movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-10 03:23:29 +03:00
Code Issues Projects Releases Packages Wiki Activity

nixos/sourcehut: adapt to new versions

Browse source
This commit is contained in:
Marcin Serwin 2025-05-03 20:06:05 +02:00
parent ea5a3a6d7e
commit fa148f9b48
No known key found for this signature in database
GPG key ID: DACFAC4EA0B194E0
4 changed files with 137 additions and 127 deletions
Download patch file Download diff file Expand all files Collapse all files

216
nixos/modules/services/misc/sourcehut/default.nix
View file

@ -97,13 +97,14 @@ let
# Those paths are mounted using BindPaths= or BindReadOnlyPaths= # Those paths are mounted using BindPaths= or BindReadOnlyPaths=
# for services needing access to them. # for services needing access to them.
"builds.sr.ht::worker".buildlogs = "/var/log/sourcehut/buildsrht-worker"; "builds.sr.ht::worker".buildlogs = "/var/log/sourcehut/buildsrht-worker";
"git.sr.ht".post-update-script = "/usr/bin/gitsrht-update-hook"; "git.sr.ht".post-update-script = "/usr/bin/git.sr.ht-update-hook";
"git.sr.ht".repos = cfg.settings."git.sr.ht".repos; "git.sr.ht".repos = cfg.settings."git.sr.ht".repos;
"hg.sr.ht".changegroup-script = "/usr/bin/hgsrht-hook-changegroup"; "hg.sr.ht".changegroup-script = "/usr/bin/hg.sr.ht-hook-changegroup";
"hg.sr.ht".repos = cfg.settings."hg.sr.ht".repos; "hg.sr.ht".repos = cfg.settings."hg.sr.ht".repos;
# Making this a per service option despite being in a global section, # Making this a per service option despite being in a global section,
# so that it uses the redis-server used by the service. # so that it uses the redis-server used by the service.
"sr.ht".redis-host = cfg.${srv}.redis.host; "sr.ht".redis-host = cfg.${srv}.redis.host;
"sr.ht".assets = "${cfg.${srv}.package}/share/sourcehut";
} }
) )
) )
@ -376,7 +377,7 @@ in
redis = mkOption { redis = mkOption {
description = "The Redis connection used for the Celery worker."; description = "The Redis connection used for the Celery worker.";
type = types.str; type = types.str;
default = "redis+socket:///run/redis-sourcehut-buildsrht/redis.sock?virtual_host=2"; default = "redis+socket:///run/redis-sourcehut-builds.sr.ht/redis.sock?virtual_host=2";
}; };
shell = mkOption { shell = mkOption {
description = '' description = ''
@ -436,8 +437,8 @@ in
This setting is propagated to newer and existing repositories. This setting is propagated to newer and existing repositories.
''; '';
type = types.path; type = types.path;
default = "${pkgs.sourcehut.gitsrht}/bin/gitsrht-update-hook"; default = "${cfg.git.package}/bin/git.sr.ht-update-hook";
defaultText = "\${pkgs.sourcehut.gitsrht}/bin/gitsrht-update-hook"; defaultText = "\${pkgs.sourcehut.gitsrht}/bin/git.sr.ht-update-hook";
}; };
repos = mkOption { repos = mkOption {
description = '' description = ''
@ -446,12 +447,12 @@ in
the gitsrht's user as read and write access to it. the gitsrht's user as read and write access to it.
''; '';
type = types.str; type = types.str;
default = "/var/lib/sourcehut/gitsrht/repos"; default = "/var/lib/sourcehut/git.sr.ht/repos";
}; };
webhooks = mkOption { webhooks = mkOption {
description = "The Redis connection used for the webhooks worker."; description = "The Redis connection used for the webhooks worker.";
type = types.str; type = types.str;
default = "redis+socket:///run/redis-sourcehut-gitsrht/redis.sock?virtual_host=1"; default = "redis+socket:///run/redis-sourcehut-git.sr.ht/redis.sock?virtual_host=1";
}; };
}; };
options."git.sr.ht::api" = { options."git.sr.ht::api" = {
@ -477,8 +478,8 @@ in
This setting is propagated to newer and existing repositories. This setting is propagated to newer and existing repositories.
''; '';
type = types.str; type = types.str;
default = "${pkgs.sourcehut.hgsrht}/bin/hgsrht-hook-changegroup"; default = "${cfg.hg.package}/bin/hg.sr.ht-hook-changegroup";
defaultText = "\${pkgs.sourcehut.hgsrht}/bin/hgsrht-hook-changegroup"; defaultText = "\${pkgs.sourcehut.hgsrht}/bin/hg.sr.ht-hook-changegroup";
}; };
repos = mkOption { repos = mkOption {
description = '' description = ''
@ -487,7 +488,7 @@ in
the hgsrht's user as read and write access to it. the hgsrht's user as read and write access to it.
''; '';
type = types.str; type = types.str;
default = "/var/lib/sourcehut/hgsrht/repos"; default = "/var/lib/sourcehut/hg.sr.ht/repos";
}; };
srhtext = mkOptionNullOrStr '' srhtext = mkOptionNullOrStr ''
Path to the srht mercurial extension Path to the srht mercurial extension
@ -507,7 +508,7 @@ in
webhooks = mkOption { webhooks = mkOption {
description = "The Redis connection used for the webhooks worker."; description = "The Redis connection used for the webhooks worker.";
type = types.str; type = types.str;
default = "redis+socket:///run/redis-sourcehut-hgsrht/redis.sock?virtual_host=1"; default = "redis+socket:///run/redis-sourcehut-hg.sr.ht/redis.sock?virtual_host=1";
}; };
}; };
@ -529,12 +530,12 @@ in
redis = mkOption { redis = mkOption {
description = "The Redis connection used for the Celery worker."; description = "The Redis connection used for the Celery worker.";
type = types.str; type = types.str;
default = "redis+socket:///run/redis-sourcehut-listssrht/redis.sock?virtual_host=2"; default = "redis+socket:///run/redis-sourcehut-lists.sr.ht/redis.sock?virtual_host=2";
}; };
webhooks = mkOption { webhooks = mkOption {
description = "The Redis connection used for the webhooks worker."; description = "The Redis connection used for the webhooks worker.";
type = types.str; type = types.str;
default = "redis+socket:///run/redis-sourcehut-listssrht/redis.sock?virtual_host=1"; default = "redis+socket:///run/redis-sourcehut-lists.sr.ht/redis.sock?virtual_host=1";
}; };
}; };
options."lists.sr.ht::worker" = { options."lists.sr.ht::worker" = {
@ -584,7 +585,7 @@ in
webhooks = mkOption { webhooks = mkOption {
description = "The Redis connection used for the webhooks worker."; description = "The Redis connection used for the webhooks worker.";
type = types.str; type = types.str;
default = "redis+socket:///run/redis-sourcehut-metasrht/redis.sock?virtual_host=1"; default = "redis+socket:///run/redis-sourcehut-meta.sr.ht/redis.sock?virtual_host=1";
}; };
welcome-emails = mkEnableOption "sending stock sourcehut welcome emails after signup"; welcome-emails = mkEnableOption "sending stock sourcehut welcome emails after signup";
}; };
@ -691,7 +692,7 @@ in
webhooks = mkOption { webhooks = mkOption {
description = "The Redis connection used for the webhooks worker."; description = "The Redis connection used for the webhooks worker.";
type = types.str; type = types.str;
default = "redis+socket:///run/redis-sourcehut-todosrht/redis.sock?virtual_host=1"; default = "redis+socket:///run/redis-sourcehut-todo.sr.ht/redis.sock?virtual_host=1";
}; };
}; };
options."todo.sr.ht::mail" = { options."todo.sr.ht::mail" = {
@ -763,7 +764,7 @@ in
}; };
git = { git = {
package = mkPackageOption pkgs "git" { gitPackage = mkPackageOption pkgs "git" {
example = "gitFull"; example = "gitFull";
}; };
fcgiwrap.preforkProcess = mkOption { fcgiwrap.preforkProcess = mkOption {
@ -774,7 +775,7 @@ in
}; };
hg = { hg = {
package = mkPackageOption pkgs "mercurial" { }; mercurialPackage = mkPackageOption pkgs "mercurial" { };
cloneBundles = mkOption { cloneBundles = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -806,6 +807,7 @@ in
config = mkIf cfg.enable (mkMerge [ config = mkIf cfg.enable (mkMerge [
{ {
# TODO: make configurable
environment.systemPackages = [ pkgs.sourcehut.coresrht ]; environment.systemPackages = [ pkgs.sourcehut.coresrht ];
services.sourcehut.settings = { services.sourcehut.settings = {
@ -875,14 +877,14 @@ in
set -e set -e
set -x set -x
cd /etc/ssh/sourcehut/subdir cd /etc/ssh/sourcehut/subdir
${pkgs.sourcehut.gitsrht}/bin/gitsrht-dispatch "$@" ${cfg.git.package}/bin/git.sr.ht-dispatch "$@"
''; '';
}; };
systemd.tmpfiles.settings."10-sourcehut-gitsrht" = mkIf cfg.git.enable (mkMerge [ systemd.tmpfiles.settings."10-sourcehut-gitsrht" = mkIf cfg.git.enable (mkMerge [
(builtins.listToAttrs ( (builtins.listToAttrs (
map map
(name: { (name: {
name = "/var/log/sourcehut/gitsrht-${name}"; name = "/var/log/sourcehut/git.sr.ht-${name}";
value.f = { value.f = {
inherit (cfg.git) user group; inherit (cfg.git) user group;
mode = "0644"; mode = "0644";
@ -903,7 +905,7 @@ in
]); ]);
systemd.services.sshd = { systemd.services.sshd = {
preStart = mkIf cfg.hg.enable '' preStart = mkIf cfg.hg.enable ''
chown ${cfg.hg.user}:${cfg.hg.group} /var/log/sourcehut/hgsrht-keys chown ${cfg.hg.user}:${cfg.hg.group} /var/log/sourcehut/hg.sr.ht-keys
''; '';
serviceConfig = { serviceConfig = {
LogsDirectory = "sourcehut"; LogsDirectory = "sourcehut";
@ -919,62 +921,62 @@ in
"${pkgs.writeShellScript "buildsrht-keys-wrapper" '' "${pkgs.writeShellScript "buildsrht-keys-wrapper" ''
set -e set -e
cd /run/sourcehut/buildsrht/subdir cd /run/sourcehut/buildsrht/subdir
exec -a "$0" ${pkgs.sourcehut.buildsrht}/bin/buildsrht-keys "$@" exec -a "$0" ${cfg.builds.package}/bin/builds.sr.ht-keys "$@"
''}:/usr/bin/buildsrht-keys" ''}:/usr/bin/buildsrht-keys"
"${pkgs.sourcehut.buildsrht}/bin/master-shell:/usr/bin/master-shell" "${cfg.builds.package}/bin/master-shell:/usr/bin/master-shell"
"${pkgs.sourcehut.buildsrht}/bin/runner-shell:/usr/bin/runner-shell" "${cfg.builds.package}/bin/runner-shell:/usr/bin/runner-shell"
] ]
++ optionals cfg.git.enable [ ++ optionals cfg.git.enable [
# /path/to/gitsrht-keys calls /path/to/gitsrht-shell, # /path/to/gitsrht-keys calls /path/to/gitsrht-shell,
# or [git.sr.ht] shell= if set. # or [git.sr.ht] shell= if set.
"${pkgs.writeShellScript "gitsrht-keys-wrapper" '' "${pkgs.writeShellScript "gitsrht-keys-wrapper" ''
set -e set -e
cd /run/sourcehut/gitsrht/subdir cd /run/sourcehut/git.sr.ht/subdir
exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-keys "$@" exec -a "$0" ${cfg.git.package}/bin/git.sr.ht-keys "$@"
''}:/usr/bin/gitsrht-keys" ''}:/usr/bin/git.sr.ht-keys"
"${pkgs.writeShellScript "gitsrht-shell-wrapper" '' "${pkgs.writeShellScript "gitsrht-shell-wrapper" ''
set -e set -e
cd /run/sourcehut/gitsrht/subdir cd /run/sourcehut/git.sr.ht/subdir
export PATH="${cfg.git.package}/bin:$PATH" export PATH="${cfg.git.gitPackage}/bin:$PATH"
export SRHT_CONFIG=/run/sourcehut/gitsrht/config.ini export SRHT_CONFIG=/run/sourcehut/git.sr.ht/config.ini
exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-shell "$@" exec -a "$0" ${cfg.git.package}/bin/git.sr.ht-shell "$@"
''}:/usr/bin/gitsrht-shell" ''}:/usr/bin/git.sr.ht-shell"
"${pkgs.writeShellScript "gitsrht-update-hook" '' "${pkgs.writeShellScript "gitsrht-update-hook" ''
set -e set -e
export SRHT_CONFIG=/run/sourcehut/gitsrht/config.ini export SRHT_CONFIG=/run/sourcehut/git.sr.ht/config.ini
# hooks/post-update calls /usr/bin/gitsrht-update-hook as hooks/stage-3 # hooks/post-update calls /usr/bin/gitsrht-update-hook as hooks/stage-3
# but this wrapper being a bash script, it overrides $0 with /usr/bin/gitsrht-update-hook # but this wrapper being a bash script, it overrides $0 with /usr/bin/gitsrht-update-hook
# hence this hack to put hooks/stage-3 back into gitsrht-update-hook's $0 # hence this hack to put hooks/stage-3 back into gitsrht-update-hook's $0
if test "''${STAGE3:+set}" if test "''${STAGE3:+set}"
then then
exec -a hooks/stage-3 ${pkgs.sourcehut.gitsrht}/bin/gitsrht-update-hook "$@" exec -a hooks/stage-3 ${cfg.git.package}/bin/git.sr.ht-update-hook "$@"
else else
export STAGE3=set export STAGE3=set
exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-update-hook "$@" exec -a "$0" ${cfg.git.package}/bin/git.sr.ht-update-hook "$@"
fi fi
''}:/usr/bin/gitsrht-update-hook" ''}:/usr/bin/git.sr.ht-update-hook"
] ]
++ optionals cfg.hg.enable [ ++ optionals cfg.hg.enable [
# /path/to/hgsrht-keys calls /path/to/hgsrht-shell, # /path/to/hgsrht-keys calls /path/to/hgsrht-shell,
# or [hg.sr.ht] shell= if set. # or [hg.sr.ht] shell= if set.
"${pkgs.writeShellScript "hgsrht-keys-wrapper" '' "${pkgs.writeShellScript "hgsrht-keys-wrapper" ''
set -e set -e
cd /run/sourcehut/hgsrht/subdir cd /run/sourcehut/hg.sr.ht/subdir
exec -a "$0" ${pkgs.sourcehut.hgsrht}/bin/hgsrht-keys "$@" exec -a "$0" ${cfg.hg.package}/bin/hg.sr.ht-keys "$@"
''}:/usr/bin/hgsrht-keys" ''}:/usr/bin/hg.sr.ht-keys"
"${pkgs.writeShellScript "hgsrht-shell-wrapper" '' "${pkgs.writeShellScript "hg.sr.ht-shell-wrapper" ''
set -e set -e
cd /run/sourcehut/hgsrht/subdir cd /run/sourcehut/hg.sr.ht/subdir
exec -a "$0" ${pkgs.sourcehut.hgsrht}/bin/hgsrht-shell "$@" exec -a "$0" ${cfg.hg.package}/bin/hg.sr.ht-shell "$@"
''}:/usr/bin/hgsrht-shell" ''}:/usr/bin/hg.sr.ht-shell"
# Mercurial's changegroup hooks are run relative to their repository's directory, # Mercurial's changegroup hooks are run relative to their repository's directory,
# but hgsrht-hook-changegroup looks up ./config.ini # but hgsrht-hook-changegroup looks up ./config.ini
"${pkgs.writeShellScript "hgsrht-hook-changegroup" '' "${pkgs.writeShellScript "hgsrht-hook-changegroup" ''
set -e set -e
test -e "''$PWD"/config.ini || test -e "''$PWD"/config.ini ||
ln -s /run/sourcehut/hgsrht/config.ini "''$PWD"/config.ini ln -s /run/sourcehut/hg.sr.ht/config.ini "''$PWD"/config.ini
exec -a "$0" ${pkgs.sourcehut.hgsrht}/bin/hgsrht-hook-changegroup "$@" exec -a "$0" ${cfg.hg.package}/bin/hg.sr.ht-hook-changegroup "$@"
''}:/usr/bin/hgsrht-hook-changegroup" ''}:/usr/bin/hg.sr.ht-hook-changegroup"
]; ];
}; };
}; };
@ -985,17 +987,17 @@ in
(import ./service.nix "builds" { (import ./service.nix "builds" {
inherit configIniOfService; inherit configIniOfService;
srvsrht = "buildsrht"; pkgname = "buildsrht";
port = 5002; port = 5002;
extraServices.buildsrht-api = { extraServices."build.sr.ht-api" = {
serviceConfig.Restart = "always"; serviceConfig.Restart = "always";
serviceConfig.RestartSec = "5s"; serviceConfig.RestartSec = "5s";
serviceConfig.ExecStart = "${pkgs.sourcehut.buildsrht}/bin/buildsrht-api -b ${cfg.listenAddress}:${ serviceConfig.ExecStart = "${cfg.builds.package}/bin/builds.sr.ht-api -b ${cfg.listenAddress}:${
toString (cfg.builds.port + 100) toString (cfg.builds.port + 100)
}"; }";
}; };
# TODO: a celery worker on the master and worker are apparently needed # TODO: a celery worker on the master and worker are apparently needed
extraServices.buildsrht-worker = extraServices."build.sr.ht-worker" =
let let
qemuPackage = pkgs.qemu_kvm; qemuPackage = pkgs.qemu_kvm;
serviceName = "buildsrht-worker"; serviceName = "buildsrht-worker";
@ -1024,7 +1026,7 @@ in
fi fi
''; '';
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.sourcehut.buildsrht}/bin/buildsrht-worker"; ExecStart = "${cfg.builds.package}/bin/builds.sr.ht-worker";
BindPaths = [ cfg.settings."builds.sr.ht::worker".buildlogs ]; BindPaths = [ cfg.settings."builds.sr.ht::worker".buildlogs ];
LogsDirectory = [ "sourcehut/${serviceName}" ]; LogsDirectory = [ "sourcehut/${serviceName}" ];
RuntimeDirectory = [ "sourcehut/${serviceName}/subdir" ]; RuntimeDirectory = [ "sourcehut/${serviceName}/subdir" ];
@ -1055,7 +1057,7 @@ in
name = "buildsrht-worker-images-pre"; name = "buildsrht-worker-images-pre";
paths = image_dirs; paths = image_dirs;
# FIXME: not working, apparently because ubuntu/latest is a broken link # FIXME: not working, apparently because ubuntu/latest is a broken link
# ++ [ "${pkgs.sourcehut.buildsrht}/lib/images" ]; # ++ [ "${cfg.builds.package}/lib/images" ];
}; };
image_dir = pkgs.runCommand "buildsrht-worker-images" { } '' image_dir = pkgs.runCommand "buildsrht-worker-images" { } ''
mkdir -p $out/images mkdir -p $out/images
@ -1072,7 +1074,7 @@ in
{ {
# Note that git.sr.ht::dispatch is not a typo, # Note that git.sr.ht::dispatch is not a typo,
# gitsrht-dispatch always use this section # gitsrht-dispatch always use this section
"git.sr.ht::dispatch"."/usr/bin/buildsrht-keys" = "git.sr.ht::dispatch"."/usr/bin/builds.sr.ht-keys" =
mkDefault "${cfg.builds.user}:${cfg.builds.group}"; mkDefault "${cfg.builds.user}:${cfg.builds.group}";
} }
(mkIf cfg.builds.enableWorker { (mkIf cfg.builds.enableWorker {
@ -1113,8 +1115,10 @@ in
(import ./service.nix "git" ( (import ./service.nix "git" (
let let
baseService = { baseService = {
path = [ cfg.git.package ]; path = [ cfg.git.gitPackage ];
serviceConfig.BindPaths = [ "${cfg.settings."git.sr.ht".repos}:/var/lib/sourcehut/gitsrht/repos" ]; serviceConfig.BindPaths = [
"${cfg.settings."git.sr.ht".repos}:/var/lib/sourcehut/git.sr.ht/repos"
];
}; };
in in
{ {
@ -1123,23 +1127,23 @@ in
baseService baseService
{ {
serviceConfig.StateDirectory = [ serviceConfig.StateDirectory = [
"sourcehut/gitsrht" "sourcehut/git.sr.ht"
"sourcehut/gitsrht/repos" "sourcehut/git.sr.ht/repos"
]; ];
preStart = mkIf (versionOlder config.system.stateVersion "22.05") (mkBefore '' preStart = mkIf (versionOlder config.system.stateVersion "22.05") (mkBefore ''
# Fix Git hooks of repositories pre-dating https://github.com/NixOS/nixpkgs/pull/133984 # Fix Git hooks of repositories pre-dating https://github.com/NixOS/nixpkgs/pull/133984
( (
set +f set +f
shopt -s nullglob shopt -s nullglob
for h in /var/lib/sourcehut/gitsrht/repos/~*/*/hooks/{pre-receive,update,post-update} for h in /var/lib/sourcehut/git.sr.ht/repos/~*/*/hooks/{pre-receive,update,post-update}
do ln -fnsv /usr/bin/gitsrht-update-hook "$h"; done do ln -fnsv /usr/bin/git.sr.ht-update-hook "$h"; done
) )
''); '');
} }
]; ];
port = 5001; port = 5001;
webhooks = true; webhooks = true;
extraTimers.gitsrht-periodic = { extraTimers."git.sr.ht-periodic" = {
service = baseService; service = baseService;
timerConfig.OnCalendar = [ "*:0/20" ]; timerConfig.OnCalendar = [ "*:0/20" ];
}; };
@ -1149,7 +1153,7 @@ in
# Probably could use gitsrht-shell if output is restricted to just parameters... # Probably could use gitsrht-shell if output is restricted to just parameters...
users.users.${cfg.git.user}.shell = pkgs.bash; users.users.${cfg.git.user}.shell = pkgs.bash;
services.sourcehut.settings = { services.sourcehut.settings = {
"git.sr.ht::dispatch"."/usr/bin/gitsrht-keys" = mkDefault "${cfg.git.user}:${cfg.git.group}"; "git.sr.ht::dispatch"."/usr/bin/git.sr.ht-keys" = mkDefault "${cfg.git.user}:${cfg.git.group}";
}; };
systemd.services.sshd = baseService; systemd.services.sshd = baseService;
} }
@ -1164,49 +1168,50 @@ in
''; '';
}; };
locations."~ ^/([^/]+)/([^/]+)/(HEAD|info/refs|objects/info/.*|git-upload-pack).*$" = { locations."~ ^/([^/]+)/([^/]+)/(HEAD|info/refs|objects/info/.*|git-upload-pack).*$" = {
root = "/var/lib/sourcehut/gitsrht/repos"; root = "/var/lib/sourcehut/git.sr.ht/repos";
fastcgiParams = { fastcgiParams = {
GIT_HTTP_EXPORT_ALL = ""; GIT_HTTP_EXPORT_ALL = "";
GIT_PROJECT_ROOT = "$document_root"; GIT_PROJECT_ROOT = "$document_root";
PATH_INFO = "$uri"; PATH_INFO = "$uri";
SCRIPT_FILENAME = "${cfg.git.package}/bin/git-http-backend"; SCRIPT_FILENAME = "${cfg.git.gitPackage}/bin/git-http-backend";
}; };
extraConfig = '' extraConfig = ''
auth_request /authorize; auth_request /authorize;
fastcgi_read_timeout 500s; fastcgi_read_timeout 500s;
fastcgi_pass unix:/run/gitsrht-fcgiwrap.sock; fastcgi_pass unix:/run/git.sr.ht-fcgiwrap.sock;
gzip off; gzip off;
''; '';
}; };
}; };
systemd.sockets.gitsrht-fcgiwrap = { systemd.sockets."git.sr.ht-fcgiwrap" = {
before = [ "nginx.service" ]; before = [ "nginx.service" ];
wantedBy = [ wantedBy = [
"sockets.target" "sockets.target"
"gitsrht.service" "git.sr.ht.service"
]; ];
# This path remains accessible to nginx.service, which has no RootDirectory= # This path remains accessible to nginx.service, which has no RootDirectory=
socketConfig.ListenStream = "/run/gitsrht-fcgiwrap.sock"; socketConfig.ListenStream = "/run/git.sr.ht-fcgiwrap.sock";
socketConfig.SocketUser = nginx.user; socketConfig.SocketUser = nginx.user;
socketConfig.SocketMode = "600"; socketConfig.SocketMode = "600";
}; };
}) })
]; ];
extraServices.gitsrht-api.serviceConfig = { extraServices."git.sr.ht-api".serviceConfig = {
Restart = "always"; Restart = "always";
RestartSec = "5s"; RestartSec = "5s";
ExecStart = "${pkgs.sourcehut.gitsrht}/bin/gitsrht-api -b ${cfg.listenAddress}:${toString (cfg.git.port + 100)}"; ExecStart = "${cfg.git.package}/bin/git.sr.ht-api -b ${cfg.listenAddress}:${toString (cfg.git.port + 100)}";
BindPaths = [ "${cfg.settings."git.sr.ht".repos}:/var/lib/sourcehut/gitsrht/repos" ]; BindPaths = [ "${cfg.settings."git.sr.ht".repos}:/var/lib/sourcehut/git.sr.ht/repos" ];
}; };
extraServices.gitsrht-fcgiwrap = mkIf cfg.nginx.enable { extraServices."git.sr.ht-fcgiwrap" = mkIf cfg.nginx.enable {
serviceConfig = { serviceConfig = {
# Socket is passed by gitsrht-fcgiwrap.socket # Socket is passed by gitsrht-fcgiwrap.socket
ExecStart = "${pkgs.fcgiwrap}/sbin/fcgiwrap -c ${toString cfg.git.fcgiwrap.preforkProcess}"; ExecStart = "${pkgs.fcgiwrap}/bin/fcgiwrap -c ${toString cfg.git.fcgiwrap.preforkProcess}";
# No need for config.ini # No need for config.ini
ExecStartPre = mkForce [ ]; ExecStartPre = mkForce [ ];
User = null; # FIXME: Fails to start with dynamic user
DynamicUser = true; # User = null;
BindReadOnlyPaths = [ "${cfg.settings."git.sr.ht".repos}:/var/lib/sourcehut/gitsrht/repos" ]; # DynamicUser = true;
BindReadOnlyPaths = [ "${cfg.settings."git.sr.ht".repos}:/var/lib/sourcehut/git.sr.ht/repos" ];
IPAddressDeny = "any"; IPAddressDeny = "any";
InaccessiblePaths = [ InaccessiblePaths = [
"-+/run/postgresql" "-+/run/postgresql"
@ -1232,8 +1237,8 @@ in
(import ./service.nix "hg" ( (import ./service.nix "hg" (
let let
baseService = { baseService = {
path = [ cfg.hg.package ]; path = [ cfg.hg.mercurialPackage ];
serviceConfig.BindPaths = [ "${cfg.settings."hg.sr.ht".repos}:/var/lib/sourcehut/hgsrht/repos" ]; serviceConfig.BindPaths = [ "${cfg.settings."hg.sr.ht".repos}:/var/lib/sourcehut/hg.sr.ht/repos" ];
}; };
in in
{ {
@ -1242,26 +1247,26 @@ in
baseService baseService
{ {
serviceConfig.StateDirectory = [ serviceConfig.StateDirectory = [
"sourcehut/hgsrht" "sourcehut/hg.sr.ht"
"sourcehut/hgsrht/repos" "sourcehut/hg.sr.ht/repos"
]; ];
} }
]; ];
port = 5010; port = 5010;
webhooks = true; webhooks = true;
extraTimers.hgsrht-periodic = { extraTimers."hg.sr.ht-periodic" = {
service = baseService; service = baseService;
timerConfig.OnCalendar = [ "*:0/20" ]; timerConfig.OnCalendar = [ "*:0/20" ];
}; };
extraTimers.hgsrht-clonebundles = mkIf cfg.hg.cloneBundles { extraTimers."hg.sr.ht-clonebundles" = mkIf cfg.hg.cloneBundles {
service = baseService; service = baseService;
timerConfig.OnCalendar = [ "daily" ]; timerConfig.OnCalendar = [ "daily" ];
timerConfig.AccuracySec = "1h"; timerConfig.AccuracySec = "1h";
}; };
extraServices.hgsrht-api = { extraServices."hg.sr.ht-api" = {
serviceConfig.Restart = "always"; serviceConfig.Restart = "always";
serviceConfig.RestartSec = "5s"; serviceConfig.RestartSec = "5s";
serviceConfig.ExecStart = "${pkgs.sourcehut.hgsrht}/bin/hgsrht-api -b ${cfg.listenAddress}:${toString (cfg.hg.port + 100)}"; serviceConfig.ExecStart = "${cfg.hgsrht.package}/bin/hg.sr.ht-api -b ${cfg.listenAddress}:${toString (cfg.hg.port + 100)}";
}; };
extraConfig = mkMerge [ extraConfig = mkMerge [
{ {
@ -1269,7 +1274,7 @@ in
services.sourcehut.settings = { services.sourcehut.settings = {
# Note that git.sr.ht::dispatch is not a typo, # Note that git.sr.ht::dispatch is not a typo,
# gitsrht-dispatch always uses this section. # gitsrht-dispatch always uses this section.
"git.sr.ht::dispatch"."/usr/bin/hgsrht-keys" = mkDefault "${cfg.hg.user}:${cfg.hg.group}"; "git.sr.ht::dispatch"."/usr/bin/hg.sr.ht-keys" = mkDefault "${cfg.hg.user}:${cfg.hg.group}";
}; };
systemd.services.sshd = baseService; systemd.services.sshd = baseService;
} }
@ -1290,7 +1295,7 @@ in
# so someone would need to know or guess a SHA value to download anything. # so someone would need to know or guess a SHA value to download anything.
# TODO: proxyPass to an hg serve service? # TODO: proxyPass to an hg serve service?
locations."~ ^/[~^][a-z0-9_]+/[a-zA-Z0-9_.-]+/\\.hg/bundles/.*$" = { locations."~ ^/[~^][a-z0-9_]+/[a-zA-Z0-9_.-]+/\\.hg/bundles/.*$" = {
root = "/var/lib/nginx/hgsrht/repos"; root = "/var/lib/nginx/hg.sr.ht/repos";
extraConfig = '' extraConfig = ''
auth_request /authorize; auth_request /authorize;
gzip off; gzip off;
@ -1299,7 +1304,7 @@ in
}; };
systemd.services.nginx = { systemd.services.nginx = {
serviceConfig.BindReadOnlyPaths = [ serviceConfig.BindReadOnlyPaths = [
"${cfg.settings."hg.sr.ht".repos}:/var/lib/nginx/hgsrht/repos" "${cfg.settings."hg.sr.ht".repos}:/var/lib/nginx/hg.sr.ht/repos"
]; ];
}; };
}) })
@ -1330,23 +1335,23 @@ in
inherit configIniOfService; inherit configIniOfService;
port = 5006; port = 5006;
webhooks = true; webhooks = true;
extraServices.listssrht-api = { extraServices."lists.sr.ht-api" = {
serviceConfig.Restart = "always"; serviceConfig.Restart = "always";
serviceConfig.RestartSec = "5s"; serviceConfig.RestartSec = "5s";
serviceConfig.ExecStart = "${pkgs.sourcehut.listssrht}/bin/listssrht-api -b ${cfg.listenAddress}:${ serviceConfig.ExecStart = "${cfg.lists.package}/bin/lists.sr.ht-api -b ${cfg.listenAddress}:${
toString (cfg.lists.port + 100) toString (cfg.lists.port + 100)
}"; }";
}; };
# Receive the mail from Postfix and enqueue them into Redis and PostgreSQL # Receive the mail from Postfix and enqueue them into Redis and PostgreSQL
extraServices.listssrht-lmtp = { extraServices."lists.sr.ht-lmtp" = {
wants = [ "postfix.service" ]; wants = [ "postfix.service" ];
unitConfig.JoinsNamespaceOf = optional cfg.postfix.enable "postfix.service"; unitConfig.JoinsNamespaceOf = optional cfg.postfix.enable "postfix.service";
serviceConfig.ExecStart = "${pkgs.sourcehut.listssrht}/bin/listssrht-lmtp"; serviceConfig.ExecStart = "${cfg.lists.package}/bin/lists.sr.ht-lmtp";
# Avoid crashing: os.chown(sock, os.getuid(), sock_gid) # Avoid crashing: os.chown(sock, os.getuid(), sock_gid)
serviceConfig.PrivateUsers = mkForce false; serviceConfig.PrivateUsers = mkForce false;
}; };
# Dequeue the mails from Redis and dispatch them # Dequeue the mails from Redis and dispatch them
extraServices.listssrht-process = { extraServices."lists.sr.ht-process" = {
serviceConfig = { serviceConfig = {
preStart = '' preStart = ''
cp ${pkgs.writeText "${srvsrht}-webhooks-celeryconfig.py" cfg.lists.process.celeryConfig} \ cp ${pkgs.writeText "${srvsrht}-webhooks-celeryconfig.py" cfg.lists.process.celeryConfig} \
@ -1392,7 +1397,7 @@ in
OnCalendar = [ "daily" ]; OnCalendar = [ "daily" ];
AccuracySec = "1h"; AccuracySec = "1h";
}; };
extraServices.metasrht-api = { extraServices."meta.sr.ht-api" = {
serviceConfig.Restart = "always"; serviceConfig.Restart = "always";
serviceConfig.RestartSec = "5s"; serviceConfig.RestartSec = "5s";
preStart = preStart =
@ -1414,7 +1419,7 @@ in
) cfg.settings ) cfg.settings
) )
); );
serviceConfig.ExecStart = "${pkgs.sourcehut.metasrht}/bin/metasrht-api -b ${cfg.listenAddress}:${toString (cfg.meta.port + 100)}"; serviceConfig.ExecStart = "${cfg.meta.package}/bin/meta.sr.ht-api -b ${cfg.listenAddress}:${toString (cfg.meta.port + 100)}";
}; };
extraConfig = { extraConfig = {
assertions = [ assertions = [
@ -1428,14 +1433,14 @@ in
} }
]; ];
environment.systemPackages = optional cfg.meta.enable ( environment.systemPackages = optional cfg.meta.enable (
pkgs.writeShellScriptBin "metasrht-manageuser" '' pkgs.writeShellScriptBin "meta.sr.ht-manageuser" ''
set -eux set -eux
if test "$(${pkgs.coreutils}/bin/id -n -u)" != '${cfg.meta.user}' if test "$(${pkgs.coreutils}/bin/id -n -u)" != '${cfg.meta.user}'
then exec sudo -u '${cfg.meta.user}' "$0" "$@" then exec sudo -u '${cfg.meta.user}' "$0" "$@"
else else
# In order to load config.ini # In order to load config.ini
if cd /run/sourcehut/metasrht if cd /run/sourcehut/meta.sr.ht
then exec ${pkgs.sourcehut.metasrht}/bin/metasrht-manageuser "$@" then exec ${cfg.meta.package}/bin/meta.sr.ht-manageuser "$@"
else cat <<EOF else cat <<EOF
Please run: sudo systemctl start metasrht Please run: sudo systemctl start metasrht
EOF EOF
@ -1452,8 +1457,9 @@ in
port = 5112; port = 5112;
mainService = mainService =
let let
package = cfg.pages.package;
srvsrht = "pagessrht"; srvsrht = "pagessrht";
version = pkgs.sourcehut.${srvsrht}.version; version = package.version;
stateDir = "/var/lib/sourcehut/${srvsrht}"; stateDir = "/var/lib/sourcehut/${srvsrht}";
iniKey = "pages.sr.ht"; iniKey = "pages.sr.ht";
in in
@ -1467,13 +1473,13 @@ in
if test ! -e ${stateDir}/db; then if test ! -e ${stateDir}/db; then
${postgresql.package}/bin/psql '${ ${postgresql.package}/bin/psql '${
cfg.settings.${iniKey}.connection-string cfg.settings.${iniKey}.connection-string
}' -f ${pkgs.sourcehut.pagessrht}/share/sql/schema.sql }' -f ${cfg.pages.package}/share/sql/schema.sql
echo ${version} >${stateDir}/db echo ${version} >${stateDir}/db
fi fi
${optionalString cfg.settings.${iniKey}.migrate-on-upgrade '' ${optionalString cfg.settings.${iniKey}.migrate-on-upgrade ''
# Just try all the migrations because they're not linked to the version # Just try all the migrations because they're not linked to the version
for sql in ${pkgs.sourcehut.pagessrht}/share/sql/migrations/*.sql; do for sql in ${package}/share/sql/migrations/*.sql; do
${postgresql.package}/bin/psql '${cfg.settings.${iniKey}.connection-string}' -f "$sql" || true ${postgresql.package}/bin/psql '${cfg.settings.${iniKey}.connection-string}' -f "$sql" || true
done done
''} ''}
@ -1482,7 +1488,7 @@ in
touch ${stateDir}/webhook touch ${stateDir}/webhook
''; '';
serviceConfig = { serviceConfig = {
ExecStart = mkForce "${pkgs.sourcehut.pagessrht}/bin/pages.sr.ht -b ${cfg.listenAddress}:${toString cfg.pages.port}"; ExecStart = mkForce "${cfg.pages.package}/bin/pages.sr.ht -b ${cfg.listenAddress}:${toString cfg.pages.port}";
}; };
}; };
}) })
@ -1490,10 +1496,10 @@ in
(import ./service.nix "paste" { (import ./service.nix "paste" {
inherit configIniOfService; inherit configIniOfService;
port = 5011; port = 5011;
extraServices.pastesrht-api = { extraServices."paste.sr.ht-api" = {
serviceConfig.Restart = "always"; serviceConfig.Restart = "always";
serviceConfig.RestartSec = "5s"; serviceConfig.RestartSec = "5s";
serviceConfig.ExecStart = "${pkgs.sourcehut.pastesrht}/bin/pastesrht-api -b ${cfg.listenAddress}:${ serviceConfig.ExecStart = "${cfg.paste.package}/bin/paste.sr.ht-api -b ${cfg.listenAddress}:${
toString (cfg.paste.port + 100) toString (cfg.paste.port + 100)
}"; }";
}; };
@ -1503,15 +1509,15 @@ in
inherit configIniOfService; inherit configIniOfService;
port = 5003; port = 5003;
webhooks = true; webhooks = true;
extraServices.todosrht-api = { extraServices."todo.sr.ht-api" = {
serviceConfig.Restart = "always"; serviceConfig.Restart = "always";
serviceConfig.RestartSec = "5s"; serviceConfig.RestartSec = "5s";
serviceConfig.ExecStart = "${pkgs.sourcehut.todosrht}/bin/todosrht-api -b ${cfg.listenAddress}:${toString (cfg.todo.port + 100)}"; serviceConfig.ExecStart = "${cfg.todo.package}/bin/todo.sr.ht-api -b ${cfg.listenAddress}:${toString (cfg.todo.port + 100)}";
}; };
extraServices.todosrht-lmtp = { extraServices."todo.sr.ht-lmtp" = {
wants = [ "postfix.service" ]; wants = [ "postfix.service" ];
unitConfig.JoinsNamespaceOf = optional cfg.postfix.enable "postfix.service"; unitConfig.JoinsNamespaceOf = optional cfg.postfix.enable "postfix.service";
serviceConfig.ExecStart = "${pkgs.sourcehut.todosrht}/bin/todosrht-lmtp"; serviceConfig.ExecStart = "${cfg.todo.package}/bin/todo.sr.ht-lmtp";
# Avoid crashing: os.chown(sock, os.getuid(), sock_gid) # Avoid crashing: os.chown(sock, os.getuid(), sock_gid)
serviceConfig.PrivateUsers = mkForce false; serviceConfig.PrivateUsers = mkForce false;
}; };

21
nixos/modules/services/misc/sourcehut/service.nix
View file

@ -1,7 +1,8 @@
srv: srv:
{ {
configIniOfService, configIniOfService,
srvsrht ? "${srv}srht", # Because "buildsrht" does not follow that pattern (missing an "s"). pkgname ? "${srv}srht", # Because "buildsrht" does not follow that pattern (missing an "s").
srvsrht ? "${srv}.sr.ht",
iniKey ? "${srv}.sr.ht", iniKey ? "${srv}.sr.ht",
webhooks ? false, webhooks ? false,
extraTimers ? { }, extraTimers ? { },
@ -28,7 +29,7 @@ let
mkIf mkIf
mkMerge mkMerge
; ;
inherit (lib.options) mkEnableOption mkOption; inherit (lib.options) mkEnableOption mkOption mkPackageOption;
inherit (lib.strings) concatStringsSep hasSuffix optionalString; inherit (lib.strings) concatStringsSep hasSuffix optionalString;
inherit (config.services) postgresql; inherit (config.services) postgresql;
redis = config.services.redis.servers."sourcehut-${srvsrht}"; redis = config.services.redis.servers."sourcehut-${srvsrht}";
@ -162,6 +163,8 @@ in
{ {
enable = mkEnableOption "${srv} service"; enable = mkEnableOption "${srv} service";
package = mkPackageOption pkgs [ "sourcehut" pkgname ] { };
user = mkOption { user = mkOption {
type = types.str; type = types.str;
default = srvsrht; default = srvsrht;
@ -276,7 +279,7 @@ in
forceSSL = mkDefault true; forceSSL = mkDefault true;
locations."/".proxyPass = "http://${cfg.listenAddress}:${toString srvCfg.port}"; locations."/".proxyPass = "http://${cfg.listenAddress}:${toString srvCfg.port}";
locations."/static" = { locations."/static" = {
root = "${pkgs.sourcehut.${srvsrht}}/${pkgs.sourcehut.python.sitePackages}/${srvsrht}"; root = "${srvCfg.package}/${pkgs.sourcehut.python.sitePackages}/${srvsrht}";
extraConfig = mkDefault '' extraConfig = mkDefault ''
expires 30d; expires 30d;
''; '';
@ -367,12 +370,12 @@ in
StateDirectory = [ "sourcehut/${srvsrht}" ]; StateDirectory = [ "sourcehut/${srvsrht}" ];
StateDirectoryMode = "2750"; StateDirectoryMode = "2750";
ExecStart = ExecStart =
"${cfg.python}/bin/gunicorn ${srvsrht}.app:app --name ${srvsrht} --bind ${cfg.listenAddress}:${toString srvCfg.port} " "${cfg.python}/bin/gunicorn ${pkgname}.app:app --name ${srvsrht} --bind ${cfg.listenAddress}:${toString srvCfg.port} "
+ concatStringsSep " " srvCfg.gunicorn.extraArgs; + concatStringsSep " " srvCfg.gunicorn.extraArgs;
}; };
preStart = preStart =
let let
package = pkgs.sourcehut.${srvsrht}; package = srvCfg.package;
version = package.version; version = package.version;
stateDir = "/var/lib/sourcehut/${srvsrht}"; stateDir = "/var/lib/sourcehut/${srvsrht}";
in in
@ -385,7 +388,7 @@ in
if test ! -e ${stateDir}/db; then if test ! -e ${stateDir}/db; then
# Setup the initial database. # Setup the initial database.
# Note that it stamps the alembic head afterward # Note that it stamps the alembic head afterward
${package}/bin/${srvsrht}-initdb ${postgresql.package}/bin/psql -d ${srvsrht} -f ${package}/share/sourcehut/${srvsrht}-schema.sql
echo ${version} >${stateDir}/db echo ${version} >${stateDir}/db
fi fi
@ -401,7 +404,7 @@ in
# See https://lists.sr.ht/~sircmpwn/sr.ht-admins/<20190302181207.GA13778%40cirno.my.domain> # See https://lists.sr.ht/~sircmpwn/sr.ht-admins/<20190302181207.GA13778%40cirno.my.domain>
if test ! -e ${stateDir}/webhook; then if test ! -e ${stateDir}/webhook; then
# Update ${iniKey}'s users' profile copy to the latest # Update ${iniKey}'s users' profile copy to the latest
${cfg.python}/bin/srht-update-profiles ${iniKey} ${cfg.python}/bin/sr.ht-update-profiles ${iniKey}
touch ${stateDir}/webhook touch ${stateDir}/webhook
fi fi
''; '';
@ -424,7 +427,7 @@ in
Type = "simple"; Type = "simple";
Restart = "always"; Restart = "always";
ExecStart = ExecStart =
"${cfg.python}/bin/celery --app ${srvsrht}.webhooks worker --hostname ${srvsrht}-webhooks@%%h " "${cfg.python}/bin/celery --app ${pkgname}.webhooks worker --hostname ${srvsrht}-webhooks@%%h "
+ concatStringsSep " " srvCfg.webhooks.extraArgs; + concatStringsSep " " srvCfg.webhooks.extraArgs;
# Avoid crashing: os.getloadavg() # Avoid crashing: os.getloadavg()
ProcSubset = mkForce "all"; ProcSubset = mkForce "all";
@ -443,7 +446,7 @@ in
]; ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
ExecStart = "${pkgs.sourcehut.${srvsrht}}/bin/${timerName}"; ExecStart = "${srvCfg.package}/bin/${timerName}";
}; };
} }
(timer.service or { }) (timer.service or { })

8
nixos/tests/sourcehut/builds.nix
View file

@ -49,15 +49,15 @@ import ../make-test-python.nix (
machine.wait_for_unit("multi-user.target") machine.wait_for_unit("multi-user.target")
with subtest("Check whether meta comes up"): with subtest("Check whether meta comes up"):
machine.wait_for_unit("metasrht-api.service") machine.wait_for_unit("meta.sr.ht-api.service")
machine.wait_for_unit("metasrht.service") machine.wait_for_unit("meta.sr.ht.service")
machine.wait_for_unit("metasrht-webhooks.service") machine.wait_for_unit("meta.sr.ht-webhooks.service")
machine.wait_for_open_port(5000) machine.wait_for_open_port(5000)
machine.succeed("curl -sL http://localhost:5000 | grep meta.${domain}") machine.succeed("curl -sL http://localhost:5000 | grep meta.${domain}")
machine.succeed("curl -sL http://meta.${domain} | grep meta.${domain}") machine.succeed("curl -sL http://meta.${domain} | grep meta.${domain}")
with subtest("Check whether builds comes up"): with subtest("Check whether builds comes up"):
machine.wait_for_unit("buildsrht.service") machine.wait_for_unit("builds.sr.ht.service")
machine.wait_for_open_port(5002) machine.wait_for_open_port(5002)
machine.succeed("curl -sL http://localhost:5002 | grep builds.${domain}") machine.succeed("curl -sL http://localhost:5002 | grep builds.${domain}")
#machine.wait_for_unit("buildsrht-worker.service") #machine.wait_for_unit("buildsrht-worker.service")

19
nixos/tests/sourcehut/git.nix
View file

@ -63,25 +63,26 @@ import ../make-test-python.nix (
machine.wait_for_unit("sshd.service") machine.wait_for_unit("sshd.service")
with subtest("Check whether meta comes up"): with subtest("Check whether meta comes up"):
machine.wait_for_unit("metasrht-api.service") machine.wait_for_unit("meta.sr.ht-api.service")
machine.wait_for_unit("metasrht.service") machine.wait_for_unit("meta.sr.ht.service")
machine.wait_for_unit("metasrht-webhooks.service") machine.wait_for_unit("meta.sr.ht-webhooks.service")
machine.wait_for_open_port(5000) machine.wait_for_open_port(5000)
machine.succeed("curl -sL http://localhost:5000 | grep meta.${domain}") machine.succeed("curl -sL http://localhost:5000 | grep meta.${domain}")
machine.succeed("curl -sL http://meta.${domain} | grep meta.${domain}") machine.succeed("curl -sL http://meta.${domain} | grep meta.${domain}")
with subtest("Create a new user account and OAuth access key"): with subtest("Create a new user account and OAuth access key"):
machine.succeed("echo ${userPass} | metasrht-manageuser -ps -e ${userName}@${domain}\ machine.succeed("echo ${userPass} | meta.sr.ht-manageuser -ps -e ${userName}@${domain}\
-t active_paying ${userName}"); -t USER ${userName}");
cmd = "srht-gen-oauth-tok -i ${domain} -q ${userName} ${userPass}"
(_, token) = machine.execute("srht-gen-oauth-tok -i ${domain} -q ${userName} ${userPass}") (_, token) = machine.execute("srht-gen-oauth-tok -i ${domain} -q ${userName} ${userPass}")
token = token.strip().replace("/", r"\\/") # Escape slashes in token before passing it to sed token = token.strip().replace("/", r"\\/") # Escape slashes in token before passing it to sed
machine.execute("mkdir -p ~/.config/hut/") machine.execute("mkdir -p ~/.config/hut/")
machine.execute("sed s/OAUTH-TOKEN/" + token + "/ ${hutConfig} > ~/.config/hut/config") machine.execute("sed s/OAUTH-TOKEN/" + token + "/ ${hutConfig} > ~/.config/hut/config")
with subtest("Check whether git comes up"): with subtest("Check whether git comes up"):
machine.wait_for_unit("gitsrht-api.service") machine.wait_for_unit("git.sr.ht-api.service")
machine.wait_for_unit("gitsrht.service") machine.wait_for_unit("git.sr.ht.service")
machine.wait_for_unit("gitsrht-webhooks.service") machine.wait_for_unit("git.sr.ht-webhooks.service")
machine.succeed("curl -sL http://git.${domain} | grep git.${domain}") machine.succeed("curl -sL http://git.${domain} | grep git.${domain}")
with subtest("Add an SSH key for Git access"): with subtest("Add an SSH key for Git access"):
@ -95,7 +96,7 @@ import ../make-test-python.nix (
machine.execute("cd test && git add .") machine.execute("cd test && git add .")
machine.execute("cd test && git commit -m \"Initial commit\"") machine.execute("cd test && git commit -m \"Initial commit\"")
machine.execute("cd test && git tag v0.1") machine.execute("cd test && git tag v0.1")
machine.succeed("cd test && git remote add origin gitsrht@git.${domain}:~${userName}/test") machine.succeed("cd test && git remote add origin git.sr.ht@git.${domain}:~${userName}/test")
machine.execute("( echo -n 'git.${domain} '; cat /etc/ssh/ssh_host_ed25519_key.pub ) > ~/.ssh/known_hosts") machine.execute("( echo -n 'git.${domain} '; cat /etc/ssh/ssh_host_ed25519_key.pub ) > ~/.ssh/known_hosts")
machine.succeed("hut git create test") machine.succeed("hut git create test")
machine.succeed("cd test && git push --tags --set-upstream origin master") machine.succeed("cd test && git push --tags --set-upstream origin master")