mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-09-21 04:49:01 +02:00
sourcehut: make /query endpoint config common to all services
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
This commit is contained in:
parent
395cc85b36
commit
d703173520
|
@ -77,6 +77,14 @@ let
|
||||||
type = types.path;
|
type = types.path;
|
||||||
apply = s: "<" + toString s;
|
apply = s: "<" + toString s;
|
||||||
};
|
};
|
||||||
|
api-origin = mkOption {
|
||||||
|
description = lib.mdDoc "Origin URL for API, 100 more than web.";
|
||||||
|
type = types.str;
|
||||||
|
default = "http://${cfg.listenAddress}:${toString (cfg.${srv}.port + 100)}";
|
||||||
|
defaultText = lib.literalMD ''
|
||||||
|
`"http://''${`[](#opt-services.sourcehut.listenAddress)`}:''${toString (`[](#opt-services.sourcehut.${srv}.port)` + 100)}"`
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Specialized python containing all the modules
|
# Specialized python containing all the modules
|
||||||
|
@ -501,12 +509,6 @@ in
|
||||||
options."meta.sr.ht" =
|
options."meta.sr.ht" =
|
||||||
removeAttrs (commonServiceSettings "meta")
|
removeAttrs (commonServiceSettings "meta")
|
||||||
["oauth-client-id" "oauth-client-secret"] // {
|
["oauth-client-id" "oauth-client-secret"] // {
|
||||||
api-origin = mkOption {
|
|
||||||
description = lib.mdDoc "Origin URL for API, 100 more than web.";
|
|
||||||
type = types.str;
|
|
||||||
default = "http://${cfg.listenAddress}:${toString (cfg.meta.port + 100)}";
|
|
||||||
defaultText = lib.literalMD ''`"http://''${`[](#opt-services.sourcehut.listenAddress)`}:''${toString (`[](#opt-services.sourcehut.meta.port)` + 100)}"`'';
|
|
||||||
};
|
|
||||||
webhooks = mkOption {
|
webhooks = mkOption {
|
||||||
description = lib.mdDoc "The Redis connection used for the webhooks worker.";
|
description = lib.mdDoc "The Redis connection used for the webhooks worker.";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
|
@ -1252,55 +1254,30 @@ in
|
||||||
) cfg.settings));
|
) cfg.settings));
|
||||||
serviceConfig.ExecStart = "${pkgs.sourcehut.metasrht}/bin/metasrht-api -b ${cfg.listenAddress}:${toString (cfg.meta.port + 100)}";
|
serviceConfig.ExecStart = "${pkgs.sourcehut.metasrht}/bin/metasrht-api -b ${cfg.listenAddress}:${toString (cfg.meta.port + 100)}";
|
||||||
};
|
};
|
||||||
extraConfig = mkMerge [
|
extraConfig = {
|
||||||
{
|
assertions = [
|
||||||
assertions = [
|
{ assertion = let s = cfg.settings."meta.sr.ht::billing"; in
|
||||||
{ assertion = let s = cfg.settings."meta.sr.ht::billing"; in
|
s.enabled == "yes" -> (s.stripe-public-key != null && s.stripe-secret-key != null);
|
||||||
s.enabled == "yes" -> (s.stripe-public-key != null && s.stripe-secret-key != null);
|
message = "If meta.sr.ht::billing is enabled, the keys must be defined.";
|
||||||
message = "If meta.sr.ht::billing is enabled, the keys must be defined.";
|
}
|
||||||
}
|
];
|
||||||
];
|
environment.systemPackages = optional cfg.meta.enable
|
||||||
environment.systemPackages = optional cfg.meta.enable
|
(pkgs.writeShellScriptBin "metasrht-manageuser" ''
|
||||||
(pkgs.writeShellScriptBin "metasrht-manageuser" ''
|
set -eux
|
||||||
set -eux
|
if test "$(${pkgs.coreutils}/bin/id -n -u)" != '${cfg.meta.user}'
|
||||||
if test "$(${pkgs.coreutils}/bin/id -n -u)" != '${cfg.meta.user}'
|
then exec sudo -u '${cfg.meta.user}' "$0" "$@"
|
||||||
then exec sudo -u '${cfg.meta.user}' "$0" "$@"
|
else
|
||||||
else
|
# In order to load config.ini
|
||||||
# In order to load config.ini
|
if cd /run/sourcehut/metasrht
|
||||||
if cd /run/sourcehut/metasrht
|
then exec ${cfg.python}/bin/metasrht-manageuser "$@"
|
||||||
then exec ${cfg.python}/bin/metasrht-manageuser "$@"
|
else cat <<EOF
|
||||||
else cat <<EOF
|
Please run: sudo systemctl start metasrht
|
||||||
Please run: sudo systemctl start metasrht
|
EOF
|
||||||
EOF
|
exit 1
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
'');
|
fi
|
||||||
}
|
'');
|
||||||
(mkIf cfg.nginx.enable {
|
};
|
||||||
services.nginx.virtualHosts."meta.${domain}" = {
|
|
||||||
locations."/query" = {
|
|
||||||
proxyPass = cfg.settings."meta.sr.ht".api-origin;
|
|
||||||
extraConfig = ''
|
|
||||||
if ($request_method = 'OPTIONS') {
|
|
||||||
add_header 'Access-Control-Allow-Origin' '*';
|
|
||||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
|
||||||
add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
|
|
||||||
add_header 'Access-Control-Max-Age' 1728000;
|
|
||||||
add_header 'Content-Type' 'text/plain; charset=utf-8';
|
|
||||||
add_header 'Content-Length' 0;
|
|
||||||
return 204;
|
|
||||||
}
|
|
||||||
|
|
||||||
add_header 'Access-Control-Allow-Origin' '*';
|
|
||||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
|
||||||
add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
|
|
||||||
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
})
|
|
||||||
];
|
|
||||||
})
|
})
|
||||||
|
|
||||||
(import ./service.nix "pages" {
|
(import ./service.nix "pages" {
|
||||||
|
|
|
@ -222,6 +222,25 @@ in
|
||||||
expires 30d;
|
expires 30d;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
locations."/query" = mkIf (cfg.settings.${iniKey} ? api-origin) {
|
||||||
|
proxyPass = cfg.settings.${iniKey}.api-origin;
|
||||||
|
extraConfig = ''
|
||||||
|
if ($request_method = 'OPTIONS') {
|
||||||
|
add_header 'Access-Control-Allow-Origin' '*';
|
||||||
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||||
|
add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
|
||||||
|
add_header 'Access-Control-Max-Age' 1728000;
|
||||||
|
add_header 'Content-Type' 'text/plain; charset=utf-8';
|
||||||
|
add_header 'Content-Length' 0;
|
||||||
|
return 204;
|
||||||
|
}
|
||||||
|
|
||||||
|
add_header 'Access-Control-Allow-Origin' '*';
|
||||||
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||||
|
add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
|
||||||
|
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
|
||||||
|
'';
|
||||||
|
};
|
||||||
} cfg.nginx.virtualHost ];
|
} cfg.nginx.virtualHost ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue