depot/nixos/modules/services/misc/sourcehut/default.md
Luke Granger-Brown 57725ef3ec Squashed 'third_party/nixpkgs/' content from commit 76612b17c0ce
git-subtree-dir: third_party/nixpkgs
git-subtree-split: 76612b17c0ce71689921ca12d9ffdc9c23ce40b2
2024-11-10 23:59:47 +00:00

2.9 KiB

Sourcehut

Sourcehut is an open-source, self-hostable software development platform. The server setup can be automated using services.sourcehut.

Basic usage

Sourcehut is a Python and Go based set of applications. This NixOS module also provides basic configuration integrating Sourcehut into locally running services.nginx, services.redis.servers.sourcehut, services.postfix and services.postgresql services.

A very basic configuration may look like this:

{ pkgs, ... }:
let
  fqdn =
    let
      join = hostName: domain: hostName + optionalString (domain != null) ".${domain}";
    in join config.networking.hostName config.networking.domain;
in {

  networking = {
    hostName = "srht";
    domain = "tld";
    firewall.allowedTCPPorts = [ 22 80 443 ];
  };

  services.sourcehut = {
    enable = true;
    git.enable = true;
    man.enable = true;
    meta.enable = true;
    nginx.enable = true;
    postfix.enable = true;
    postgresql.enable = true;
    redis.enable = true;
    settings = {
        "sr.ht" = {
          environment = "production";
          global-domain = fqdn;
          origin = "https://${fqdn}";
          # Produce keys with srht-keygen from sourcehut.coresrht.
          network-key = "/run/keys/path/to/network-key";
          service-key = "/run/keys/path/to/service-key";
        };
        webhooks.private-key= "/run/keys/path/to/webhook-key";
    };
  };

  security.acme.certs."${fqdn}".extraDomainNames = [
    "meta.${fqdn}"
    "man.${fqdn}"
    "git.${fqdn}"
  ];

  services.nginx = {
    enable = true;
    # only recommendedProxySettings are strictly required, but the rest make sense as well.
    recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedGzipSettings = true;
    recommendedProxySettings = true;

    # Settings to setup what certificates are used for which endpoint.
    virtualHosts = {
      "${fqdn}".enableACME = true;
      "meta.${fqdn}".useACMEHost = fqdn;
      "man.${fqdn}".useACMEHost = fqdn;
      "git.${fqdn}".useACMEHost = fqdn;
    };
  };
}

The hostName option is used internally to configure the nginx reverse-proxy. The settings attribute set is used by the configuration generator and the result is placed in /etc/sr.ht/config.ini.

Configuration

All configuration parameters are also stored in /etc/sr.ht/config.ini which is generated by the module and linked from the store to ensure that all values from config.ini can be modified by the module.

Using an alternative webserver as reverse-proxy (e.g. httpd)

By default, nginx is used as reverse-proxy for sourcehut. However, it's possible to use e.g. httpd by explicitly disabling nginx using and fixing the settings.