nixos/modules/services/misc/sourcehut/man.nix at 22.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / misc / sourcehut / man.nix
at 22.05-pre 3.4 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4let
  5  cfg = config.services.sourcehut;
  6  cfgIni = cfg.settings;
  7  scfg = cfg.man;
  8  iniKey = "man.sr.ht";
  9
 10  drv = pkgs.sourcehut.mansrht;
 11in
 12{
 13  options.services.sourcehut.man = {
 14    user = mkOption {
 15      type = types.str;
 16      default = "mansrht";
 17      description = ''
 18        User for man.sr.ht.
 19      '';
 20    };
 21
 22    port = mkOption {
 23      type = types.port;
 24      default = 5004;
 25      description = ''
 26        Port on which the "man" module should listen.
 27      '';
 28    };
 29
 30    database = mkOption {
 31      type = types.str;
 32      default = "man.sr.ht";
 33      description = ''
 34        PostgreSQL database name for man.sr.ht.
 35      '';
 36    };
 37
 38    statePath = mkOption {
 39      type = types.path;
 40      default = "${cfg.statePath}/mansrht";
 41      description = ''
 42        State path for man.sr.ht.
 43      '';
 44    };
 45  };
 46
 47  config = with scfg; lib.mkIf (cfg.enable && elem "man" cfg.services) {
 48    assertions =
 49      [
 50        {
 51          assertion = hasAttrByPath [ "git.sr.ht" "oauth-client-id" ] cfgIni;
 52          message = "man.sr.ht needs access to git.sr.ht.";
 53        }
 54      ];
 55
 56    users = {
 57      users = {
 58        "${user}" = {
 59          isSystemUser = true;
 60          group = user;
 61          description = "man.sr.ht user";
 62        };
 63      };
 64
 65      groups = {
 66        "${user}" = { };
 67      };
 68    };
 69
 70    services.postgresql = {
 71      authentication = ''
 72        local ${database} ${user} trust
 73      '';
 74      ensureDatabases = [ database ];
 75      ensureUsers = [
 76        {
 77          name = user;
 78          ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
 79        }
 80      ];
 81    };
 82
 83    systemd = {
 84      tmpfiles.rules = [
 85        "d ${statePath} 0750 ${user} ${user} -"
 86      ];
 87
 88      services.mansrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
 89        after = [ "postgresql.service" "network.target" ];
 90        requires = [ "postgresql.service" ];
 91        wantedBy = [ "multi-user.target" ];
 92
 93        description = "man.sr.ht website service";
 94
 95        serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
 96      };
 97    };
 98
 99    services.sourcehut.settings = {
100      # URL man.sr.ht is being served at (protocol://domain)
101      "man.sr.ht".origin = mkDefault "http://man.${cfg.originBase}";
102      # Address and port to bind the debug server to
103      "man.sr.ht".debug-host = mkDefault "0.0.0.0";
104      "man.sr.ht".debug-port = mkDefault port;
105      # Configures the SQLAlchemy connection string for the database.
106      "man.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
107      # Set to "yes" to automatically run migrations on package upgrade.
108      "man.sr.ht".migrate-on-upgrade = mkDefault "yes";
109      # man.sr.ht's OAuth client ID and secret for meta.sr.ht
110      # Register your client at meta.example.org/oauth
111      "man.sr.ht".oauth-client-id = mkDefault null;
112      "man.sr.ht".oauth-client-secret = mkDefault null;
113    };
114
115    services.nginx.virtualHosts."man.${cfg.originBase}" = {
116      forceSSL = true;
117      locations."/".proxyPass = "http://${cfg.address}:${toString port}";
118      locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
119      locations."/static".root = "${pkgs.sourcehut.mansrht}/${pkgs.sourcehut.python.sitePackages}/mansrht";
120    };
121  };
122}