mermet: dovecot: sieve: try to fix extension handling
[sourcephile-nix.git] / hosts / losurdo / sourcehut.nix
index 84b7cea3cf459d7ee2483f3b90506f45b91f73ce..435ae1dc5de0e3f0f2a5bf3354f24087cc3ec70c 100644 (file)
@@ -1,4 +1,4 @@
-{ pkgs, lib, config, inputs, ... }:
+{ pkgs, lib, config, ... }:
 let
   inherit (config.services) sourcehut;
   inherit (config.users) users groups;
@@ -14,6 +14,7 @@ let
     "meta"
     "man"
     "paste"
+    "pages"
     "todo"
   ];
 in
@@ -32,8 +33,8 @@ security.gnupg.secrets = lib.genAttrs [
     "sourcehut/webhook-key"
     "sourcehut/oauth-client-secret"
   ] (p: {
-  systemdConfig.before = [ "metasrht.service" ];
-  systemdConfig.wantedBy = [ "metasrht.service" ];
+  systemdConfig.before = [ "metasrht.service" "gitsrht.service" ];
+  systemdConfig.wantedBy = [ "metasrht.service" "gitsrht.service" ];
 });
 services.minio = {
   enable = true;
@@ -45,95 +46,92 @@ services.minio = {
 environment.systemPackages = [ pkgs.minio-client ];
 services.sourcehut = {
   enable = true;
-  listenAddress = domain;
+  listenAddress = "localhost";
   builds = {
-    enable = true;
+    #enable = true;
     enableWorker = true;
-    images.nixos.unstable.x86_64 =
-      let
-        makeDiskImage = import (inputs.nixpkgs + "/nixos/lib/make-disk-image.nix");
-        evalConfig = import (inputs.nixpkgs + "/nixos/lib/eval-config.nix");
-        systemConfig = { pkgs, ... }: {
-          # passwordless ssh server
-          services.openssh = {
-            enable = true;
-            permitRootLogin = "yes";
-            extraConfig = "PermitEmptyPasswords yes";
-          };
+    images.nixos.unstable.x86_64 = let
+      systemConfig = { pkgs, ... }: {
+        # passwordless ssh server
+        services.openssh = {
+          enable = true;
+          permitRootLogin = "yes";
+          extraConfig = "PermitEmptyPasswords yes";
+        };
 
-          users = {
-            mutableUsers = false;
-            # build user
-            extraUsers."build" = {
-              isNormalUser = true;
-              uid = 1000;
-              extraGroups = [ "wheel" ];
-              password = "";
-            };
-            users.root.password = "";
+        users = {
+          mutableUsers = false;
+          # build user
+          extraUsers."build" = {
+            isNormalUser = true;
+            uid = 1000;
+            extraGroups = [ "wheel" ];
+            password = "";
           };
+          users.root.password = "";
+        };
 
-          security.sudo.wheelNeedsPassword = false;
-          nix.trustedUsers = [ "root" "build" ];
-          documentation.nixos.enable = false;
+        security.sudo.wheelNeedsPassword = false;
+        nix.settings.trusted-users = [ "root" "build" ];
+        documentation.nixos.enable = false;
 
-          # builds.sr.ht-image-specific network settings
-          networking = {
-            hostName = "build";
-            dhcpcd.enable = false;
-            defaultGateway.address = "10.0.2.2";
-            usePredictableInterfaceNames = false; # so that we just get eth0 and not some weird id
-            interfaces."eth0".ipv4.addresses = [{
-              address = "10.0.2.15";
-              prefixLength = 25;
-            }];
-            enableIPv6 = false;
-            nameservers = [
-              # OpenNIC anycast
-              "185.121.177.177"
-              "169.239.202.202"
-              # Google as a fallback :(
-              "8.8.8.8"
-            ];
-            firewall.allowedTCPPorts = [ 22 ]; # allow ssh
-          };
-
-          environment.systemPackages = [
-            pkgs.gitMinimal
-            #pkgs.mercurial
-            pkgs.curl
-            pkgs.gnupg
+        # builds.sr.ht-image-specific network settings
+        networking = {
+          hostName = "build";
+          dhcpcd.enable = false;
+          defaultGateway.address = "10.0.2.2";
+          usePredictableInterfaceNames = false; # so that we just get eth0 and not some weird id
+          interfaces."eth0".ipv4.addresses = [{
+            address = "10.0.2.15";
+            prefixLength = 25;
+          }];
+          enableIPv6 = false;
+          nameservers = [
+            # OpenNIC anycast
+            "185.121.177.177"
+            "169.239.202.202"
+            # Google as a fallback :(
+            "8.8.8.8"
           ];
+          firewall.allowedTCPPorts = [ 22 ]; # allow ssh
         };
-        qemuConfig = { pkgs, ... }: {
-          imports = [ systemConfig ];
-          fileSystems."/".device = "/dev/disk/by-label/nixos";
-          boot.initrd.availableKernelModules = [
-            "ahci"
-            "ehci_pci"
-            "sd_mod"
-            "usb_storage"
-            "usbhid"
-            "virtio_balloon"
-            "virtio_blk"
-            "virtio_pci"
-            "virtio_ring"
-            "xhci_pci"
-          ];
-          boot.loader = {
-            grub = {
-              version = 2;
-              device = "/dev/vda";
-            };
-            timeout = 0;
+
+        environment.systemPackages = [
+          pkgs.gitMinimal
+          #pkgs.mercurial
+          pkgs.curl
+          pkgs.gnupg
+        ];
+      };
+      qemuConfig = { pkgs, ... }: {
+        imports = [ systemConfig ];
+        fileSystems."/".device = "/dev/disk/by-label/nixos";
+        boot.initrd.availableKernelModules = [
+          "ahci"
+          "ehci_pci"
+          "sd_mod"
+          "usb_storage"
+          "usbhid"
+          "virtio_balloon"
+          "virtio_blk"
+          "virtio_pci"
+          "virtio_ring"
+          "xhci_pci"
+        ];
+        boot.loader = {
+          grub = {
+            version = 2;
+            device = "/dev/vda";
           };
+          timeout = 0;
         };
-        config = (evalConfig {
-          inherit pkgs; modules = [ qemuConfig ];
-          system = "x86_64-linux";
-        }).config;
+      };
+      config = (import (pkgs.path + "/nixos/lib/eval-config.nix") {
+        inherit pkgs; modules = [ qemuConfig ];
+        system = "x86_64-linux";
+      }).config;
       in
-      makeDiskImage {
+      import (pkgs.path + "/nixos/lib/make-disk-image.nix") {
         inherit pkgs lib config;
         diskSize = 16000;
         format = "qcow2-compressed";
@@ -153,9 +151,10 @@ services.sourcehut = {
   };
 
   #dispatch.enable = true;
-  #git.enable = true;
+  git.enable = true;
   #hub.enable = true;
   meta.enable = true;
+  meta.port = 4999;
   #man.enable = true;
   #pages.enable = true;
   #paste.enable = true;
@@ -165,7 +164,6 @@ services.sourcehut = {
   postgresql.enable = true;
   postfix.enable = true;
   redis.enable = true;
-  #redis.firstDatabase = 0;
   nginx.enable = true;
   settings = {
     "sr.ht" = {
@@ -217,14 +215,15 @@ services.sourcehut = {
     };
     "meta.sr.ht" = {
       origin = "http://meta.${domain}";
-      api-origin = "http://meta.${domain}:5100";
+      api-origin = "http://localhost:5099";
     };
     "meta.sr.ht::settings" = {
       onboarding-redirect = "http://meta.${domain}";
       registration = true;
-      internal-ipnet = "127.0.0.0/8,192.168.42.0/24";
     };
     "meta.sr.ht::api" = {
+      # This is a temporary workaround
+      #
       internal-ipnet= [ "127.0.0.0/8" "::1/128" "192.168.0.0/16" "10.0.0.0/8"];
     };
     "todo.sr.ht" = {
@@ -237,7 +236,7 @@ services.sourcehut = {
       outgoing-domain = "http://git.${domain}";
       oauth-client-secret = gnupg.secrets."sourcehut/oauth-client-secret".path;
       oauth-client-id = "299db9f9c2013170";
-      repos = "/var/lib/git";
+      #repos = "/var/lib/git";
     };
     "hub.sr.ht" = {
       origin = "http://hub.${domain}";
@@ -297,43 +296,43 @@ systemd.services.postgresql = {
     encoding=UTF8 \
     lc_collate=fr_FR.UTF-8 \
     lc_type=fr_FR.UTF-8 \
-    owner="${sourcehut.git.database}" \
-    pg_createdb "${sourcehut.git.database}" >/dev/null </dev/null
+    owner="${sourcehut.git.postgresql.database}" \
+    pg_createdb "${sourcehut.git.postgresql.database}" >/dev/null </dev/null
 
-    pg_adduser "${sourcehut.git.database}" "${sourcehut.git.database}" >/dev/null
-  */
+    pg_adduser "${sourcehut.git.postgresql.database}" "${sourcehut.git.postgresql.database}" >/dev/null
   postStart = lib.mkAfter ''
-    $PSQL -d "${sourcehut.builds.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
+    $PSQL -d "${sourcehut.builds.postgresql.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
       GRANT USAGE,CREATE ON schema public TO "${sourcehut.builds.user}";
     EOF
-    $PSQL -d "${sourcehut.dispatch.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
+    $PSQL -d "${sourcehut.dispatch.postgresql.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
       GRANT USAGE,CREATE ON schema public TO "${sourcehut.dispatch.user}";
     EOF
-    $PSQL -d "${sourcehut.git.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
+    $PSQL -d "${sourcehut.git.postgresql.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
       GRANT USAGE,CREATE ON schema public TO "${sourcehut.git.user}";
     EOF
-    $PSQL -d "${sourcehut.hub.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
+    $PSQL -d "${sourcehut.hub.postgresql.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
       GRANT USAGE,CREATE ON schema public TO "${sourcehut.hub.user}";
     EOF
-    $PSQL -d "${sourcehut.man.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
+    $PSQL -d "${sourcehut.man.postgresql.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
       GRANT USAGE,CREATE ON schema public TO "${sourcehut.man.user}";
     EOF
-    $PSQL -d "${sourcehut.meta.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
+    $PSQL -d "${sourcehut.meta.postgresql.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
       GRANT USAGE,CREATE ON schema public TO "${sourcehut.meta.user}";
       GRANT USAGE,CREATE ON schema public TO "${users.sshsrht.name}";
     EOF
-    $PSQL -d "${sourcehut.pages.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
+    $PSQL -d "${sourcehut.pages.postgresql.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
       GRANT USAGE,CREATE ON schema public TO "${sourcehut.pages.user}";
     EOF
-    $PSQL -d "${sourcehut.paste.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
+    $PSQL -d "${sourcehut.paste.postgresql.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
       GRANT USAGE,CREATE ON schema public TO "${sourcehut.paste.user}";
     EOF
-    $PSQL -d "${sourcehut.todo.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
+    $PSQL -d "${sourcehut.todo.postgresql.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
       GRANT USAGE,CREATE ON schema public TO "${sourcehut.todo.user}";
     EOF
-    $PSQL -d "${sourcehut.lists.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
+    $PSQL -d "${sourcehut.lists.postgresql.database}" -AqtX --set ON_ERROR_STOP=1 -f - <<EOF
       GRANT USAGE,CREATE ON schema public TO "${sourcehut.lists.user}";
     EOF
   '';
+  */
 };
 }