gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/sourcehut: some settings became mandatory upstream

Browse Source
This commit is contained in:
Julien Moutinho
2022-06-08 21:25:15 +02:00
committed by Florian Brandes
parent cfaac4fde5
commit d2d8d93a66
2 changed files with 62 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
nixos/modules/services/misc/sourcehut/default.nix
View File

@@ -238,20 +238,32 @@ in
}; };
smtp-user = mkOptionNullOrStr "Outgoing SMTP user."; smtp-user = mkOptionNullOrStr "Outgoing SMTP user.";
smtp-password = mkOptionNullOrStr "Outgoing SMTP password."; smtp-password = mkOptionNullOrStr "Outgoing SMTP password.";
smtp-from = mkOptionNullOrStr "Outgoing SMTP FROM."; smtp-from = mkOption {
type = types.str;
description = "Outgoing SMTP FROM.";
};
error-to = mkOptionNullOrStr "Address receiving application exceptions"; error-to = mkOptionNullOrStr "Address receiving application exceptions";
error-from = mkOptionNullOrStr "Address sending application exceptions"; error-from = mkOptionNullOrStr "Address sending application exceptions";
pgp-privkey = mkOptionNullOrStr '' pgp-privkey = mkOption {
An absolute file path (which should be outside the Nix-store) type = types.str;
to an OpenPGP private key. description = ''
An absolute file path (which should be outside the Nix-store)
to an OpenPGP private key.
Your PGP key information (DO NOT mix up pub and priv here) Your PGP key information (DO NOT mix up pub and priv here)
You must remove the password from your secret key, if present. You must remove the password from your secret key, if present.
You can do this with <code>gpg --edit-key [key-id]</code>, You can do this with <code>gpg --edit-key [key-id]</code>,
then use the <code>passwd</code> command and do not enter a new password. then use the <code>passwd</code> command and do not enter a new password.
''; '';
pgp-pubkey = mkOptionNullOrStr "OpenPGP public key."; };
pgp-key-id = mkOptionNullOrStr "OpenPGP key identifier."; pgp-pubkey = mkOption {
type = with types; either path str;
description = "OpenPGP public key.";
};
pgp-key-id = mkOption {
type = types.str;
description = "OpenPGP key identifier.";
};
}; };
options.objects = { options.objects = {
s3-upstream = mkOption { s3-upstream = mkOption {

39
nixos/tests/sourcehut.nix
View File

@@ -169,6 +169,45 @@ in
oauth-client-id = "d07cb713d920702e"; oauth-client-id = "d07cb713d920702e";
}; };
settings.webhooks.private-key = pkgs.writeText "webhook-key" "Ra3IjxgFiwG9jxgp4WALQIZw/BMYt30xWiOsqD0J7EA="; settings.webhooks.private-key = pkgs.writeText "webhook-key" "Ra3IjxgFiwG9jxgp4WALQIZw/BMYt30xWiOsqD0J7EA=";
settings.mail = {
smtp-from = "root+hut@${domain}";
# WARNING: take care to keep pgp-privkey outside the Nix store in production,
# or use LoadCredentialEncrypted=
pgp-privkey = toString (pkgs.writeText "sourcehut.pgp-privkey" ''
-----BEGIN PGP PRIVATE KEY BLOCK-----
lFgEYqDRORYJKwYBBAHaRw8BAQdAehGoy36FUx2OesYm07be2rtLyvR5Pb/ltstd
Gk7hYQoAAP9X4oPmxxrHN8LewBpWITdBomNqlHoiP7mI0nz/BOPJHxEktDZuaXhv
cy90ZXN0cy9zb3VyY2VodXQgPHJvb3QraHV0QHNvdXJjZWh1dC5sb2NhbGRvbWFp
bj6IlwQTFgoAPxYhBPqjgjnL8RHN4JnADNicgXaYm0jJBQJioNE5AhsDBQkDwmcA
BgsJCAcDCgUVCgkICwUWAwIBAAIeBQIXgAAKCRDYnIF2mJtIySVCAP9e2nHsVHSi
2B1YGZpVG7Xf36vxljmMkbroQy+0gBPwRwEAq+jaiQqlbGhQ7R/HMFcAxBIVsq8h
Aw1rngsUd0o3dAicXQRioNE5EgorBgEEAZdVAQUBAQdAXZV2Sd5ZNBVTBbTGavMv
D6ORrUh8z7TI/3CsxCE7+yADAQgHAAD/c1RU9xH+V/uI1fE7HIn/zL0LUPpsuce2
cH++g4u3kBgTOYh+BBgWCgAmFiEE+qOCOcvxEc3gmcAM2JyBdpibSMkFAmKg0TkC
GwwFCQPCZwAACgkQ2JyBdpibSMlKagD/cTre6p1m8QuJ7kwmCFRSz5tBzIuYMMgN
xtT7dmS91csA/35fWsOykSiFRojQ7ccCSUTHL7ApF2EbL968tP/D2hIG
=Hjoc
-----END PGP PRIVATE KEY BLOCK-----
'');
pgp-pubkey = pkgs.writeText "sourcehut.pgp-pubkey" ''
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEYqDRORYJKwYBBAHaRw8BAQdAehGoy36FUx2OesYm07be2rtLyvR5Pb/ltstd
Gk7hYQq0Nm5peG9zL3Rlc3RzL3NvdXJjZWh1dCA8cm9vdCtodXRAc291cmNlaHV0
LmxvY2FsZG9tYWluPoiXBBMWCgA/FiEE+qOCOcvxEc3gmcAM2JyBdpibSMkFAmKg
0TkCGwMFCQPCZwAGCwkIBwMKBRUKCQgLBRYDAgEAAh4FAheAAAoJENicgXaYm0jJ
JUIA/17acexUdKLYHVgZmlUbtd/fq/GWOYyRuuhDL7SAE/BHAQCr6NqJCqVsaFDt
H8cwVwDEEhWyryEDDWueCxR3Sjd0CLg4BGKg0TkSCisGAQQBl1UBBQEBB0BdlXZJ
3lk0FVMFtMZq8y8Po5GtSHzPtMj/cKzEITv7IAMBCAeIfgQYFgoAJhYhBPqjgjnL
8RHN4JnADNicgXaYm0jJBQJioNE5AhsMBQkDwmcAAAoJENicgXaYm0jJSmoA/3E6
3uqdZvELie5MJghUUs+bQcyLmDDIDcbU+3ZkvdXLAP9+X1rDspEohUaI0O3HAklE
xy+wKRdhGy/evLT/w9oSBg==
=pJD7
-----END PGP PUBLIC KEY BLOCK-----
'';
pgp-key-id = "0xFAA38239CBF111CDE099C00CD89C8176989B48C9";
};
}; };
networking.firewall.allowedTCPPorts = [ 443 ]; networking.firewall.allowedTCPPorts = [ 443 ];