logistic-bot/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: move out of useless nixos directory

Browse source
This commit is contained in:
Khaïs COLIN 2024-08-26 13:38:20 +02:00
parent f76bee6384
commit ec6d839450
52 changed files with 0 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

119
sourcehut.nix Normal file
View file

@ -0,0 +1,119 @@
{ pkgs, ... }:
let
sourcehut-fqdn = "sourcehut.nixos.local";
in
{
systemd.services.gitsrht = {
environment = {
# make python's requests package use the global ca-certificates store, which will contain my own CA cert
REQUESTS_CA_BUNDLE = "/etc/ssl/certs/ca-certificates.crt";
};
};
# enable selfhosted sourcehut instance
services.sourcehut = {
enable = true;
meta = {
enable = true;
gunicorn.extraArgs = [
"--timeout 120"
"--workers 1"
"--log-level=info"
"--bind [::1]:5000"
];
};
git = {
enable = true;
gunicorn.extraArgs = [
"--timeout 120"
"--workers 1"
"--log-level=info"
"--bind [::1]:5001"
];
};
man = {
enable = true;
gunicorn.extraArgs = [
"--timeout 120"
"--workers 1"
"--log-level=info"
"--bind [::1]:5004"
];
};
nginx.enable = true;
postgresql.enable = true;
redis.enable = true;
settings = {
"sr.ht" = {
environment = "production";
global-domain = "${sourcehut-fqdn}";
origin = "http://${sourcehut-fqdn}";
network-key = "/etc/nixos/secrets/sourcehut/network.key";
service-key = "/etc/nixos/secrets/sourcehut/service.key";
};
"git.sr.ht" = {
oauth-client-id = "7f2819091157584f";
oauth-client-secret = "/etc/nixos/secrets/sourcehut/git.oauth";
origin = "http://git.${sourcehut-fqdn}";
};
"man.sr.ht" = {
oauth-client-id = "man.sr.ht";
oauth-client-secret = "/etc/nixos/secrets/sourcehut/man.oauth";
origin = "http://man.${sourcehut-fqdn}";
};
"meta.sr.ht" = {
origin = "http://meta.${sourcehut-fqdn}";
onboarding-redirect = "http://meta.${sourcehut-fqdn}";
};
mail = {
pgp-key-id = "/etc/nixos/secrets/sourcehut/mail.key.id";
pgp-privkey = "/etc/nixos/secrets/sourcehut/mail.key";
pgp-pubkey = "/etc/nixos/secrets/sourcehut/mail.key.pub";
smtp-from = "mail@${sourcehut-fqdn}";
};
webhooks.private-key = "/etc/nixos/secrets/sourcehut/webhook.key";
};
};
# security.acme = {
# certs."${sourcehut-fqdn}".extraDomainNames = [
# "meta.${sourcehut-fqdn}"
# "man.${sourcehut-fqdn}"
# "git.${sourcehut-fqdn}"
# ];
# acceptTerms = true;
# defaults.email = "khais.colin+letsencrypt@gmail.com";
# };
security.pki.certificateFiles = [
/etc/nixos/secrets/certs/myCA.pem
];
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts = {
"${sourcehut-fqdn}" = {
sslCertificate = "/etc/nixos/secrets/certs/sourcehut.nixos.local.crt";
sslCertificateKey = "/etc/nixos/secrets/certs/sourcehut.nixos.local.key";
};
"meta.${sourcehut-fqdn}" = {
sslCertificate = "/etc/nixos/secrets/certs/sourcehut.nixos.local.crt";
sslCertificateKey = "/etc/nixos/secrets/certs/sourcehut.nixos.local.key";
};
"man.${sourcehut-fqdn}" = {
sslCertificate = "/etc/nixos/secrets/certs/sourcehut.nixos.local.crt";
sslCertificateKey = "/etc/nixos/secrets/certs/sourcehut.nixos.local.key";
};
"git.${sourcehut-fqdn}" = {
sslCertificate = "/etc/nixos/secrets/certs/sourcehut.nixos.local.crt";
sslCertificateKey = "/etc/nixos/secrets/certs/sourcehut.nixos.local.key";
};
};
};
services.postgresql.enable = true;
}