-{ pkgs, lib, config, inputs, ... }:
+{ pkgs, lib, config, ... }:
let
inherit (config.services) sourcehut;
inherit (config.users) users groups;
"meta"
"man"
"paste"
+ "pages"
"todo"
];
in
"sourcehut/webhook-key"
"sourcehut/oauth-client-secret"
] (p: {
- systemdConfig.before = [ "metasrht.service" ];
- systemdConfig.wantedBy = [ "metasrht.service" ];
+ systemdConfig.before = [ "metasrht.service" "gitsrht.service" ];
+ systemdConfig.wantedBy = [ "metasrht.service" "gitsrht.service" ];
});
services.minio = {
enable = true;
environment.systemPackages = [ pkgs.minio-client ];
services.sourcehut = {
enable = true;
- listenAddress = domain;
+ listenAddress = "localhost";
builds = {
- enable = true;
+ #enable = true;
enableWorker = true;
- images.nixos.unstable.x86_64 =
- let
- makeDiskImage = import (inputs.nixpkgs + "/nixos/lib/make-disk-image.nix");
- evalConfig = import (inputs.nixpkgs + "/nixos/lib/eval-config.nix");
- systemConfig = { pkgs, ... }: {
- # passwordless ssh server
- services.openssh = {
- enable = true;
- permitRootLogin = "yes";
- extraConfig = "PermitEmptyPasswords yes";
- };
+ images.nixos.unstable.x86_64 = let
+ systemConfig = { pkgs, ... }: {
+ # passwordless ssh server
+ services.openssh = {
+ enable = true;
+ permitRootLogin = "yes";
+ extraConfig = "PermitEmptyPasswords yes";
+ };
- users = {
- mutableUsers = false;
- # build user
- extraUsers."build" = {
- isNormalUser = true;
- uid = 1000;
- extraGroups = [ "wheel" ];
- password = "";
- };
- users.root.password = "";
+ users = {
+ mutableUsers = false;
+ # build user
+ extraUsers."build" = {
+ isNormalUser = true;
+ uid = 1000;
+ extraGroups = [ "wheel" ];
+ password = "";
};
+ users.root.password = "";
+ };
- security.sudo.wheelNeedsPassword = false;
- nix.trustedUsers = [ "root" "build" ];
- documentation.nixos.enable = false;
+ security.sudo.wheelNeedsPassword = false;
+ nix.settings.trusted-users = [ "root" "build" ];
+ documentation.nixos.enable = false;
- # builds.sr.ht-image-specific network settings
- networking = {
- hostName = "build";
- dhcpcd.enable = false;
- defaultGateway.address = "10.0.2.2";
- usePredictableInterfaceNames = false; # so that we just get eth0 and not some weird id
- interfaces."eth0".ipv4.addresses = [{
- address = "10.0.2.15";
- prefixLength = 25;
- }];
- enableIPv6 = false;
- nameservers = [
- # OpenNIC anycast
- "185.121.177.177"
- "169.239.202.202"
- # Google as a fallback :(
- "8.8.8.8"
- ];
- firewall.allowedTCPPorts = [ 22 ]; # allow ssh
- };
-
- environment.systemPackages = [
- pkgs.gitMinimal
- #pkgs.mercurial
- pkgs.curl
- pkgs.gnupg
+ # builds.sr.ht-image-specific network settings
+ networking = {
+ hostName = "build";
+ dhcpcd.enable = false;
+ defaultGateway.address = "10.0.2.2";
+ usePredictableInterfaceNames = false; # so that we just get eth0 and not some weird id
+ interfaces."eth0".ipv4.addresses = [{
+ address = "10.0.2.15";
+ prefixLength = 25;
+ }];
+ enableIPv6 = false;
+ nameservers = [
+ # OpenNIC anycast
+ "185.121.177.177"
+ "169.239.202.202"
+ # Google as a fallback :(
+ "8.8.8.8"
];
+ firewall.allowedTCPPorts = [ 22 ]; # allow ssh
};
- qemuConfig = { pkgs, ... }: {
- imports = [ systemConfig ];
- fileSystems."/".device = "/dev/disk/by-label/nixos";
- boot.initrd.availableKernelModules = [
- "ahci"
- "ehci_pci"
- "sd_mod"
- "usb_storage"
- "usbhid"
- "virtio_balloon"
- "virtio_blk"
- "virtio_pci"
- "virtio_ring"
- "xhci_pci"
- ];
- boot.loader = {
- grub = {
- version = 2;
- device = "/dev/vda";
- };
- timeout = 0;
+
+ environment.systemPackages = [
+ pkgs.gitMinimal
+ #pkgs.mercurial
+ pkgs.curl
+ pkgs.gnupg
+ ];
+ };
+ qemuConfig = { pkgs, ... }: {
+ imports = [ systemConfig ];
+ fileSystems."/".device = "/dev/disk/by-label/nixos";
+ boot.initrd.availableKernelModules = [
+ "ahci"
+ "ehci_pci"
+ "sd_mod"
+ "usb_storage"
+ "usbhid"
+ "virtio_balloon"
+ "virtio_blk"
+ "virtio_pci"
+ "virtio_ring"
+ "xhci_pci"
+ ];
+ boot.loader = {
+ grub = {
+ version = 2;
+ device = "/dev/vda";
};
+ timeout = 0;
};
- config = (evalConfig {
- inherit pkgs; modules = [ qemuConfig ];
- system = "x86_64-linux";
- }).config;
+ };
+ config = (import (pkgs.path + "/nixos/lib/eval-config.nix") {
+ inherit pkgs; modules = [ qemuConfig ];
+ system = "x86_64-linux";
+ }).config;
in
- makeDiskImage {
+ import (pkgs.path + "/nixos/lib/make-disk-image.nix") {
inherit pkgs lib config;
diskSize = 16000;
format = "qcow2-compressed";
};
#dispatch.enable = true;
- #git.enable = true;
+ git.enable = true;
#hub.enable = true;
meta.enable = true;
+ meta.port = 4999;
#man.enable = true;
#pages.enable = true;
#paste.enable = true;
postgresql.enable = true;
postfix.enable = true;
redis.enable = true;
- #redis.firstDatabase = 0;
nginx.enable = true;
settings = {
"sr.ht" = {
};
"meta.sr.ht" = {
origin = "http://meta.${domain}";
- api-origin = "http://meta.${domain}:5100";
+ api-origin = "http://localhost:5099";
};
"meta.sr.ht::settings" = {
onboarding-redirect = "http://meta.${domain}";
registration = true;
- internal-ipnet = "127.0.0.0/8,192.168.42.0/24";
};
"meta.sr.ht::api" = {
+ # This is a temporary workaround
+ #
internal-ipnet= [ "127.0.0.0/8" "::1/128" "192.168.0.0/16" "10.0.0.0/8"];
};
"todo.sr.ht" = {
outgoing-domain = "http://git.${domain}";
oauth-client-secret = gnupg.secrets."sourcehut/oauth-client-secret".path;
oauth-client-id = "299db9f9c2013170";
- repos = "/var/lib/git";
+ #repos = "/var/lib/git";
};
"hub.sr.ht" = {
origin = "http://hub.${domain}";
encoding=UTF8 \
lc_collate=fr_FR.UTF-8 \
lc_type=fr_FR.UTF-8 \
- owner="${sourcehut.git.database}" \
- pg_createdb "${sourcehut.git.database}" >/dev/null </dev/null
+ owner="${sourcehut.git.postgresql.database}" \
+ pg_createdb "${sourcehut.git.postgresql.database}" >/dev/null </dev/null
- pg_adduser "${sourcehut.git.database}" "${sourcehut.git.database}" >/dev/null
- */
+ pg_adduser "${sourcehut.git.postgresql.database}" "${sourcehut.git.postgresql.database}" >/dev/null
postStart = lib.mkAfter ''
- $PSQL -d "${sourcehut.builds.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
+ $PSQL -d "${sourcehut.builds.postgresql.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
GRANT USAGE,CREATE ON schema public TO "${sourcehut.builds.user}";
EOF
- $PSQL -d "${sourcehut.dispatch.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
+ $PSQL -d "${sourcehut.dispatch.postgresql.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
GRANT USAGE,CREATE ON schema public TO "${sourcehut.dispatch.user}";
EOF
- $PSQL -d "${sourcehut.git.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
+ $PSQL -d "${sourcehut.git.postgresql.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
GRANT USAGE,CREATE ON schema public TO "${sourcehut.git.user}";
EOF
- $PSQL -d "${sourcehut.hub.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
+ $PSQL -d "${sourcehut.hub.postgresql.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
GRANT USAGE,CREATE ON schema public TO "${sourcehut.hub.user}";
EOF
- $PSQL -d "${sourcehut.man.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
+ $PSQL -d "${sourcehut.man.postgresql.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
GRANT USAGE,CREATE ON schema public TO "${sourcehut.man.user}";
EOF
- $PSQL -d "${sourcehut.meta.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
+ $PSQL -d "${sourcehut.meta.postgresql.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
GRANT USAGE,CREATE ON schema public TO "${sourcehut.meta.user}";
GRANT USAGE,CREATE ON schema public TO "${users.sshsrht.name}";
EOF
- $PSQL -d "${sourcehut.pages.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
+ $PSQL -d "${sourcehut.pages.postgresql.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
GRANT USAGE,CREATE ON schema public TO "${sourcehut.pages.user}";
EOF
- $PSQL -d "${sourcehut.paste.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
+ $PSQL -d "${sourcehut.paste.postgresql.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
GRANT USAGE,CREATE ON schema public TO "${sourcehut.paste.user}";
EOF
- $PSQL -d "${sourcehut.todo.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
+ $PSQL -d "${sourcehut.todo.postgresql.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
GRANT USAGE,CREATE ON schema public TO "${sourcehut.todo.user}";
EOF
- $PSQL -d "${sourcehut.lists.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
+ $PSQL -d "${sourcehut.lists.postgresql.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
GRANT USAGE,CREATE ON schema public TO "${sourcehut.lists.user}";
EOF
'';
+ */
};
}