nixos/modules/services/misc/sourcehut/todo.nix at 22.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / misc / sourcehut / todo.nix
at 22.05-pre 5.1 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4let
  5  cfg = config.services.sourcehut;
  6  cfgIni = cfg.settings;
  7  scfg = cfg.todo;
  8  iniKey = "todo.sr.ht";
  9
 10  rcfg = config.services.redis;
 11  drv = pkgs.sourcehut.todosrht;
 12in
 13{
 14  options.services.sourcehut.todo = {
 15    user = mkOption {
 16      type = types.str;
 17      default = "todosrht";
 18      description = ''
 19        User for todo.sr.ht.
 20      '';
 21    };
 22
 23    port = mkOption {
 24      type = types.port;
 25      default = 5003;
 26      description = ''
 27        Port on which the "todo" module should listen.
 28      '';
 29    };
 30
 31    database = mkOption {
 32      type = types.str;
 33      default = "todo.sr.ht";
 34      description = ''
 35        PostgreSQL database name for todo.sr.ht.
 36      '';
 37    };
 38
 39    statePath = mkOption {
 40      type = types.path;
 41      default = "${cfg.statePath}/todosrht";
 42      description = ''
 43        State path for todo.sr.ht.
 44      '';
 45    };
 46  };
 47
 48  config = with scfg; lib.mkIf (cfg.enable && elem "todo" cfg.services) {
 49    users = {
 50      users = {
 51        "${user}" = {
 52          isSystemUser = true;
 53          group = user;
 54          extraGroups = [ "postfix" ];
 55          description = "todo.sr.ht user";
 56        };
 57      };
 58      groups = {
 59        "${user}" = { };
 60      };
 61    };
 62
 63    services.postgresql = {
 64      authentication = ''
 65        local ${database} ${user} trust
 66      '';
 67      ensureDatabases = [ database ];
 68      ensureUsers = [
 69        {
 70          name = user;
 71          ensurePermissions = { "DATABASE \"${database}\"" = "ALL PRIVILEGES"; };
 72        }
 73      ];
 74    };
 75
 76    systemd = {
 77      tmpfiles.rules = [
 78        "d ${statePath} 0750 ${user} ${user} -"
 79      ];
 80
 81      services = {
 82        todosrht = import ./service.nix { inherit config pkgs lib; } scfg drv iniKey {
 83          after = [ "postgresql.service" "network.target" ];
 84          requires = [ "postgresql.service" ];
 85          wantedBy = [ "multi-user.target" ];
 86
 87          description = "todo.sr.ht website service";
 88
 89          serviceConfig.ExecStart = "${cfg.python}/bin/gunicorn ${drv.pname}.app:app -b ${cfg.address}:${toString port}";
 90        };
 91
 92       todosrht-lmtp = {
 93         after = [ "postgresql.service" "network.target" ];
 94         bindsTo = [ "postgresql.service" ];
 95         wantedBy = [ "multi-user.target" ];
 96
 97         description = "todo.sr.ht process service";
 98         serviceConfig = {
 99           Type = "simple";
100           User = user;
101           Restart = "always";
102           ExecStart = "${cfg.python}/bin/todosrht-lmtp";
103         };
104       };
105
106        todosrht-webhooks = {
107          after = [ "postgresql.service" "network.target" ];
108          requires = [ "postgresql.service" ];
109          wantedBy = [ "multi-user.target" ];
110
111          description = "todo.sr.ht webhooks service";
112          serviceConfig = {
113            Type = "simple";
114            User = user;
115            Restart = "always";
116            ExecStart = "${cfg.python}/bin/celery -A ${drv.pname}.webhooks worker --loglevel=info";
117          };
118
119        };
120      };
121    };
122
123    services.sourcehut.settings = {
124      # URL todo.sr.ht is being served at (protocol://domain)
125      "todo.sr.ht".origin = mkDefault "http://todo.${cfg.originBase}";
126      # Address and port to bind the debug server to
127      "todo.sr.ht".debug-host = mkDefault "0.0.0.0";
128      "todo.sr.ht".debug-port = mkDefault port;
129      # Configures the SQLAlchemy connection string for the database.
130      "todo.sr.ht".connection-string = mkDefault "postgresql:///${database}?user=${user}&host=/var/run/postgresql";
131      # Set to "yes" to automatically run migrations on package upgrade.
132      "todo.sr.ht".migrate-on-upgrade = mkDefault "yes";
133      # todo.sr.ht's OAuth client ID and secret for meta.sr.ht
134      # Register your client at meta.example.org/oauth
135      "todo.sr.ht".oauth-client-id = mkDefault null;
136      "todo.sr.ht".oauth-client-secret = mkDefault null;
137      # Outgoing email for notifications generated by users
138      "todo.sr.ht".notify-from = mkDefault "CHANGEME@example.org";
139      # The redis connection used for the webhooks worker
140      "todo.sr.ht".webhooks = mkDefault "redis://${rcfg.bind}:${toString rcfg.port}/1";
141      # Network-key
142      "todo.sr.ht".network-key = mkDefault null;
143
144      # Path for the lmtp daemon's unix socket. Direct incoming mail to this socket.
145      # Alternatively, specify IP:PORT and an SMTP server will be run instead.
146      "todo.sr.ht::mail".sock = mkDefault "/tmp/todo.sr.ht-lmtp.sock";
147      # The lmtp daemon will make the unix socket group-read/write for users in this
148      # group.
149      "todo.sr.ht::mail".sock-group = mkDefault "postfix";
150
151      "todo.sr.ht::mail".posting-domain = mkDefault "todo.${cfg.originBase}";
152    };
153
154    services.nginx.virtualHosts."todo.${cfg.originBase}" = {
155      forceSSL = true;
156      locations."/".proxyPass = "http://${cfg.address}:${toString port}";
157      locations."/query".proxyPass = "http://${cfg.address}:${toString (port + 100)}";
158      locations."/static".root = "${pkgs.sourcehut.todosrht}/${pkgs.sourcehut.python.sitePackages}/todosrht";
159    };
160  };
161}