pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #245394 from christoph-heiss/pkgs/sourcehut

sourcehut: update all component; lots of fixes

authored by

tomberek and committed by
GitHub 7859adb9 0e890294

+314 -259
unified split
+68 -90
nixos/modules/services/misc/sourcehut/default.nix
··· 25 || head srvMatch == srv # Include sections for the service being configured 26 then v 27 # Enable Web links and integrations between services. 28 - else if tail srvMatch == [ null ] && elem (head srvMatch) cfg.services 29 then { 30 inherit (v) origin; 31 # mansrht crashes without it ··· 38 # for services needing access to them. 39 "builds.sr.ht::worker".buildlogs = "/var/log/sourcehut/buildsrht-worker"; 40 "git.sr.ht".post-update-script = "/usr/bin/gitsrht-update-hook"; 41 - "git.sr.ht".repos = "/var/lib/sourcehut/gitsrht/repos"; 42 "hg.sr.ht".changegroup-script = "/usr/bin/hgsrht-hook-changegroup"; 43 - "hg.sr.ht".repos = "/var/lib/sourcehut/hgsrht/repos"; 44 # Making this a per service option despite being in a global section, 45 # so that it uses the redis-server used by the service. 46 "sr.ht".redis-host = cfg.${srv}.redis.host; ··· 77 type = types.path; 78 apply = s: "<" + toString s; 79 }; 80 }; 81 82 # Specialized python containing all the modules ··· 112 and account management services 113 ''); 114 115 - services = mkOption { 116 - type = with types; listOf (enum 117 - [ "builds" "git" "hg" "hub" "lists" "man" "meta" "pages" "paste" "todo" ]); 118 - defaultText = "locally enabled services"; 119 - description = lib.mdDoc '' 120 - Services that may be displayed as links in the title bar of the Web interface. 121 - ''; 122 - }; 123 - 124 listenAddress = mkOption { 125 type = types.str; 126 default = "localhost"; ··· 400 This setting is propagated to newer and existing repositories. 401 ''; 402 type = types.str; 403 - default = "${cfg.python}/bin/hgsrht-hook-changegroup"; 404 - defaultText = "\${cfg.python}/bin/hgsrht-hook-changegroup"; 405 }; 406 repos = mkOption { 407 description = lib.mdDoc '' ··· 501 options."meta.sr.ht" = 502 removeAttrs (commonServiceSettings "meta") 503 ["oauth-client-id" "oauth-client-secret"] // { 504 - api-origin = mkOption { 505 - description = lib.mdDoc "Origin URL for API, 100 more than web."; 506 - type = types.str; 507 - default = "http://${cfg.listenAddress}:${toString (cfg.meta.port + 100)}"; 508 - defaultText = lib.literalMD ''`"http://''${`[](#opt-services.sourcehut.listenAddress)`}:''${toString (`[](#opt-services.sourcehut.meta.port)` + 100)}"`''; 509 - }; 510 webhooks = mkOption { 511 description = lib.mdDoc "The Redis connection used for the webhooks worker."; 512 type = types.str; ··· 784 extraConfig = '' 785 PermitUserEnvironment SRHT_* 786 ''; 787 }; 788 environment.etc."ssh/sourcehut/config.ini".source = 789 settingsFormat.generate "sourcehut-dispatch-config.ini" ··· 792 environment.etc."ssh/sourcehut/subdir/srht-dispatch" = { 793 # sshd_config(5): The program must be owned by root, not writable by group or others 794 mode = "0755"; 795 - source = pkgs.writeShellScript "srht-dispatch" '' 796 set -e 797 cd /etc/ssh/sourcehut/subdir 798 - ${cfg.python}/bin/gitsrht-dispatch "$@" 799 ''; 800 }; 801 systemd.services.sshd = { 802 - #path = optional cfg.git.enable [ cfg.git.package ]; 803 serviceConfig = { 804 BindReadOnlyPaths = 805 # Note that those /usr/bin/* paths are hardcoded in multiple places in *.sr.ht, 806 # for instance to get the user from the [git.sr.ht::dispatch] settings. ··· 813 "${pkgs.writeShellScript "buildsrht-keys-wrapper" '' 814 set -e 815 cd /run/sourcehut/buildsrht/subdir 816 - set -x 817 exec -a "$0" ${pkgs.sourcehut.buildsrht}/bin/buildsrht-keys "$@" 818 ''}:/usr/bin/buildsrht-keys" 819 "${pkgs.sourcehut.buildsrht}/bin/master-shell:/usr/bin/master-shell" ··· 825 "${pkgs.writeShellScript "gitsrht-keys-wrapper" '' 826 set -e 827 cd /run/sourcehut/gitsrht/subdir 828 - set -x 829 exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-keys "$@" 830 ''}:/usr/bin/gitsrht-keys" 831 "${pkgs.writeShellScript "gitsrht-shell-wrapper" '' 832 set -e 833 cd /run/sourcehut/gitsrht/subdir 834 - set -x 835 exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-shell "$@" 836 ''}:/usr/bin/gitsrht-shell" 837 "${pkgs.writeShellScript "gitsrht-update-hook" '' 838 set -e 839 - test -e "''${PWD%/*}"/config.ini || 840 - # Git hooks are run relative to their repository's directory, 841 - # but gitsrht-update-hook looks up ../config.ini 842 - ln -s /run/sourcehut/gitsrht/config.ini "''${PWD%/*}"/config.ini 843 # hooks/post-update calls /usr/bin/gitsrht-update-hook as hooks/stage-3 844 # but this wrapper being a bash script, it overrides $0 with /usr/bin/gitsrht-update-hook 845 # hence this hack to put hooks/stage-3 back into gitsrht-update-hook's $0 846 if test "''${STAGE3:+set}" 847 then 848 - set -x 849 exec -a hooks/stage-3 ${pkgs.sourcehut.gitsrht}/bin/gitsrht-update-hook "$@" 850 else 851 export STAGE3=set 852 - set -x 853 exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-update-hook "$@" 854 fi 855 ''}:/usr/bin/gitsrht-update-hook" ··· 860 "${pkgs.writeShellScript "hgsrht-keys-wrapper" '' 861 set -e 862 cd /run/sourcehut/hgsrht/subdir 863 - set -x 864 exec -a "$0" ${pkgs.sourcehut.hgsrht}/bin/hgsrht-keys "$@" 865 ''}:/usr/bin/hgsrht-keys" 866 "${pkgs.writeShellScript "hgsrht-shell-wrapper" '' 867 set -e 868 cd /run/sourcehut/hgsrht/subdir 869 - set -x 870 exec -a "$0" ${pkgs.sourcehut.hgsrht}/bin/hgsrht-shell "$@" 871 ''}:/usr/bin/hgsrht-shell" 872 # Mercurial's changegroup hooks are run relative to their repository's directory, ··· 875 set -e 876 test -e "''$PWD"/config.ini || 877 ln -s /run/sourcehut/hgsrht/config.ini "''$PWD"/config.ini 878 - set -x 879 - exec -a "$0" ${cfg.python}/bin/hgsrht-hook-changegroup "$@" 880 ''}:/usr/bin/hgsrht-hook-changegroup" 881 ]; 882 }; ··· 1066 }; 1067 }) 1068 ]; 1069 - extraServices.gitsrht-api = { 1070 - serviceConfig.Restart = "always"; 1071 - serviceConfig.RestartSec = "5s"; 1072 - serviceConfig.ExecStart = "${pkgs.sourcehut.gitsrht}/bin/gitsrht-api -b ${cfg.listenAddress}:${toString (cfg.git.port + 100)}"; 1073 }; 1074 extraServices.gitsrht-fcgiwrap = mkIf cfg.nginx.enable { 1075 serviceConfig = { ··· 1188 extraServices.listssrht-lmtp = { 1189 wants = [ "postfix.service" ]; 1190 unitConfig.JoinsNamespaceOf = optional cfg.postfix.enable "postfix.service"; 1191 - serviceConfig.ExecStart = "${cfg.python}/bin/listssrht-lmtp"; 1192 # Avoid crashing: os.chown(sock, os.getuid(), sock_gid) 1193 serviceConfig.PrivateUsers = mkForce false; 1194 }; ··· 1252 ) cfg.settings)); 1253 serviceConfig.ExecStart = "${pkgs.sourcehut.metasrht}/bin/metasrht-api -b ${cfg.listenAddress}:${toString (cfg.meta.port + 100)}"; 1254 }; 1255 - extraConfig = mkMerge [ 1256 - { 1257 - assertions = [ 1258 - { assertion = let s = cfg.settings."meta.sr.ht::billing"; in 1259 - s.enabled == "yes" -> (s.stripe-public-key != null && s.stripe-secret-key != null); 1260 - message = "If meta.sr.ht::billing is enabled, the keys must be defined."; 1261 - } 1262 - ]; 1263 - environment.systemPackages = optional cfg.meta.enable 1264 - (pkgs.writeShellScriptBin "metasrht-manageuser" '' 1265 - set -eux 1266 - if test "$(${pkgs.coreutils}/bin/id -n -u)" != '${cfg.meta.user}' 1267 - then exec sudo -u '${cfg.meta.user}' "$0" "$@" 1268 - else 1269 - # In order to load config.ini 1270 - if cd /run/sourcehut/metasrht 1271 - then exec ${cfg.python}/bin/metasrht-manageuser "$@" 1272 - else cat <<EOF 1273 - Please run: sudo systemctl start metasrht 1274 - EOF 1275 - exit 1 1276 - fi 1277 fi 1278 - ''); 1279 - } 1280 - (mkIf cfg.nginx.enable { 1281 - services.nginx.virtualHosts."meta.${domain}" = { 1282 - locations."/query" = { 1283 - proxyPass = cfg.settings."meta.sr.ht".api-origin; 1284 - extraConfig = '' 1285 - if ($request_method = 'OPTIONS') { 1286 - add_header 'Access-Control-Allow-Origin' '*'; 1287 - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 1288 - add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; 1289 - add_header 'Access-Control-Max-Age' 1728000; 1290 - add_header 'Content-Type' 'text/plain; charset=utf-8'; 1291 - add_header 'Content-Length' 0; 1292 - return 204; 1293 - } 1294 - 1295 - add_header 'Access-Control-Allow-Origin' '*'; 1296 - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 1297 - add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; 1298 - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; 1299 - ''; 1300 - }; 1301 - }; 1302 - }) 1303 - ]; 1304 }) 1305 1306 (import ./service.nix "pages" { ··· 1356 extraServices.todosrht-lmtp = { 1357 wants = [ "postfix.service" ]; 1358 unitConfig.JoinsNamespaceOf = optional cfg.postfix.enable "postfix.service"; 1359 - serviceConfig.ExecStart = "${cfg.python}/bin/todosrht-lmtp"; 1360 # Avoid crashing: os.chown(sock, os.getuid(), sock_gid) 1361 serviceConfig.PrivateUsers = mkForce false; 1362 }; ··· 1387 (mkRemovedOptionModule [ "services" "sourcehut" "dispatch" ] '' 1388 dispatch is deprecated. See https://sourcehut.org/blog/2022-08-01-dispatch-deprecation-plans/ 1389 for more information. 1390 '') 1391 ]; 1392
··· 25 || head srvMatch == srv # Include sections for the service being configured 26 then v 27 # Enable Web links and integrations between services. 28 + else if tail srvMatch == [ null ] && cfg.${head srvMatch}.enable 29 then { 30 inherit (v) origin; 31 # mansrht crashes without it ··· 38 # for services needing access to them. 39 "builds.sr.ht::worker".buildlogs = "/var/log/sourcehut/buildsrht-worker"; 40 "git.sr.ht".post-update-script = "/usr/bin/gitsrht-update-hook"; 41 + "git.sr.ht".repos = cfg.settings."git.sr.ht".repos; 42 "hg.sr.ht".changegroup-script = "/usr/bin/hgsrht-hook-changegroup"; 43 + "hg.sr.ht".repos = cfg.settings."hg.sr.ht".repos; 44 # Making this a per service option despite being in a global section, 45 # so that it uses the redis-server used by the service. 46 "sr.ht".redis-host = cfg.${srv}.redis.host; ··· 77 type = types.path; 78 apply = s: "<" + toString s; 79 }; 80 + api-origin = mkOption { 81 + description = lib.mdDoc "Origin URL for the API"; 82 + type = types.str; 83 + default = "http://${cfg.listenAddress}:${toString (cfg.${srv}.port + 100)}"; 84 + defaultText = lib.literalMD '' 85 + `"http://''${`[](#opt-services.sourcehut.listenAddress)`}:''${toString (`[](#opt-services.sourcehut.${srv}.port)` + 100)}"` 86 + ''; 87 + }; 88 }; 89 90 # Specialized python containing all the modules ··· 120 and account management services 121 ''); 122 123 listenAddress = mkOption { 124 type = types.str; 125 default = "localhost"; ··· 399 This setting is propagated to newer and existing repositories. 400 ''; 401 type = types.str; 402 + default = "${pkgs.sourcehut.hgsrht}/bin/hgsrht-hook-changegroup"; 403 + defaultText = "\${pkgs.sourcehut.hgsrht}/bin/hgsrht-hook-changegroup"; 404 }; 405 repos = mkOption { 406 description = lib.mdDoc '' ··· 500 options."meta.sr.ht" = 501 removeAttrs (commonServiceSettings "meta") 502 ["oauth-client-id" "oauth-client-secret"] // { 503 webhooks = mkOption { 504 description = lib.mdDoc "The Redis connection used for the webhooks worker."; 505 type = types.str; ··· 777 extraConfig = '' 778 PermitUserEnvironment SRHT_* 779 ''; 780 + startWhenNeeded = false; 781 }; 782 environment.etc."ssh/sourcehut/config.ini".source = 783 settingsFormat.generate "sourcehut-dispatch-config.ini" ··· 786 environment.etc."ssh/sourcehut/subdir/srht-dispatch" = { 787 # sshd_config(5): The program must be owned by root, not writable by group or others 788 mode = "0755"; 789 + source = pkgs.writeShellScript "srht-dispatch-wrapper" '' 790 set -e 791 + set -x 792 cd /etc/ssh/sourcehut/subdir 793 + ${pkgs.sourcehut.gitsrht}/bin/gitsrht-dispatch "$@" 794 ''; 795 }; 796 + systemd.tmpfiles.settings."10-sourcehut-gitsrht" = mkIf cfg.git.enable ( 797 + builtins.listToAttrs (map (name: { 798 + name = "/var/log/sourcehut/gitsrht-${name}"; 799 + value.f = { 800 + inherit (cfg.git) user group; 801 + mode = "0644"; 802 + }; 803 + }) [ "keys" "shell" "update-hook" ]) 804 + ); 805 systemd.services.sshd = { 806 + preStart = mkIf cfg.hg.enable '' 807 + chown ${cfg.hg.user}:${cfg.hg.group} /var/log/sourcehut/hgsrht-keys 808 + ''; 809 serviceConfig = { 810 + LogsDirectory = "sourcehut"; 811 BindReadOnlyPaths = 812 # Note that those /usr/bin/* paths are hardcoded in multiple places in *.sr.ht, 813 # for instance to get the user from the [git.sr.ht::dispatch] settings. ··· 820 "${pkgs.writeShellScript "buildsrht-keys-wrapper" '' 821 set -e 822 cd /run/sourcehut/buildsrht/subdir 823 exec -a "$0" ${pkgs.sourcehut.buildsrht}/bin/buildsrht-keys "$@" 824 ''}:/usr/bin/buildsrht-keys" 825 "${pkgs.sourcehut.buildsrht}/bin/master-shell:/usr/bin/master-shell" ··· 831 "${pkgs.writeShellScript "gitsrht-keys-wrapper" '' 832 set -e 833 cd /run/sourcehut/gitsrht/subdir 834 exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-keys "$@" 835 ''}:/usr/bin/gitsrht-keys" 836 "${pkgs.writeShellScript "gitsrht-shell-wrapper" '' 837 set -e 838 cd /run/sourcehut/gitsrht/subdir 839 + export PATH="${cfg.git.package}/bin:$PATH" 840 + export SRHT_CONFIG=/run/sourcehut/gitsrht/config.ini 841 exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-shell "$@" 842 ''}:/usr/bin/gitsrht-shell" 843 "${pkgs.writeShellScript "gitsrht-update-hook" '' 844 set -e 845 + export SRHT_CONFIG=/run/sourcehut/gitsrht/config.ini 846 # hooks/post-update calls /usr/bin/gitsrht-update-hook as hooks/stage-3 847 # but this wrapper being a bash script, it overrides $0 with /usr/bin/gitsrht-update-hook 848 # hence this hack to put hooks/stage-3 back into gitsrht-update-hook's $0 849 if test "''${STAGE3:+set}" 850 then 851 exec -a hooks/stage-3 ${pkgs.sourcehut.gitsrht}/bin/gitsrht-update-hook "$@" 852 else 853 export STAGE3=set 854 exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-update-hook "$@" 855 fi 856 ''}:/usr/bin/gitsrht-update-hook" ··· 861 "${pkgs.writeShellScript "hgsrht-keys-wrapper" '' 862 set -e 863 cd /run/sourcehut/hgsrht/subdir 864 exec -a "$0" ${pkgs.sourcehut.hgsrht}/bin/hgsrht-keys "$@" 865 ''}:/usr/bin/hgsrht-keys" 866 "${pkgs.writeShellScript "hgsrht-shell-wrapper" '' 867 set -e 868 cd /run/sourcehut/hgsrht/subdir 869 exec -a "$0" ${pkgs.sourcehut.hgsrht}/bin/hgsrht-shell "$@" 870 ''}:/usr/bin/hgsrht-shell" 871 # Mercurial's changegroup hooks are run relative to their repository's directory, ··· 874 set -e 875 test -e "''$PWD"/config.ini || 876 ln -s /run/sourcehut/hgsrht/config.ini "''$PWD"/config.ini 877 + exec -a "$0" ${pkgs.sourcehut.hgsrht}/bin/hgsrht-hook-changegroup "$@" 878 ''}:/usr/bin/hgsrht-hook-changegroup" 879 ]; 880 }; ··· 1064 }; 1065 }) 1066 ]; 1067 + extraServices.gitsrht-api.serviceConfig = { 1068 + Restart = "always"; 1069 + RestartSec = "5s"; 1070 + ExecStart = "${pkgs.sourcehut.gitsrht}/bin/gitsrht-api -b ${cfg.listenAddress}:${toString (cfg.git.port + 100)}"; 1071 + BindPaths = [ "${cfg.settings."git.sr.ht".repos}:/var/lib/sourcehut/gitsrht/repos" ]; 1072 }; 1073 extraServices.gitsrht-fcgiwrap = mkIf cfg.nginx.enable { 1074 serviceConfig = { ··· 1187 extraServices.listssrht-lmtp = { 1188 wants = [ "postfix.service" ]; 1189 unitConfig.JoinsNamespaceOf = optional cfg.postfix.enable "postfix.service"; 1190 + serviceConfig.ExecStart = "${pkgs.sourcehut.listssrht}/bin/listssrht-lmtp"; 1191 # Avoid crashing: os.chown(sock, os.getuid(), sock_gid) 1192 serviceConfig.PrivateUsers = mkForce false; 1193 }; ··· 1251 ) cfg.settings)); 1252 serviceConfig.ExecStart = "${pkgs.sourcehut.metasrht}/bin/metasrht-api -b ${cfg.listenAddress}:${toString (cfg.meta.port + 100)}"; 1253 }; 1254 + extraConfig = { 1255 + assertions = [ 1256 + { assertion = let s = cfg.settings."meta.sr.ht::billing"; in 1257 + s.enabled == "yes" -> (s.stripe-public-key != null && s.stripe-secret-key != null); 1258 + message = "If meta.sr.ht::billing is enabled, the keys must be defined."; 1259 + } 1260 + ]; 1261 + environment.systemPackages = optional cfg.meta.enable 1262 + (pkgs.writeShellScriptBin "metasrht-manageuser" '' 1263 + set -eux 1264 + if test "$(${pkgs.coreutils}/bin/id -n -u)" != '${cfg.meta.user}' 1265 + then exec sudo -u '${cfg.meta.user}' "$0" "$@" 1266 + else 1267 + # In order to load config.ini 1268 + if cd /run/sourcehut/metasrht 1269 + then exec ${pkgs.sourcehut.metasrht}/bin/metasrht-manageuser "$@" 1270 + else cat <<EOF 1271 + Please run: sudo systemctl start metasrht 1272 + EOF 1273 + exit 1 1274 fi 1275 + fi 1276 + ''); 1277 + }; 1278 }) 1279 1280 (import ./service.nix "pages" { ··· 1330 extraServices.todosrht-lmtp = { 1331 wants = [ "postfix.service" ]; 1332 unitConfig.JoinsNamespaceOf = optional cfg.postfix.enable "postfix.service"; 1333 + serviceConfig.ExecStart = "${pkgs.sourcehut.todosrht}/bin/todosrht-lmtp"; 1334 # Avoid crashing: os.chown(sock, os.getuid(), sock_gid) 1335 serviceConfig.PrivateUsers = mkForce false; 1336 }; ··· 1361 (mkRemovedOptionModule [ "services" "sourcehut" "dispatch" ] '' 1362 dispatch is deprecated. See https://sourcehut.org/blog/2022-08-01-dispatch-deprecation-plans/ 1363 for more information. 1364 + '') 1365 + 1366 + (mkRemovedOptionModule [ "services" "sourcehut" "services"] '' 1367 + This option was removed in favor of individual <service>.enable flags. 1368 '') 1369 ]; 1370
+32 -4
nixos/modules/services/misc/sourcehut/service.nix
··· 108 #SocketBindDeny = "any"; 109 SystemCallFilter = [ 110 "@system-service" 111 - "~@aio" "~@keyring" "~@memlock" "~@privileged" "~@resources" "~@timer" 112 "@chown" "@setuid" 113 ]; 114 SystemCallArchitectures = "native"; ··· 222 expires 30d; 223 ''; 224 }; 225 } cfg.nginx.virtualHost ]; 226 }; 227 ··· 235 ensurePermissions = { "DATABASE \"${srvCfg.postgresql.database}\"" = "ALL PRIVILEGES"; }; 236 }) [srvCfg.user]; 237 }; 238 - 239 - services.sourcehut.services = mkDefault (filter (s: cfg.${s}.enable) 240 - [ "builds" "dispatch" "git" "hg" "hub" "lists" "man" "meta" "pages" "paste" "todo" ]); 241 242 services.sourcehut.settings = mkMerge [ 243 { ··· 363 } 364 extraService 365 ])) extraServices) 366 ]; 367 368 systemd.timers = mapAttrs (timerName: timer:
··· 108 #SocketBindDeny = "any"; 109 SystemCallFilter = [ 110 "@system-service" 111 + "~@aio" "~@keyring" "~@memlock" "~@privileged" "~@timer" 112 "@chown" "@setuid" 113 ]; 114 SystemCallArchitectures = "native"; ··· 222 expires 30d; 223 ''; 224 }; 225 + locations."/query" = mkIf (cfg.settings.${iniKey} ? api-origin) { 226 + proxyPass = cfg.settings.${iniKey}.api-origin; 227 + extraConfig = '' 228 + add_header 'Access-Control-Allow-Origin' '*'; 229 + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 230 + add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; 231 + 232 + if ($request_method = 'OPTIONS') { 233 + add_header 'Access-Control-Max-Age' 1728000; 234 + add_header 'Content-Type' 'text/plain; charset=utf-8'; 235 + add_header 'Content-Length' 0; 236 + return 204; 237 + } 238 + 239 + add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; 240 + ''; 241 + }; 242 } cfg.nginx.virtualHost ]; 243 }; 244 ··· 252 ensurePermissions = { "DATABASE \"${srvCfg.postgresql.database}\"" = "ALL PRIVILEGES"; }; 253 }) [srvCfg.user]; 254 }; 255 256 services.sourcehut.settings = mkMerge [ 257 { ··· 377 } 378 extraService 379 ])) extraServices) 380 + 381 + # Work around 'pq: permission denied for schema public' with postgres v15, until a 382 + # solution for `services.postgresql.ensureUsers` is found. 383 + # See https://github.com/NixOS/nixpkgs/issues/216989 384 + # Workaround taken from nixos/forgejo: https://github.com/NixOS/nixpkgs/pull/262741 385 + (lib.mkIf ( 386 + cfg.postgresql.enable 387 + && lib.strings.versionAtLeast config.services.postgresql.package.version "15.0" 388 + ) { 389 + postgresql.postStart = (lib.mkAfter '' 390 + $PSQL -tAc 'ALTER DATABASE "${srvCfg.postgresql.database}" OWNER TO "${srvCfg.user}";' 391 + ''); 392 + } 393 + ) 394 ]; 395 396 systemd.timers = mapAttrs (timerName: timer:
+1 -5
nixos/tests/sourcehut.nix
··· 126 virtualisation.diskSize = 4 * 1024; 127 virtualisation.memorySize = 2 * 1024; 128 networking.domain = domain; 129 networking.extraHosts = '' 130 ${config.networking.primaryIPAddress} builds.${domain} 131 ${config.networking.primaryIPAddress} git.${domain} ··· 134 135 services.sourcehut = { 136 enable = true; 137 - services = [ 138 - "builds" 139 - "git" 140 - "meta" 141 - ]; 142 nginx.enable = true; 143 nginx.virtualHost = { 144 forceSSL = true;
··· 126 virtualisation.diskSize = 4 * 1024; 127 virtualisation.memorySize = 2 * 1024; 128 networking.domain = domain; 129 + networking.enableIPv6 = false; 130 networking.extraHosts = '' 131 ${config.networking.primaryIPAddress} builds.${domain} 132 ${config.networking.primaryIPAddress} git.${domain} ··· 135 136 services.sourcehut = { 137 enable = true; 138 nginx.enable = true; 139 nginx.virtualHost = { 140 forceSSL = true;
+8 -5
pkgs/applications/version-management/sourcehut/builds.nix
··· 8 , pyyaml 9 , markdown 10 , ansi2html 11 , python 12 , unzip 13 }: 14 let 15 - version = "0.83.0"; 16 17 src = fetchFromSourcehut { 18 owner = "~sircmpwn"; 19 repo = "builds.sr.ht"; 20 rev = version; 21 - hash = "sha256-u/y+sYu/09LypWI/ngghbge5SvkuLQpray10j0SjlOo="; 22 }; 23 24 buildsrht-api = buildGoModule ({ 25 inherit src version; 26 pname = "buildsrht-api"; 27 modRoot = "api"; 28 - vendorHash = "sha256-DfVWr/4J4ZrhHpy9CXPaAQcbag/9FmDgiexcNo0lEsk="; 29 - } // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion= "0.17.20"; }); 30 31 buildsrht-worker = buildGoModule { 32 inherit src version; 33 sourceRoot = "${src.name}/worker"; 34 pname = "buildsrht-worker"; 35 - vendorHash = "sha256-y5RFPbtaGmgPpiV2Q3njeWORGZF1TJRjAbY6VgC1hek="; 36 }; 37 in 38 buildPythonPackage rec { ··· 50 celery 51 pyyaml 52 markdown 53 ansi2html 54 ]; 55 56 preBuild = ''
··· 8 , pyyaml 9 , markdown 10 , ansi2html 11 + , lxml 12 , python 13 , unzip 14 }: 15 let 16 + version = "0.86.10"; 17 18 src = fetchFromSourcehut { 19 owner = "~sircmpwn"; 20 repo = "builds.sr.ht"; 21 rev = version; 22 + hash = "sha256-frwJgwJst2/NWd8VR0KbsVwm8JfWuekkY2oIIAdh3Fw="; 23 }; 24 25 buildsrht-api = buildGoModule ({ 26 inherit src version; 27 pname = "buildsrht-api"; 28 modRoot = "api"; 29 + vendorHash = "sha256-2khk7j22KON4MsuvFUNKSUpouJtVIOxE0hkh63iaxZ4="; 30 + } // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion = "0.17.29"; }); 31 32 buildsrht-worker = buildGoModule { 33 inherit src version; 34 sourceRoot = "${src.name}/worker"; 35 pname = "buildsrht-worker"; 36 + vendorHash = "sha256-obdaeRwMhuiCV2kVwDo1c+rU/hmsbiL1IgAf7AcIpoc="; 37 }; 38 in 39 buildPythonPackage rec { ··· 51 celery 52 pyyaml 53 markdown 54 + # Unofficial dependencies 55 ansi2html 56 + lxml 57 ]; 58 59 preBuild = ''
+29 -45
pkgs/applications/version-management/sourcehut/core.nix
··· 1 { lib 2 , fetchFromSourcehut 3 - , fetchNodeModules 4 , buildPythonPackage 5 - , pgpy 6 , flask 7 - , bleach 8 - , misaka 9 , humanize 10 - , html5lib 11 , markdown 12 - , psycopg2 13 , pygments 14 - , requests 15 - , sqlalchemy 16 , cryptography 17 - , beautifulsoup4 18 - , sqlalchemy-utils 19 , prometheus-client 20 , celery 21 - , alembic 22 , importlib-metadata 23 - , mistletoe 24 - , minio 25 , sassc 26 - , nodejs 27 - , redis 28 }: 29 30 buildPythonPackage rec { 31 pname = "srht"; 32 - version = "0.69.0"; 33 34 src = fetchFromSourcehut { 35 owner = "~sircmpwn"; 36 repo = "core.sr.ht"; 37 rev = version; 38 - sha256 = "sha256-s/I0wxtPggjTkkTZnhm77PxdQjiT0Vq2MIk7JMvdupc="; 39 fetchSubmodules = true; 40 - }; 41 - 42 - node_modules = fetchNodeModules { 43 - src = "${src}/srht"; 44 - nodejs = nodejs; 45 - sha256 = "sha256-IWKahdWv3qJ5DNyb1GB9JWYkZxghn6wzZe68clYXij8="; 46 }; 47 48 patches = [ 49 - # Disable check for npm 50 - ./disable-npm-install.patch 51 # Fix Unix socket support in RedisQueueCollector 52 patches/redis-socket/core/0001-Fix-Unix-socket-support-in-RedisQueueCollector.patch 53 ]; 54 55 propagatedNativeBuildInputs = [ 56 sassc 57 - nodejs 58 ]; 59 60 propagatedBuildInputs = [ 61 - pgpy 62 flask 63 - bleach 64 - misaka 65 humanize 66 - html5lib 67 markdown 68 - psycopg2 69 pygments 70 - requests 71 - mistletoe 72 - sqlalchemy 73 cryptography 74 - beautifulsoup4 75 - sqlalchemy-utils 76 prometheus-client 77 - 78 - # Unofficial runtime dependencies? 79 - celery 80 alembic 81 - importlib-metadata 82 - minio 83 redis 84 ]; 85 86 PKGVER = version; 87 - 88 - preBuild = '' 89 - cp -r ${node_modules} srht/node_modules 90 - ''; 91 92 dontUseSetuptoolsCheck = true; 93 pythonImportsCheck = [ "srht" ];
··· 1 { lib 2 , fetchFromSourcehut 3 , buildPythonPackage 4 , flask 5 , humanize 6 + , sqlalchemy 7 + , sqlalchemy-utils 8 + , psycopg2 9 , markdown 10 + , mistletoe 11 + , bleach 12 + , requests 13 + , beautifulsoup4 14 , pygments 15 , cryptography 16 , prometheus-client 17 + , alembic 18 + , redis 19 , celery 20 + , html5lib 21 , importlib-metadata 22 + , tinycss2 23 , sassc 24 + , minify 25 }: 26 27 buildPythonPackage rec { 28 pname = "srht"; 29 + version = "0.69.15"; 30 31 src = fetchFromSourcehut { 32 owner = "~sircmpwn"; 33 repo = "core.sr.ht"; 34 rev = version; 35 + sha256 = "sha256-T9yewweqnWL3IW5PHGyAcsIWCGn1ayK2rwrHVukYpgE="; 36 fetchSubmodules = true; 37 }; 38 39 patches = [ 40 # Fix Unix socket support in RedisQueueCollector 41 patches/redis-socket/core/0001-Fix-Unix-socket-support-in-RedisQueueCollector.patch 42 ]; 43 44 propagatedNativeBuildInputs = [ 45 sassc 46 + minify 47 ]; 48 49 propagatedBuildInputs = [ 50 flask 51 humanize 52 + sqlalchemy 53 + sqlalchemy-utils 54 + psycopg2 55 markdown 56 + mistletoe 57 + bleach 58 + requests 59 + beautifulsoup4 60 pygments 61 cryptography 62 prometheus-client 63 alembic 64 redis 65 + celery 66 + # Used transitively through beautifulsoup4 67 + html5lib 68 + # Used transitively trough bleach.css_sanitizer 69 + tinycss2 70 + # Used by srht.debug 71 + importlib-metadata 72 ]; 73 74 PKGVER = version; 75 76 dontUseSetuptoolsCheck = true; 77 pythonImportsCheck = [ "srht" ];
+48 -3
pkgs/applications/version-management/sourcehut/default.nix
··· 3 , recurseIntoAttrs 4 , nixosTests 5 , config 6 }: 7 8 # To expose the *srht modules, they have to be a python module so we use `buildPythonModule` 9 # Then we expose them through all-packages.nix as an application through `toPythonApplication` 10 # https://github.com/NixOS/nixpkgs/pull/54425#discussion_r250688781 11 let 12 - fetchNodeModules = callPackage ./fetchNodeModules.nix { }; 13 - 14 python = python3.override { 15 packageOverrides = self: super: { 16 - srht = self.callPackage ./core.nix { inherit fetchNodeModules; }; 17 18 buildsrht = self.callPackage ./builds.nix { }; 19 gitsrht = self.callPackage ./git.nix { }; ··· 26 todosrht = self.callPackage ./todo.nix { }; 27 28 scmsrht = self.callPackage ./scm.nix { }; 29 }; 30 }; 31 in
··· 3 , recurseIntoAttrs 4 , nixosTests 5 , config 6 + , fetchPypi 7 }: 8 9 # To expose the *srht modules, they have to be a python module so we use `buildPythonModule` 10 # Then we expose them through all-packages.nix as an application through `toPythonApplication` 11 # https://github.com/NixOS/nixpkgs/pull/54425#discussion_r250688781 12 let 13 python = python3.override { 14 packageOverrides = self: super: { 15 + srht = self.callPackage ./core.nix { }; 16 17 buildsrht = self.callPackage ./builds.nix { }; 18 gitsrht = self.callPackage ./git.nix { }; ··· 25 todosrht = self.callPackage ./todo.nix { }; 26 27 scmsrht = self.callPackage ./scm.nix { }; 28 + 29 + # sourcehut is not (yet) compatible with SQLAlchemy 2.x 30 + sqlalchemy = super.sqlalchemy.overridePythonAttrs (oldAttrs: rec { 31 + version = "1.4.46"; 32 + src = fetchPypi { 33 + pname = "SQLAlchemy"; 34 + inherit version; 35 + hash = "sha256-aRO4JH2KKS74MVFipRkx4rQM6RaB8bbxj2lwRSAMSjA="; 36 + }; 37 + nativeCheckInputs = with super; [ pytestCheckHook mock ]; 38 + disabledTestPaths = []; 39 + }); 40 + 41 + flask-sqlalchemy = super.flask-sqlalchemy.overridePythonAttrs (oldAttrs: rec { 42 + version = "2.5.1"; 43 + format = "setuptools"; 44 + src = fetchPypi { 45 + pname = "Flask-SQLAlchemy"; 46 + inherit version; 47 + hash = "sha256-K9pEtD58rLFdTgX/PMH4vJeTbMRkYjQkECv8LDXpWRI="; 48 + }; 49 + propagatedBuildInputs = with self; [ 50 + flask 51 + sqlalchemy 52 + ]; 53 + }); 54 + 55 + # sourcehut is not (yet) compatible with factory-boy 3.x 56 + factory-boy = super.factory-boy.overridePythonAttrs (oldAttrs: rec { 57 + version = "2.12.0"; 58 + src = fetchPypi { 59 + pname = "factory_boy"; 60 + inherit version; 61 + hash = "sha256-+vSNYIoXNfDQo8nL9TbWT5EytUfa57pFLE2Zp56Eo3A="; 62 + }; 63 + nativeCheckInputs = (with super; [ 64 + django 65 + flask 66 + mongoengine 67 + pytestCheckHook 68 + ]) ++ (with self; [ 69 + sqlalchemy 70 + flask-sqlalchemy 71 + ]); 72 + postPatch = ""; 73 + }); 74 }; 75 }; 76 in
-14
pkgs/applications/version-management/sourcehut/disable-npm-install.patch
··· 1 - diff --git a/setup.py b/setup.py 2 - index d63bac8..e1d0c35 100755 3 - --- a/setup.py 4 - +++ b/setup.py 5 - @@ -5,9 +5,6 @@ import glob 6 - import os 7 - import sys 8 - 9 - -if subprocess.call(["npm", "i"], cwd="srht") != 0: 10 - - sys.exit(1) 11 - - 12 - ver = os.environ.get("PKGVER") or subprocess.run(['git', 'describe', '--tags'], 13 - stdout=subprocess.PIPE).stdout.decode().strip() 14 -
···
-26
pkgs/applications/version-management/sourcehut/fetchNodeModules.nix
··· 1 - { lib, stdenv, jq }: { src, nodejs, sha256 }: 2 - 3 - # Only npm >= 5.4.2 is deterministic, see: 4 - # https://github.com/npm/npm/issues/17979#issuecomment-332701215 5 - assert lib.versionAtLeast nodejs.version "8.9.0"; 6 - 7 - stdenv.mkDerivation { 8 - name = "node_modules"; 9 - 10 - outputHashAlgo = "sha256"; 11 - outputHash = sha256; 12 - outputHashMode = "recursive"; 13 - 14 - nativeBuildInputs = [ jq nodejs ]; 15 - 16 - buildCommand = '' 17 - cp -r ${src}/* . 18 - HOME=. npm install --force --ignore-scripts --only=production 19 - for f in $(find node_modules -name package.json); do 20 - # https://github.com/npm/npm/issues/10393 21 - jq -S 'delpaths(keys | map(select(startswith("_")) | [.]))' $f > $f.tmp 22 - mv $f.tmp $f 23 - done 24 - mv node_modules $out 25 - ''; 26 - }
···
+1 -1
pkgs/applications/version-management/sourcehut/fix-gqlgen-trimpath.nix
··· 1 { unzip 2 - , gqlgenVersion ? "0.17.2" 3 }: 4 { 5 overrideModAttrs = (_: {
··· 1 { unzip 2 + , gqlgenVersion ? "0.17.20" 3 }: 4 { 5 overrideModAttrs = (_: {
+28 -6
pkgs/applications/version-management/sourcehut/git.nix
··· 4 , buildPythonPackage 5 , python 6 , srht 7 , pygit2 8 - , scmsrht 9 , unzip 10 }: 11 let 12 - version = "0.78.20"; 13 14 src = fetchFromSourcehut { 15 owner = "~sircmpwn"; 16 repo = "git.sr.ht"; 17 rev = version; 18 - sha256 = "sha256-rZsTtHobsgRVmMOjPa1fiKrPsNyFu/gOsmO0cTl5MqQ="; 19 }; 20 21 gitApi = buildGoModule ({ 22 inherit src version; 23 pname = "gitsrht-api"; 24 modRoot = "api"; 25 - vendorHash = "sha256-cCs9FUBusaAou9w4TDOg8GKxhRcsPbSNcQpxvFH/+so="; 26 } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); 27 28 gitDispatch = buildGoModule { 29 inherit src version; 30 pname = "gitsrht-dispatch"; 31 modRoot = "gitsrht-dispatch"; 32 - vendorHash = "sha256-qWXPHo86s6iuRBhRMtmD5jxnAWKdrWHtA/iSUkdw89M="; 33 }; 34 35 gitKeys = buildGoModule { ··· 37 pname = "gitsrht-keys"; 38 modRoot = "gitsrht-keys"; 39 vendorHash = "sha256-9pojS69HCKVHUceyOpGtv9ewcxFD4WsOVsEzkmWJkF4="; 40 }; 41 42 gitShell = buildGoModule { ··· 44 pname = "gitsrht-shell"; 45 modRoot = "gitsrht-shell"; 46 vendorHash = "sha256-WqfvSPuVsOHA//86u33atMfeA11+DJhjLmWy8Ivq0NI="; 47 }; 48 49 gitUpdateHook = buildGoModule { ··· 51 pname = "gitsrht-update-hook"; 52 modRoot = "gitsrht-update-hook"; 53 vendorHash = "sha256-Bc3yPabS2S+qiroHFKrtkII/CfzBDYQ6xWxKHAME+Tc="; 54 }; 55 56 in ··· 65 66 propagatedBuildInputs = [ 67 srht 68 pygit2 69 - scmsrht 70 ]; 71 72 preBuild = ''
··· 4 , buildPythonPackage 5 , python 6 , srht 7 + , scmsrht 8 , pygit2 9 + , minio 10 , unzip 11 }: 12 let 13 + version = "0.84.2"; 14 15 src = fetchFromSourcehut { 16 owner = "~sircmpwn"; 17 repo = "git.sr.ht"; 18 rev = version; 19 + sha256 = "sha256-sAkTsQlWtNDQ5vAhA2EeOvuJcj9A6AG8pgDyIKtr65s="; 20 }; 21 22 gitApi = buildGoModule ({ 23 inherit src version; 24 pname = "gitsrht-api"; 25 modRoot = "api"; 26 + vendorHash = "sha256-LAYp0zgosZnFEbtxzjuTH9++0lbxhACr705HqXJz3D0="; 27 } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); 28 29 gitDispatch = buildGoModule { 30 inherit src version; 31 pname = "gitsrht-dispatch"; 32 modRoot = "gitsrht-dispatch"; 33 + vendorHash = "sha256-EDvSZ3/g0xDSohrsAIpNhk+F0yy8tbnTW/3tURTonMc="; 34 + 35 + postPatch = '' 36 + substituteInPlace gitsrht-dispatch/main.go \ 37 + --replace /var/log/gitsrht-dispatch /var/log/sourcehut/gitsrht-dispatch 38 + ''; 39 }; 40 41 gitKeys = buildGoModule { ··· 43 pname = "gitsrht-keys"; 44 modRoot = "gitsrht-keys"; 45 vendorHash = "sha256-9pojS69HCKVHUceyOpGtv9ewcxFD4WsOVsEzkmWJkF4="; 46 + 47 + postPatch = '' 48 + substituteInPlace gitsrht-keys/main.go \ 49 + --replace /var/log/gitsrht-keys /var/log/sourcehut/gitsrht-keys 50 + ''; 51 }; 52 53 gitShell = buildGoModule { ··· 55 pname = "gitsrht-shell"; 56 modRoot = "gitsrht-shell"; 57 vendorHash = "sha256-WqfvSPuVsOHA//86u33atMfeA11+DJhjLmWy8Ivq0NI="; 58 + 59 + postPatch = '' 60 + substituteInPlace gitsrht-shell/main.go \ 61 + --replace /var/log/gitsrht-shell /var/log/sourcehut/gitsrht-shell 62 + ''; 63 }; 64 65 gitUpdateHook = buildGoModule { ··· 67 pname = "gitsrht-update-hook"; 68 modRoot = "gitsrht-update-hook"; 69 vendorHash = "sha256-Bc3yPabS2S+qiroHFKrtkII/CfzBDYQ6xWxKHAME+Tc="; 70 + 71 + postPatch = '' 72 + substituteInPlace gitsrht-update-hook/main.go \ 73 + --replace /var/log/gitsrht-update-hook /var/log/sourcehut/gitsrht-update-hook 74 + ''; 75 }; 76 77 in ··· 86 87 propagatedBuildInputs = [ 88 srht 89 + scmsrht 90 pygit2 91 + minio 92 ]; 93 94 preBuild = ''
+12 -4
pkgs/applications/version-management/sourcehut/hg.nix
··· 12 13 buildPythonPackage rec { 14 pname = "hgsrht"; 15 - version = "0.31.3"; 16 17 src = fetchFromSourcehut { 18 owner = "~sircmpwn"; 19 repo = "hg.sr.ht"; 20 rev = version; 21 - sha256 = "4Qe08gqsSTMQVQBchFPEUXuxM8ZAAQGJT1EOcDjkZa0="; 22 vc = "hg"; 23 }; 24 25 postPatch = '' 26 substituteInPlace Makefile \ 27 --replace "all: api hgsrht-keys" "" 28 ''; 29 30 hgsrht-api = buildGoModule ({ 31 inherit src version; 32 pname = "hgsrht-api"; 33 modRoot = "api"; 34 - vendorHash = "sha256-uIP3W7UJkP68HJUF33kz5xfg/KBiaSwMozFYmQJQkys="; 35 } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); 36 37 hgsrht-keys = buildGoModule { ··· 39 pname = "hgsrht-keys"; 40 modRoot = "hgsrht-keys"; 41 vendorHash = "sha256-7ti8xCjSrxsslF7/1X/GY4FDl+69hPL4UwCDfjxmJLU="; 42 }; 43 44 propagatedBuildInputs = [ 45 - srht 46 python-hglib 47 scmsrht 48 unidiff 49 ]; 50
··· 12 13 buildPythonPackage rec { 14 pname = "hgsrht"; 15 + version = "0.32.4"; 16 17 src = fetchFromSourcehut { 18 owner = "~sircmpwn"; 19 repo = "hg.sr.ht"; 20 rev = version; 21 + sha256 = "mYkA44c9wy/Iy1h1lXkVpc9gN7rQXFm4T3YBlQ1Dj60="; 22 vc = "hg"; 23 }; 24 25 postPatch = '' 26 substituteInPlace Makefile \ 27 --replace "all: api hgsrht-keys" "" 28 + 29 + substituteInPlace hgsrht-shell \ 30 + --replace /var/log/hgsrht-shell /var/log/sourcehut/hgsrht-shell 31 ''; 32 33 hgsrht-api = buildGoModule ({ 34 inherit src version; 35 pname = "hgsrht-api"; 36 modRoot = "api"; 37 + vendorHash = "sha256-vuOYpnF3WjA6kOe9MVSuVMhJBQqCmIex+QUBJrP+VDs="; 38 } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); 39 40 hgsrht-keys = buildGoModule { ··· 42 pname = "hgsrht-keys"; 43 modRoot = "hgsrht-keys"; 44 vendorHash = "sha256-7ti8xCjSrxsslF7/1X/GY4FDl+69hPL4UwCDfjxmJLU="; 45 + 46 + postPatch = '' 47 + substituteInPlace hgsrht-keys/main.go \ 48 + --replace /var/log/hgsrht-keys /var/log/sourcehut/hgsrht-keys 49 + ''; 50 }; 51 52 propagatedBuildInputs = [ 53 python-hglib 54 scmsrht 55 + srht 56 unidiff 57 ]; 58
+21 -3
pkgs/applications/version-management/sourcehut/hub.nix
··· 1 { lib 2 , fetchFromSourcehut 3 , buildPythonPackage 4 , srht 5 , pyyaml 6 }: 7 8 buildPythonPackage rec { 9 pname = "hubsrht"; 10 - version = "0.14.14"; 11 12 src = fetchFromSourcehut { 13 owner = "~sircmpwn"; 14 repo = "hub.sr.ht"; 15 rev = version; 16 - sha256 = "sha256-4n6oQ+AAvdJY/5KflxAp62chjyrlSUkmt319DKZk33w="; 17 }; 18 19 propagatedBuildInputs = [ 20 srht 21 pyyaml ··· 23 24 preBuild = '' 25 export PKGVER=${version} 26 ''; 27 28 - dontUseSetuptoolsCheck = true; 29 pythonImportsCheck = [ "hubsrht" ]; 30 31 meta = with lib; {
··· 1 { lib 2 , fetchFromSourcehut 3 + , buildGoModule 4 , buildPythonPackage 5 + , python 6 , srht 7 , pyyaml 8 + , unzip 9 }: 10 11 buildPythonPackage rec { 12 pname = "hubsrht"; 13 + version = "0.17.2"; 14 15 src = fetchFromSourcehut { 16 owner = "~sircmpwn"; 17 repo = "hub.sr.ht"; 18 rev = version; 19 + sha256 = "sha256-A+lvRsPz5EBnM0gB4PJuxSMpELZTrK14ORxDbTKPXWg="; 20 }; 21 22 + postPatch = '' 23 + substituteInPlace Makefile --replace "all: api" "" 24 + ''; 25 + 26 + hubsrht-api = buildGoModule ({ 27 + inherit src version; 28 + pname = "hubsrht-api"; 29 + modRoot = "api"; 30 + vendorHash = "sha256-K5EmZ4U+xItTR85+SCwhwg5KUGLkKHo9Nr2pkvmJpfo="; 31 + } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); 32 + 33 propagatedBuildInputs = [ 34 srht 35 pyyaml ··· 37 38 preBuild = '' 39 export PKGVER=${version} 40 + export SRHT_PATH=${srht}/${python.sitePackages}/srht 41 ''; 42 43 + postInstall = '' 44 + ln -s ${hubsrht-api}/bin/api $out/bin/hubsrht-api 45 + ''; 46 + 47 pythonImportsCheck = [ "hubsrht" ]; 48 49 meta = with lib; {
+7 -8
pkgs/applications/version-management/sourcehut/lists.nix
··· 3 , buildGoModule 4 , buildPythonPackage 5 , srht 6 - , asyncpg 7 , aiosmtpd 8 , pygit2 9 , emailthreads 10 - , redis 11 , python 12 , unzip 13 }: 14 15 buildPythonPackage rec { 16 pname = "listssrht"; 17 - version = "0.51.11"; 18 19 src = fetchFromSourcehut { 20 owner = "~sircmpwn"; 21 repo = "lists.sr.ht"; 22 rev = version; 23 - sha256 = "sha256-Qb70oOazZfmHpC5r0oMYCFdvfAeKbq3mQA8+M56YYnY="; 24 }; 25 26 listssrht-api = buildGoModule ({ 27 inherit src version; 28 pname = "listssrht-api"; 29 modRoot = "api"; 30 - vendorHash = "sha256-xnmMkRSokbhWD+kz0XQ9AinYdm6/50FRBISURPvlzD0="; 31 } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); 32 33 postPatch = '' ··· 37 38 propagatedBuildInputs = [ 39 srht 40 - pygit2 41 asyncpg 42 - aiosmtpd 43 emailthreads 44 - redis 45 ]; 46 47 preBuild = ''
··· 3 , buildGoModule 4 , buildPythonPackage 5 , srht 6 , aiosmtpd 7 + , asyncpg 8 , pygit2 9 , emailthreads 10 , python 11 , unzip 12 }: 13 14 buildPythonPackage rec { 15 pname = "listssrht"; 16 + version = "0.57.8"; 17 18 src = fetchFromSourcehut { 19 owner = "~sircmpwn"; 20 repo = "lists.sr.ht"; 21 rev = version; 22 + sha256 = "sha256-nQZRSTAyTWxcPHrRVCZ5TgcrNgrlxBFc1vRds0cQwA0="; 23 }; 24 25 listssrht-api = buildGoModule ({ 26 inherit src version; 27 pname = "listssrht-api"; 28 modRoot = "api"; 29 + vendorHash = "sha256-E5Zzft9ANJT/nhhCuenZpdo3t9QYLmA+AyDyrbGectE="; 30 } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); 31 32 postPatch = '' ··· 36 37 propagatedBuildInputs = [ 38 srht 39 + aiosmtpd 40 asyncpg 41 + pygit2 42 + # Unofficial dependency 43 emailthreads 44 ]; 45 46 preBuild = ''
+19 -2
pkgs/applications/version-management/sourcehut/man.nix
··· 1 { lib 2 , fetchFromSourcehut 3 , buildPythonPackage 4 , srht 5 , pygit2 6 , python 7 }: 8 9 buildPythonPackage rec { 10 pname = "mansrht"; 11 - version = "0.15.26"; 12 13 src = fetchFromSourcehut { 14 owner = "~sircmpwn"; 15 repo = "man.sr.ht"; 16 rev = version; 17 - sha256 = "sha256-5xZH6DrTXMdWd26OGICp7lZ/QDjACIa7zNUJHB7jzGo="; 18 }; 19 20 propagatedBuildInputs = [ 21 srht 22 pygit2 ··· 25 preBuild = '' 26 export PKGVER=${version} 27 export SRHT_PATH=${srht}/${python.sitePackages}/srht 28 ''; 29 30 pythonImportsCheck = [ "mansrht" ];
··· 1 { lib 2 , fetchFromSourcehut 3 + , buildGoModule 4 , buildPythonPackage 5 , srht 6 , pygit2 7 , python 8 + , unzip 9 }: 10 11 buildPythonPackage rec { 12 pname = "mansrht"; 13 + version = "0.16.1"; 14 15 src = fetchFromSourcehut { 16 owner = "~sircmpwn"; 17 repo = "man.sr.ht"; 18 rev = version; 19 + sha256 = "sha256-94G9/Kzt1gaQ2CaXtsJYCB6W5OTdn27XhVdpNJ9a5cE="; 20 }; 21 22 + postPatch = '' 23 + substituteInPlace Makefile --replace "all: api" "" 24 + ''; 25 + 26 + mansrht-api = buildGoModule ({ 27 + inherit src version; 28 + pname = "mansrht-api"; 29 + modRoot = "api"; 30 + vendorHash = "sha256-K5EmZ4U+xItTR85+SCwhwg5KUGLkKHo9Nr2pkvmJpfo="; 31 + } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); 32 + 33 propagatedBuildInputs = [ 34 srht 35 pygit2 ··· 38 preBuild = '' 39 export PKGVER=${version} 40 export SRHT_PATH=${srht}/${python.sitePackages}/srht 41 + ''; 42 + 43 + postInstall = '' 44 + ln -s ${mansrht-api}/bin/api $out/bin/mansrht-api 45 ''; 46 47 pythonImportsCheck = [ "mansrht" ];
+14 -22
pkgs/applications/version-management/sourcehut/meta.nix
··· 2 , fetchFromSourcehut 3 , buildPythonPackage 4 , buildGoModule 5 - , pgpy 6 - , srht 7 - , redis 8 , bcrypt 9 , qrcode 10 , stripe 11 - , zxcvbn 12 - , alembic 13 - , pystache 14 - , dnspython 15 - , sshpubkeys 16 - , weasyprint 17 , prometheus-client 18 , python 19 , unzip 20 }: 21 let 22 - version = "0.61.3"; 23 24 src = fetchFromSourcehut { 25 owner = "~sircmpwn"; 26 repo = "meta.sr.ht"; 27 rev = version; 28 - hash = "sha256-wMcpdRSRvxYEV163mdTGOemk62gljua89SOtwe6qGXU="; 29 }; 30 31 metasrht-api = buildGoModule ({ 32 inherit src version; 33 pname = "metasrht-api"; 34 modRoot = "api"; 35 - vendorHash = "sha256-ZoDRGmGe9o5pn89gJ60wjSp5Cc0yxRfvdhNnbwAhmSI="; 36 - } // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion = "0.17.20"; }); 37 38 in 39 buildPythonPackage rec { ··· 46 ''; 47 48 propagatedBuildInputs = [ 49 - pgpy 50 - srht 51 - redis 52 bcrypt 53 qrcode 54 stripe 55 zxcvbn 56 - alembic 57 - pystache 58 - sshpubkeys 59 - weasyprint 60 - prometheus-client 61 - dnspython 62 ]; 63 64 preBuild = ''
··· 2 , fetchFromSourcehut 3 , buildPythonPackage 4 , buildGoModule 5 + , alembic 6 , bcrypt 7 + , dnspython 8 , qrcode 9 + , redis 10 + , srht 11 , stripe 12 , prometheus-client 13 + , zxcvbn 14 , python 15 , unzip 16 }: 17 let 18 + version = "0.64.8"; 19 20 src = fetchFromSourcehut { 21 owner = "~sircmpwn"; 22 repo = "meta.sr.ht"; 23 rev = version; 24 + hash = "sha256-eiNvoy68PvjZ3iwdeNPjsXJjxAXb2PMF1/HvJquWa/U="; 25 }; 26 27 metasrht-api = buildGoModule ({ 28 inherit src version; 29 pname = "metasrht-api"; 30 modRoot = "api"; 31 + vendorHash = "sha256-D3stDSb99uXze49kKZgGrAq5Zmg6hkIzIpsQKlnKVtE="; 32 + } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); 33 34 in 35 buildPythonPackage rec { ··· 42 ''; 43 44 propagatedBuildInputs = [ 45 + alembic 46 bcrypt 47 + dnspython 48 qrcode 49 + redis 50 + srht 51 stripe 52 + prometheus-client 53 zxcvbn 54 ]; 55 56 preBuild = ''
+4 -4
pkgs/applications/version-management/sourcehut/pages.nix
··· 6 7 buildGoModule (rec { 8 pname = "pagessrht"; 9 - version = "0.7.4"; 10 11 src = fetchFromSourcehut { 12 owner = "~sircmpwn"; 13 repo = "pages.sr.ht"; 14 rev = version; 15 - sha256 = "sha256-WM9T2LS8yIqaR0PQQRgMk/tiMYcw8DZVPMqMWkj/5RY="; 16 }; 17 18 postPatch = '' ··· 20 --replace "all: server" "" 21 ''; 22 23 - vendorHash = "sha256-VOqY/nStqGyfWOXnJSZX8UYyp2kzcibQM2NRNysHYEc="; 24 25 postInstall = '' 26 mkdir -p $out/share/sql/ ··· 35 }; 36 # There is no ./loaders but this does not cause troubles 37 # to go generate 38 - } // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion= "0.17.9"; })
··· 6 7 buildGoModule (rec { 8 pname = "pagessrht"; 9 + version = "0.13.0"; 10 11 src = fetchFromSourcehut { 12 owner = "~sircmpwn"; 13 repo = "pages.sr.ht"; 14 rev = version; 15 + sha256 = "sha256-vUN6c6cyhcLI8bKrFYKoxlBQ29VS/bowpSfBRmi47wg="; 16 }; 17 18 postPatch = '' ··· 20 --replace "all: server" "" 21 ''; 22 23 + vendorHash = "sha256-GKuHkUqSVBLN3k8YsFtxdmdHFkqKo9YZqDk2GBmbfWo="; 24 25 postInstall = '' 26 mkdir -p $out/share/sql/ ··· 35 }; 36 # There is no ./loaders but this does not cause troubles 37 # to go generate 38 + } // import ./fix-gqlgen-trimpath.nix { inherit unzip; })
+2 -2
pkgs/applications/version-management/sourcehut/paste.nix
··· 8 9 buildPythonPackage rec { 10 pname = "pastesrht"; 11 - version = "0.13.8"; 12 13 src = fetchFromSourcehut { 14 owner = "~sircmpwn"; 15 repo = "paste.sr.ht"; 16 rev = version; 17 - sha256 = "sha256-Zji9FyYUtsklYz4qyLbtduusteC7WujLCMmvZKcqYis="; 18 }; 19 20 postPatch = ''
··· 8 9 buildPythonPackage rec { 10 pname = "pastesrht"; 11 + version = "0.15.1"; 12 13 src = fetchFromSourcehut { 14 owner = "~sircmpwn"; 15 repo = "paste.sr.ht"; 16 rev = version; 17 + sha256 = "sha256-IUFX7/V8AWqN+iuisLAyu7lMNIUCzSMoOfcZiYJTnrM="; 18 }; 19 20 postPatch = ''
+2 -4
pkgs/applications/version-management/sourcehut/scm.nix
··· 2 , fetchFromSourcehut 3 , buildPythonPackage 4 , srht 5 - , redis 6 , pyyaml 7 , buildsrht 8 }: 9 10 buildPythonPackage rec { 11 pname = "scmsrht"; 12 - version = "0.22.22"; 13 14 src = fetchFromSourcehut { 15 owner = "~sircmpwn"; 16 repo = "scm.sr.ht"; 17 rev = version; 18 - sha256 = "sha256-iSzzyI8HZOpOb4dyt520MV/wds14fNag2+UOF09KS7w="; 19 }; 20 21 propagatedBuildInputs = [ 22 srht 23 - redis 24 pyyaml 25 buildsrht 26 ];
··· 2 , fetchFromSourcehut 3 , buildPythonPackage 4 , srht 5 , pyyaml 6 , buildsrht 7 }: 8 9 buildPythonPackage rec { 10 pname = "scmsrht"; 11 + version = "0.22.23"; 12 13 src = fetchFromSourcehut { 14 owner = "~sircmpwn"; 15 repo = "scm.sr.ht"; 16 rev = version; 17 + sha256 = "sha256-058dOEYJDY3jtxH1VkV1CFq5CZTkauSnTWg57DCnNtw="; 18 }; 19 20 propagatedBuildInputs = [ 21 srht 22 pyyaml 23 buildsrht 24 ];
+3 -7
pkgs/applications/version-management/sourcehut/todo.nix
··· 3 , buildGoModule 4 , buildPythonPackage 5 , srht 6 - , redis 7 , alembic 8 - , pystache 9 , pytest 10 , factory-boy 11 , python ··· 14 15 buildPythonPackage rec { 16 pname = "todosrht"; 17 - version = "0.72.2"; 18 19 src = fetchFromSourcehut { 20 owner = "~sircmpwn"; 21 repo = "todo.sr.ht"; 22 rev = version; 23 - sha256 = "sha256-FLjVO8Y/9s2gFfMXwcY7Rj3WNzPEBYs1AEjiVZFWsT8="; 24 }; 25 26 postPatch = '' ··· 32 inherit src version; 33 pname = "todosrht-api"; 34 modRoot = "api"; 35 - vendorHash = "sha256-LB1H4jwnvoEyaaYJ09NI/M6IkgZwRet/fkso6b9EPV0="; 36 } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); 37 38 propagatedBuildInputs = [ 39 srht 40 - redis 41 alembic 42 - pystache 43 ]; 44 45 preBuild = ''
··· 3 , buildGoModule 4 , buildPythonPackage 5 , srht 6 , alembic 7 , pytest 8 , factory-boy 9 , python ··· 12 13 buildPythonPackage rec { 14 pname = "todosrht"; 15 + version = "0.74.6"; 16 17 src = fetchFromSourcehut { 18 owner = "~sircmpwn"; 19 repo = "todo.sr.ht"; 20 rev = version; 21 + sha256 = "sha256-j12pCGfKf6+9R8NOBIrH2V4OuSMuncU6S1AMWFVoHts="; 22 }; 23 24 postPatch = '' ··· 30 inherit src version; 31 pname = "todosrht-api"; 32 modRoot = "api"; 33 + vendorHash = "sha256-rvfG5F6ez8UM0dYVhKfzwtb7ZEJlaKMBAfKDbo3Aofc="; 34 } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); 35 36 propagatedBuildInputs = [ 37 srht 38 alembic 39 ]; 40 41 preBuild = ''
+15 -4
pkgs/applications/version-management/sourcehut/update.sh
··· 7 tmp=$(mktemp -d) 8 trap 'rm -rf "$tmp"' EXIT 9 10 default() { 11 - (cd "$root" && nix-instantiate --eval --strict -A "sourcehut.python.pkgs.$1.meta.position" | sed -re 's/^"(.*):[0-9]+"$/\1/') 12 } 13 14 version() { 15 - (cd "$root" && nix-instantiate --eval --strict -A "sourcehut.python.pkgs.$1.version" | tr -d '"') 16 } 17 18 src_url() { 19 - nix-instantiate --eval --strict --expr " with import $root {}; let src = sourcehut.python.pkgs.$1.drvAttrs.src; in src.meta.homepage" | tr -d '"' 20 } 21 22 get_latest_version() { ··· 35 default_nix="$(default "$1")" 36 oldVersion="$(version "$1")" 37 version="$(get_latest_version "$1")" 38 39 - (cd "$root" && update-source-version "sourcehut.python.pkgs.$1" "$version") 40 41 # Update vendorHash of Go modules 42 retry=true
··· 7 tmp=$(mktemp -d) 8 trap 'rm -rf "$tmp"' EXIT 9 10 + attr_path() { 11 + case "$1" in 12 + pagessrht) printf "sourcehut.$1";; 13 + *) printf "sourcehut.python.pkgs.$1";; 14 + esac 15 + } 16 + 17 default() { 18 + local p="$(attr_path "$1")" 19 + (cd "$root" && nix-instantiate --eval --strict -A $p.meta.position | sed -re 's/^"(.*):[0-9]+"$/\1/') 20 } 21 22 version() { 23 + local p="$(attr_path "$1")" 24 + (cd "$root" && nix-instantiate --eval --strict -A $p.version | tr -d '"') 25 } 26 27 src_url() { 28 + local p="$(attr_path "$1")" 29 + nix-instantiate --eval --strict --expr " with import $root {}; let src = $p.drvAttrs.src; in src.meta.homepage" | tr -d '"' 30 } 31 32 get_latest_version() { ··· 45 default_nix="$(default "$1")" 46 oldVersion="$(version "$1")" 47 version="$(get_latest_version "$1")" 48 + local p="$(attr_path "$1")" 49 50 + (cd "$root" && update-source-version "$p" "$version") 51 52 # Update vendorHash of Go modules 53 retry=true