pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / misc / sourcehut / lists.nix
at 22.05-pre 6.1 kB view raw
1# Email setup is fairly involved, useful references: 2# https://drewdevault.com/2018/08/05/Local-mail-server.html 3 4{ config, lib, pkgs, ... }: 5 6with lib; 7let 8 cfg = config.services.sourcehut; 9 cfgIni = cfg.settings; 10 scfg = cfg.lists; 11 iniKey = "lists.sr.ht"; 12 13 rcfg = config.services.redis; 14 drv = pkgs.sourcehut.listssrht; 15in 16{ 17 options.services.sourcehut.lists = { 18 user = mkOption { 19 type = types.str; 20 default = "listssrht"; 21 description = '' 22 User for lists.sr.ht. 23 ''; 24 }; 25 26 port = mkOption { 27 type = types.port; 28 default = 5006; 29 description = '' 30 Port on which the "lists" module should listen. 31 ''; 32 }; 33 34 database = mkOption { 35 type = types.str; 36 default = "lists.sr.ht"; 37 description = '' 38 PostgreSQL database name for lists.sr.ht. 39 ''; 40 }; 41 42 statePath = mkOption { 43 type = types.path; 44 default = "${cfg.statePath}/listssrht"; 45 description = '' 46 State path for lists.sr.ht. 47 ''; 48 }; 49 }; 50 51 config = with scfg; lib.mkIf (cfg.enable && elem "lists" cfg.services) { 52 users = { 53 users = { 54 "${user}" = { 55 isSystemUser = true; 56 group = user; 57 extraGroups = [ "postfix" ]; 58 description = "lists.sr.ht user"; 59 }; 60 }; 61 groups = { 62 "${user}" = { }; 63 }; 64 }; 65 66 services.postgresql = { 67 authentication = '' 68 local ${database} ${user} trust 69 ''; 70 ensureDatabases = [ database ]; 71 ensureUsers = [ 72 { 73 name = user; 74 ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; }; 75 } 76 ]; 77 }; 78 79 systemd = { 80 tmpfiles.rules = [ 81 "d ${statePath} 0750 ${user} ${user} -" 82 ]; 83 84 services = { 85 listssrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey { 86 after = [ "postgresql.service" "network.target" ]; 87 requires = [ "postgresql.service" ]; 88 wantedBy = [ "multi-user.target" ]; 89 90 description = "lists.sr.ht website service"; 91 92 serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}"; 93 }; 94 95 listssrht-process = { 96 after = [ "postgresql.service" "network.target" ]; 97 requires = [ "postgresql.service" ]; 98 wantedBy = [ "multi-user.target" ]; 99 100 description = "lists.sr.ht process service"; 101 serviceConfig = { 102 Type = "simple"; 103 User = user; 104 Restart = "always"; 105 ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.process worker --loglevel=info"; 106 }; 107 }; 108 109 listssrht-lmtp = { 110 after = [ "postgresql.service" "network.target" ]; 111 requires = [ "postgresql.service" ]; 112 wantedBy = [ "multi-user.target" ]; 113 114 description = "lists.sr.ht process service"; 115 serviceConfig = { 116 Type = "simple"; 117 User = user; 118 Restart = "always"; 119 ExecStart = "${cfg.python}/bin/listssrht-lmtp"; 120 }; 121 }; 122 123 124 listssrht-webhooks = { 125 after = [ "postgresql.service" "network.target" ]; 126 requires = [ "postgresql.service" ]; 127 wantedBy = [ "multi-user.target" ]; 128 129 description = "lists.sr.ht webhooks service"; 130 serviceConfig = { 131 Type = "simple"; 132 User = user; 133 Restart = "always"; 134 ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel=info"; 135 }; 136 }; 137 }; 138 }; 139 140 services.sourcehut.settings = { 141 # URL lists.sr.ht is being served at (protocol://domain) 142 "lists.sr.ht".origin = mkDefault "http://lists.${cfg.originBase}"; 143 # Address and port to bind the debug server to 144 "lists.sr.ht".debug-host = mkDefault "0.0.0.0"; 145 "lists.sr.ht".debug-port = mkDefault port; 146 # Configures the SQLAlchemy connection string for the database. 147 "lists.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql"; 148 # Set to "yes" to automatically run migrations on package upgrade. 149 "lists.sr.ht".migrate-on-upgrade = mkDefault "yes"; 150 # lists.sr.ht's OAuth client ID and secret for meta.sr.ht 151 # Register your client at meta.example.org/oauth 152 "lists.sr.ht".oauth-client-id = mkDefault null; 153 "lists.sr.ht".oauth-client-secret = mkDefault null; 154 # Outgoing email for notifications generated by users 155 "lists.sr.ht".notify-from = mkDefault "CHANGEME@example.org"; 156 # The redis connection used for the webhooks worker 157 "lists.sr.ht".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/2"; 158 # The redis connection used for the celery worker 159 "lists.sr.ht".redis = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/4"; 160 # Network-key 161 "lists.sr.ht".network-key = mkDefault null; 162 # Allow creation 163 "lists.sr.ht".allow-new-lists = mkDefault "no"; 164 # Posting Domain 165 "lists.sr.ht".posting-domain = mkDefault "lists.${cfg.originBase}"; 166 167 # Path for the lmtp daemon's unix socket. Direct incoming mail to this socket. 168 # Alternatively, specify IP:PORT and an SMTP server will be run instead. 169 "lists.sr.ht::worker".sock = mkDefault "/tmp/lists.sr.ht-lmtp.sock"; 170 # The lmtp daemon will make the unix socket group-read/write for users in this 171 # group. 172 "lists.sr.ht::worker".sock-group = mkDefault "postfix"; 173 "lists.sr.ht::worker".reject-url = mkDefault "https://man.sr.ht/lists.sr.ht/etiquette.md"; 174 "lists.sr.ht::worker".reject-mimetypes = mkDefault "text/html"; 175 176 }; 177 178 services.nginx.virtualHosts."lists.${cfg.originBase}" = { 179 forceSSL = true; 180 locations."/".proxyPass = "http://${cfg.address}:${toString port}"; 181 locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}"; 182 locations."/static".root = "${pkgs.sourcehut.listssrht}/${pkgs.sourcehut.python.sitePackages}/listssrht"; 183 }; 184 }; 185}