swendel/nixpkgs
1
0
Fork 0
mirror of https://github.com/SebastianWendel/nixpkgs.git synced 2024-09-21 04:49:01 +02:00
Code Issues Packages Projects Releases Wiki Activity

sourcehut: make /query endpoint config common to all services

Browse source 
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
This commit is contained in:
Christoph Heiss 2023-04-19 23:41:17 +02:00
parent 395cc85b36
commit d703173520
No known key found for this signature in database
GPG key ID: 73D5E7FDEE3DE49A
2 changed files with 50 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

85
nixos/modules/services/misc/sourcehut/default.nix
View file

@ -77,6 +77,14 @@ let
type = types.path; type = types.path;
apply = s: "<" + toString s; apply = s: "<" + toString s;
}; };
api-origin = mkOption {
description = lib.mdDoc "Origin URL for API, 100 more than web.";
type = types.str;
default = "http://${cfg.listenAddress}:${toString (cfg.${srv}.port + 100)}";
defaultText = lib.literalMD ''
`"http://''${`[](#opt-services.sourcehut.listenAddress)`}:''${toString (`[](#opt-services.sourcehut.${srv}.port)` + 100)}"`
'';
};
}; };
# Specialized python containing all the modules # Specialized python containing all the modules
@ -501,12 +509,6 @@ in
options."meta.sr.ht" = options."meta.sr.ht" =
removeAttrs (commonServiceSettings "meta") removeAttrs (commonServiceSettings "meta")
["oauth-client-id" "oauth-client-secret"] // { ["oauth-client-id" "oauth-client-secret"] // {
api-origin = mkOption {
description = lib.mdDoc "Origin URL for API, 100 more than web.";
type = types.str;
default = "http://${cfg.listenAddress}:${toString (cfg.meta.port + 100)}";
defaultText = lib.literalMD ''`"http://''${`[](#opt-services.sourcehut.listenAddress)`}:''${toString (`[](#opt-services.sourcehut.meta.port)` + 100)}"`'';
};
webhooks = mkOption { webhooks = mkOption {
description = lib.mdDoc "The Redis connection used for the webhooks worker."; description = lib.mdDoc "The Redis connection used for the webhooks worker.";
type = types.str; type = types.str;
@ -1252,55 +1254,30 @@ in
) cfg.settings)); ) cfg.settings));
serviceConfig.ExecStart = "${pkgs.sourcehut.metasrht}/bin/metasrht-api -b ${cfg.listenAddress}:${toString (cfg.meta.port + 100)}"; serviceConfig.ExecStart = "${pkgs.sourcehut.metasrht}/bin/metasrht-api -b ${cfg.listenAddress}:${toString (cfg.meta.port + 100)}";
}; };
extraConfig = mkMerge [ extraConfig = {
{ assertions = [
assertions = [ { assertion = let s = cfg.settings."meta.sr.ht::billing"; in
{ assertion = let s = cfg.settings."meta.sr.ht::billing"; in s.enabled == "yes" -> (s.stripe-public-key != null && s.stripe-secret-key != null);
s.enabled == "yes" -> (s.stripe-public-key != null && s.stripe-secret-key != null); message = "If meta.sr.ht::billing is enabled, the keys must be defined.";
message = "If meta.sr.ht::billing is enabled, the keys must be defined."; }
} ];
]; environment.systemPackages = optional cfg.meta.enable
environment.systemPackages = optional cfg.meta.enable (pkgs.writeShellScriptBin "metasrht-manageuser" ''
(pkgs.writeShellScriptBin "metasrht-manageuser" '' set -eux
set -eux if test "$(${pkgs.coreutils}/bin/id -n -u)" != '${cfg.meta.user}'
if test "$(${pkgs.coreutils}/bin/id -n -u)" != '${cfg.meta.user}' then exec sudo -u '${cfg.meta.user}' "$0" "$@"
then exec sudo -u '${cfg.meta.user}' "$0" "$@" else
else # In order to load config.ini
# In order to load config.ini if cd /run/sourcehut/metasrht
if cd /run/sourcehut/metasrht then exec ${cfg.python}/bin/metasrht-manageuser "$@"
then exec ${cfg.python}/bin/metasrht-manageuser "$@" else cat <<EOF
else cat <<EOF Please run: sudo systemctl start metasrht
Please run: sudo systemctl start metasrht EOF
EOF exit 1
exit 1
fi
fi fi
''); fi
} '');
(mkIf cfg.nginx.enable { };
services.nginx.virtualHosts."meta.${domain}" = {
locations."/query" = {
proxyPass = cfg.settings."meta.sr.ht".api-origin;
extraConfig = ''
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
'';
};
};
})
];
}) })
(import ./service.nix "pages" { (import ./service.nix "pages" {

19
nixos/modules/services/misc/sourcehut/service.nix
View file

@ -222,6 +222,25 @@ in
expires 30d; expires 30d;
''; '';
}; };
locations."/query" = mkIf (cfg.settings.${iniKey} ? api-origin) {
proxyPass = cfg.settings.${iniKey}.api-origin;
extraConfig = ''
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
'';
};
} cfg.nginx.virtualHost ]; } cfg.nginx.virtualHost ];
}; };