pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / misc / sourcehut / dispatch.nix
at 22.05-pre 3.9 kB view raw
1{ config, lib, pkgs, ... }: 2 3with lib; 4let 5 cfg = config.services.sourcehut; 6 cfgIni = cfg.settings; 7 scfg = cfg.dispatch; 8 iniKey = "dispatch.sr.ht"; 9 10 drv = pkgs.sourcehut.dispatchsrht; 11in 12{ 13 options.services.sourcehut.dispatch = { 14 user = mkOption { 15 type = types.str; 16 default = "dispatchsrht"; 17 description = '' 18 User for dispatch.sr.ht. 19 ''; 20 }; 21 22 port = mkOption { 23 type = types.port; 24 default = 5005; 25 description = '' 26 Port on which the "dispatch" module should listen. 27 ''; 28 }; 29 30 database = mkOption { 31 type = types.str; 32 default = "dispatch.sr.ht"; 33 description = '' 34 PostgreSQL database name for dispatch.sr.ht. 35 ''; 36 }; 37 38 statePath = mkOption { 39 type = types.path; 40 default = "${cfg.statePath}/dispatchsrht"; 41 description = '' 42 State path for dispatch.sr.ht. 43 ''; 44 }; 45 }; 46 47 config = with scfg; lib.mkIf (cfg.enable && elem "dispatch" cfg.services) { 48 49 users = { 50 users = { 51 "${user}" = { 52 isSystemUser = true; 53 group = user; 54 description = "dispatch.sr.ht user"; 55 }; 56 }; 57 58 groups = { 59 "${user}" = { }; 60 }; 61 }; 62 63 services.postgresql = { 64 authentication = '' 65 local ${database} ${user} trust 66 ''; 67 ensureDatabases = [ database ]; 68 ensureUsers = [ 69 { 70 name = user; 71 ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; }; 72 } 73 ]; 74 }; 75 76 systemd = { 77 tmpfiles.rules = [ 78 "d ${statePath} 0750 ${user} ${user} -" 79 ]; 80 81 services.dispatchsrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey { 82 after = [ "postgresql.service" "network.target" ]; 83 requires = [ "postgresql.service" ]; 84 wantedBy = [ "multi-user.target" ]; 85 86 description = "dispatch.sr.ht website service"; 87 88 serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}"; 89 }; 90 }; 91 92 services.sourcehut.settings = { 93 # URL dispatch.sr.ht is being served at (protocol://domain) 94 "dispatch.sr.ht".origin = mkDefault "http://dispatch.${cfg.originBase}"; 95 # Address and port to bind the debug server to 96 "dispatch.sr.ht".debug-host = mkDefault "0.0.0.0"; 97 "dispatch.sr.ht".debug-port = mkDefault port; 98 # Configures the SQLAlchemy connection string for the database. 99 "dispatch.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql"; 100 # Set to "yes" to automatically run migrations on package upgrade. 101 "dispatch.sr.ht".migrate-on-upgrade = mkDefault "yes"; 102 # dispatch.sr.ht's OAuth client ID and secret for meta.sr.ht 103 # Register your client at meta.example.org/oauth 104 "dispatch.sr.ht".oauth-client-id = mkDefault null; 105 "dispatch.sr.ht".oauth-client-secret = mkDefault null; 106 107 # Github Integration 108 "dispatch.sr.ht::github".oauth-client-id = mkDefault null; 109 "dispatch.sr.ht::github".oauth-client-secret = mkDefault null; 110 111 # Gitlab Integration 112 "dispatch.sr.ht::gitlab".enabled = mkDefault null; 113 "dispatch.sr.ht::gitlab".canonical-upstream = mkDefault "gitlab.com"; 114 "dispatch.sr.ht::gitlab".repo-cache = mkDefault "./repo-cache"; 115 # "dispatch.sr.ht::gitlab"."gitlab.com" = mkDefault "GitLab:application id:secret"; 116 }; 117 118 services.nginx.virtualHosts."dispatch.${cfg.originBase}" = { 119 forceSSL = true; 120 locations."/".proxyPass = "http://${cfg.address}:${toString port}"; 121 locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}"; 122 locations."/static".root = "${pkgs.sourcehut.dispatchsrht}/${pkgs.sourcehut.python.sitePackages}/dispatchsrht"; 123 }; 124 }; 125}