $out/bin/builds.sr.ht-worker
'';
+ pythonImportsCheck = [ "buildsrht" ];
+
+ passthru = { inherit worker; };
+
meta = with lib; {
homepage = "https://git.sr.ht/~sircmpwn/builds.sr.ht";
description = "Continuous integration service for the sr.ht network";
- license = licenses.agpl3;
+ license = licenses.agpl3Only;
maintainers = with maintainers; [ eadwu ];
};
}
diff --git a/pkgs/applications/version-management/sourcehut/core.nix b/pkgs/applications/version-management/sourcehut/core.nix
index 7c3a516ed9d..0c2dec45b99 100644
--- a/pkgs/applications/version-management/sourcehut/core.nix
+++ b/pkgs/applications/version-management/sourcehut/core.nix
@@ -25,17 +25,16 @@
, sassc
, nodejs
, redis
-, writeText
}:
buildPythonPackage rec {
pname = "srht";
- version = "0.67.4";
+ version = "0.68.1";
src = fetchgit {
url = "https://git.sr.ht/~sircmpwn/core.sr.ht";
rev = version;
- sha256 = "sha256-XvzFfcBK5Mq8p7xEBAF/eupUE1kkUBh5k+ByM/WA9bc=";
+ sha256 = "sha256-gfJB3zTzs2Uj5EREWV8a5ftt4uNCkuYsGnvTXWImitc=";
fetchSubmodules = true;
};
@@ -46,7 +45,10 @@ buildPythonPackage rec {
};
patches = [
- ./disable-npm-install.patch
+ # Disable check for npm
+ patches/disable-npm-install.patch
+ # Add Unix socket support for redis-host=
+ patches/redis-socket/core/v3-0001-add-Unix-socket-support-for-redis-host.patch
];
nativeBuildInputs = [
@@ -87,6 +89,7 @@ buildPythonPackage rec {
'';
dontUseSetuptoolsCheck = true;
+ pythonImportsCheck = [ "srht" ];
meta = with lib; {
homepage = "https://git.sr.ht/~sircmpwn/srht";
diff --git a/pkgs/applications/version-management/sourcehut/default.nix b/pkgs/applications/version-management/sourcehut/default.nix
index 401a1437b7d..7dde841b543 100644
--- a/pkgs/applications/version-management/sourcehut/default.nix
+++ b/pkgs/applications/version-management/sourcehut/default.nix
@@ -22,10 +22,12 @@ let
listssrht = self.callPackage ./lists.nix { };
mansrht = self.callPackage ./man.nix { };
metasrht = self.callPackage ./meta.nix { };
+ pagessrht = self.callPackage ./pages.nix { };
pastesrht = self.callPackage ./paste.nix { };
todosrht = self.callPackage ./todo.nix { };
scmsrht = self.callPackage ./scm.nix { };
+ srht-keys = self.scmsrht.srht-keys;
};
};
in
@@ -40,6 +42,8 @@ with python.pkgs; recurseIntoAttrs {
listssrht = toPythonApplication listssrht;
mansrht = toPythonApplication mansrht;
metasrht = toPythonApplication metasrht;
+ pagessrht = pagessrht;
pastesrht = toPythonApplication pastesrht;
todosrht = toPythonApplication todosrht;
+ srht-keys = scmsrht.srht-keys;
}
diff --git a/pkgs/applications/version-management/sourcehut/dispatch.nix b/pkgs/applications/version-management/sourcehut/dispatch.nix
index 637c6f9c1df..9456d0c998c 100644
--- a/pkgs/applications/version-management/sourcehut/dispatch.nix
+++ b/pkgs/applications/version-management/sourcehut/dispatch.nix
@@ -9,13 +9,13 @@
buildPythonPackage rec {
pname = "dispatchsrht";
- version = "0.15.8";
+ version = "0.15.32";
src = fetchFromSourcehut {
owner = "~sircmpwn";
repo = "dispatch.sr.ht";
rev = version;
- sha256 = "sha256-zWCGPjIgMKHXHJUs9aciV7IFgo0rpahon6KXHDwcfss=";
+ sha256 = "sha256-4P4cXhjcZ8IBzpRfmYIJkzl9U4Plo36a48Pf/KjmhFY=";
};
nativeBuildInputs = srht.nativeBuildInputs;
@@ -31,10 +31,12 @@ buildPythonPackage rec {
export SRHT_PATH=${srht}/${python.sitePackages}/srht
'';
+ pythonImportsCheck = [ "dispatchsrht" ];
+
meta = with lib; {
homepage = "https://dispatch.sr.ht/~sircmpwn/dispatch.sr.ht";
description = "Task dispatcher and service integration tool for the sr.ht network";
- license = licenses.agpl3;
+ license = licenses.agpl3Only;
maintainers = with maintainers; [ eadwu ];
};
}
diff --git a/pkgs/applications/version-management/sourcehut/git.nix b/pkgs/applications/version-management/sourcehut/git.nix
index e44fb9cd6c6..32c719bbc24 100644
--- a/pkgs/applications/version-management/sourcehut/git.nix
+++ b/pkgs/applications/version-management/sourcehut/git.nix
@@ -6,42 +6,109 @@
, srht
, pygit2
, scmsrht
+, srht-keys
}:
let
- version = "0.72.8";
+ version = "0.73.4";
src = fetchFromSourcehut {
owner = "~sircmpwn";
repo = "git.sr.ht";
rev = version;
- sha256 = "sha256-AB2uzajO5PtcpJfbOOTfuDFM6is5K39v3AZJ1hShRNc=";
+ sha256 = "sha256-MxmMneK5RKA9EQMHGGUjmjQUybHV3xaxFetzlaLAf+E=";
};
- buildShell = src: buildGoModule {
+ gitsrht-shell = buildGoModule {
inherit src version;
+ sourceRoot = "source/gitsrht-shell";
pname = "gitsrht-shell";
vendorSha256 = "sha256-aqUFICp0C2reqb2p6JCPAUIRsxzSv0t9BHoNWrTYfqk=";
};
- buildDispatcher = src: buildGoModule {
+ gitsrht-dispatch = buildGoModule {
inherit src version;
- pname = "gitsrht-dispatcher";
+ sourceRoot = "source/gitsrht-dispatch";
+ pname = "gitsrht-dispatch";
vendorSha256 = "sha256-qWXPHo86s6iuRBhRMtmD5jxnAWKdrWHtA/iSUkdw89M=";
+ patches = [
+ # Add support for supplementary groups
+ patches/redis-socket/git/v3-0003-gitsrht-dispatch-add-support-for-supplementary-gr.patch
+ ];
+ patchFlags = ["-p2"];
};
- buildKeys = src: buildGoModule {
+ gitsrht-keys = buildGoModule {
inherit src version;
+ sourceRoot = "source/gitsrht-keys";
pname = "gitsrht-keys";
- vendorSha256 = "1d94cqy7x0q0agwg515xxsbl70b3qrzxbzsyjhn1pbyj532brn7f";
+ vendorSha256 = "sha256-SOI7wimFthY+BwsDtMuyqKS1hCaEa3R90Q0qaA9boyE=";
+
+ # What follows is only to update go-redis,
+ # and thus also using a patched srht-keys.
+ # go.{mod,sum} could be patched directly but that would be less resilient
+ # to changes from upstream, and thus harder to maintain the patching
+ # while it hasn't been merged upstream.
+
+ overrideModAttrs = old: {
+ preBuild = ''
+ # This is a fixed-output derivation so it is not allowed to reference other derivations,
+ # but here srht-keys will be copied to vendor/ by go mod vendor
+ ln -s ${srht-keys} srht-keys
+ go mod edit -replace git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys=$PWD/srht-keys
+ go get github.com/go-redis/redis/v8
+ go get github.com/go-redis/redis@none
+ go mod tidy
+ '';
+ # Pass updated go.{mod,sum} from go-modules to gitsrht-keys' vendor/go.{mod,sum}
+ postInstall = ''
+ cp --reflink=auto go.* $out/
+ '';
+ };
+
+ patches = [
+ # Update go-redis to support Unix sockets
+ patches/redis-socket/git/v3-0001-gitsrht-keys-update-go-redis-to-support-Unix-sock.patch
+ ];
+ patchFlags = ["-p2"];
+ postConfigure = ''
+ cp -v vendor/go.{mod,sum} .
+ '';
};
- buildUpdateHook = src: buildGoModule {
+ gitsrht-update-hook = buildGoModule {
inherit src version;
+ sourceRoot = "source/gitsrht-update-hook";
pname = "gitsrht-update-hook";
- vendorSha256 = "0fwzqpjv8x5y3w3bfjd0x0cvqjjak23m0zj88hf32jpw49xmjkih";
- };
+ vendorSha256 = "sha256-QWd4i9qnnKbgO4qdFwZI3wlcsSurCh2ydhLYEyEZyK8=";
- updateHook = buildUpdateHook "${src}/gitsrht-update-hook";
+ # What follows is only to update go-redis
+ # and thus also using a patched srht-keys.
+
+ overrideModAttrs = old: {
+ preBuild = ''
+ # This is a fixed-output derivation so it is not allowed to reference other derivations,
+ # but here srht-keys will be copied to vendor/ by go mod vendor
+ ln -s ${srht-keys} srht-keys
+ go mod edit -replace git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys=$PWD/srht-keys
+ go get github.com/go-redis/redis/v8
+ go get github.com/go-redis/redis@none
+ go mod tidy
+ '';
+ # Pass updated go.{mod,sum} from go-modules to gitsrht-keys' vendor/go.{mod,sum}
+ postInstall = ''
+ cp --reflink=auto go.* $out/
+ '';
+ };
+
+ patches = [
+ # Update go-redis to support Unix sockets
+ patches/redis-socket/git/v3-0002-gitsrht-update-hook-update-go-redis-to-support-Un.patch
+ ];
+ patchFlags = ["-p2"];
+ postConfigure = ''
+ cp -v vendor/go.{mod,sum} .
+ '';
+ };
in
buildPythonPackage rec {
@@ -63,19 +130,21 @@ buildPythonPackage rec {
postInstall = ''
mkdir -p $out/bin
- cp ${buildShell "${src}/gitsrht-shell"}/bin/gitsrht-shell $out/bin/gitsrht-shell
- cp ${buildDispatcher "${src}/gitsrht-dispatch"}/bin/gitsrht-dispatch $out/bin/gitsrht-dispatch
- cp ${buildKeys "${src}/gitsrht-keys"}/bin/gitsrht-keys $out/bin/gitsrht-keys
- cp ${updateHook}/bin/gitsrht-update-hook $out/bin/gitsrht-update-hook
+ cp ${gitsrht-shell}/bin/gitsrht-shell $out/bin/gitsrht-shell
+ cp ${gitsrht-dispatch}/bin/gitsrht-dispatch $out/bin/gitsrht-dispatch
+ cp ${gitsrht-keys}/bin/gitsrht-keys $out/bin/gitsrht-keys
+ cp ${gitsrht-update-hook}/bin/gitsrht-update-hook $out/bin/gitsrht-update-hook
'';
passthru = {
- inherit updateHook;
+ inherit gitsrht-shell gitsrht-dispatch gitsrht-keys gitsrht-update-hook;
};
+ pythonImportsCheck = [ "gitsrht" ];
+
meta = with lib; {
homepage = "https://git.sr.ht/~sircmpwn/git.sr.ht";
description = "Git repository hosting service for the sr.ht network";
- license = licenses.agpl3;
+ license = licenses.agpl3Only;
maintainers = with maintainers; [ eadwu ];
};
}
diff --git a/pkgs/applications/version-management/sourcehut/hg.nix b/pkgs/applications/version-management/sourcehut/hg.nix
index cddb76cabf2..1d6062d81cc 100644
--- a/pkgs/applications/version-management/sourcehut/hg.nix
+++ b/pkgs/applications/version-management/sourcehut/hg.nix
@@ -10,12 +10,12 @@
buildPythonPackage rec {
pname = "hgsrht";
- version = "0.27.4";
+ version = "0.27.6";
src = fetchhg {
url = "https://hg.sr.ht/~sircmpwn/hg.sr.ht";
rev = version;
- sha256 = "1c0qfi0gmbfngvds6917fy9ii2iglawn429757rh7b4bvzn7n6mr";
+ sha256 = "ibijvKjS4CiWTYrO6Qdh3RkD0EUE7BY8wjdPwrD6vkA=";
};
nativeBuildInputs = srht.nativeBuildInputs;
@@ -32,10 +32,12 @@ buildPythonPackage rec {
export SRHT_PATH=${srht}/${python.sitePackages}/srht
'';
+ pythonImportsCheck = [ "hgsrht" ];
+
meta = with lib; {
homepage = "https://git.sr.ht/~sircmpwn/hg.sr.ht";
description = "Mercurial repository hosting service for the sr.ht network";
- license = licenses.agpl3;
+ license = licenses.agpl3Only;
maintainers = with maintainers; [ eadwu ];
};
}
diff --git a/pkgs/applications/version-management/sourcehut/hub.nix b/pkgs/applications/version-management/sourcehut/hub.nix
index 17cb3fe4b61..bf056190e04 100644
--- a/pkgs/applications/version-management/sourcehut/hub.nix
+++ b/pkgs/applications/version-management/sourcehut/hub.nix
@@ -6,13 +6,13 @@
buildPythonPackage rec {
pname = "hubsrht";
- version = "0.13.1";
+ version = "0.13.15";
src = fetchFromSourcehut {
owner = "~sircmpwn";
repo = "hub.sr.ht";
rev = version;
- sha256 = "sha256-Kqzy4mh5Nn1emzHBco/LVuXro/tW3NX+OYqdEwBSQ/U=";
+ sha256 = "sha256-B0GdplnLxk18sHwOow7kLCTjoyyLKushCQumuYfuRMQ=";
};
nativeBuildInputs = srht.nativeBuildInputs;
@@ -26,11 +26,12 @@ buildPythonPackage rec {
'';
dontUseSetuptoolsCheck = true;
+ pythonImportsCheck = [ "hubsrht" ];
meta = with lib; {
homepage = "https://git.sr.ht/~sircmpwn/hub.sr.ht";
description = "Project hub service for the sr.ht network";
- license = licenses.agpl3;
+ license = licenses.agpl3Only;
maintainers = with maintainers; [ eadwu ];
};
}
diff --git a/pkgs/applications/version-management/sourcehut/lists.nix b/pkgs/applications/version-management/sourcehut/lists.nix
index b419b49f7b5..4ffc2ac9dee 100644
--- a/pkgs/applications/version-management/sourcehut/lists.nix
+++ b/pkgs/applications/version-management/sourcehut/lists.nix
@@ -12,13 +12,13 @@
buildPythonPackage rec {
pname = "listssrht";
- version = "0.48.19";
+ version = "0.50.2";
src = fetchFromSourcehut {
owner = "~sircmpwn";
repo = "lists.sr.ht";
rev = version;
- sha256 = "sha256-bsakEMyvWaxiE4/SGcAP4mlGG9jkdHfFxpt9H+TJn/8=";
+ sha256 = "sha256-2NO6WJCOwCqGuICnn425NbnemTm8vYBltJyrveUt1n0=";
};
nativeBuildInputs = srht.nativeBuildInputs;
@@ -37,10 +37,12 @@ buildPythonPackage rec {
export SRHT_PATH=${srht}/${python.sitePackages}/srht
'';
+ pythonImportsCheck = [ "listssrht" ];
+
meta = with lib; {
homepage = "https://git.sr.ht/~sircmpwn/lists.sr.ht";
description = "Mailing list service for the sr.ht network";
- license = licenses.agpl3;
+ license = licenses.agpl3Only;
maintainers = with maintainers; [ eadwu ];
};
}
diff --git a/pkgs/applications/version-management/sourcehut/man.nix b/pkgs/applications/version-management/sourcehut/man.nix
index bd331f000a7..2d4d152e3aa 100644
--- a/pkgs/applications/version-management/sourcehut/man.nix
+++ b/pkgs/applications/version-management/sourcehut/man.nix
@@ -8,13 +8,13 @@
buildPythonPackage rec {
pname = "mansrht";
- version = "0.15.12";
+ version = "0.15.22";
src = fetchFromSourcehut {
owner = "~sircmpwn";
repo = "man.sr.ht";
rev = version;
- sha256 = "sha256-MqH/8K9XRvEg6P7GHE6XXtWnhDP3wT8iGoNaFtYQbio=";
+ sha256 = "sha256-curouf+eNCKprDI23blGs4AzJMry6zlCLDt/+0j5c8A=";
};
nativeBuildInputs = srht.nativeBuildInputs;
@@ -29,10 +29,12 @@ buildPythonPackage rec {
export SRHT_PATH=${srht}/${python.sitePackages}/srht
'';
+ pythonImportsCheck = [ "mansrht" ];
+
meta = with lib; {
homepage = "https://git.sr.ht/~sircmpwn/man.sr.ht";
description = "Wiki service for the sr.ht network";
- license = licenses.agpl3;
+ license = licenses.agpl3Only;
maintainers = with maintainers; [ eadwu ];
};
}
diff --git a/pkgs/applications/version-management/sourcehut/meta.nix b/pkgs/applications/version-management/sourcehut/meta.nix
index 86d293973d7..5789b0c6127 100644
--- a/pkgs/applications/version-management/sourcehut/meta.nix
+++ b/pkgs/applications/version-management/sourcehut/meta.nix
@@ -18,19 +18,19 @@
, python
}:
let
- version = "0.53.14";
+ version = "0.56.18";
src = fetchFromSourcehut {
owner = "~sircmpwn";
repo = "meta.sr.ht";
rev = version;
- sha256 = "sha256-/+r/XLDkcSTW647xPMh5bcJmR2xZNNH74AJ5jemna2k=";
+ sha256 = "sha256-jt5UecpQORDr82HHDe7JBJ4ofnAYJl5Bnd7pRdVYnYM=";
};
buildApi = src: buildGoModule {
inherit src version;
pname = "metasrht-api";
- vendorSha256 = "sha256-eZyDrr2VcNMxI++18qUy7LA1Q1YDlWCoRtl00L8lfR4=";
+ vendorSha256 = "sha256-j++Z+QXwCC7H3OK0sfWZrFluOVdN+b2tGCpLnmjKjc4=";
};
in
@@ -66,10 +66,12 @@ buildPythonPackage rec {
cp ${buildApi "${src}/api/"}/bin/api $out/bin/metasrht-api
'';
+ pythonImportsCheck = [ "metasrht" ];
+
meta = with lib; {
homepage = "https://git.sr.ht/~sircmpwn/meta.sr.ht";
description = "Account management service for the sr.ht network";
- license = licenses.agpl3;
+ license = licenses.agpl3Only;
maintainers = with maintainers; [ eadwu ];
};
}
diff --git a/pkgs/applications/version-management/sourcehut/pages.nix b/pkgs/applications/version-management/sourcehut/pages.nix
new file mode 100644
index 00000000000..ab2126ea5db
--- /dev/null
+++ b/pkgs/applications/version-management/sourcehut/pages.nix
@@ -0,0 +1,32 @@
+{ lib
+, fetchFromSourcehut
+, buildGoModule
+}:
+let
+ version = "0.5.0";
+
+ src = fetchFromSourcehut {
+ owner = "~sircmpwn";
+ repo = "pages.sr.ht";
+ rev = version;
+ sha256 = "sha256-SwKiNqsPbUgJyj8qSY1c7dwDiEMznEWmFun57YmDRKw=";
+ };
+
+in
+buildGoModule {
+ inherit src version;
+ pname = "pagessrht";
+ vendorSha256 = "sha256-udr+1y5ApQCSPhs3yQTTi9QfzRbz0A9COYuFMjQGa74=";
+
+ postInstall = ''
+ mkdir -p $out/share/sql/
+ cp -r -t $out/share/sql/ schema.sql migrations
+ '';
+
+ meta = with lib; {
+ homepage = "https://git.sr.ht/~sircmpwn/pages.sr.ht";
+ description = "Web hosting service for the sr.ht network";
+ license = licenses.agpl3Only;
+ maintainers = with maintainers; [ eadwu ];
+ };
+}
diff --git a/pkgs/applications/version-management/sourcehut/paste.nix b/pkgs/applications/version-management/sourcehut/paste.nix
index 0d8c9135493..c411f8e8c95 100644
--- a/pkgs/applications/version-management/sourcehut/paste.nix
+++ b/pkgs/applications/version-management/sourcehut/paste.nix
@@ -8,13 +8,13 @@
buildPythonPackage rec {
pname = "pastesrht";
- version = "0.12.1";
+ version = "0.13.6";
src = fetchFromSourcehut {
owner = "~sircmpwn";
repo = "paste.sr.ht";
rev = version;
- sha256 = "sha256-QQhd2LeH9BLmlHilhsv+9fZ+RPNmEMSmOpFA3dsMBFc=";
+ sha256 = "sha256-Khcqk86iD9nxiKXN3+8mSLNoDau2qXNFOrLdkVu+rH8=";
};
nativeBuildInputs = srht.nativeBuildInputs;
@@ -29,10 +29,12 @@ buildPythonPackage rec {
export SRHT_PATH=${srht}/${python.sitePackages}/srht
'';
+ pythonImportsCheck = [ "pastesrht" ];
+
meta = with lib; {
homepage = "https://git.sr.ht/~sircmpwn/paste.sr.ht";
description = "Ad-hoc text file hosting service for the sr.ht network";
- license = licenses.agpl3;
+ license = licenses.agpl3Only;
maintainers = with maintainers; [ eadwu ];
};
}
diff --git a/pkgs/applications/version-management/sourcehut/disable-npm-install.patch b/pkgs/applications/version-management/sourcehut/patches/disable-npm-install.patch
similarity index 100%
rename from pkgs/applications/version-management/sourcehut/disable-npm-install.patch
rename to pkgs/applications/version-management/sourcehut/patches/disable-npm-install.patch
diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/build/v3-0001-worker-update-go-redis-to-support-Unix-sockets.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/build/v3-0001-worker-update-go-redis-to-support-Unix-sockets.patch
new file mode 100644
index 00000000000..4efd12be875
--- /dev/null
+++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/build/v3-0001-worker-update-go-redis-to-support-Unix-sockets.patch
@@ -0,0 +1,113 @@
+From 5991960a5d412f0e1bdc505b970248c68b44a720 Mon Sep 17 00:00:00 2001
+From: Julien Moutinho <julm+srht@sourcephile.fr>
+Date: Wed, 15 Sep 2021 19:45:41 +0200
+Subject: [PATCH builds.sr.ht v3 1/2] worker: update go-redis to support Unix
+ sockets
+
+---
+ worker/context.go | 4 ++--
+ worker/main.go | 11 +++++++----
+ worker/tasks.go | 10 +++++-----
+ 3 files changed, 14 insertions(+), 11 deletions(-)
+
+diff --git a/worker/context.go b/worker/context.go
+index f84a60c..be54717 100644
+--- a/worker/context.go
++++ b/worker/context.go
+@@ -14,7 +14,7 @@ import (
+ "strings"
+ "time"
+
+- "github.com/go-redis/redis"
++ goredis "github.com/go-redis/redis/v8"
+ "github.com/google/shlex"
+ "github.com/pkg/errors"
+ "github.com/prometheus/client_golang/prometheus"
+@@ -41,7 +41,7 @@ var (
+
+ type WorkerContext struct {
+ Db *sql.DB
+- Redis *redis.Client
++ Redis *goredis.Client
+ Conf func(section, key string) string
+ }
+
+diff --git a/worker/main.go b/worker/main.go
+index 274ba68..e22ab6b 100644
+--- a/worker/main.go
++++ b/worker/main.go
+@@ -1,6 +1,7 @@
+ package main
+
+ import (
++ "context"
+ "database/sql"
+ "flag"
+ "log"
+@@ -9,7 +10,7 @@ import (
+ "runtime"
+ "sync"
+
+- "github.com/go-redis/redis"
++ goredis "github.com/go-redis/redis/v8"
+ "github.com/vaughan0/go-ini"
+ "git.sr.ht/~sircmpwn/core-go/crypto"
+
+@@ -26,6 +27,8 @@ var (
+ jobsMutex sync.Mutex
+ )
+
++var redisctx = context.Background()
++
+ func main() {
+ flag.IntVar(&workers, "workers", runtime.NumCPU(),
+ "configure number of workers")
+@@ -68,12 +71,12 @@ func main() {
+ if !ok {
+ redisHost = "redis://localhost:6379"
+ }
+- ropts, err := redis.ParseURL(redisHost)
++ ropts, err := goredis.ParseURL(redisHost)
+ if err != nil {
+ panic(err)
+ }
+- localRedis := redis.NewClient(ropts)
+- if _, err := localRedis.Ping().Result(); err != nil {
++ localRedis := goredis.NewClient(ropts)
++ if _, err := localRedis.Ping(redisctx).Result(); err != nil {
+ panic(err)
+ }
+
+diff --git a/worker/tasks.go b/worker/tasks.go
+index d27bf33..d0c28f1 100644
+--- a/worker/tasks.go
++++ b/worker/tasks.go
+@@ -19,7 +19,7 @@ import (
+ "time"
+
+ "git.sr.ht/~sircmpwn/core-go/auth"
+- "github.com/go-redis/redis"
++ goredis "github.com/go-redis/redis/v8"
+ "github.com/kr/pty"
+ "github.com/minio/minio-go/v6"
+ "github.com/pkg/errors"
+@@ -39,12 +39,12 @@ var (
+ }, []string{"image", "arch"})
+ )
+
+-func (ctx *JobContext) Boot(r *redis.Client) func() {
+- port, err := r.Incr("builds.sr.ht.ssh-port").Result()
++func (ctx *JobContext) Boot(r *goredis.Client) func() {
++ port, err := r.Incr(ctx.Context, "builds.sr.ht.ssh-port").Result()
+ if err == nil && port < 22000 {
+- err = r.Set("builds.sr.ht.ssh-port", 22100, 0).Err()
++ err = r.Set(ctx.Context, "builds.sr.ht.ssh-port", 22100, 0).Err()
+ } else if err == nil && port >= 23000 {
+- err = r.Set("builds.sr.ht.ssh-port", 22000, 0).Err()
++ err = r.Set(ctx.Context, "builds.sr.ht.ssh-port", 22000, 0).Err()
+ }
+ if err != nil {
+ panic(errors.Wrap(err, "assign port"))
+--
+2.32.0
+
diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/build/v3-0002-worker-update-go.-mod-sum-for-go-redis.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/build/v3-0002-worker-update-go.-mod-sum-for-go-redis.patch
new file mode 100644
index 00000000000..c9368d05c18
--- /dev/null
+++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/build/v3-0002-worker-update-go.-mod-sum-for-go-redis.patch
@@ -0,0 +1,378 @@
+From eac18e913e4ee48895b94acfa56cf1c6a3fb49fa Mon Sep 17 00:00:00 2001
+From: Julien Moutinho <julm+srht@sourcephile.fr>
+Date: Wed, 15 Sep 2021 20:11:49 +0200
+Subject: [PATCH builds.sr.ht v3 2/2] worker: update go.{mod,sum} for go-redis
+
+---
+ worker/go.mod | 8 +------
+ worker/go.sum | 64 +++++++++++++++++++--------------------------------
+ 2 files changed, 25 insertions(+), 47 deletions(-)
+
+diff --git a/worker/go.mod b/worker/go.mod
+index 6e9a11c..4893dfa 100644
+--- a/worker/go.mod
++++ b/worker/go.mod
+@@ -2,24 +2,18 @@ module git.sr.ht/~sircmpwn/builds.sr.ht/worker
+
+ require (
+ git.sr.ht/~sircmpwn/core-go v0.0.0-20210108160653-070566136c1a
+- github.com/go-gomail/gomail v0.0.0-20160411212932-81ebce5c23df
+- github.com/go-redis/redis v6.15.2+incompatible
++ github.com/go-redis/redis/v8 v8.2.3
+ github.com/gocelery/gocelery v0.0.0-20201111034804-825d89059344
+- github.com/gomodule/redigo v2.0.0+incompatible // indirect
+ github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
+- github.com/jpillora/longestcommon v0.0.0-20161227235612-adb9d91ee629
+ github.com/kr/pty v1.1.3
+ github.com/lib/pq v1.8.0
+ github.com/martinlindhe/base36 v1.1.0
+- github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
+ github.com/minio/minio-go/v6 v6.0.49
+ github.com/mitchellh/mapstructure v1.1.2
+ github.com/pkg/errors v0.9.1
+ github.com/prometheus/client_golang v1.7.1
+- github.com/shicky/gocelery v0.0.0-20180807061531-b2f0dd7ec05b
+ github.com/streadway/amqp v1.0.0 // indirect
+ github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec
+- golang.org/x/sys v0.0.0-20201013132646-2da7054afaeb
+ gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
+ gopkg.in/mail.v2 v2.3.1
+ gopkg.in/yaml.v2 v2.3.0
+diff --git a/worker/go.sum b/worker/go.sum
+index 1cd3989..4a2d6d9 100644
+--- a/worker/go.sum
++++ b/worker/go.sum
+@@ -10,6 +10,7 @@ git.sr.ht/~sircmpwn/go-bare v0.0.0-20200812160916-d2c72e1a5018/go.mod h1:BVJwbDf
+ github.com/99designs/gqlgen v0.13.0 h1:haLTcUp3Vwp80xMVEg5KRNwzfUrgFdRmtBY8fuB8scA=
+ github.com/99designs/gqlgen v0.13.0/go.mod h1:NV130r6f4tpRWuAI+zsrSdooO/eWUv+Gyyoi3rEfXIk=
+ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
++github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60=
+ github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM=
+ github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
+ github.com/Masterminds/squirrel v1.4.0 h1:he5i/EXixZxrBUWcxzDYMiju9WZ3ld/l7QBNuo/eN3w=
+@@ -25,6 +26,7 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy
+ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+ github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
++github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ=
+ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
+ github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
+ github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
+@@ -36,7 +38,6 @@ github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6l
+ github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU=
+ github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
+ github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g=
+-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 h1:xJ4a3vCFaGF/jqvzLMYoU8P317H5OQ+Via4RmuPwCS0=
+ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
+ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
+@@ -58,8 +59,10 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:ma
+ github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
+ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
++github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+ github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
++github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
+ github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
+ github.com/dgryski/trifles v0.0.0-20190318185328-a8d75aae118c/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA=
+ github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
+@@ -84,22 +87,18 @@ github.com/fernet/fernet-go v0.0.0-20191111064656-eff2850e6001/go.mod h1:2H9hjfb
+ github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4=
+ github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20=
+ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
++github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
+ github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
+ github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+ github.com/go-chi/chi v3.3.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ=
+ github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ=
+-github.com/go-gomail/gomail v0.0.0-20160411212932-81ebce5c23df h1:Bao6dhmbTA1KFVxmJ6nBoMuOJit2yjEgLJpIMYpop0E=
+-github.com/go-gomail/gomail v0.0.0-20160411212932-81ebce5c23df/go.mod h1:GJr+FCSXshIwgHBtLglIg9M2l2kQSi6QjVAngtzI08Y=
+ github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+ github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+ github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o=
+ github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
+ github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
+ github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
+-github.com/go-redis/redis v6.14.1+incompatible h1:kSJohAREGMr344uMa8PzuIg5OU6ylCbyDkWkkNOfEik=
+-github.com/go-redis/redis v6.14.1+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
+-github.com/go-redis/redis v6.15.2+incompatible h1:9SpNVG76gr6InJGxoZ6IuuxaCOQwDAhzyXg+Bs+0Sb4=
+-github.com/go-redis/redis v6.15.2+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
++github.com/go-redis/redis/v8 v8.2.3 h1:eNesND+DWt/sjQOtPFxAbQkTIXaXX00qNLxjVWkZ70k=
+ github.com/go-redis/redis/v8 v8.2.3/go.mod h1:ysgGY09J/QeDYbu3HikWEIPCwaeOkuNoTgKayTEaEOw=
+ github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
+ github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+@@ -114,7 +113,6 @@ github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfU
+ github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+ github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+ github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+-github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM=
+ github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+ github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+ github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+@@ -136,12 +134,14 @@ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw
+ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
++github.com/google/go-cmp v0.5.1 h1:JFrFEBb2xKufg6XkJsJr+WbKb4FQlURi5RUcBveYu9k=
+ github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+ github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+ github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
+ github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
+ github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
++github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
+ github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+ github.com/gorilla/context v0.0.0-20160226214623-1ea25387ff6f/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
+ github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
+@@ -180,12 +180,11 @@ github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod
+ github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
+ github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
+ github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
+-github.com/jpillora/longestcommon v0.0.0-20161227235612-adb9d91ee629 h1:1dSBUfGlorLAua2CRx0zFN7kQsTpE2DQSmr7rrTNgY8=
+-github.com/jpillora/longestcommon v0.0.0-20161227235612-adb9d91ee629/go.mod h1:mb5nS4uRANwOJSZj8rlCWAfAcGi72GGMIXx+xGOjA7M=
+ github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
+ github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+ github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+ github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
++github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
+ github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+ github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
+@@ -200,20 +199,18 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+ github.com/kr/pty v1.1.3 h1:/Um6a/ZmD5tF7peoOJ5oN5KMQ0DrGVQSXLNwyckutPk=
+ github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
++github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+ github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq6+3iTQz8KNCLtVX6idSoTLdUw=
+ github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o=
+ github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk=
+ github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw=
+-github.com/lib/pq v1.0.0 h1:X5PMW56eZitiTeO7tKzZxFCSpbFZJtkMMooicw2us9A=
+-github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+ github.com/lib/pq v1.8.0 h1:9xohqzkUwzR4Ga4ivdTcawVS89YSDVxXMa3xJX3cGzg=
+ github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+ github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM=
+ github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4=
+ github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
+ github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ=
+-github.com/martinlindhe/base36 v1.0.0 h1:eYsumTah144C0A8P1T/AVSUk5ZoLnhfYFM3OGQxB52A=
+ github.com/martinlindhe/base36 v1.0.0/go.mod h1:+AtEs8xrBpCeYgSLoY/aJ6Wf37jtBuR0s35750M27+8=
+ github.com/martinlindhe/base36 v1.1.0 h1:cIwvvwYse/0+1CkUPYH5ZvVIYG3JrILmQEIbLuar02Y=
+ github.com/martinlindhe/base36 v1.1.0/go.mod h1:+AtEs8xrBpCeYgSLoY/aJ6Wf37jtBuR0s35750M27+8=
+@@ -228,7 +225,6 @@ github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzp
+ github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
+ github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+ github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
+-github.com/minio/minio-go v6.0.14+incompatible h1:fnV+GD28LeqdN6vT2XdGKW8Qe/IfjJDswNVuni6km9o=
+ github.com/minio/minio-go/v6 v6.0.49 h1:bU4kIa/qChTLC1jrWZ8F+8gOiw1MClubddAJVR4gW3w=
+ github.com/minio/minio-go/v6 v6.0.49/go.mod h1:qD0lajrGW49lKZLtXKtCB4X/qkMf0a5tBvN2PaZg7Gg=
+ github.com/minio/sha256-simd v0.1.1 h1:5QHSlgo3nt5yKOJrC7W8w7X+NFl8cMPZm96iu8kKUJU=
+@@ -242,8 +238,6 @@ github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS4
+ github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
+ github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+ github.com/mitchellh/mapstructure v0.0.0-20180203102830-a4e142e9c047/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+-github.com/mitchellh/mapstructure v1.0.0 h1:vVpGvMXJPqSDh2VYHF7gsfQj8Ncx+Xw5Y1KHeTRY+7I=
+-github.com/mitchellh/mapstructure v1.0.0/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+ github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE=
+ github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+ github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+@@ -259,7 +253,9 @@ github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzE
+ github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w=
+ github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w=
+ github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
++github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
+ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
++github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78=
+ github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
+ github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs=
+ github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
+@@ -267,10 +263,12 @@ github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:v
+ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+ github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+ github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
++github.com/onsi/ginkgo v1.14.1 h1:jMU0WaQrP0a/YAEq8eJmJKjBoMs+pClEr1vDMlM/Do4=
+ github.com/onsi/ginkgo v1.14.1/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
+ github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
+ github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
++github.com/onsi/gomega v1.10.2 h1:aY/nuoWlKJud2J6U0E3NWsjlg+0GtwXxgEqthRdzlcs=
+ github.com/onsi/gomega v1.10.2/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
+ github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
+ github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis=
+@@ -287,22 +285,20 @@ github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtP
+ github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac=
+ github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
+ github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
+-github.com/pkg/errors v0.8.0 h1:WdK/asTD0HN+q6hsWO3/vpuAkAr+tw6aNJNDFFf0+qw=
+ github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+ github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA=
++github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+ github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
+-github.com/prometheus/client_golang v0.9.1 h1:K47Rk0v/fkEfwfQet2KWhscE0cJzjgCCDBG2KHZoVno=
+ github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+ github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs=
+ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
+ github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og=
+ github.com/prometheus/client_golang v1.7.1 h1:NTGy1Ja9pByO+xAeH/qiWnLrKtr3hJPNjaVUwnjpdpA=
+ github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
+-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910 h1:idejC8f05m9MGOsuEi1ATq9shN03HrxNkD/luQvxCv8=
+ github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+ github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+ github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+@@ -310,15 +306,12 @@ github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:
+ github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+ github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
+ github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+-github.com/prometheus/common v0.0.0-20181020173914-7e9e6cabbd39 h1:Cto4X6SVMWRPBkJ/3YHn1iDGDGc/Z+sW+AEMKHMVvN4=
+-github.com/prometheus/common v0.0.0-20181020173914-7e9e6cabbd39/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
+ github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+ github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+ github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA=
+ github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
+ github.com/prometheus/common v0.14.0 h1:RHRyE8UocrbjU+6UvRzwi6HjiDfxrrBU91TtbKzkGp4=
+ github.com/prometheus/common v0.14.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s=
+-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d h1:GoAlyOgbOEIFdaDqxJVlbOQ1DtGmZWs/Qau0hIlk+WQ=
+ github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+ github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+@@ -333,36 +326,28 @@ github.com/rs/cors v1.6.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
+ github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+ github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
+ github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E=
+-github.com/satori/go.uuid v1.1.0 h1:B9KXyj+GzIpJbV7gmr873NsY6zpbxNy24CBtGrk7jHo=
+-github.com/satori/go.uuid v1.1.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
+-github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
+-github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
+-github.com/satori/go.uuid v1.2.1-0.20180103174451-36e9d2ebbde5 h1:Jw7W4WMfQDxsXvfeFSaS2cHlY7bAF4MGrgnbd0+Uo78=
+-github.com/satori/go.uuid v1.2.1-0.20180103174451-36e9d2ebbde5/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
+ github.com/satori/go.uuid v1.2.1-0.20181028125025-b2ce2384e17b h1:gQZ0qzfKHQIybLANtM3mBXNUtOfsCFXeTsnBqCsx1KM=
+ github.com/satori/go.uuid v1.2.1-0.20181028125025-b2ce2384e17b/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
+ github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
+ github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
++github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0=
+ github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
+-github.com/shicky/gocelery v0.0.0-20180807061531-b2f0dd7ec05b h1:7kJLeBNcPG1orS3ksAFN0qoJGtf8jvwgOh5Q+bsNZvc=
+-github.com/shicky/gocelery v0.0.0-20180807061531-b2f0dd7ec05b/go.mod h1:kn4CkFIzvsrXBvbNk2hX9DpIM8xo/74mYhiYTpGhYXE=
+ github.com/shurcooL/httpfs v0.0.0-20171119174359-809beceb2371/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg=
+ github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+ github.com/shurcooL/vfsgen v0.0.0-20180121065927-ffb13db8def0/go.mod h1:TrYk7fJVaAttu97ZZKrO9UbRa8izdowaMIZcxYMbVaw=
+ github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
+ github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
++github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
+ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
+ github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
++github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
+ github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
+ github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
+ github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY=
+ github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
+ github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+-github.com/streadway/amqp v0.0.0-20180806233856-70e15c650864 h1:Oj3PUEs+OUSYUpn35O+BE/ivHGirKixA3+vqA0Atu9A=
+-github.com/streadway/amqp v0.0.0-20180806233856-70e15c650864/go.mod h1:1WNBiOZtZQLpVAyu0iTduoJL9hEsMloAK5XWrtW0xdY=
+ github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
+-github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271 h1:WhxRHzgeVGETMlmVfqhRn8RIeeNoPr2Czh33I4Zdccw=
+ github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
+ github.com/streadway/amqp v1.0.0 h1:kuuDrUJFZL1QYL9hUNuCxNObNzB0bV/ZG5jV3RWAQgo=
+ github.com/streadway/amqp v1.0.0/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
+@@ -373,6 +358,7 @@ github.com/stretchr/testify v1.2.1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
+ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
++github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
+ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+ github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
+ github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
+@@ -391,6 +377,7 @@ go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mI
+ go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
+ go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
+ go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
++go.opentelemetry.io/otel v0.11.0 h1:IN2tzQa9Gc4ZVKnTaMbPVcHjvzOdg5n9QfnmlqiET7E=
+ go.opentelemetry.io/otel v0.11.0/go.mod h1:G8UCk+KooF2HLkgo8RHX9epABH/aRGYET7gQOqBVdB0=
+ go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
+ go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
+@@ -403,7 +390,6 @@ golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnf
+ golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+ golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+-golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f h1:R423Cnkcp5JABoeemiGEPlt9tHXFfw5kvc0yqlxRPWo=
+ golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+ golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+@@ -431,7 +417,6 @@ golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73r
+ golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+-golang.org/x/net v0.0.0-20190522155817-f3200d17e092 h1:4QSRKanuywn15aTZvI/mIDEgPQpswuFndXpOj3rKEco=
+ golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+ golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+ golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+@@ -451,7 +436,6 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ
+ golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+ golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+ golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+-golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e h1:o3PsSEY8E4eXWkXrIP9YJALUkVZqzHJT5DOasTyn8Vs=
+ golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+ golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+ golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+@@ -460,7 +444,6 @@ golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5h
+ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+ golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+-golang.org/x/sys v0.0.0-20190422165155-953cdadca894 h1:Cz4ceDQGXuKRnVBDTS23GTn/pU5OE2C0WrNTOYK1Uuc=
+ golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+ golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+ golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+@@ -477,7 +460,6 @@ golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7w
+ golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+ golang.org/x/sys v0.0.0-20201013132646-2da7054afaeb h1:HS9IzC4UFbpMBLQUDSQcU+ViVT1vdFCQVjdPVpTlZrs=
+ golang.org/x/sys v0.0.0-20201013132646-2da7054afaeb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+-golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
+ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+ golang.org/x/text v0.3.4-0.20201021145329-22f1617af38e h1:0kyKOEC0chG7FKmnf/1uNwvDLc3NtNTRip2rXAN9nwI=
+@@ -502,6 +484,7 @@ golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapK
+ golang.org/x/tools v0.0.0-20200114235610-7ae403b6b589/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+ golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
++golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
+ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+ google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk=
+ google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+@@ -539,6 +522,7 @@ gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod
+ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
++gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
+ gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+ gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
+ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+@@ -549,6 +533,7 @@ gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+ gopkg.in/mail.v2 v2.3.1 h1:WYFn/oANrAGP2C0dcV6/pbkPzv8yGzqTjPmTeO7qoXk=
+ gopkg.in/mail.v2 v2.3.1/go.mod h1:htwXN1Qh09vZJ1NVKxQqHPBaCBbzKhp5GzuJEA4VJWw=
+ gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
++gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
+ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+ gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
+ gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
+@@ -556,10 +541,9 @@ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+-gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
+-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
+ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+ honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+--
+2.32.0
+
diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/core/v3-0001-add-Unix-socket-support-for-redis-host.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/core/v3-0001-add-Unix-socket-support-for-redis-host.patch
new file mode 100644
index 00000000000..299ad3d83c5
--- /dev/null
+++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/core/v3-0001-add-Unix-socket-support-for-redis-host.patch
@@ -0,0 +1,30 @@
+From c0ccc8db051a2f8278edf59b41ed238fa71aa4c0 Mon Sep 17 00:00:00 2001
+From: Julien Moutinho <julm+srht@sourcephile.fr>
+Date: Mon, 23 Aug 2021 18:43:18 +0200
+Subject: [PATCH core.sr.ht v3] add Unix socket support for redis-host=
+
+---
+ srht/redis.py | 11 ++---------
+ 1 file changed, 2 insertions(+), 9 deletions(-)
+
+diff --git a/srht/redis.py b/srht/redis.py
+index 8a9347c..2e91c35 100644
+--- a/srht/redis.py
++++ b/srht/redis.py
+@@ -1,11 +1,4 @@
+-from redis import Redis
++from redis import from_url
+ from srht.config import cfg
+-from urllib.parse import urlparse
+
+-url = cfg("sr.ht", "redis-host", "redis://localhost")
+-url = urlparse(url)
+-
+-redis = Redis(host=url.hostname,
+- port=(url.port or 6379),
+- password=url.password,
+- db=int(url.path[1:]) if url.path else 0)
++redis = from_url(cfg("sr.ht", "redis-host", "redis://localhost"))
+--
+2.32.0
+
diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0001-gitsrht-keys-update-go-redis-to-support-Unix-sock.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0001-gitsrht-keys-update-go-redis-to-support-Unix-sock.patch
new file mode 100644
index 00000000000..48e91ac739b
--- /dev/null
+++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0001-gitsrht-keys-update-go-redis-to-support-Unix-sock.patch
@@ -0,0 +1,26 @@
+From 083e4791771d998c9a6c881a4101d24296e38252 Mon Sep 17 00:00:00 2001
+From: Julien Moutinho <julm+srht@sourcephile.fr>
+Date: Fri, 27 Aug 2021 15:38:28 +0200
+Subject: [PATCH git.sr.ht v3 1/3] gitsrht-keys: update go-redis to support
+ Unix sockets
+
+---
+ gitsrht-keys/main.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gitsrht-keys/main.go b/gitsrht-keys/main.go
+index 0c1aea1..fa17183 100644
+--- a/gitsrht-keys/main.go
++++ b/gitsrht-keys/main.go
+@@ -5,7 +5,7 @@ import (
+ "os"
+ "path"
+
+- goredis "github.com/go-redis/redis"
++ goredis "github.com/go-redis/redis/v8"
+ "github.com/vaughan0/go-ini"
+ "git.sr.ht/~sircmpwn/scm.sr.ht/srht-keys"
+ )
+--
+2.32.0
+
diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0002-gitsrht-update-hook-update-go-redis-to-support-Un.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0002-gitsrht-update-hook-update-go-redis-to-support-Un.patch
new file mode 100644
index 00000000000..41847ac8717
--- /dev/null
+++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0002-gitsrht-update-hook-update-go-redis-to-support-Un.patch
@@ -0,0 +1,109 @@
+From d9683aced0dc3a94c56de2fde31c1765054900fa Mon Sep 17 00:00:00 2001
+From: Julien Moutinho <julm+srht@sourcephile.fr>
+Date: Fri, 27 Aug 2021 15:39:29 +0200
+Subject: [PATCH git.sr.ht v3 2/3] gitsrht-update-hook: update go-redis to
+ support Unix sockets
+
+---
+ gitsrht-update-hook/options.go | 12 +++++++-----
+ gitsrht-update-hook/post-update.go | 4 ++--
+ gitsrht-update-hook/update.go | 4 ++--
+ 3 files changed, 11 insertions(+), 9 deletions(-)
+
+diff --git a/gitsrht-update-hook/options.go b/gitsrht-update-hook/options.go
+index 8efbb0a..962502a 100644
+--- a/gitsrht-update-hook/options.go
++++ b/gitsrht-update-hook/options.go
+@@ -1,15 +1,17 @@
+ package main
+
+ import (
++ "context"
+ "fmt"
+ "os"
+ "strconv"
+ "strings"
+ "time"
+
+- goredis "github.com/go-redis/redis"
++ goredis "github.com/go-redis/redis/v8"
+ )
+
++var ctx = context.Background()
+ var options map[string]string
+
+ func loadOptions() {
+@@ -35,10 +37,10 @@ func loadOptions() {
+ var n int
+ if nopts, ok := os.LookupEnv("GIT_PUSH_OPTION_COUNT"); ok {
+ n, _ = strconv.Atoi(nopts)
+- redis.Set(fmt.Sprintf("git.sr.ht.options.%s", uuid),
++ redis.Set(ctx, fmt.Sprintf("git.sr.ht.options.%s", uuid),
+ nopts, 10*time.Minute)
+ } else {
+- nopts, err := redis.Get(fmt.Sprintf(
++ nopts, err := redis.Get(ctx, fmt.Sprintf(
+ "git.sr.ht.options.%s", uuid)).Result()
+ if err != nil {
+ return
+@@ -51,12 +53,12 @@ func loadOptions() {
+ opt, ok := os.LookupEnv(fmt.Sprintf("GIT_PUSH_OPTION_%d", i))
+ optkey := fmt.Sprintf("git.sr.ht.options.%s.%d", uuid, i)
+ if !ok {
+- opt, err = redis.Get(optkey).Result()
++ opt, err = redis.Get(ctx, optkey).Result()
+ if err != nil {
+ return
+ }
+ } else {
+- redis.Set(optkey, opt, 10*time.Minute)
++ redis.Set(ctx, optkey, opt, 10*time.Minute)
+ }
+ parts := strings.SplitN(opt, "=", 2)
+ if len(parts) == 1 {
+diff --git a/gitsrht-update-hook/post-update.go b/gitsrht-update-hook/post-update.go
+index d14d616..fcd7864 100644
+--- a/gitsrht-update-hook/post-update.go
++++ b/gitsrht-update-hook/post-update.go
+@@ -15,7 +15,7 @@ import (
+ "github.com/go-git/go-git/v5/plumbing"
+ "github.com/go-git/go-git/v5/plumbing/object"
+ "github.com/go-git/go-git/v5/plumbing/storer"
+- goredis "github.com/go-redis/redis"
++ goredis "github.com/go-redis/redis/v8"
+ _ "github.com/lib/pq"
+ )
+
+@@ -220,7 +220,7 @@ func postUpdate() {
+ var oldref, newref string
+ var oldobj, newobj object.Object
+ updateKey := fmt.Sprintf("update.%s.%s", pushUuid, refname)
+- update, err := redis.Get(updateKey).Result()
++ update, err := redis.Get(ctx, updateKey).Result()
+ if update == "" || err != nil {
+ logger.Println("redis.Get: missing key")
+ continue
+diff --git a/gitsrht-update-hook/update.go b/gitsrht-update-hook/update.go
+index 72c661a..e33fd4b 100644
+--- a/gitsrht-update-hook/update.go
++++ b/gitsrht-update-hook/update.go
+@@ -5,7 +5,7 @@ import (
+ "os"
+ "time"
+
+- goredis "github.com/go-redis/redis"
++ goredis "github.com/go-redis/redis/v8"
+ )
+
+ // XXX: This is run once for every single ref that's pushed. If someone pushes
+@@ -31,6 +31,6 @@ func update() {
+ logger.Fatalf("Failed to parse redis host: %v", err)
+ }
+ redis := goredis.NewClient(ropts)
+- redis.Set(fmt.Sprintf("update.%s.%s", pushUuid, refname),
++ redis.Set(ctx, fmt.Sprintf("update.%s.%s", pushUuid, refname),
+ fmt.Sprintf("%s:%s", oldref, newref), 10*time.Minute)
+ }
+--
+2.32.0
+
diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0003-gitsrht-dispatch-add-support-for-supplementary-gr.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0003-gitsrht-dispatch-add-support-for-supplementary-gr.patch
new file mode 100644
index 00000000000..9a4b0300921
--- /dev/null
+++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/git/v3-0003-gitsrht-dispatch-add-support-for-supplementary-gr.patch
@@ -0,0 +1,57 @@
+From fcbec39a406562c29dfcf7eeef6f284da28bc619 Mon Sep 17 00:00:00 2001
+From: Julien Moutinho <julm+srht@sourcephile.fr>
+Date: Fri, 27 Aug 2021 17:42:33 +0200
+Subject: [PATCH git.sr.ht v3 3/3] gitsrht-dispatch: add support for
+ supplementary groups
+
+---
+ gitsrht-dispatch/main.go | 17 ++++++++++++++---
+ 1 file changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/gitsrht-dispatch/main.go b/gitsrht-dispatch/main.go
+index d7aee14..5f17b75 100644
+--- a/gitsrht-dispatch/main.go
++++ b/gitsrht-dispatch/main.go
+@@ -17,6 +17,7 @@ type Dispatcher struct {
+ cmd string
+ uid int
+ gid int
++ gids []int
+ }
+
+ func main() {
+@@ -70,11 +71,20 @@ AuthorizedKeysUser=root`, os.Args[0])
+ if err != nil {
+ logger.Fatalf("Error looking up group %s: %v", spec[1], err)
+ }
++ groups, err := user.GroupIds()
++ if err != nil {
++ logger.Fatalf("Error looking up supplementary groups of user %s: %v", spec[0], err)
++ }
++ gids := make([]int, len(groups))
++ for i, grp := range groups {
++ sgid, _ := strconv.Atoi(grp)
++ gids[i] = sgid
++ }
+ uid, _ := strconv.Atoi(user.Uid)
+ gid, _ := strconv.Atoi(group.Gid)
+- dispatchers[uid] = Dispatcher{cmd, uid, gid}
+- logger.Printf("Registered dispatcher for %s(%d):%s(%d): %s",
+- spec[0], uid, spec[1], gid, cmd)
++ dispatchers[uid] = Dispatcher{cmd, uid, gid, gids}
++ logger.Printf("Registered dispatcher for %s(%d):%s(%d):(%s): %s",
++ spec[0], uid, spec[1], gid, strings.Join(groups, ","), cmd)
+ }
+
+ var user *osuser.User
+@@ -93,6 +103,7 @@ AuthorizedKeysUser=root`, os.Args[0])
+
+ if dispatcher, ok := dispatchers[uid]; ok {
+ logger.Printf("Dispatching to %s", dispatcher.cmd)
++ syscall.Setgroups(dispatcher.gids)
+ syscall.Setgid(dispatcher.gid)
+ syscall.Setuid(dispatcher.uid)
+ if err := syscall.Exec(dispatcher.cmd, append([]string{
+--
+2.32.0
+
diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/scm/v3-0001-srht-keys-update-go-redis-to-support-Unix-sockets.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/scm/v3-0001-srht-keys-update-go-redis-to-support-Unix-sockets.patch
new file mode 100644
index 00000000000..191ff61b826
--- /dev/null
+++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/scm/v3-0001-srht-keys-update-go-redis-to-support-Unix-sockets.patch
@@ -0,0 +1,61 @@
+From e244cb7398758f91cc6deaabf278a1b6412ee477 Mon Sep 17 00:00:00 2001
+From: Julien Moutinho <julm+srht@sourcephile.fr>
+Date: Fri, 27 Aug 2021 12:48:56 +0200
+Subject: [PATCH scm.sr.ht v3 1/2] srht-keys: update go-redis to support Unix
+ sockets
+
+---
+ srht-keys/srhtkeys.go | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/srht-keys/srhtkeys.go b/srht-keys/srhtkeys.go
+index be925ed..1a300d5 100644
+--- a/srht-keys/srhtkeys.go
++++ b/srht-keys/srhtkeys.go
+@@ -1,6 +1,7 @@
+ package srhtkeys
+
+ import (
++ "context"
+ "database/sql"
+ "encoding/json"
+ "errors"
+@@ -12,7 +13,7 @@ import (
+ "path"
+ "time"
+
+- goredis "github.com/go-redis/redis"
++ goredis "github.com/go-redis/redis/v8"
+ "github.com/google/uuid"
+ _ "github.com/lib/pq"
+ "github.com/vaughan0/go-ini"
+@@ -37,6 +38,8 @@ type MetaSSHKey struct {
+ Owner MetaUser `json:"owner"`
+ }
+
++var ctx = context.Background()
++
+ // Stores the SSH key in the database and returns the user's ID.
+ func storeKey(logger *log.Logger, db *sql.DB, key *MetaSSHKey) (int, error) {
+ logger.Println("Storing meta.sr.ht key in database")
+@@ -145,7 +148,7 @@ func fetchKeysFromMeta(logger *log.Logger, config ini.File,
+ if err != nil {
+ logger.Printf("Caching SSH key in redis failed: %v", err)
+ } else {
+- redis.Set(cacheKey, cacheBytes, 7*24*time.Hour)
++ redis.Set(ctx, cacheKey, cacheBytes, 7*24*time.Hour)
+ }
+
+ return key.Owner.Username, userId
+@@ -168,7 +171,7 @@ func UserFromKey(logger *log.Logger, config ini.File,
+
+ cacheKey := fmt.Sprintf("%s.ssh-keys.%s", service, b64key)
+ logger.Printf("Cache key for SSH key lookup: %s", cacheKey)
+- cacheBytes, err := redis.Get(cacheKey).Bytes()
++ cacheBytes, err := redis.Get(ctx, cacheKey).Bytes()
+ var (
+ username string
+ userId int
+--
+2.32.0
+
diff --git a/pkgs/applications/version-management/sourcehut/patches/redis-socket/scm/v3-0002-srht-keys-update-go.-mod-sum-for-go-redis.patch b/pkgs/applications/version-management/sourcehut/patches/redis-socket/scm/v3-0002-srht-keys-update-go.-mod-sum-for-go-redis.patch
new file mode 100644
index 00000000000..c5407a26491
--- /dev/null
+++ b/pkgs/applications/version-management/sourcehut/patches/redis-socket/scm/v3-0002-srht-keys-update-go.-mod-sum-for-go-redis.patch
@@ -0,0 +1,155 @@
+From aeb3e0dc2270e6ab3cd0f651ea735275e527e7ce Mon Sep 17 00:00:00 2001
+From: Julien Moutinho <julm+srht@sourcephile.fr>
+Date: Fri, 27 Aug 2021 13:06:27 +0200
+Subject: [PATCH scm.sr.ht v3 2/2] srht-keys: update go.{mod,sum} for go-redis
+
+---
+ srht-keys/go.mod | 2 +-
+ srht-keys/go.sum | 103 ++++++++++++++++++++++++++++++++++++++++++++---
+ 2 files changed, 99 insertions(+), 6 deletions(-)
+
+diff --git a/srht-keys/go.mod b/srht-keys/go.mod
+index d275913..8d1c10a 100644
+--- a/srht-keys/go.mod
++++ b/srht-keys/go.mod
+@@ -4,7 +4,7 @@ go 1.13
+
+ require (
+ git.sr.ht/~sircmpwn/core-go v0.0.0-20201005173246-a9e49d17a1e6
+- github.com/go-redis/redis v6.15.9+incompatible
++ github.com/go-redis/redis/v8 v8.11.3
+ github.com/google/uuid v1.1.1
+ github.com/lib/pq v1.8.0
+ github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec
+diff --git a/srht-keys/go.sum b/srht-keys/go.sum
+index 974326e..a264a26 100644
+--- a/srht-keys/go.sum
++++ b/srht-keys/go.sum
+@@ -1,26 +1,119 @@
+-git.sr.ht/~sircmpwn/core-go v0.0.0-20200820135923-98806e712f5e h1:TJqf/neVU5peFAS9WcR1aADXcflPOvAd7ABEirmU7m0=
+-git.sr.ht/~sircmpwn/core-go v0.0.0-20200820135923-98806e712f5e/go.mod h1:aXSNgRsGoI3tTFKlwD0xm2htbEzKlR2xUm1osRxfhOM=
+ git.sr.ht/~sircmpwn/core-go v0.0.0-20201005173246-a9e49d17a1e6 h1:Ky6HzcRmbMUxOrWXv04+mb97GkyxO/Nx7v8uJBUdpNk=
+ git.sr.ht/~sircmpwn/core-go v0.0.0-20201005173246-a9e49d17a1e6/go.mod h1:HpPX22ilJUWKOA4NDhrOcIyblQhdiKHPg4oMJFYdh0Y=
++github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY=
++github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
++github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
++github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
++github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
++github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
++github.com/fernet/fernet-go v0.0.0-20191111064656-eff2850e6001 h1:/UMxx5lGDg30aioUL9e7xJnbJfJeX7vhcm57fa5udaI=
+ github.com/fernet/fernet-go v0.0.0-20191111064656-eff2850e6001/go.mod h1:2H9hjfbpSMHwY503FclkV/lZTBh2YlOmLLSda12uL8c=
+-github.com/go-redis/redis v6.15.9+incompatible h1:K0pv1D7EQUjfyoMql+r/jZqCLizCGKFlFgcHWWmHQjg=
+-github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
++github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
++github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
++github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
++github.com/go-redis/redis/v8 v8.11.3 h1:GCjoYp8c+yQTJfc0n69iwSiHjvuAdruxl7elnZCxgt8=
++github.com/go-redis/redis/v8 v8.11.3/go.mod h1:xNJ9xDG09FsIPwh3bWdk+0oDWHbtF9rPN0F/oD9XeKc=
++github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
++github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
++github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
++github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
++github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
++github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
++github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
++github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
++github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
++github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
++github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
++github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
++github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
++github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
++github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
++github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
++github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+ github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
+ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
++github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+ github.com/lib/pq v1.8.0 h1:9xohqzkUwzR4Ga4ivdTcawVS89YSDVxXMa3xJX3cGzg=
+ github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
++github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
++github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
++github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
++github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
++github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
++github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc=
++github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
++github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
++github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
++github.com/onsi/gomega v1.15.0 h1:WjP/FQ/sk43MRmnEcT+MlDw2TFvkrXlprrPST/IudjU=
++github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0=
++github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
++github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
++github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
+ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+ github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec h1:DGmKwyZwEB8dI7tbLt/I/gQuP559o/0FrAkHKlQM/Ks=
+ github.com/vaughan0/go-ini v0.0.0-20130923145212-a98ad7ee00ec/go.mod h1:owBmyHYMLkxyrugmfwE/DLJyW8Ro9mkphwuVErQ0iUw=
++github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+-golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig=
++golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
++golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+ golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
++golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
++golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
++golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
++golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
++golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
++golang.org/x/net v0.0.0-20210428140749-89ef3d95e781 h1:DzZ89McO9/gWPsQXS/FVKAlG02ZjaQ6AlZRBimEYOd0=
++golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
++golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
++golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
++golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
++golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
++golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
++golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
++golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
++golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
++golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
++golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
++golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
++golang.org/x/sys v0.0.0-20210423082822-04245dca01da h1:b3NXsE2LusjYGGjL5bxEVZZORm/YEFFrWFjR8eFrw/c=
++golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
++golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
++golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
++golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
++golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
++golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
++golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
++golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
++golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
++golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
++golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
++golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
++golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
++google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
++google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
++google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
++google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
++google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
++google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
++google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
++google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk=
++google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
++gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
++gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
++gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
++gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
++gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
++gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
++gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+--
+2.32.0
+
diff --git a/pkgs/applications/version-management/sourcehut/scm.nix b/pkgs/applications/version-management/sourcehut/scm.nix
index 1f385265360..828bc1f8032 100644
--- a/pkgs/applications/version-management/sourcehut/scm.nix
+++ b/pkgs/applications/version-management/sourcehut/scm.nix
@@ -1,22 +1,57 @@
{ lib
, fetchFromSourcehut
+, buildGoModule
, buildPythonPackage
, srht
, redis
, pyyaml
-, buildsrht
-, writeText
+, applyPatches
}:
buildPythonPackage rec {
pname = "scmsrht";
- version = "0.22.9";
+ version = "0.22.13";
src = fetchFromSourcehut {
owner = "~sircmpwn";
repo = "scm.sr.ht";
rev = version;
- sha256 = "sha256-327G6C8FW+iZx+167D7TQsFtV6FGc8MpMVo9L/cUUqU=";
+ sha256 = "sha256-9iRmQBt4Cxr5itTk34b8iDRyXYDHTDfZjV0SIDT/kkM=";
+ };
+
+ passthru = {
+ srht-keys = buildGoModule {
+ inherit src version;
+ sourceRoot = "source/srht-keys";
+ pname = "srht-keys";
+ vendorSha256 = "sha256-7j6b9VOpdQ2YcoM1F4xf14IwHg3GFDN6VDbC4gt6wO0=";
+
+ # What follows is only to update go-redis
+ # go.{mod,sum} could be patched directly but that would be less resilient
+ # to changes from upstream, and thus harder to maintain the patching
+ # while it hasn't been merged upstream.
+
+ overrideModAttrs = old: {
+ preBuild = ''
+ go get github.com/go-redis/redis/v8
+ go get github.com/go-redis/redis@none
+ go mod tidy
+ '';
+ # Pass updated go.{mod,sum} from go-modules to srht-keys's vendor/go.{mod,sum}
+ postInstall = ''
+ cp --reflink=auto go.* $out
+ '';
+ };
+
+ patches = [
+ # Update go-redis to support Unix sockets
+ patches/redis-socket/scm/v3-0001-srht-keys-update-go-redis-to-support-Unix-sockets.patch
+ ];
+ patchFlags = ["-p2"];
+ postInstall = ''
+ cp --reflink=auto *.go vendor/go.* $out
+ '';
+ };
};
nativeBuildInputs = srht.nativeBuildInputs;
@@ -25,7 +60,6 @@ buildPythonPackage rec {
srht
redis
pyyaml
- buildsrht
];
preBuild = ''
@@ -33,11 +67,12 @@ buildPythonPackage rec {
'';
dontUseSetuptoolsCheck = true;
+ pythonImportsCheck = [ "scmsrht" ];
meta = with lib; {
homepage = "https://git.sr.ht/~sircmpwn/git.sr.ht";
description = "Shared support code for sr.ht source control services.";
- license = licenses.agpl3;
+ license = licenses.agpl3Only;
maintainers = with maintainers; [ eadwu ];
};
}
diff --git a/pkgs/applications/version-management/sourcehut/todo.nix b/pkgs/applications/version-management/sourcehut/todo.nix
index 85e1f5637b6..cdb1f8cf8be 100644
--- a/pkgs/applications/version-management/sourcehut/todo.nix
+++ b/pkgs/applications/version-management/sourcehut/todo.nix
@@ -12,13 +12,13 @@
buildPythonPackage rec {
pname = "todosrht";
- version = "0.64.14";
+ version = "0.65.2";
src = fetchFromSourcehut {
owner = "~sircmpwn";
repo = "todo.sr.ht";
rev = version;
- sha256 = "sha256-huIAhn6h1F5w5ST4/yBwr82kAzyYwhLu+gpRuOQgnsE=";
+ sha256 = "sha256-46RkBwLuGpYYw2V4JBDR414W2EaYnz0rru/T9j/PrJs=";
};
nativeBuildInputs = srht.nativeBuildInputs;
@@ -42,11 +42,12 @@ buildPythonPackage rec {
];
dontUseSetuptoolsCheck = true;
+ pythonImportsCheck = [ "todosrht" ];
meta = with lib; {
homepage = "https://todo.sr.ht/~sircmpwn/todo.sr.ht";
description = "Ticket tracking service for the sr.ht network";
- license = licenses.agpl3;
+ license = licenses.agpl3Only;
maintainers = with maintainers; [ eadwu ];
};
}
diff --git a/pkgs/applications/version-management/sourcehut/update.sh b/pkgs/applications/version-management/sourcehut/update.sh
index 156d4cc35e4..fb78d39ec40 100755
--- a/pkgs/applications/version-management/sourcehut/update.sh
+++ b/pkgs/applications/version-management/sourcehut/update.sh
@@ -1,8 +1,11 @@
#! /usr/bin/env nix-shell
#! nix-shell -i bash -p git mercurial common-updater-scripts
+set -x
-cd "$(dirname "${BASH_SOURCE[0]}")"
+cd "$(dirname "${BASH_SOURCE[0]}")" || exit 1
root=../../../..
+tmp=$(mktemp -d)
+trap 'rm -rf "$tmp"' EXIT
default() {
(cd "$root" && nix-instantiate --eval --strict -A "sourcehut.python.pkgs.$1.meta.position" | sed -re 's/^"(.*):[0-9]+"$/\1/')
@@ -13,42 +16,59 @@ version() {
}
src_url() {
- (cd "$root" && nix-instantiate --eval --strict -A "sourcehut.python.pkgs.$1.src.drvAttrs.url" | tr -d '"')
+ nix-instantiate --eval --strict --expr " with import $root {}; let src = sourcehut.python.pkgs.$1.drvAttrs.src; in src.url or src.meta.homepage" | tr -d '"'
}
get_latest_version() {
src="$(src_url "$1")"
- tmp=$(mktemp -d)
-
+ rm -rf "$tmp"
if [ "$1" = "hgsrht" ]; then
- hg clone "$src" "$tmp" &> /dev/null
+ hg clone "$src" "$tmp" >/dev/null
printf "%s" "$(cd "$tmp" && hg log --limit 1 --template '{latesttag}')"
else
- git clone "$src" "$tmp"
- printf "%s" "$(cd "$tmp" && git describe $(git rev-list --tags --max-count=1))"
+ git clone "$src" "$tmp" >/dev/null
+ printf "%s" "$(cd "$tmp" && git describe "$(git rev-list --tags --max-count=1)")"
fi
}
update_version() {
default_nix="$(default "$1")"
- version_old="$(version "$1")"
+ oldVersion="$(version "$1")"
version="$(get_latest_version "$1")"
(cd "$root" && update-source-version "sourcehut.python.pkgs.$1" "$version")
+ # Update vendorSha256 of Go modules
+ retry=true
+ while "$retry"; do
+ retry=false;
+ exec < <(exec nix -L build -f "$root" sourcehut.python.pkgs."$1" 2>&1)
+ while IFS=' :' read -r origin hash; do
+ case "$origin" in
+ (expected|specified) oldHash="$hash";;
+ (got) sed -i "s|$oldHash|$(nix hash to-sri --type sha256 "$hash")|" "$default_nix"; retry=true; break;;
+ (*) printf >&2 "%s\n" "$origin${hash:+:$hash}"
+ esac
+ done
+ done
+
git add "$default_nix"
- git commit -m "$1: $version_old -> $version"
+ git commit -m "sourcehut.$1: $oldVersion -> $version"
}
-services=( "srht" "buildsrht" "dispatchsrht" "gitsrht" "hgsrht" "hubsrht" "listssrht" "mansrht"
- "metasrht" "pastesrht" "todosrht" "scmsrht" )
-
-# Whether or not a specific service is requested
-if [ -n "$1" ]; then
- version="$(get_latest_version "$1")"
- (cd "$root" && update-source-version "sourcehut.python.pkgs.$1" "$version")
+if [ $# -gt 0 ]; then
+ services=("$@")
else
- for service in "${services[@]}"; do
- update_version "$service"
- done
+ # Beware that some packages must be updated before others,
+ # eg. srht-keys must be update before gitsrht,
+ # otherwise this script would enter an infinite loop
+ # because the reported $oldHash to be changed
+ # may not actually be in $default_nix
+ # but in the file of one of its dependencies.
+ services=( "srht" "scmsrht" "srht-keys" "buildsrht" "dispatchsrht" "gitsrht" "hgsrht" "hubsrht" "listssrht" "mansrht"
+ "metasrht" "pagessrht" "pastesrht" "todosrht" )
fi
+
+for service in "${services[@]}"; do
+ update_version "$service"
+done
diff --git a/pkgs/development/go-modules/generic/default.nix b/pkgs/development/go-modules/generic/default.nix
index 3b645f9ce8b..f00ca1984ec 100644
--- a/pkgs/development/go-modules/generic/default.nix
+++ b/pkgs/development/go-modules/generic/default.nix
@@ -71,6 +71,7 @@ let
inherit (go) GOOS GOARCH;
patches = args.patches or [];
+ patchFlags = args.patchFlags or [];
preBuild = args.preBuild or "";
sourceRoot = args.sourceRoot or "";