{ config, pkgs, lib, ... }:
with lib;
let
inherit (config.services) nginx postfix postgresql redis;
inherit (config.users) users groups;
cfg = config.services.sourcehut;
domain = cfg.settings."sr.ht".global-domain;
settingsFormat = pkgs.formats.ini {
listToValue = concatMapStringsSep "," (generators.mkValueStringDefault {});
mkKeyValue = k: v:
optionalString (v != null)
(generators.mkKeyValueDefault {
mkValueString = v:
if v == true then "yes"
else if v == false then "no"
else generators.mkValueStringDefault {} v;
} "=" k v);
};
configIniOfService = srv: settingsFormat.generate "sourcehut-${srv}-config.ini"
# Each service needs access to only a subset of sections (and secrets).
(filterAttrs (k: v: v != null)
(mapAttrs (section: v:
let srvMatch = builtins.match "^([a-z]*)\\.sr\\.ht(::.*)?$" section; in
if srvMatch == null # Include sections shared by all services
|| head srvMatch == srv # Include sections for the service being configured
then v
# Enable Web links and integrations between services.
else if tail srvMatch == [ null ] && elem (head srvMatch) cfg.services
then {
inherit (v) origin;
# mansrht crashes without it
oauth-client-id = v.oauth-client-id or null;
}
# Drop sub-sections of other services
else null)
(recursiveUpdate cfg.settings {
# Those paths are mounted using BindPaths= or BindReadOnlyPaths=
# for services needing access to them.
"builds.sr.ht::worker".buildlogs = "/var/log/sourcehut/buildsrht-worker";
"git.sr.ht".post-update-script = "/usr/bin/gitsrht-update-hook";
"git.sr.ht".repos = cfg.