quasar/sourcehut.nix

# vim: tabstop=2 shiftwidth=2 expandtab
let
  base-domain = "005540.xyz";
  fqdn = "sourcehut.${base-domain}";
in
{
  services.sourcehut = {
    enable = true;
    meta = {
      enable = true;
    };
    git = {
      enable = true;
    };
    nginx.enable = true;
    postgresql.enable = true;
    redis.enable = true;
    settings = {
      "sr.ht" = {
        environment = "production";
        site-blurb = "logistic-bot's forge";
        global-domain = fqdn;
        origin = "https://${fqdn}";
        network-key = "/etc/nixos/secrets/sourcehut/network.key";
        service-key = "/etc/nixos/secrets/sourcehut/service.key";
      };
      "meta.sr.ht" = {
        onboarding-redirect = "https://meta.${fqdn}";
        origin = "https://meta.${fqdn}";
      };
      "git.sr.ht" = {
        oauth-client-id = "";
        oauth-client-secret = "/etc/nixos/secrets/sourcehut/git.oauth";
        origin = "https://git.${fqdn}";
      };
      "mail" = {
        pgp-key-id = "/etc/nixos/secrets/sourcehut/mail.key.id";
        pgp-privkey = "/etc/nixos/secrets/sourcehut/mail.key";
        pgp-pubkey = "/etc/nixos/secrets/sourcehut/mail.key.pub";
        smtp-from = "mail@${fqdn}";
      };
      webhooks.private-key = "/etc/nixos/secrets/sourcehut/webhook.key";
    };
  };

  services.nginx = {
    enable = true;
    recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedGzipSettings = true;
    recommendedProxySettings = true;
    virtualHosts = {
      "${base-domain}" = {
        enableACME = true;
      };
      "${fqdn}" = {
        enableACME = true;
      };
      "meta.${fqdn}" = {
        enableACME = true;
      };
      "git.${fqdn}" = { 
        enableACME = true;
      };
    };
  };

  services.postgresql.enable = true;
}
feat(sourcehut): install sourcehut 2024-08-22 10:23:05 +00:00			`# vim: tabstop=2 shiftwidth=2 expandtab`
			`let`
fix(acme): certificate valid for all domains 2024-08-22 12:14:26 +00:00			`base-domain = "005540.xyz";`
			`fqdn = "sourcehut.${base-domain}";`
feat(sourcehut): install sourcehut 2024-08-22 10:23:05 +00:00			`in`
			`{`
			`services.sourcehut = {`
			`enable = true;`
			`meta = {`
			`enable = true;`
			`};`
			`git = {`
			`enable = true;`
			`};`
			`nginx.enable = true;`
			`postgresql.enable = true;`
			`redis.enable = true;`
			`settings = {`
			`"sr.ht" = {`
			`environment = "production";`
feat(sourcehut): customize site blurb 2024-08-22 12:30:25 +00:00			`site-blurb = "logistic-bot's forge";`
feat(sourcehut): install sourcehut 2024-08-22 10:23:05 +00:00			`global-domain = fqdn;`
			`origin = "https://${fqdn}";`
			`network-key = "/etc/nixos/secrets/sourcehut/network.key";`
			`service-key = "/etc/nixos/secrets/sourcehut/service.key";`
			`};`
			`"meta.sr.ht" = {`
			`onboarding-redirect = "https://meta.${fqdn}";`
			`origin = "https://meta.${fqdn}";`
			`};`
			`"git.sr.ht" = {`
			`oauth-client-id = "";`
			`oauth-client-secret = "/etc/nixos/secrets/sourcehut/git.oauth";`
			`origin = "https://git.${fqdn}";`
			`};`
			`"mail" = {`
			`pgp-key-id = "/etc/nixos/secrets/sourcehut/mail.key.id";`
			`pgp-privkey = "/etc/nixos/secrets/sourcehut/mail.key";`
			`pgp-pubkey = "/etc/nixos/secrets/sourcehut/mail.key.pub";`
			`smtp-from = "mail@${fqdn}";`
			`};`
			`webhooks.private-key = "/etc/nixos/secrets/sourcehut/webhook.key";`
			`};`
			`};`

			`services.nginx = {`
			`enable = true;`
			`recommendedTlsSettings = true;`
			`recommendedOptimisation = true;`
			`recommendedGzipSettings = true;`
			`recommendedProxySettings = true;`
			`virtualHosts = {`
fix(acme): certificate valid for all domains 2024-08-22 12:14:26 +00:00			`"${base-domain}" = {`
			`enableACME = true;`
			`};`
feat(sourcehut): install sourcehut 2024-08-22 10:23:05 +00:00			`"${fqdn}" = {`
			`enableACME = true;`
			`};`
			`"meta.${fqdn}" = {`
			`enableACME = true;`
			`};`
			`"git.${fqdn}" = {`
			`enableACME = true;`
			`};`
			`};`
			`};`

			`services.postgresql.enable = true;`
			`}`