diff options
Diffstat (limited to 'nixos/modules/services/misc/sourcehut/sourcehut.xml')
-rw-r--r-- | nixos/modules/services/misc/sourcehut/sourcehut.xml | 115 |
1 files changed, 115 insertions, 0 deletions
diff --git a/nixos/modules/services/misc/sourcehut/sourcehut.xml b/nixos/modules/services/misc/sourcehut/sourcehut.xml new file mode 100644 index 00000000000..ab9a8c6cb4b --- /dev/null +++ b/nixos/modules/services/misc/sourcehut/sourcehut.xml @@ -0,0 +1,115 @@ +<chapter xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="module-services-sourcehut"> + <title>Sourcehut</title> + <para> + <link xlink:href="https://sr.ht.com/">Sourcehut</link> is an open-source, + self-hostable software development platform. The server setup can be automated using + <link linkend="opt-services.sourcehut.enable">services.sourcehut</link>. + </para> + + <section xml:id="module-services-sourcehut-basic-usage"> + <title>Basic usage</title> + <para> + Sourcehut is a Python and Go based set of applications. + <literal><link linkend="opt-services.sourcehut.enable">services.sourcehut</link></literal> + by default will use + <literal><link linkend="opt-services.nginx.enable">services.nginx</link></literal>, + <literal><link linkend="opt-services.nginx.enable">services.redis</link></literal>, + <literal><link linkend="opt-services.nginx.enable">services.cron</link></literal>, + and + <literal><link linkend="opt-services.postgresql.enable">services.postgresql</link></literal>. + </para> + + <para> + A very basic configuration may look like this: +<programlisting> +{ pkgs, ... }: +let + fqdn = + let + join = hostName: domain: hostName + optionalString (domain != null) ".${domain}"; + in join config.networking.hostName config.networking.domain; +in { + + networking = { + <link linkend="opt-networking.hostName">hostName</link> = "srht"; + <link linkend="opt-networking.domain">domain</link> = "tld"; + <link linkend="opt-networking.firewall.allowedTCPPorts">firewall.allowedTCPPorts</link> = [ 22 80 443 ]; + }; + + services.sourcehut = { + <link linkend="opt-services.sourcehut.enable">enable</link> = true; + <link linkend="opt-services.sourcehut.originBase">originBase</link> = fqdn; + <link linkend="opt-services.sourcehut.services">services</link> = [ "meta" "man" "git" ]; + <link linkend="opt-services.sourcehut.settings">settings</link> = { + "sr.ht" = { + environment = "production"; + global-domain = fqdn; + origin = "https://${fqdn}"; + # Produce keys with srht-keygen from <package>sourcehut.coresrht</package>. + network-key = "SECRET"; + service-key = "SECRET"; + }; + webhooks.private-key= "SECRET"; + }; + }; + + <link linkend="opt-security.acme.certs._name_.extraDomainNames">security.acme.certs."${fqdn}".extraDomainNames</link> = [ + "meta.${fqdn}" + "man.${fqdn}" + "git.${fqdn}" + ]; + + services.nginx = { + <link linkend="opt-services.nginx.enable">enable</link> = true; + # only recommendedProxySettings are strictly required, but the rest make sense as well. + <link linkend="opt-services.nginx.recommendedTlsSettings">recommendedTlsSettings</link> = true; + <link linkend="opt-services.nginx.recommendedOptimisation">recommendedOptimisation</link> = true; + <link linkend="opt-services.nginx.recommendedGzipSettings">recommendedGzipSettings</link> = true; + <link linkend="opt-services.nginx.recommendedProxySettings">recommendedProxySettings</link> = true; + + # Settings to setup what certificates are used for which endpoint. + <link linkend="opt-services.nginx.virtualHosts">virtualHosts</link> = { + <link linkend="opt-services.nginx.virtualHosts._name_.enableACME">"${fqdn}".enableACME</link> = true; + <link linkend="opt-services.nginx.virtualHosts._name_.useACMEHost">"meta.${fqdn}".useACMEHost</link> = fqdn: + <link linkend="opt-services.nginx.virtualHosts._name_.useACMEHost">"man.${fqdn}".useACMEHost</link> = fqdn: + <link linkend="opt-services.nginx.virtualHosts._name_.useACMEHost">"git.${fqdn}".useACMEHost</link> = fqdn: + }; + }; +} +</programlisting> + </para> + + <para> + The <literal>hostName</literal> option is used internally to configure the nginx + reverse-proxy. The <literal>settings</literal> attribute set is + used by the configuration generator and the result is placed in <literal>/etc/sr.ht/config.ini</literal>. + </para> + </section> + + <section xml:id="module-services-sourcehut-configuration"> + <title>Configuration</title> + + <para> + All configuration parameters are also stored in + <literal>/etc/sr.ht/config.ini</literal> which is generated by + the module and linked from the store to ensure that all values from <literal>config.ini</literal> + can be modified by the module. + </para> + + </section> + + <section xml:id="module-services-sourcehut-httpd"> + <title>Using an alternative webserver as reverse-proxy (e.g. <literal>httpd</literal>)</title> + <para> + By default, <package>nginx</package> is used as reverse-proxy for <package>sourcehut</package>. + However, it's possible to use e.g. <package>httpd</package> by explicitly disabling + <package>nginx</package> using <xref linkend="opt-services.nginx.enable" /> and fixing the + <literal>settings</literal>. + </para> +</section> + +</chapter> |