1 files changed, 113 insertions, 0 deletions

diff --git a/nixos/modules/services/misc/sourcehut/default.xml b/nixos/modules/services/misc/sourcehut/default.xml
new file mode 100644
index 000000000000..1d8330931ddf
--- /dev/null
+++ b/nixos/modules/services/misc/sourcehut/default.xml
@@ -0,0 +1,113 @@
+<!-- Do not edit this file directly, edit its companion .md instead
+     and regenerate this file using nixos/doc/manual/md-to-db.sh -->
+<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="module-services-sourcehut">
+  <title>Sourcehut</title>
+  <para>
+    <link xlink:href="https://sr.ht.com/">Sourcehut</link> is an
+    open-source, self-hostable software development platform. The server
+    setup can be automated using
+    <link linkend="opt-services.sourcehut.enable">services.sourcehut</link>.
+  </para>
+  <section xml:id="module-services-sourcehut-basic-usage">
+    <title>Basic usage</title>
+    <para>
+      Sourcehut is a Python and Go based set of applications. This NixOS
+      module also provides basic configuration integrating Sourcehut
+      into locally running <literal>services.nginx</literal>,
+      <literal>services.redis.servers.sourcehut</literal>,
+      <literal>services.postfix</literal> and
+      <literal>services.postgresql</literal> services.
+    </para>
+    <para>
+      A very basic configuration may look like this:
+    </para>
+    <programlisting>
+{ pkgs, ... }:
+let
+  fqdn =
+    let
+      join = hostName: domain: hostName + optionalString (domain != null) &quot;.${domain}&quot;;
+    in join config.networking.hostName config.networking.domain;
+in {
+
+  networking = {
+    hostName = &quot;srht&quot;;
+    domain = &quot;tld&quot;;
+    firewall.allowedTCPPorts = [ 22 80 443 ];
+  };
+
+  services.sourcehut = {
+    enable = true;
+    git.enable = true;
+    man.enable = true;
+    meta.enable = true;
+    nginx.enable = true;
+    postfix.enable = true;
+    postgresql.enable = true;
+    redis.enable = true;
+    settings = {
+        &quot;sr.ht&quot; = {
+          environment = &quot;production&quot;;
+          global-domain = fqdn;
+          origin = &quot;https://${fqdn}&quot;;
+          # Produce keys with srht-keygen from sourcehut.coresrht.
+          network-key = &quot;/run/keys/path/to/network-key&quot;;
+          service-key = &quot;/run/keys/path/to/service-key&quot;;
+        };
+        webhooks.private-key= &quot;/run/keys/path/to/webhook-key&quot;;
+    };
+  };
+
+  security.acme.certs.&quot;${fqdn}&quot;.extraDomainNames = [
+    &quot;meta.${fqdn}&quot;
+    &quot;man.${fqdn}&quot;
+    &quot;git.${fqdn}&quot;
+  ];
+
+  services.nginx = {
+    enable = true;
+    # only recommendedProxySettings are strictly required, but the rest make sense as well.
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+
+    # Settings to setup what certificates are used for which endpoint.
+    virtualHosts = {
+      &quot;${fqdn}&quot;.enableACME = true;
+      &quot;meta.${fqdn}&quot;.useACMEHost = fqdn:
+      &quot;man.${fqdn}&quot;.useACMEHost = fqdn:
+      &quot;git.${fqdn}&quot;.useACMEHost = fqdn:
+    };
+  };
+}
+</programlisting>
+    <para>
+      The <literal>hostName</literal> option is used internally to
+      configure the nginx reverse-proxy. The <literal>settings</literal>
+      attribute set is used by the configuration generator and the
+      result is placed in <literal>/etc/sr.ht/config.ini</literal>.
+    </para>
+  </section>
+  <section xml:id="module-services-sourcehut-configuration">
+    <title>Configuration</title>
+    <para>
+      All configuration parameters are also stored in
+      <literal>/etc/sr.ht/config.ini</literal> which is generated by the
+      module and linked from the store to ensure that all values from
+      <literal>config.ini</literal> can be modified by the module.
+    </para>
+  </section>
+  <section xml:id="module-services-sourcehut-httpd">
+    <title>Using an alternative webserver as reverse-proxy (e.g.
+    <literal>httpd</literal>)</title>
+    <para>
+      By default, <literal>nginx</literal> is used as reverse-proxy for
+      <literal>sourcehut</literal>. However, it’s possible to use e.g.
+      <literal>httpd</literal> by explicitly disabling
+      <literal>nginx</literal> using
+      <xref linkend="opt-services.nginx.enable" /> and fixing the
+      <literal>settings</literal>.
+    </para>
+  </section>
+</chapter>