logistic-bot/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(sourcehut): install sourcehut

Browse source 
I didn't commit earlier config changes, I should have
This commit is contained in:
Khaïs COLIN 2024-08-11 11:00:55 +02:00
parent 6cd91a48ff
commit bb4e8d70b9
1 changed files with 100 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

100
nixos/configuration.nix
View file

@ -4,6 +4,9 @@
{ pkgs, ... }: { pkgs, ... }:
let
sourcehut-fqdn = "sourcehut.nixos.local";
in
{ {
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
@ -15,6 +18,12 @@
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "nixos"; # Define your hostname. networking.hostName = "nixos"; # Define your hostname.
networking.extraHosts = ''
127.0.0.1 sourcehut.nixos.local
127.0.0.1 meta.sourcehut.nixos.local
127.0.0.1 man.sourcehut.nixos.local
127.0.0.1 git.sourcehut.nixos.local
'';
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary # Configure network proxy if necessary
@ -214,6 +223,97 @@
wantedBy = [ "graphical-session.target" ]; wantedBy = [ "graphical-session.target" ];
}; };
# enable selfhosted sourcehut instance
services.sourcehut = {
enable = true;
git.enable = true;
man.enable = true;
meta = {
enable = true;
gunicorn.extraArgs = [
"--timeout 120"
"--workers 1"
"--log-level=info"
"--bind [::1]:5000"
];
};
nginx.enable = true;
postgresql.enable = true;
redis.enable = true;
settings = {
"sr.ht" = {
environment = "production";
global-domain = "${sourcehut-fqdn}";
origin = "https://${sourcehut-fqdn}";
network-key = "/etc/nixos/secrets/sourcehut/network.key";
service-key = "/etc/nixos/secrets/sourcehut/service.key";
};
"git.sr.ht" = {
oauth-client-id = "78d7e221ea540f10";
oauth-client-secret = "/etc/nixos/secrets/sourcehut/git.oauth";
};
"man.sr.ht" = {
oauth-client-id = "man.sr.ht";
oauth-client-secret = "/etc/nixos/secrets/sourcehut/man.oauth";
};
mail = {
pgp-key-id = "/etc/nixos/secrets/sourcehut/mail.key.id";
pgp-privkey = "/etc/nixos/secrets/sourcehut/mail.key";
pgp-pubkey = "/etc/nixos/secrets/sourcehut/mail.key.pub";
smtp-from = "mail@${sourcehut-fqdn}";
};
webhooks.private-key = "/etc/nixos/secrets/sourcehut/webhook.key";
};
};
# security.acme = {
# certs."${sourcehut-fqdn}".extraDomainNames = [
# "meta.${sourcehut-fqdn}"
# "man.${sourcehut-fqdn}"
# "git.${sourcehut-fqdn}"
# ];
# acceptTerms = true;
# defaults.email = "khais.colin+letsencrypt@gmail.com";
# };
security.pki.certificateFiles = [
/etc/nixos/secrets/myCA.pem
];
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts = {
"${sourcehut-fqdn}" = {
default = true;
sslCertificate = "/etc/nixos/secrets/certs/sourcehut.nixos.local.crt";
sslCertificateKey = "/etc/nixos/secrets/certs/sourcehut.nixos.local.key";
};
"meta.${sourcehut-fqdn}" = {
sslCertificate = "/etc/nixos/secrets/certs/sourcehut.nixos.local.crt";
sslCertificateKey = "/etc/nixos/secrets/certs/sourcehut.nixos.local.key";
};
"man.${sourcehut-fqdn}" = {
sslCertificate = "/etc/nixos/secrets/certs/sourcehut.nixos.local.crt";
sslCertificateKey = "/etc/nixos/secrets/certs/sourcehut.nixos.local.key";
};
"git.${sourcehut-fqdn}" = {
sslCertificate = "/etc/nixos/secrets/certs/sourcehut.nixos.local.crt";
sslCertificateKey = "/etc/nixos/secrets/certs/sourcehut.nixos.local.key";
};
};
};
services.postgresql.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
# Enable the OpenSSH daemon. # Enable the OpenSSH daemon.
# services.openssh.enable = true; # services.openssh.enable = true;