diff options
Diffstat (limited to 'nixos/modules/services/misc/sourcehut/default.xml')
-rw-r--r-- | nixos/modules/services/misc/sourcehut/default.xml | 111 |
1 files changed, 111 insertions, 0 deletions
diff --git a/nixos/modules/services/misc/sourcehut/default.xml b/nixos/modules/services/misc/sourcehut/default.xml new file mode 100644 index 0000000000000..cc309903889aa --- /dev/null +++ b/nixos/modules/services/misc/sourcehut/default.xml @@ -0,0 +1,111 @@ +<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="module-services-sourcehut"> + <title>Sourcehut</title> + <para> + <link xlink:href="https://sr.ht.com/">Sourcehut</link> is an + open-source, self-hostable software development platform. The server + setup can be automated using + <link linkend="opt-services.sourcehut.enable">services.sourcehut</link>. + </para> + <section xml:id="module-services-sourcehut-basic-usage"> + <title>Basic usage</title> + <para> + Sourcehut is a Python and Go based set of applications. This NixOS + module also provides basic configuration integrating Sourcehut + into locally running <literal>services.nginx</literal>, + <literal>services.redis.servers.sourcehut</literal>, + <literal>services.postfix</literal> and + <literal>services.postgresql</literal> services. + </para> + <para> + A very basic configuration may look like this: + </para> + <programlisting> +{ pkgs, ... }: +let + fqdn = + let + join = hostName: domain: hostName + optionalString (domain != null) ".${domain}"; + in join config.networking.hostName config.networking.domain; +in { + + networking = { + hostName = "srht"; + domain = "tld"; + firewall.allowedTCPPorts = [ 22 80 443 ]; + }; + + services.sourcehut = { + enable = true; + git.enable = true; + man.enable = true; + meta.enable = true; + nginx.enable = true; + postfix.enable = true; + postgresql.enable = true; + redis.enable = true; + settings = { + "sr.ht" = { + environment = "production"; + global-domain = fqdn; + origin = "https://${fqdn}"; + # Produce keys with srht-keygen from sourcehut.coresrht. + network-key = "/run/keys/path/to/network-key"; + service-key = "/run/keys/path/to/service-key"; + }; + webhooks.private-key= "/run/keys/path/to/webhook-key"; + }; + }; + + security.acme.certs."${fqdn}".extraDomainNames = [ + "meta.${fqdn}" + "man.${fqdn}" + "git.${fqdn}" + ]; + + services.nginx = { + enable = true; + # only recommendedProxySettings are strictly required, but the rest make sense as well. + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + + # Settings to setup what certificates are used for which endpoint. + virtualHosts = { + "${fqdn}".enableACME = true; + "meta.${fqdn}".useACMEHost = fqdn: + "man.${fqdn}".useACMEHost = fqdn: + "git.${fqdn}".useACMEHost = fqdn: + }; + }; +} +</programlisting> + <para> + The <literal>hostName</literal> option is used internally to + configure the nginx reverse-proxy. The <literal>settings</literal> + attribute set is used by the configuration generator and the + result is placed in <literal>/etc/sr.ht/config.ini</literal>. + </para> + </section> + <section xml:id="module-services-sourcehut-configuration"> + <title>Configuration</title> + <para> + All configuration parameters are also stored in + <literal>/etc/sr.ht/config.ini</literal> which is generated by the + module and linked from the store to ensure that all values from + <literal>config.ini</literal> can be modified by the module. + </para> + </section> + <section xml:id="module-services-sourcehut-httpd"> + <title>Using an alternative webserver as reverse-proxy (e.g. + <literal>httpd</literal>)</title> + <para> + By default, <literal>nginx</literal> is used as reverse-proxy for + <literal>sourcehut</literal>. However, it’s possible to use e.g. + <literal>httpd</literal> by explicitly disabling + <literal>nginx</literal> using + <xref linkend="opt-services.nginx.enable" /> and fixing the + <literal>settings</literal>. + </para> + </section> +</chapter> |