feat(sourcehut): install sourcehut

2024-08-22 10:23:05 +00:00 · 2024-08-22 10:23:05 +00:00 · ea4e1e53d9
commit ea4e1e53d9
parent f26b22da86
2 changed files with 77 additions and 0 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -2,6 +2,7 @@
 { pkgs, ... }: {
  imports = [
    ./hardware-configuration.nix
+    ./sourcehut.nix
  ];

  environment.systemPackages = with pkgs; [
--- a/sourcehut.nix
+++ b/sourcehut.nix
@ -0,0 +1,76 @@
+# vim: tabstop=2 shiftwidth=2 expandtab
+let
+  fqdn = "sourcehut.005540.xyz";
+in
+{
+  services.sourcehut = {
+    enable = true;
+    meta = {
+      enable = true;
+    };
+    git = {
+      enable = true;
+    };
+    nginx.enable = true;
+    postgresql.enable = true;
+    redis.enable = true;
+    settings = {
+      "sr.ht" = {
+        environment = "production";
+        global-domain = fqdn;
+        origin = "https://${fqdn}";
+        network-key = "/etc/nixos/secrets/sourcehut/network.key";
+        service-key = "/etc/nixos/secrets/sourcehut/service.key";
+      };
+      "meta.sr.ht" = {
+        onboarding-redirect = "https://meta.${fqdn}";
+        origin = "https://meta.${fqdn}";
+      };
+      "git.sr.ht" = {
+        oauth-client-id = "";
+        oauth-client-secret = "/etc/nixos/secrets/sourcehut/git.oauth";
+        origin = "https://git.${fqdn}";
+      };
+      "mail" = {
+        pgp-key-id = "/etc/nixos/secrets/sourcehut/mail.key.id";
+        pgp-privkey = "/etc/nixos/secrets/sourcehut/mail.key";
+        pgp-pubkey = "/etc/nixos/secrets/sourcehut/mail.key.pub";
+        smtp-from = "mail@${fqdn}";
+      };
+      webhooks.private-key = "/etc/nixos/secrets/sourcehut/webhook.key";
+    };
+  };
+
+  security.acme = {
+    certs.${fqdn}.extraDomainNames = [
+      "meta.${fqdn}"
+      "git.${fqdn}"
+    ];
+    acceptTerms = true;
+    defaults = {
+      email = "khais.colin+letsencrypt@gmail.com";
+      dnsProvider = "namecheap";
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+    virtualHosts = {
+      "${fqdn}" = {
+        enableACME = true;
+      };
+      "meta.${fqdn}" = {
+        enableACME = true;
+      };
+      "git.${fqdn}" = { 
+        enableACME = true;
+      };
+    };
+  };
+
+  services.postgresql.enable = true;
+}