nixos/modules/services/misc/sourcehut/hub.nix at 22.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / misc / sourcehut / hub.nix
at 22.05-pre 3.4 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4let
  5  cfg = config.services.sourcehut;
  6  cfgIni = cfg.settings;
  7  scfg = cfg.hub;
  8  iniKey = "hub.sr.ht";
  9
 10  drv = pkgs.sourcehut.hubsrht;
 11in
 12{
 13  options.services.sourcehut.hub = {
 14    user = mkOption {
 15      type = types.str;
 16      default = "hubsrht";
 17      description = ''
 18        User for hub.sr.ht.
 19      '';
 20    };
 21
 22    port = mkOption {
 23      type = types.port;
 24      default = 5014;
 25      description = ''
 26        Port on which the "hub" module should listen.
 27      '';
 28    };
 29
 30    database = mkOption {
 31      type = types.str;
 32      default = "hub.sr.ht";
 33      description = ''
 34        PostgreSQL database name for hub.sr.ht.
 35      '';
 36    };
 37
 38    statePath = mkOption {
 39      type = types.path;
 40      default = "${cfg.statePath}/hubsrht";
 41      description = ''
 42        State path for hub.sr.ht.
 43      '';
 44    };
 45  };
 46
 47  config = with scfg; lib.mkIf (cfg.enable && elem "hub" cfg.services) {
 48    users = {
 49      users = {
 50        "${user}" = {
 51          isSystemUser = true;
 52          group = user;
 53          description = "hub.sr.ht user";
 54        };
 55      };
 56
 57      groups = {
 58        "${user}" = { };
 59      };
 60    };
 61
 62    services.postgresql = {
 63      authentication = ''
 64        local ${database} ${user} trust
 65      '';
 66      ensureDatabases = [ database ];
 67      ensureUsers = [
 68        {
 69          name = user;
 70          ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
 71        }
 72      ];
 73    };
 74
 75    systemd = {
 76      tmpfiles.rules = [
 77        "d ${statePath} 0750 ${user} ${user} -"
 78      ];
 79
 80      services.hubsrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
 81        after = [ "postgresql.service" "network.target" ];
 82        requires = [ "postgresql.service" ];
 83        wantedBy = [ "multi-user.target" ];
 84
 85        description = "hub.sr.ht website service";
 86
 87        serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
 88      };
 89    };
 90
 91    services.sourcehut.settings = {
 92      # URL hub.sr.ht is being served at (protocol://domain)
 93      "hub.sr.ht".origin = mkDefault "http://hub.${cfg.originBase}";
 94      # Address and port to bind the debug server to
 95      "hub.sr.ht".debug-host = mkDefault "0.0.0.0";
 96      "hub.sr.ht".debug-port = mkDefault port;
 97      # Configures the SQLAlchemy connection string for the database.
 98      "hub.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
 99      # Set to "yes" to automatically run migrations on package upgrade.
100      "hub.sr.ht".migrate-on-upgrade = mkDefault "yes";
101      # hub.sr.ht's OAuth client ID and secret for meta.sr.ht
102      # Register your client at meta.example.org/oauth
103      "hub.sr.ht".oauth-client-id = mkDefault null;
104      "hub.sr.ht".oauth-client-secret = mkDefault null;
105    };
106
107    services.nginx.virtualHosts."${cfg.originBase}" = {
108      forceSSL = true;
109      locations."/".proxyPass = "http://${cfg.address}:${toString port}";
110      locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
111      locations."/static".root = "${pkgs.sourcehut.hubsrht}/${pkgs.sourcehut.python.sitePackages}/hubsrht";
112    };
113    services.nginx.virtualHosts."hub.${cfg.originBase}" = {
114      globalRedirect = "${cfg.originBase}";
115      forceSSL = true;
116    };
117  };
118}