113 lines
4.1 KiB
XML
113 lines
4.1 KiB
XML
<!-- Do not edit this file directly, edit its companion .md instead
|
||
and regenerate this file using nixos/doc/manual/md-to-db.sh -->
|
||
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="module-services-sourcehut">
|
||
<title>Sourcehut</title>
|
||
<para>
|
||
<link xlink:href="https://sr.ht.com/">Sourcehut</link> is an
|
||
open-source, self-hostable software development platform. The server
|
||
setup can be automated using
|
||
<link linkend="opt-services.sourcehut.enable">services.sourcehut</link>.
|
||
</para>
|
||
<section xml:id="module-services-sourcehut-basic-usage">
|
||
<title>Basic usage</title>
|
||
<para>
|
||
Sourcehut is a Python and Go based set of applications. This NixOS
|
||
module also provides basic configuration integrating Sourcehut
|
||
into locally running <literal>services.nginx</literal>,
|
||
<literal>services.redis.servers.sourcehut</literal>,
|
||
<literal>services.postfix</literal> and
|
||
<literal>services.postgresql</literal> services.
|
||
</para>
|
||
<para>
|
||
A very basic configuration may look like this:
|
||
</para>
|
||
<programlisting>
|
||
{ pkgs, ... }:
|
||
let
|
||
fqdn =
|
||
let
|
||
join = hostName: domain: hostName + optionalString (domain != null) ".${domain}";
|
||
in join config.networking.hostName config.networking.domain;
|
||
in {
|
||
|
||
networking = {
|
||
hostName = "srht";
|
||
domain = "tld";
|
||
firewall.allowedTCPPorts = [ 22 80 443 ];
|
||
};
|
||
|
||
services.sourcehut = {
|
||
enable = true;
|
||
git.enable = true;
|
||
man.enable = true;
|
||
meta.enable = true;
|
||
nginx.enable = true;
|
||
postfix.enable = true;
|
||
postgresql.enable = true;
|
||
redis.enable = true;
|
||
settings = {
|
||
"sr.ht" = {
|
||
environment = "production";
|
||
global-domain = fqdn;
|
||
origin = "https://${fqdn}";
|
||
# Produce keys with srht-keygen from sourcehut.coresrht.
|
||
network-key = "/run/keys/path/to/network-key";
|
||
service-key = "/run/keys/path/to/service-key";
|
||
};
|
||
webhooks.private-key= "/run/keys/path/to/webhook-key";
|
||
};
|
||
};
|
||
|
||
security.acme.certs."${fqdn}".extraDomainNames = [
|
||
"meta.${fqdn}"
|
||
"man.${fqdn}"
|
||
"git.${fqdn}"
|
||
];
|
||
|
||
services.nginx = {
|
||
enable = true;
|
||
# only recommendedProxySettings are strictly required, but the rest make sense as well.
|
||
recommendedTlsSettings = true;
|
||
recommendedOptimisation = true;
|
||
recommendedGzipSettings = true;
|
||
recommendedProxySettings = true;
|
||
|
||
# Settings to setup what certificates are used for which endpoint.
|
||
virtualHosts = {
|
||
"${fqdn}".enableACME = true;
|
||
"meta.${fqdn}".useACMEHost = fqdn:
|
||
"man.${fqdn}".useACMEHost = fqdn:
|
||
"git.${fqdn}".useACMEHost = fqdn:
|
||
};
|
||
};
|
||
}
|
||
</programlisting>
|
||
<para>
|
||
The <literal>hostName</literal> option is used internally to
|
||
configure the nginx reverse-proxy. The <literal>settings</literal>
|
||
attribute set is used by the configuration generator and the
|
||
result is placed in <literal>/etc/sr.ht/config.ini</literal>.
|
||
</para>
|
||
</section>
|
||
<section xml:id="module-services-sourcehut-configuration">
|
||
<title>Configuration</title>
|
||
<para>
|
||
All configuration parameters are also stored in
|
||
<literal>/etc/sr.ht/config.ini</literal> which is generated by the
|
||
module and linked from the store to ensure that all values from
|
||
<literal>config.ini</literal> can be modified by the module.
|
||
</para>
|
||
</section>
|
||
<section xml:id="module-services-sourcehut-httpd">
|
||
<title>Using an alternative webserver as reverse-proxy (e.g.
|
||
<literal>httpd</literal>)</title>
|
||
<para>
|
||
By default, <literal>nginx</literal> is used as reverse-proxy for
|
||
<literal>sourcehut</literal>. However, it’s possible to use e.g.
|
||
<literal>httpd</literal> by explicitly disabling
|
||
<literal>nginx</literal> using
|
||
<xref linkend="opt-services.nginx.enable" /> and fixing the
|
||
<literal>settings</literal>.
|
||
</para>
|
||
</section>
|
||
</chapter>
|