commit d70317352043d4db2264285a18b1fce40446ab22

pyrox.dev / nixpkgs

lol

fork atom

sourcehut: make /query endpoint config common to all services

Signed-off-by: Christoph Heiss <christoph@c8h4.io>

Christoph Heiss 2 years ago d7031735 395cc85b

+50 -54

2 changed files

expand all

unified split

nixos

modules

services

misc

sourcehut

default.nix

service.nix

+31 -54

nixos/modules/services/misc/sourcehut/default.nix

··· 77 type = types.path; 78 apply = s: "<" + toString s; 79 }; 80 }; 81 82 # Specialized python containing all the modules ··· 501 options."meta.sr.ht" = 502 removeAttrs (commonServiceSettings "meta") 503 ["oauth-client-id" "oauth-client-secret"] // { 504 - api-origin = mkOption { 505 - description = lib.mdDoc "Origin URL for API, 100 more than web."; 506 - type = types.str; 507 - default = "http://${cfg.listenAddress}:${toString (cfg.meta.port + 100)}"; 508 - defaultText = lib.literalMD ''`"http://''${`[](#opt-services.sourcehut.listenAddress)`}:''${toString (`[](#opt-services.sourcehut.meta.port)` + 100)}"`''; 509 - }; 510 webhooks = mkOption { 511 description = lib.mdDoc "The Redis connection used for the webhooks worker."; 512 type = types.str; ··· 1252 ) cfg.settings)); 1253 serviceConfig.ExecStart = "${pkgs.sourcehut.metasrht}/bin/metasrht-api -b ${cfg.listenAddress}:${toString (cfg.meta.port + 100)}"; 1254 }; 1255 - extraConfig = mkMerge [ 1256 - { 1257 - assertions = [ 1258 - { assertion = let s = cfg.settings."meta.sr.ht::billing"; in 1259 - s.enabled == "yes" -> (s.stripe-public-key != null && s.stripe-secret-key != null); 1260 - message = "If meta.sr.ht::billing is enabled, the keys must be defined."; 1261 - } 1262 - ]; 1263 - environment.systemPackages = optional cfg.meta.enable 1264 - (pkgs.writeShellScriptBin "metasrht-manageuser" '' 1265 - set -eux 1266 - if test "$(${pkgs.coreutils}/bin/id -n -u)" != '${cfg.meta.user}' 1267 - then exec sudo -u '${cfg.meta.user}' "$0" "$@" 1268 - else 1269 - # In order to load config.ini 1270 - if cd /run/sourcehut/metasrht 1271 - then exec ${cfg.python}/bin/metasrht-manageuser "$@" 1272 - else cat <<EOF 1273 - Please run: sudo systemctl start metasrht 1274 - EOF 1275 - exit 1 1276 - fi 1277 fi 1278 - ''); 1279 - } 1280 - (mkIf cfg.nginx.enable { 1281 - services.nginx.virtualHosts."meta.${domain}" = { 1282 - locations."/query" = { 1283 - proxyPass = cfg.settings."meta.sr.ht".api-origin; 1284 - extraConfig = '' 1285 - if ($request_method = 'OPTIONS') { 1286 - add_header 'Access-Control-Allow-Origin' '*'; 1287 - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 1288 - add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; 1289 - add_header 'Access-Control-Max-Age' 1728000; 1290 - add_header 'Content-Type' 'text/plain; charset=utf-8'; 1291 - add_header 'Content-Length' 0; 1292 - return 204; 1293 - } 1294 - 1295 - add_header 'Access-Control-Allow-Origin' '*'; 1296 - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 1297 - add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; 1298 - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; 1299 - ''; 1300 - }; 1301 - }; 1302 - }) 1303 - ]; 1304 }) 1305 1306 (import ./service.nix "pages" {

··· 77 type = types.path; 78 apply = s: "<" + toString s; 79 }; 80 + api-origin = mkOption { 81 + description = lib.mdDoc "Origin URL for API, 100 more than web."; 82 + type = types.str; 83 + default = "http://${cfg.listenAddress}:${toString (cfg.${srv}.port + 100)}"; 84 + defaultText = lib.literalMD '' 85 + `"http://''${`[](#opt-services.sourcehut.listenAddress)`}:''${toString (`[](#opt-services.sourcehut.${srv}.port)` + 100)}"` 86 + ''; 87 + }; 88 }; 89 90 # Specialized python containing all the modules ··· 509 options."meta.sr.ht" = 510 removeAttrs (commonServiceSettings "meta") 511 ["oauth-client-id" "oauth-client-secret"] // { 512 webhooks = mkOption { 513 description = lib.mdDoc "The Redis connection used for the webhooks worker."; 514 type = types.str; ··· 1254 ) cfg.settings)); 1255 serviceConfig.ExecStart = "${pkgs.sourcehut.metasrht}/bin/metasrht-api -b ${cfg.listenAddress}:${toString (cfg.meta.port + 100)}"; 1256 }; 1257 + extraConfig = { 1258 + assertions = [ 1259 + { assertion = let s = cfg.settings."meta.sr.ht::billing"; in 1260 + s.enabled == "yes" -> (s.stripe-public-key != null && s.stripe-secret-key != null); 1261 + message = "If meta.sr.ht::billing is enabled, the keys must be defined."; 1262 + } 1263 + ]; 1264 + environment.systemPackages = optional cfg.meta.enable 1265 + (pkgs.writeShellScriptBin "metasrht-manageuser" '' 1266 + set -eux 1267 + if test "$(${pkgs.coreutils}/bin/id -n -u)" != '${cfg.meta.user}' 1268 + then exec sudo -u '${cfg.meta.user}' "$0" "$@" 1269 + else 1270 + # In order to load config.ini 1271 + if cd /run/sourcehut/metasrht 1272 + then exec ${cfg.python}/bin/metasrht-manageuser "$@" 1273 + else cat <<EOF 1274 + Please run: sudo systemctl start metasrht 1275 + EOF 1276 + exit 1 1277 fi 1278 + fi 1279 + ''); 1280 + }; 1281 }) 1282 1283 (import ./service.nix "pages" {

+19

nixos/modules/services/misc/sourcehut/service.nix

··· 222 expires 30d; 223 ''; 224 }; 225 } cfg.nginx.virtualHost ]; 226 }; 227

··· 222 expires 30d; 223 ''; 224 }; 225 + locations."/query" = mkIf (cfg.settings.${iniKey} ? api-origin) { 226 + proxyPass = cfg.settings.${iniKey}.api-origin; 227 + extraConfig = '' 228 + if ($request_method = 'OPTIONS') { 229 + add_header 'Access-Control-Allow-Origin' '*'; 230 + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 231 + add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; 232 + add_header 'Access-Control-Max-Age' 1728000; 233 + add_header 'Content-Type' 'text/plain; charset=utf-8'; 234 + add_header 'Content-Length' 0; 235 + return 204; 236 + } 237 + 238 + add_header 'Access-Control-Allow-Origin' '*'; 239 + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 240 + add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; 241 + add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; 242 + ''; 243 + }; 244 } cfg.nginx.virtualHost ]; 245 }; 246