~sumner/nixos-configuration

cd622a1b600d188a490923ddce7ab24937de68b2 — Sumner Evans 6 months ago 28fcea0 pr-tracker
pr-tracker: add service
M host-configurations/bespin.nix => host-configurations/bespin.nix +7 -0
@@ 69,6 69,13 @@
  services.syncthing.enable = true;
  services.xandikos.enable = true;

  # PR Tracker
  services.pr-tracker = {
    enable = true;
    githubApiTokenFile = "/etc/nixos/secrets/pr-tracker-github-token";
    sourceUrl = "https://git.sr.ht/~sumner/pr-tracker";
  };

  # Synapse
  services.matrix-synapse.enable = true;
  services.heisenbridge = {

M modules/services/default.nix => modules/services/default.nix +1 -0
@@ 17,6 17,7 @@
    ./mumble.nix
    ./nginx.nix
    ./postgresql.nix
    ./pr-tracker.nix
    ./restic.nix
    ./sshd.nix
    ./syncthing.nix

M modules/services/gui/default.nix => modules/services/gui/default.nix +1 -0
@@ 7,6 7,7 @@

  config = mkIf (config.xorg.enable || config.wayland.enable) {
    # Add some Gnome services to make things work.
    programs.dconf.enable = true;
    services.dbus.packages = with pkgs; [ gnome.dconf gcr ];
    services.gnome.at-spi2-core.enable = true;
    services.gnome.gnome-keyring.enable = true;

A modules/services/pr-tracker.nix => modules/services/pr-tracker.nix +101 -0
@@ 0,0 1,101 @@
{ config, lib, pkgs, ... }: with lib; let
  cfg = config.services.pr-tracker;
  serverName = "pr-tracker.${config.networking.domain}";
  pr-tracker = pkgs.callPackage ../../pkgs/pr-tracker.nix { };
  nixpkgsDir = "${cfg.homeDir}/nixpkgs";
in
{
  options = {
    services.pr-tracker = {
      enable = mkEnableOption "pr-tracker, a nixpkgs pull request channel tracker.";
      githubApiTokenFile = mkOption {
        type = types.path;
        description = "A file containing the GitHub API Token to use.";
      };
      homeDir = mkOption {
        type = types.path;
        default = "/var/lib/pr-tracker";
        description = "The home directory of the PR tracker.";
      };
      address = mkOption {
        type = types.str;
        default = "0.0.0.0";
        description = "The address to listen on.";
      };
      sourceUrl = mkOption {
        type = types.str;
        default = "https://git.qyliss.net/pr-tracker";
        description = "The URL of the source code.";
      };
      port = mkOption {
        type = types.int;
        default = 5555;
        description = "The port to listen on.";
      };
    };
  };

  config = mkIf cfg.enable {
    # Create a user for pr-tracker.
    users.users.prtracker = {
      group = "prtracker";
      isSystemUser = true;
      home = cfg.homeDir;
      createHome = true;
    };
    users.groups.prtracker = { };

    # Serve via nginx reverse-proxy
    services.nginx.virtualHosts.${serverName} = {
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://unix:/run/pr-tracker.sock:/";
        extraConfig = ''
          proxy_http_version 1.1;
        '';
      };
    };

    systemd.services.pr-tracker-clone = {
      description = "Clone nixpkgs.";
      after = [ "network.target" ];
      serviceConfig = {
        ExecStart = ''
          if [[ ! -d ${nixpkgsDir} ]]; then
            ${pkgs.git}/bin/git clone \
              https://github.com/NixOS/nixpkgs.git \
              ${nixpkgsDir}
          fi
        '';
      };
    };

    systemd.sockets.pr-tracker = {
      description = "Socket for the PR tracker";
      wantedBy = [ "sockets.target" ];
      after = [ "pr-tracker-clone.service" ];
      before = [ "nginx.service" ];
      listenStreams = [ "/run/pr-tracker.sock" ];
    };

    systemd.services.pr-tracker = {
      description = "Nixpkgs pull request channel tracker.";
      after = [ "network.target" ];
      requires = [ "pr-tracker.socket" ];
      wantedBy = [ "multi-user.target" ];
      path = [ pkgs.git ];
      serviceConfig = {
        Restart = "always";
        StandardInput = "file:${cfg.githubApiTokenFile}";
        ExecStart = ''
          ${pr-tracker}/bin/pr-tracker \
            --path ${nixpkgsDir} \
            --remote origin \
            --user-agent "pr-tracker (sumner)" \
            --source-url ${cfg.sourceUrl}
        '';
      };
    };
  };
}

A pkgs/pr-tracker.nix => pkgs/pr-tracker.nix +36 -0
@@ 0,0 1,36 @@
{ rustPlatform
, lib
, fetchFromSourcehut
, openssl
, pkg-config
, systemd
}:

rustPlatform.buildRustPackage rec {
  pname = "pr-tracker";
  version = "unstable-2021-05-21";

  src = fetchFromSourcehut {
    owner = "~sumner";
    repo = pname;
    rev = "8f5bcddd8523403dc55dbb4056336369d9e497b2";
    sha256 = "sha256-EA8IW9qbjpIzpB3xl9DW1xw2gBtUBUO0/YIGvuBQcu0=";
  };

  cargoSha256 = "sha256-7i+h4Q5Gj3VD25Kz/B/gT/u5MXuE8G7Ghd7QUIyADpA=";

  nativeBuildInputs = [ pkg-config ];
  buildInputs = [ openssl systemd ];

  meta = with lib; {
    description = "Nixpkgs pull request channel tracker";
    longDescription = ''
      A web server that displays the path a Nixpkgs pull request will take
      through the various release channels.
    '';
    platforms = platforms.linux;
    homepage = "https://git.qyliss.net/pr-tracker";
    license = licenses.mit;
    maintainers = with maintainers; [ sumnerevans ];
  };
}

M secrets.tar.enc => secrets.tar.enc +0 -0