From 395cc85b360bc161bb74d4b4f248de7357a79e05 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Wed, 22 Mar 2023 00:01:00 +0100 Subject: [PATCH 01/29] sourcehut: make script work with non-python modules Signed-off-by: Christoph Heiss --- .../version-management/sourcehut/update.sh | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/pkgs/applications/version-management/sourcehut/update.sh b/pkgs/applications/version-management/sourcehut/update.sh index 54727e0317cb9..e9efc0816eb13 100755 --- a/pkgs/applications/version-management/sourcehut/update.sh +++ b/pkgs/applications/version-management/sourcehut/update.sh @@ -7,16 +7,26 @@ root=../../../.. tmp=$(mktemp -d) trap 'rm -rf "$tmp"' EXIT +attr_path() { + case "$1" in + pagessrht) printf "sourcehut.$1";; + *) printf "sourcehut.python.pkgs.$1";; + esac +} + default() { - (cd "$root" && nix-instantiate --eval --strict -A "sourcehut.python.pkgs.$1.meta.position" | sed -re 's/^"(.*):[0-9]+"$/\1/') + local p="$(attr_path "$1")" + (cd "$root" && nix-instantiate --eval --strict -A $p.meta.position | sed -re 's/^"(.*):[0-9]+"$/\1/') } version() { - (cd "$root" && nix-instantiate --eval --strict -A "sourcehut.python.pkgs.$1.version" | tr -d '"') + local p="$(attr_path "$1")" + (cd "$root" && nix-instantiate --eval --strict -A $p.version | tr -d '"') } src_url() { - nix-instantiate --eval --strict --expr " with import $root {}; let src = sourcehut.python.pkgs.$1.drvAttrs.src; in src.meta.homepage" | tr -d '"' + local p="$(attr_path "$1")" + nix-instantiate --eval --strict --expr " with import $root {}; let src = $p.drvAttrs.src; in src.meta.homepage" | tr -d '"' } get_latest_version() { @@ -35,8 +45,9 @@ update_version() { default_nix="$(default "$1")" oldVersion="$(version "$1")" version="$(get_latest_version "$1")" + local p="$(attr_path "$1")" - (cd "$root" && update-source-version "sourcehut.python.pkgs.$1" "$version") + (cd "$root" && update-source-version "$p" "$version") # Update vendorHash of Go modules retry=true From d70317352043d4db2264285a18b1fce40446ab22 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Wed, 19 Apr 2023 23:41:17 +0200 Subject: [PATCH 02/29] sourcehut: make /query endpoint config common to all services Signed-off-by: Christoph Heiss --- .../services/misc/sourcehut/default.nix | 85 +++++++------------ .../services/misc/sourcehut/service.nix | 19 +++++ 2 files changed, 50 insertions(+), 54 deletions(-) diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index bee9716629722..5506e262107f4 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -77,6 +77,14 @@ let type = types.path; apply = s: "<" + toString s; }; + api-origin = mkOption { + description = lib.mdDoc "Origin URL for API, 100 more than web."; + type = types.str; + default = "http://${cfg.listenAddress}:${toString (cfg.${srv}.port + 100)}"; + defaultText = lib.literalMD '' + `"http://''${`[](#opt-services.sourcehut.listenAddress)`}:''${toString (`[](#opt-services.sourcehut.${srv}.port)` + 100)}"` + ''; + }; }; # Specialized python containing all the modules @@ -501,12 +509,6 @@ in options."meta.sr.ht" = removeAttrs (commonServiceSettings "meta") ["oauth-client-id" "oauth-client-secret"] // { - api-origin = mkOption { - description = lib.mdDoc "Origin URL for API, 100 more than web."; - type = types.str; - default = "http://${cfg.listenAddress}:${toString (cfg.meta.port + 100)}"; - defaultText = lib.literalMD ''`"http://''${`[](#opt-services.sourcehut.listenAddress)`}:''${toString (`[](#opt-services.sourcehut.meta.port)` + 100)}"`''; - }; webhooks = mkOption { description = lib.mdDoc "The Redis connection used for the webhooks worker."; type = types.str; @@ -1252,55 +1254,30 @@ in ) cfg.settings)); serviceConfig.ExecStart = "${pkgs.sourcehut.metasrht}/bin/metasrht-api -b ${cfg.listenAddress}:${toString (cfg.meta.port + 100)}"; }; - extraConfig = mkMerge [ - { - assertions = [ - { assertion = let s = cfg.settings."meta.sr.ht::billing"; in - s.enabled == "yes" -> (s.stripe-public-key != null && s.stripe-secret-key != null); - message = "If meta.sr.ht::billing is enabled, the keys must be defined."; - } - ]; - environment.systemPackages = optional cfg.meta.enable - (pkgs.writeShellScriptBin "metasrht-manageuser" '' - set -eux - if test "$(${pkgs.coreutils}/bin/id -n -u)" != '${cfg.meta.user}' - then exec sudo -u '${cfg.meta.user}' "$0" "$@" - else - # In order to load config.ini - if cd /run/sourcehut/metasrht - then exec ${cfg.python}/bin/metasrht-manageuser "$@" - else cat < (s.stripe-public-key != null && s.stripe-secret-key != null); + message = "If meta.sr.ht::billing is enabled, the keys must be defined."; + } + ]; + environment.systemPackages = optional cfg.meta.enable + (pkgs.writeShellScriptBin "metasrht-manageuser" '' + set -eux + if test "$(${pkgs.coreutils}/bin/id -n -u)" != '${cfg.meta.user}' + then exec sudo -u '${cfg.meta.user}' "$0" "$@" + else + # In order to load config.ini + if cd /run/sourcehut/metasrht + then exec ${cfg.python}/bin/metasrht-manageuser "$@" + else cat < Date: Tue, 21 Mar 2023 23:48:26 +0100 Subject: [PATCH 03/29] sourcehut.srht: 0.69.0 -> 0.69.15 Signed-off-by: Christoph Heiss --- .../version-management/sourcehut/core.nix | 74 ++++++++----------- .../version-management/sourcehut/default.nix | 4 +- .../sourcehut/disable-npm-install.patch | 14 ---- .../sourcehut/fetchNodeModules.nix | 26 ------- 4 files changed, 30 insertions(+), 88 deletions(-) delete mode 100644 pkgs/applications/version-management/sourcehut/disable-npm-install.patch delete mode 100644 pkgs/applications/version-management/sourcehut/fetchNodeModules.nix diff --git a/pkgs/applications/version-management/sourcehut/core.nix b/pkgs/applications/version-management/sourcehut/core.nix index e31bc13c82ae1..b413aa2c001d1 100644 --- a/pkgs/applications/version-management/sourcehut/core.nix +++ b/pkgs/applications/version-management/sourcehut/core.nix @@ -1,94 +1,78 @@ { lib , fetchFromSourcehut -, fetchNodeModules , buildPythonPackage -, pgpy , flask -, bleach -, misaka , humanize -, html5lib -, markdown +, sqlalchemy +, sqlalchemy-utils , psycopg2 -, pygments +, markdown +, mistletoe +, bleach , requests -, sqlalchemy -, cryptography , beautifulsoup4 -, sqlalchemy-utils +, pygments +, cryptography , prometheus-client -, celery , alembic +, redis +, celery +, html5lib , importlib-metadata -, mistletoe -, minio +, tinycss2 , sassc -, nodejs -, redis +, minify }: buildPythonPackage rec { pname = "srht"; - version = "0.69.0"; + version = "0.69.15"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "core.sr.ht"; rev = version; - sha256 = "sha256-s/I0wxtPggjTkkTZnhm77PxdQjiT0Vq2MIk7JMvdupc="; + sha256 = "sha256-T9yewweqnWL3IW5PHGyAcsIWCGn1ayK2rwrHVukYpgE="; fetchSubmodules = true; }; - node_modules = fetchNodeModules { - src = "${src}/srht"; - nodejs = nodejs; - sha256 = "sha256-IWKahdWv3qJ5DNyb1GB9JWYkZxghn6wzZe68clYXij8="; - }; - patches = [ - # Disable check for npm - ./disable-npm-install.patch # Fix Unix socket support in RedisQueueCollector patches/redis-socket/core/0001-Fix-Unix-socket-support-in-RedisQueueCollector.patch ]; propagatedNativeBuildInputs = [ sassc - nodejs + minify ]; propagatedBuildInputs = [ - pgpy flask - bleach - misaka humanize - html5lib - markdown + sqlalchemy + sqlalchemy-utils psycopg2 - pygments - requests + markdown mistletoe - sqlalchemy - cryptography + bleach + requests beautifulsoup4 - sqlalchemy-utils + pygments + cryptography prometheus-client - - # Unofficial runtime dependencies? - celery alembic - importlib-metadata - minio redis + celery + # Used transitively through beautifulsoup4 + html5lib + # Used transitively trough bleach.css_sanitizer + tinycss2 + # Used by srht.debug + importlib-metadata ]; PKGVER = version; - preBuild = '' - cp -r ${node_modules} srht/node_modules - ''; - dontUseSetuptoolsCheck = true; pythonImportsCheck = [ "srht" ]; diff --git a/pkgs/applications/version-management/sourcehut/default.nix b/pkgs/applications/version-management/sourcehut/default.nix index 9c9f6f4033301..2878332f32735 100644 --- a/pkgs/applications/version-management/sourcehut/default.nix +++ b/pkgs/applications/version-management/sourcehut/default.nix @@ -9,11 +9,9 @@ # Then we expose them through all-packages.nix as an application through `toPythonApplication` # https://github.com/NixOS/nixpkgs/pull/54425#discussion_r250688781 let - fetchNodeModules = callPackage ./fetchNodeModules.nix { }; - python = python3.override { packageOverrides = self: super: { - srht = self.callPackage ./core.nix { inherit fetchNodeModules; }; + srht = self.callPackage ./core.nix { }; buildsrht = self.callPackage ./builds.nix { }; gitsrht = self.callPackage ./git.nix { }; diff --git a/pkgs/applications/version-management/sourcehut/disable-npm-install.patch b/pkgs/applications/version-management/sourcehut/disable-npm-install.patch deleted file mode 100644 index 3a8d1c82b3415..0000000000000 --- a/pkgs/applications/version-management/sourcehut/disable-npm-install.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/setup.py b/setup.py -index d63bac8..e1d0c35 100755 ---- a/setup.py -+++ b/setup.py -@@ -5,9 +5,6 @@ import glob - import os - import sys - --if subprocess.call(["npm", "i"], cwd="srht") != 0: -- sys.exit(1) -- - ver = os.environ.get("PKGVER") or subprocess.run(['git', 'describe', '--tags'], - stdout=subprocess.PIPE).stdout.decode().strip() - diff --git a/pkgs/applications/version-management/sourcehut/fetchNodeModules.nix b/pkgs/applications/version-management/sourcehut/fetchNodeModules.nix deleted file mode 100644 index bbc18d0442d62..0000000000000 --- a/pkgs/applications/version-management/sourcehut/fetchNodeModules.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ lib, stdenv, jq }: { src, nodejs, sha256 }: - -# Only npm >= 5.4.2 is deterministic, see: -# https://github.com/npm/npm/issues/17979#issuecomment-332701215 -assert lib.versionAtLeast nodejs.version "8.9.0"; - -stdenv.mkDerivation { - name = "node_modules"; - - outputHashAlgo = "sha256"; - outputHash = sha256; - outputHashMode = "recursive"; - - nativeBuildInputs = [ jq nodejs ]; - - buildCommand = '' - cp -r ${src}/* . - HOME=. npm install --force --ignore-scripts --only=production - for f in $(find node_modules -name package.json); do - # https://github.com/npm/npm/issues/10393 - jq -S 'delpaths(keys | map(select(startswith("_")) | [.]))' $f > $f.tmp - mv $f.tmp $f - done - mv node_modules $out - ''; -} From 869781c2f43acdf917479941aa21983a69af3ddf Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Wed, 19 Apr 2023 23:43:36 +0200 Subject: [PATCH 04/29] sourcehut.buildsrht: 0.83.0 -> 0.86.10 Signed-off-by: Christoph Heiss --- .../version-management/sourcehut/builds.nix | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/pkgs/applications/version-management/sourcehut/builds.nix b/pkgs/applications/version-management/sourcehut/builds.nix index 0af4b1ceee29e..4831959d0fe0c 100644 --- a/pkgs/applications/version-management/sourcehut/builds.nix +++ b/pkgs/applications/version-management/sourcehut/builds.nix @@ -8,31 +8,32 @@ , pyyaml , markdown , ansi2html +, lxml , python , unzip }: let - version = "0.83.0"; + version = "0.86.10"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "builds.sr.ht"; rev = version; - hash = "sha256-u/y+sYu/09LypWI/ngghbge5SvkuLQpray10j0SjlOo="; + hash = "sha256-frwJgwJst2/NWd8VR0KbsVwm8JfWuekkY2oIIAdh3Fw="; }; buildsrht-api = buildGoModule ({ inherit src version; pname = "buildsrht-api"; modRoot = "api"; - vendorHash = "sha256-DfVWr/4J4ZrhHpy9CXPaAQcbag/9FmDgiexcNo0lEsk="; - } // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion= "0.17.20"; }); + vendorHash = "sha256-2khk7j22KON4MsuvFUNKSUpouJtVIOxE0hkh63iaxZ4="; + } // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion = "0.17.29"; }); buildsrht-worker = buildGoModule { inherit src version; sourceRoot = "${src.name}/worker"; pname = "buildsrht-worker"; - vendorHash = "sha256-y5RFPbtaGmgPpiV2Q3njeWORGZF1TJRjAbY6VgC1hek="; + vendorHash = "sha256-obdaeRwMhuiCV2kVwDo1c+rU/hmsbiL1IgAf7AcIpoc="; }; in buildPythonPackage rec { @@ -50,7 +51,9 @@ buildPythonPackage rec { celery pyyaml markdown + # Unofficial dependencies ansi2html + lxml ]; preBuild = '' From c123a37be6b224a48466f6e4329927f366a72efd Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Wed, 19 Apr 2023 23:43:58 +0200 Subject: [PATCH 05/29] sourcehut.gitsrht: 0.78.20 -> 0.84.2 Newer version of the gitsrht-api service call setrlimit() on startup, thus allow it in the `SystemCallFilter` definition for the service. Signed-off-by: Christoph Heiss --- .../services/misc/sourcehut/default.nix | 19 +++++++++++-------- .../services/misc/sourcehut/service.nix | 2 +- .../version-management/sourcehut/git.nix | 16 +++++++++------- 3 files changed, 21 insertions(+), 16 deletions(-) diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index 5506e262107f4..524e4a9b37705 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -803,6 +803,9 @@ in systemd.services.sshd = { #path = optional cfg.git.enable [ cfg.git.package ]; serviceConfig = { + BindPaths = optionals cfg.git.enable [ + "/var/log:/var/log" + ]; BindReadOnlyPaths = # Note that those /usr/bin/* paths are hardcoded in multiple places in *.sr.ht, # for instance to get the user from the [git.sr.ht::dispatch] settings. @@ -834,14 +837,13 @@ in set -e cd /run/sourcehut/gitsrht/subdir set -x + export PATH="${cfg.git.package}/bin:$PATH" + export SRHT_CONFIG=/run/sourcehut/gitsrht/config.ini exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-shell "$@" ''}:/usr/bin/gitsrht-shell" "${pkgs.writeShellScript "gitsrht-update-hook" '' set -e - test -e "''${PWD%/*}"/config.ini || - # Git hooks are run relative to their repository's directory, - # but gitsrht-update-hook looks up ../config.ini - ln -s /run/sourcehut/gitsrht/config.ini "''${PWD%/*}"/config.ini + export SRHT_CONFIG=/run/sourcehut/gitsrht/config.ini # hooks/post-update calls /usr/bin/gitsrht-update-hook as hooks/stage-3 # but this wrapper being a bash script, it overrides $0 with /usr/bin/gitsrht-update-hook # hence this hack to put hooks/stage-3 back into gitsrht-update-hook's $0 @@ -1068,10 +1070,11 @@ in }; }) ]; - extraServices.gitsrht-api = { - serviceConfig.Restart = "always"; - serviceConfig.RestartSec = "5s"; - serviceConfig.ExecStart = "${pkgs.sourcehut.gitsrht}/bin/gitsrht-api -b ${cfg.listenAddress}:${toString (cfg.git.port + 100)}"; + extraServices.gitsrht-api.serviceConfig = { + Restart = "always"; + RestartSec = "5s"; + ExecStart = "${pkgs.sourcehut.gitsrht}/bin/gitsrht-api -b ${cfg.listenAddress}:${toString (cfg.git.port + 100)}"; + BindPaths = [ "${cfg.settings."git.sr.ht".repos}:/var/lib/sourcehut/gitsrht/repos" ]; }; extraServices.gitsrht-fcgiwrap = mkIf cfg.nginx.enable { serviceConfig = { diff --git a/nixos/modules/services/misc/sourcehut/service.nix b/nixos/modules/services/misc/sourcehut/service.nix index 72c273d3452b8..26fbb3a113620 100644 --- a/nixos/modules/services/misc/sourcehut/service.nix +++ b/nixos/modules/services/misc/sourcehut/service.nix @@ -108,7 +108,7 @@ let #SocketBindDeny = "any"; SystemCallFilter = [ "@system-service" - "~@aio" "~@keyring" "~@memlock" "~@privileged" "~@resources" "~@timer" + "~@aio" "~@keyring" "~@memlock" "~@privileged" "~@timer" "@chown" "@setuid" ]; SystemCallArchitectures = "native"; diff --git a/pkgs/applications/version-management/sourcehut/git.nix b/pkgs/applications/version-management/sourcehut/git.nix index eae70b3724677..cf9089e1aa3f4 100644 --- a/pkgs/applications/version-management/sourcehut/git.nix +++ b/pkgs/applications/version-management/sourcehut/git.nix @@ -4,32 +4,33 @@ , buildPythonPackage , python , srht -, pygit2 , scmsrht +, pygit2 +, minio , unzip }: let - version = "0.78.20"; + version = "0.84.2"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "git.sr.ht"; rev = version; - sha256 = "sha256-rZsTtHobsgRVmMOjPa1fiKrPsNyFu/gOsmO0cTl5MqQ="; + sha256 = "sha256-sAkTsQlWtNDQ5vAhA2EeOvuJcj9A6AG8pgDyIKtr65s="; }; gitApi = buildGoModule ({ inherit src version; pname = "gitsrht-api"; modRoot = "api"; - vendorHash = "sha256-cCs9FUBusaAou9w4TDOg8GKxhRcsPbSNcQpxvFH/+so="; - } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); + vendorHash = "sha256-LAYp0zgosZnFEbtxzjuTH9++0lbxhACr705HqXJz3D0="; + } // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion = "0.17.20"; }); gitDispatch = buildGoModule { inherit src version; pname = "gitsrht-dispatch"; modRoot = "gitsrht-dispatch"; - vendorHash = "sha256-qWXPHo86s6iuRBhRMtmD5jxnAWKdrWHtA/iSUkdw89M="; + vendorHash = "sha256-EDvSZ3/g0xDSohrsAIpNhk+F0yy8tbnTW/3tURTonMc="; }; gitKeys = buildGoModule { @@ -65,8 +66,9 @@ buildPythonPackage rec { propagatedBuildInputs = [ srht - pygit2 scmsrht + pygit2 + minio ]; preBuild = '' From a9730572cb3df0685d93a5d608fa19c04d4091f5 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Tue, 21 Mar 2023 23:48:57 +0100 Subject: [PATCH 06/29] sourcehut.hgsrht: 0.31.3 -> 0.32.4 Signed-off-by: Christoph Heiss --- pkgs/applications/version-management/sourcehut/hg.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/applications/version-management/sourcehut/hg.nix b/pkgs/applications/version-management/sourcehut/hg.nix index 205e4e7b1d1d1..3ada1ac0c3cf2 100644 --- a/pkgs/applications/version-management/sourcehut/hg.nix +++ b/pkgs/applications/version-management/sourcehut/hg.nix @@ -12,13 +12,13 @@ buildPythonPackage rec { pname = "hgsrht"; - version = "0.31.3"; + version = "0.32.4"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "hg.sr.ht"; rev = version; - sha256 = "4Qe08gqsSTMQVQBchFPEUXuxM8ZAAQGJT1EOcDjkZa0="; + sha256 = "mYkA44c9wy/Iy1h1lXkVpc9gN7rQXFm4T3YBlQ1Dj60="; vc = "hg"; }; @@ -31,8 +31,8 @@ buildPythonPackage rec { inherit src version; pname = "hgsrht-api"; modRoot = "api"; - vendorHash = "sha256-uIP3W7UJkP68HJUF33kz5xfg/KBiaSwMozFYmQJQkys="; - } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); + vendorHash = "sha256-vuOYpnF3WjA6kOe9MVSuVMhJBQqCmIex+QUBJrP+VDs="; + } // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion = "0.17.20"; }); hgsrht-keys = buildGoModule { inherit src version; @@ -42,9 +42,9 @@ buildPythonPackage rec { }; propagatedBuildInputs = [ - srht python-hglib scmsrht + srht unidiff ]; From 1a7c5a811250ae1ba8bd5daab129100e80e0d6f3 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Tue, 21 Mar 2023 23:49:03 +0100 Subject: [PATCH 07/29] sourcehut.hubsrht: 0.14.14 -> 0.17.2 Signed-off-by: Christoph Heiss --- .../version-management/sourcehut/hub.nix | 24 ++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/version-management/sourcehut/hub.nix b/pkgs/applications/version-management/sourcehut/hub.nix index c3a9c509f8934..50fab20a34897 100644 --- a/pkgs/applications/version-management/sourcehut/hub.nix +++ b/pkgs/applications/version-management/sourcehut/hub.nix @@ -1,21 +1,35 @@ { lib , fetchFromSourcehut +, buildGoModule , buildPythonPackage +, python , srht , pyyaml +, unzip }: buildPythonPackage rec { pname = "hubsrht"; - version = "0.14.14"; + version = "0.17.2"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "hub.sr.ht"; rev = version; - sha256 = "sha256-4n6oQ+AAvdJY/5KflxAp62chjyrlSUkmt319DKZk33w="; + sha256 = "sha256-A+lvRsPz5EBnM0gB4PJuxSMpELZTrK14ORxDbTKPXWg="; }; + postPatch = '' + substituteInPlace Makefile --replace "all: api" "" + ''; + + hubsrht-api = buildGoModule ({ + inherit src version; + pname = "hubsrht-api"; + modRoot = "api"; + vendorHash = "sha256-K5EmZ4U+xItTR85+SCwhwg5KUGLkKHo9Nr2pkvmJpfo="; + } // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion = "0.17.20"; }); + propagatedBuildInputs = [ srht pyyaml @@ -23,9 +37,13 @@ buildPythonPackage rec { preBuild = '' export PKGVER=${version} + export SRHT_PATH=${srht}/${python.sitePackages}/srht + ''; + + postInstall = '' + ln -s ${hubsrht-api}/bin/api $out/bin/hubsrht-api ''; - dontUseSetuptoolsCheck = true; pythonImportsCheck = [ "hubsrht" ]; meta = with lib; { From b0fb4dc3a9bd487e0543e77fdc595472e1137ef4 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Tue, 21 Mar 2023 23:49:09 +0100 Subject: [PATCH 08/29] sourcehut.listssrht: 0.51.11 -> 0.57.8 Signed-off-by: Christoph Heiss --- .../version-management/sourcehut/lists.nix | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/pkgs/applications/version-management/sourcehut/lists.nix b/pkgs/applications/version-management/sourcehut/lists.nix index b875a46fcafac..0f4530d24e88e 100644 --- a/pkgs/applications/version-management/sourcehut/lists.nix +++ b/pkgs/applications/version-management/sourcehut/lists.nix @@ -3,32 +3,31 @@ , buildGoModule , buildPythonPackage , srht -, asyncpg , aiosmtpd +, asyncpg , pygit2 , emailthreads -, redis , python , unzip }: buildPythonPackage rec { pname = "listssrht"; - version = "0.51.11"; + version = "0.57.8"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "lists.sr.ht"; rev = version; - sha256 = "sha256-Qb70oOazZfmHpC5r0oMYCFdvfAeKbq3mQA8+M56YYnY="; + sha256 = "sha256-nQZRSTAyTWxcPHrRVCZ5TgcrNgrlxBFc1vRds0cQwA0="; }; listssrht-api = buildGoModule ({ inherit src version; pname = "listssrht-api"; modRoot = "api"; - vendorHash = "sha256-xnmMkRSokbhWD+kz0XQ9AinYdm6/50FRBISURPvlzD0="; - } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); + vendorHash = "sha256-E5Zzft9ANJT/nhhCuenZpdo3t9QYLmA+AyDyrbGectE="; + } // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion = "0.17.20"; }); postPatch = '' substituteInPlace Makefile \ @@ -37,11 +36,11 @@ buildPythonPackage rec { propagatedBuildInputs = [ srht - pygit2 - asyncpg aiosmtpd + asyncpg + pygit2 + # Unofficial dependency emailthreads - redis ]; preBuild = '' From 30054093c9f080b8dcb6022b384824ff1dbebc61 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Tue, 21 Mar 2023 23:49:14 +0100 Subject: [PATCH 09/29] sourcehut.mansrht: 0.15.26 -> 0.16.1 Signed-off-by: Christoph Heiss --- .../version-management/sourcehut/man.nix | 21 +++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/version-management/sourcehut/man.nix b/pkgs/applications/version-management/sourcehut/man.nix index dadc508edd869..e88f7338ee3cd 100644 --- a/pkgs/applications/version-management/sourcehut/man.nix +++ b/pkgs/applications/version-management/sourcehut/man.nix @@ -1,22 +1,35 @@ { lib , fetchFromSourcehut +, buildGoModule , buildPythonPackage , srht , pygit2 , python +, unzip }: buildPythonPackage rec { pname = "mansrht"; - version = "0.15.26"; + version = "0.16.1"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "man.sr.ht"; rev = version; - sha256 = "sha256-5xZH6DrTXMdWd26OGICp7lZ/QDjACIa7zNUJHB7jzGo="; + sha256 = "sha256-94G9/Kzt1gaQ2CaXtsJYCB6W5OTdn27XhVdpNJ9a5cE="; }; + postPatch = '' + substituteInPlace Makefile --replace "all: api" "" + ''; + + mansrht-api = buildGoModule ({ + inherit src version; + pname = "mansrht-api"; + modRoot = "api"; + vendorHash = "sha256-K5EmZ4U+xItTR85+SCwhwg5KUGLkKHo9Nr2pkvmJpfo="; + } // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion = "0.17.20"; }); + propagatedBuildInputs = [ srht pygit2 @@ -27,6 +40,10 @@ buildPythonPackage rec { export SRHT_PATH=${srht}/${python.sitePackages}/srht ''; + postInstall = '' + ln -s ${mansrht-api}/bin/api $out/bin/mansrht-api + ''; + pythonImportsCheck = [ "mansrht" ]; meta = with lib; { From 558767f939ac61c04457e4429711bc4f3215a855 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Tue, 21 Mar 2023 23:49:51 +0100 Subject: [PATCH 10/29] sourcehut.metasrht: 0.61.3 -> 0.64.8 Signed-off-by: Christoph Heiss --- .../version-management/sourcehut/meta.nix | 34 +++++++------------ 1 file changed, 13 insertions(+), 21 deletions(-) diff --git a/pkgs/applications/version-management/sourcehut/meta.nix b/pkgs/applications/version-management/sourcehut/meta.nix index 205409bb4d945..b1acd0c5a47c3 100644 --- a/pkgs/applications/version-management/sourcehut/meta.nix +++ b/pkgs/applications/version-management/sourcehut/meta.nix @@ -2,37 +2,33 @@ , fetchFromSourcehut , buildPythonPackage , buildGoModule -, pgpy -, srht -, redis +, alembic , bcrypt +, dnspython , qrcode +, redis +, srht , stripe -, zxcvbn -, alembic -, pystache -, dnspython -, sshpubkeys -, weasyprint , prometheus-client +, zxcvbn , python , unzip }: let - version = "0.61.3"; + version = "0.64.8"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "meta.sr.ht"; rev = version; - hash = "sha256-wMcpdRSRvxYEV163mdTGOemk62gljua89SOtwe6qGXU="; + hash = "sha256-eiNvoy68PvjZ3iwdeNPjsXJjxAXb2PMF1/HvJquWa/U="; }; metasrht-api = buildGoModule ({ inherit src version; pname = "metasrht-api"; modRoot = "api"; - vendorHash = "sha256-ZoDRGmGe9o5pn89gJ60wjSp5Cc0yxRfvdhNnbwAhmSI="; + vendorHash = "sha256-D3stDSb99uXze49kKZgGrAq5Zmg6hkIzIpsQKlnKVtE="; } // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion = "0.17.20"; }); in @@ -46,19 +42,15 @@ buildPythonPackage rec { ''; propagatedBuildInputs = [ - pgpy - srht - redis + alembic bcrypt + dnspython qrcode + redis + srht stripe - zxcvbn - alembic - pystache - sshpubkeys - weasyprint prometheus-client - dnspython + zxcvbn ]; preBuild = '' From b916bbd1ea3634fc20a8f7ca1b57679150f1b868 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Wed, 22 Mar 2023 00:00:42 +0100 Subject: [PATCH 11/29] sourcehut.pagessrht: 0.7.4 -> 0.13.0 Signed-off-by: Christoph Heiss --- pkgs/applications/version-management/sourcehut/pages.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/applications/version-management/sourcehut/pages.nix b/pkgs/applications/version-management/sourcehut/pages.nix index abcef1648fc44..6e7432ae427fb 100644 --- a/pkgs/applications/version-management/sourcehut/pages.nix +++ b/pkgs/applications/version-management/sourcehut/pages.nix @@ -6,13 +6,13 @@ buildGoModule (rec { pname = "pagessrht"; - version = "0.7.4"; + version = "0.13.0"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "pages.sr.ht"; rev = version; - sha256 = "sha256-WM9T2LS8yIqaR0PQQRgMk/tiMYcw8DZVPMqMWkj/5RY="; + sha256 = "sha256-vUN6c6cyhcLI8bKrFYKoxlBQ29VS/bowpSfBRmi47wg="; }; postPatch = '' @@ -20,7 +20,7 @@ buildGoModule (rec { --replace "all: server" "" ''; - vendorHash = "sha256-VOqY/nStqGyfWOXnJSZX8UYyp2kzcibQM2NRNysHYEc="; + vendorHash = "sha256-GKuHkUqSVBLN3k8YsFtxdmdHFkqKo9YZqDk2GBmbfWo="; postInstall = '' mkdir -p $out/share/sql/ @@ -35,4 +35,4 @@ buildGoModule (rec { }; # There is no ./loaders but this does not cause troubles # to go generate -} // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion= "0.17.9"; }) +} // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion= "0.17.20"; }) From 8d573f2df8aa625c198650034fd3980e72368f4a Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Sun, 2 Apr 2023 22:54:46 +0200 Subject: [PATCH 12/29] sourcehut.pastesrht: 0.13.8 -> 0.15.1 Signed-off-by: Christoph Heiss --- pkgs/applications/version-management/sourcehut/paste.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/version-management/sourcehut/paste.nix b/pkgs/applications/version-management/sourcehut/paste.nix index 253ea8c0b9d67..d62ee38fc2335 100644 --- a/pkgs/applications/version-management/sourcehut/paste.nix +++ b/pkgs/applications/version-management/sourcehut/paste.nix @@ -8,13 +8,13 @@ buildPythonPackage rec { pname = "pastesrht"; - version = "0.13.8"; + version = "0.15.1"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "paste.sr.ht"; rev = version; - sha256 = "sha256-Zji9FyYUtsklYz4qyLbtduusteC7WujLCMmvZKcqYis="; + sha256 = "sha256-IUFX7/V8AWqN+iuisLAyu7lMNIUCzSMoOfcZiYJTnrM="; }; postPatch = '' From f53540afddd67ccdb44ba3e8174d7722e5d60940 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Sun, 2 Apr 2023 22:47:35 +0200 Subject: [PATCH 13/29] sourcehut.scmsrht: 0.22.22 -> 0.22.23 Signed-off-by: Christoph Heiss --- pkgs/applications/version-management/sourcehut/scm.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/pkgs/applications/version-management/sourcehut/scm.nix b/pkgs/applications/version-management/sourcehut/scm.nix index 1edc951cbed8b..810f3007c2537 100644 --- a/pkgs/applications/version-management/sourcehut/scm.nix +++ b/pkgs/applications/version-management/sourcehut/scm.nix @@ -2,25 +2,23 @@ , fetchFromSourcehut , buildPythonPackage , srht -, redis , pyyaml , buildsrht }: buildPythonPackage rec { pname = "scmsrht"; - version = "0.22.22"; + version = "0.22.23"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "scm.sr.ht"; rev = version; - sha256 = "sha256-iSzzyI8HZOpOb4dyt520MV/wds14fNag2+UOF09KS7w="; + sha256 = "sha256-058dOEYJDY3jtxH1VkV1CFq5CZTkauSnTWg57DCnNtw="; }; propagatedBuildInputs = [ srht - redis pyyaml buildsrht ]; From c0c73555a5d19052cf5e22cadfb5c040be5101e3 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Mon, 3 Apr 2023 00:48:36 +0200 Subject: [PATCH 14/29] sourcehut.todosrht: 0.72.2 -> 0.74.6 Signed-off-by: Christoph Heiss --- .../applications/version-management/sourcehut/todo.nix | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/pkgs/applications/version-management/sourcehut/todo.nix b/pkgs/applications/version-management/sourcehut/todo.nix index 6b00d3793d93b..0a5cefc130d5c 100644 --- a/pkgs/applications/version-management/sourcehut/todo.nix +++ b/pkgs/applications/version-management/sourcehut/todo.nix @@ -3,9 +3,7 @@ , buildGoModule , buildPythonPackage , srht -, redis , alembic -, pystache , pytest , factory-boy , python @@ -14,13 +12,13 @@ buildPythonPackage rec { pname = "todosrht"; - version = "0.72.2"; + version = "0.74.6"; src = fetchFromSourcehut { owner = "~sircmpwn"; repo = "todo.sr.ht"; rev = version; - sha256 = "sha256-FLjVO8Y/9s2gFfMXwcY7Rj3WNzPEBYs1AEjiVZFWsT8="; + sha256 = "sha256-j12pCGfKf6+9R8NOBIrH2V4OuSMuncU6S1AMWFVoHts="; }; postPatch = '' @@ -32,14 +30,12 @@ buildPythonPackage rec { inherit src version; pname = "todosrht-api"; modRoot = "api"; - vendorHash = "sha256-LB1H4jwnvoEyaaYJ09NI/M6IkgZwRet/fkso6b9EPV0="; + vendorHash = "sha256-rvfG5F6ez8UM0dYVhKfzwtb7ZEJlaKMBAfKDbo3Aofc="; } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); propagatedBuildInputs = [ srht - redis alembic - pystache ]; preBuild = '' From 900664876c724d0ec8f14486c96462cb4953d5f2 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Wed, 29 Mar 2023 21:39:26 +0200 Subject: [PATCH 15/29] sourcehut: default gqlgenVersion 0.17.2 -> 0.17.20 Most packages now uses this version, so avoid having it specify it every time. Signed-off-by: Christoph Heiss --- .../version-management/sourcehut/fix-gqlgen-trimpath.nix | 2 +- pkgs/applications/version-management/sourcehut/git.nix | 2 +- pkgs/applications/version-management/sourcehut/hg.nix | 2 +- pkgs/applications/version-management/sourcehut/hub.nix | 2 +- pkgs/applications/version-management/sourcehut/lists.nix | 2 +- pkgs/applications/version-management/sourcehut/man.nix | 2 +- pkgs/applications/version-management/sourcehut/meta.nix | 2 +- pkgs/applications/version-management/sourcehut/pages.nix | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/pkgs/applications/version-management/sourcehut/fix-gqlgen-trimpath.nix b/pkgs/applications/version-management/sourcehut/fix-gqlgen-trimpath.nix index 4327e395d5333..8737e4266f452 100644 --- a/pkgs/applications/version-management/sourcehut/fix-gqlgen-trimpath.nix +++ b/pkgs/applications/version-management/sourcehut/fix-gqlgen-trimpath.nix @@ -1,5 +1,5 @@ { unzip -, gqlgenVersion ? "0.17.2" +, gqlgenVersion ? "0.17.20" }: { overrideModAttrs = (_: { diff --git a/pkgs/applications/version-management/sourcehut/git.nix b/pkgs/applications/version-management/sourcehut/git.nix index cf9089e1aa3f4..af93057e670c5 100644 --- a/pkgs/applications/version-management/sourcehut/git.nix +++ b/pkgs/applications/version-management/sourcehut/git.nix @@ -24,7 +24,7 @@ let pname = "gitsrht-api"; modRoot = "api"; vendorHash = "sha256-LAYp0zgosZnFEbtxzjuTH9++0lbxhACr705HqXJz3D0="; - } // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion = "0.17.20"; }); + } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); gitDispatch = buildGoModule { inherit src version; diff --git a/pkgs/applications/version-management/sourcehut/hg.nix b/pkgs/applications/version-management/sourcehut/hg.nix index 3ada1ac0c3cf2..2ac9861135d0d 100644 --- a/pkgs/applications/version-management/sourcehut/hg.nix +++ b/pkgs/applications/version-management/sourcehut/hg.nix @@ -32,7 +32,7 @@ buildPythonPackage rec { pname = "hgsrht-api"; modRoot = "api"; vendorHash = "sha256-vuOYpnF3WjA6kOe9MVSuVMhJBQqCmIex+QUBJrP+VDs="; - } // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion = "0.17.20"; }); + } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); hgsrht-keys = buildGoModule { inherit src version; diff --git a/pkgs/applications/version-management/sourcehut/hub.nix b/pkgs/applications/version-management/sourcehut/hub.nix index 50fab20a34897..6f1b17b01c3e7 100644 --- a/pkgs/applications/version-management/sourcehut/hub.nix +++ b/pkgs/applications/version-management/sourcehut/hub.nix @@ -28,7 +28,7 @@ buildPythonPackage rec { pname = "hubsrht-api"; modRoot = "api"; vendorHash = "sha256-K5EmZ4U+xItTR85+SCwhwg5KUGLkKHo9Nr2pkvmJpfo="; - } // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion = "0.17.20"; }); + } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); propagatedBuildInputs = [ srht diff --git a/pkgs/applications/version-management/sourcehut/lists.nix b/pkgs/applications/version-management/sourcehut/lists.nix index 0f4530d24e88e..24b56b9dd3c15 100644 --- a/pkgs/applications/version-management/sourcehut/lists.nix +++ b/pkgs/applications/version-management/sourcehut/lists.nix @@ -27,7 +27,7 @@ buildPythonPackage rec { pname = "listssrht-api"; modRoot = "api"; vendorHash = "sha256-E5Zzft9ANJT/nhhCuenZpdo3t9QYLmA+AyDyrbGectE="; - } // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion = "0.17.20"; }); + } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); postPatch = '' substituteInPlace Makefile \ diff --git a/pkgs/applications/version-management/sourcehut/man.nix b/pkgs/applications/version-management/sourcehut/man.nix index e88f7338ee3cd..b01d739a06009 100644 --- a/pkgs/applications/version-management/sourcehut/man.nix +++ b/pkgs/applications/version-management/sourcehut/man.nix @@ -28,7 +28,7 @@ buildPythonPackage rec { pname = "mansrht-api"; modRoot = "api"; vendorHash = "sha256-K5EmZ4U+xItTR85+SCwhwg5KUGLkKHo9Nr2pkvmJpfo="; - } // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion = "0.17.20"; }); + } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); propagatedBuildInputs = [ srht diff --git a/pkgs/applications/version-management/sourcehut/meta.nix b/pkgs/applications/version-management/sourcehut/meta.nix index b1acd0c5a47c3..28cab5852193c 100644 --- a/pkgs/applications/version-management/sourcehut/meta.nix +++ b/pkgs/applications/version-management/sourcehut/meta.nix @@ -29,7 +29,7 @@ let pname = "metasrht-api"; modRoot = "api"; vendorHash = "sha256-D3stDSb99uXze49kKZgGrAq5Zmg6hkIzIpsQKlnKVtE="; - } // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion = "0.17.20"; }); + } // import ./fix-gqlgen-trimpath.nix { inherit unzip; }); in buildPythonPackage rec { diff --git a/pkgs/applications/version-management/sourcehut/pages.nix b/pkgs/applications/version-management/sourcehut/pages.nix index 6e7432ae427fb..ca608438687ba 100644 --- a/pkgs/applications/version-management/sourcehut/pages.nix +++ b/pkgs/applications/version-management/sourcehut/pages.nix @@ -35,4 +35,4 @@ buildGoModule (rec { }; # There is no ./loaders but this does not cause troubles # to go generate -} // import ./fix-gqlgen-trimpath.nix { inherit unzip; gqlgenVersion= "0.17.20"; }) +} // import ./fix-gqlgen-trimpath.nix { inherit unzip; }) From 12fe05f0e30baefa18b890420df7628a213f77ec Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Mon, 3 Apr 2023 12:34:30 +0200 Subject: [PATCH 16/29] sourcehut: add override for SQLAlchemy 1.x Signed-off-by: Christoph Heiss --- .../version-management/sourcehut/default.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/pkgs/applications/version-management/sourcehut/default.nix b/pkgs/applications/version-management/sourcehut/default.nix index 2878332f32735..b2005f5643be6 100644 --- a/pkgs/applications/version-management/sourcehut/default.nix +++ b/pkgs/applications/version-management/sourcehut/default.nix @@ -3,6 +3,7 @@ , recurseIntoAttrs , nixosTests , config +, fetchPypi }: # To expose the *srht modules, they have to be a python module so we use `buildPythonModule` @@ -24,6 +25,18 @@ let todosrht = self.callPackage ./todo.nix { }; scmsrht = self.callPackage ./scm.nix { }; + + # sourcehut is not (yet) compatible with SQLAlchemy 2.x + sqlalchemy = super.sqlalchemy.overridePythonAttrs (oldAttrs: rec { + version = "1.4.46"; + src = fetchPypi { + pname = "SQLAlchemy"; + inherit version; + hash = "sha256-aRO4JH2KKS74MVFipRkx4rQM6RaB8bbxj2lwRSAMSjA="; + }; + nativeCheckInputs = with super; [ pytestCheckHook mock ]; + disabledTestPaths = []; + }); }; }; in From 6e51802196d4b3f60e65b061c637d90cbc5fceb8 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Thu, 20 Apr 2023 01:31:14 +0200 Subject: [PATCH 17/29] sourcehut: fix `repos` path by using actual settings value Signed-off-by: Christoph Heiss --- nixos/modules/services/misc/sourcehut/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index 524e4a9b37705..9774917407e41 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -38,9 +38,9 @@ let # for services needing access to them. "builds.sr.ht::worker".buildlogs = "/var/log/sourcehut/buildsrht-worker"; "git.sr.ht".post-update-script = "/usr/bin/gitsrht-update-hook"; - "git.sr.ht".repos = "/var/lib/sourcehut/gitsrht/repos"; + "git.sr.ht".repos = cfg.settings."git.sr.ht".repos; "hg.sr.ht".changegroup-script = "/usr/bin/hgsrht-hook-changegroup"; - "hg.sr.ht".repos = "/var/lib/sourcehut/hgsrht/repos"; + "hg.sr.ht".repos = cfg.settings."hg.sr.ht".repos; # Making this a per service option despite being in a global section, # so that it uses the redis-server used by the service. "sr.ht".redis-host = cfg.${srv}.redis.host; From 6648488333f66dd8fee678f27fb33016b046090f Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Fri, 21 Apr 2023 01:13:42 +0200 Subject: [PATCH 18/29] sourcehut: fix logging of git/hg ssh commands Signed-off-by: Christoph Heiss --- .../services/misc/sourcehut/default.nix | 17 ++++++++++++---- .../version-management/sourcehut/git.nix | 20 +++++++++++++++++++ .../version-management/sourcehut/hg.nix | 8 ++++++++ 3 files changed, 41 insertions(+), 4 deletions(-) diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index 9774917407e41..6e1347a52d6f7 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -801,11 +801,20 @@ in ''; }; systemd.services.sshd = { - #path = optional cfg.git.enable [ cfg.git.package ]; + preStart = concatStringsSep "\n" ( + optionals cfg.git.enable (map (n: '' + touch /var/log/sourcehut/gitsrht-${n} # create if it does not exist yet + chown --silent ${cfg.git.user}:${cfg.git.group} /var/log/sourcehut/gitsrht-${n} || true + '') [ + "keys" + "shell" + "update-hook" + ]) ++ + optional cfg.hg.enable [ + "chown ${cfg.hg.user}:${cfg.hg.group} /var/log/sourcehut/hgsrht-keys" + ]); serviceConfig = { - BindPaths = optionals cfg.git.enable [ - "/var/log:/var/log" - ]; + LogsDirectory = mkIf (cfg.git.enable || cfg.hg.enable) "sourcehut"; BindReadOnlyPaths = # Note that those /usr/bin/* paths are hardcoded in multiple places in *.sr.ht, # for instance to get the user from the [git.sr.ht::dispatch] settings. diff --git a/pkgs/applications/version-management/sourcehut/git.nix b/pkgs/applications/version-management/sourcehut/git.nix index af93057e670c5..3a5163f9d1712 100644 --- a/pkgs/applications/version-management/sourcehut/git.nix +++ b/pkgs/applications/version-management/sourcehut/git.nix @@ -31,6 +31,11 @@ let pname = "gitsrht-dispatch"; modRoot = "gitsrht-dispatch"; vendorHash = "sha256-EDvSZ3/g0xDSohrsAIpNhk+F0yy8tbnTW/3tURTonMc="; + + postPatch = '' + substituteInPlace gitsrht-dispatch/main.go \ + --replace /var/log/gitsrht-dispatch /var/log/sourcehut/gitsrht-dispatch + ''; }; gitKeys = buildGoModule { @@ -38,6 +43,11 @@ let pname = "gitsrht-keys"; modRoot = "gitsrht-keys"; vendorHash = "sha256-9pojS69HCKVHUceyOpGtv9ewcxFD4WsOVsEzkmWJkF4="; + + postPatch = '' + substituteInPlace gitsrht-keys/main.go \ + --replace /var/log/gitsrht-keys /var/log/sourcehut/gitsrht-keys + ''; }; gitShell = buildGoModule { @@ -45,6 +55,11 @@ let pname = "gitsrht-shell"; modRoot = "gitsrht-shell"; vendorHash = "sha256-WqfvSPuVsOHA//86u33atMfeA11+DJhjLmWy8Ivq0NI="; + + postPatch = '' + substituteInPlace gitsrht-shell/main.go \ + --replace /var/log/gitsrht-shell /var/log/sourcehut/gitsrht-shell + ''; }; gitUpdateHook = buildGoModule { @@ -52,6 +67,11 @@ let pname = "gitsrht-update-hook"; modRoot = "gitsrht-update-hook"; vendorHash = "sha256-Bc3yPabS2S+qiroHFKrtkII/CfzBDYQ6xWxKHAME+Tc="; + + postPatch = '' + substituteInPlace gitsrht-update-hook/main.go \ + --replace /var/log/gitsrht-update-hook /var/log/sourcehut/gitsrht-update-hook + ''; }; in diff --git a/pkgs/applications/version-management/sourcehut/hg.nix b/pkgs/applications/version-management/sourcehut/hg.nix index 2ac9861135d0d..f448109a6d7df 100644 --- a/pkgs/applications/version-management/sourcehut/hg.nix +++ b/pkgs/applications/version-management/sourcehut/hg.nix @@ -25,6 +25,9 @@ buildPythonPackage rec { postPatch = '' substituteInPlace Makefile \ --replace "all: api hgsrht-keys" "" + + substituteInPlace hgsrht-shell \ + --replace /var/log/hgsrht-shell /var/log/sourcehut/hgsrht-shell ''; hgsrht-api = buildGoModule ({ @@ -39,6 +42,11 @@ buildPythonPackage rec { pname = "hgsrht-keys"; modRoot = "hgsrht-keys"; vendorHash = "sha256-7ti8xCjSrxsslF7/1X/GY4FDl+69hPL4UwCDfjxmJLU="; + + postPatch = '' + substituteInPlace hgsrht-keys/main.go \ + --replace /var/log/hgsrht-keys /var/log/sourcehut/hgsrht-keys + ''; }; propagatedBuildInputs = [ From c39ba7f5b17747f34a7806c49cf91ccbaf9c81be Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Fri, 21 Apr 2023 01:14:13 +0200 Subject: [PATCH 19/29] sourcehut: remove `set -x` from ssh commands Signed-off-by: Christoph Heiss --- nixos/modules/services/misc/sourcehut/default.nix | 8 -------- 1 file changed, 8 deletions(-) diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index 6e1347a52d6f7..7d8f07ac3926d 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -827,7 +827,6 @@ in "${pkgs.writeShellScript "buildsrht-keys-wrapper" '' set -e cd /run/sourcehut/buildsrht/subdir - set -x exec -a "$0" ${pkgs.sourcehut.buildsrht}/bin/buildsrht-keys "$@" ''}:/usr/bin/buildsrht-keys" "${pkgs.sourcehut.buildsrht}/bin/master-shell:/usr/bin/master-shell" @@ -839,13 +838,11 @@ in "${pkgs.writeShellScript "gitsrht-keys-wrapper" '' set -e cd /run/sourcehut/gitsrht/subdir - set -x exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-keys "$@" ''}:/usr/bin/gitsrht-keys" "${pkgs.writeShellScript "gitsrht-shell-wrapper" '' set -e cd /run/sourcehut/gitsrht/subdir - set -x export PATH="${cfg.git.package}/bin:$PATH" export SRHT_CONFIG=/run/sourcehut/gitsrht/config.ini exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-shell "$@" @@ -858,11 +855,9 @@ in # hence this hack to put hooks/stage-3 back into gitsrht-update-hook's $0 if test "''${STAGE3:+set}" then - set -x exec -a hooks/stage-3 ${pkgs.sourcehut.gitsrht}/bin/gitsrht-update-hook "$@" else export STAGE3=set - set -x exec -a "$0" ${pkgs.sourcehut.gitsrht}/bin/gitsrht-update-hook "$@" fi ''}:/usr/bin/gitsrht-update-hook" @@ -873,13 +868,11 @@ in "${pkgs.writeShellScript "hgsrht-keys-wrapper" '' set -e cd /run/sourcehut/hgsrht/subdir - set -x exec -a "$0" ${pkgs.sourcehut.hgsrht}/bin/hgsrht-keys "$@" ''}:/usr/bin/hgsrht-keys" "${pkgs.writeShellScript "hgsrht-shell-wrapper" '' set -e cd /run/sourcehut/hgsrht/subdir - set -x exec -a "$0" ${pkgs.sourcehut.hgsrht}/bin/hgsrht-shell "$@" ''}:/usr/bin/hgsrht-shell" # Mercurial's changegroup hooks are run relative to their repository's directory, @@ -888,7 +881,6 @@ in set -e test -e "''$PWD"/config.ini || ln -s /run/sourcehut/hgsrht/config.ini "''$PWD"/config.ini - set -x exec -a "$0" ${cfg.python}/bin/hgsrht-hook-changegroup "$@" ''}:/usr/bin/hgsrht-hook-changegroup" ]; From 5841d27497905b0411cba48f0f4cc8c1a1c1edd4 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Tue, 2 May 2023 22:44:35 +0200 Subject: [PATCH 20/29] sourcehut: explicitly disallow openssh to socket-active This breaks the (already fragile) gitsrht-dispatch -> gitsrht-keys command chain. Signed-off-by: Christoph Heiss --- nixos/modules/services/misc/sourcehut/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index 7d8f07ac3926d..5b16aa21d7818 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -786,6 +786,7 @@ in extraConfig = '' PermitUserEnvironment SRHT_* ''; + startWhenNeeded = false; }; environment.etc."ssh/sourcehut/config.ini".source = settingsFormat.generate "sourcehut-dispatch-config.ini" From 6b25e09d2dfe8b92db9ae148989d6d7aaad2dd7f Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Mon, 24 Jul 2023 14:49:51 +0200 Subject: [PATCH 21/29] sourcehut: fix up some more bin paths Signed-off-by: Christoph Heiss --- .../modules/services/misc/sourcehut/default.nix | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index 5b16aa21d7818..abe2370483c6d 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -408,8 +408,8 @@ in This setting is propagated to newer and existing repositories. ''; type = types.str; - default = "${cfg.python}/bin/hgsrht-hook-changegroup"; - defaultText = "\${cfg.python}/bin/hgsrht-hook-changegroup"; + default = "${pkgs.sourcehut.hgsrht}/bin/hgsrht-hook-changegroup"; + defaultText = "\${pkgs.sourcehut.hgsrht}/bin/hgsrht-hook-changegroup"; }; repos = mkOption { description = lib.mdDoc '' @@ -795,10 +795,11 @@ in environment.etc."ssh/sourcehut/subdir/srht-dispatch" = { # sshd_config(5): The program must be owned by root, not writable by group or others mode = "0755"; - source = pkgs.writeShellScript "srht-dispatch" '' + source = pkgs.writeShellScript "srht-dispatch-wrapper" '' set -e + set -x cd /etc/ssh/sourcehut/subdir - ${cfg.python}/bin/gitsrht-dispatch "$@" + ${pkgs.sourcehut.gitsrht}/bin/gitsrht-dispatch "$@" ''; }; systemd.services.sshd = { @@ -882,7 +883,7 @@ in set -e test -e "''$PWD"/config.ini || ln -s /run/sourcehut/hgsrht/config.ini "''$PWD"/config.ini - exec -a "$0" ${cfg.python}/bin/hgsrht-hook-changegroup "$@" + exec -a "$0" ${pkgs.sourcehut.hgsrht}/bin/hgsrht-hook-changegroup "$@" ''}:/usr/bin/hgsrht-hook-changegroup" ]; }; @@ -1195,7 +1196,7 @@ in extraServices.listssrht-lmtp = { wants = [ "postfix.service" ]; unitConfig.JoinsNamespaceOf = optional cfg.postfix.enable "postfix.service"; - serviceConfig.ExecStart = "${cfg.python}/bin/listssrht-lmtp"; + serviceConfig.ExecStart = "${pkgs.sourcehut.listssrht}/bin/listssrht-lmtp"; # Avoid crashing: os.chown(sock, os.getuid(), sock_gid) serviceConfig.PrivateUsers = mkForce false; }; @@ -1274,7 +1275,7 @@ in else # In order to load config.ini if cd /run/sourcehut/metasrht - then exec ${cfg.python}/bin/metasrht-manageuser "$@" + then exec ${pkgs.sourcehut.metasrht}/bin/metasrht-manageuser "$@" else cat < Date: Mon, 7 Aug 2023 21:15:35 +0200 Subject: [PATCH 22/29] sourcehut: drop obsolete `services` array in favor of indivdual `enable` flags Signed-off-by: Christoph Heiss --- nixos/modules/services/misc/sourcehut/default.nix | 15 +++++---------- nixos/modules/services/misc/sourcehut/service.nix | 3 --- nixos/tests/sourcehut.nix | 5 ----- 3 files changed, 5 insertions(+), 18 deletions(-) diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index abe2370483c6d..293ab4ada8415 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -25,7 +25,7 @@ let || head srvMatch == srv # Include sections for the service being configured then v # Enable Web links and integrations between services. - else if tail srvMatch == [ null ] && elem (head srvMatch) cfg.services + else if tail srvMatch == [ null ] && cfg.${head srvMatch}.enable then { inherit (v) origin; # mansrht crashes without it @@ -120,15 +120,6 @@ in and account management services ''); - services = mkOption { - type = with types; listOf (enum - [ "builds" "git" "hg" "hub" "lists" "man" "meta" "pages" "paste" "todo" ]); - defaultText = "locally enabled services"; - description = lib.mdDoc '' - Services that may be displayed as links in the title bar of the Web interface. - ''; - }; - listenAddress = mkOption { type = types.str; default = "localhost"; @@ -1371,6 +1362,10 @@ in dispatch is deprecated. See https://sourcehut.org/blog/2022-08-01-dispatch-deprecation-plans/ for more information. '') + + (mkRemovedOptionModule [ "services" "sourcehut" "services"] '' + This option was removed in favor of individual .enable flags. + '') ]; meta.doc = ./default.md; diff --git a/nixos/modules/services/misc/sourcehut/service.nix b/nixos/modules/services/misc/sourcehut/service.nix index 26fbb3a113620..dcd76f898f9ff 100644 --- a/nixos/modules/services/misc/sourcehut/service.nix +++ b/nixos/modules/services/misc/sourcehut/service.nix @@ -255,9 +255,6 @@ in }) [srvCfg.user]; }; - services.sourcehut.services = mkDefault (filter (s: cfg.${s}.enable) - [ "builds" "dispatch" "git" "hg" "hub" "lists" "man" "meta" "pages" "paste" "todo" ]); - services.sourcehut.settings = mkMerge [ { "${srv}.sr.ht".origin = mkDefault "https://${srv}.${cfg.settings."sr.ht".global-domain}"; diff --git a/nixos/tests/sourcehut.nix b/nixos/tests/sourcehut.nix index 87e6d82bdd8f4..0529abd73a858 100644 --- a/nixos/tests/sourcehut.nix +++ b/nixos/tests/sourcehut.nix @@ -134,11 +134,6 @@ in services.sourcehut = { enable = true; - services = [ - "builds" - "git" - "meta" - ]; nginx.enable = true; nginx.virtualHost = { forceSSL = true; From 589b75bdc8038edce0486829ff556004881eee70 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Tue, 8 Aug 2023 00:43:26 +0200 Subject: [PATCH 23/29] sourcehut: disable IPv6 completely for tests Signed-off-by: Christoph Heiss --- nixos/tests/sourcehut.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/tests/sourcehut.nix b/nixos/tests/sourcehut.nix index 0529abd73a858..0b258acc2af1d 100644 --- a/nixos/tests/sourcehut.nix +++ b/nixos/tests/sourcehut.nix @@ -126,6 +126,7 @@ in virtualisation.diskSize = 4 * 1024; virtualisation.memorySize = 2 * 1024; networking.domain = domain; + networking.enableIPv6 = false; networking.extraHosts = '' ${config.networking.primaryIPAddress} builds.${domain} ${config.networking.primaryIPAddress} git.${domain} From fc6addb147839dffc2532d111f0a5ab4175a2555 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Sat, 11 Nov 2023 12:53:16 +0100 Subject: [PATCH 24/29] sourcehut: reword `api-origin` option description Signed-off-by: Christoph Heiss --- nixos/modules/services/misc/sourcehut/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index 293ab4ada8415..4e494bc3a31e8 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -78,7 +78,7 @@ let apply = s: "<" + toString s; }; api-origin = mkOption { - description = lib.mdDoc "Origin URL for API, 100 more than web."; + description = lib.mdDoc "Origin URL for the API"; type = types.str; default = "http://${cfg.listenAddress}:${toString (cfg.${srv}.port + 100)}"; defaultText = lib.literalMD '' From 641e54bb289d708f45f11e156bf4ffa251a2b4b2 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Sat, 11 Nov 2023 12:53:42 +0100 Subject: [PATCH 25/29] sourcehut: create logs directory unconditionally An empty log directory, in case it stays unused, does not hurt anyone. Signed-off-by: Christoph Heiss --- nixos/modules/services/misc/sourcehut/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index 4e494bc3a31e8..a375b8eafe240 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -807,7 +807,7 @@ in "chown ${cfg.hg.user}:${cfg.hg.group} /var/log/sourcehut/hgsrht-keys" ]); serviceConfig = { - LogsDirectory = mkIf (cfg.git.enable || cfg.hg.enable) "sourcehut"; + LogsDirectory = "sourcehut"; BindReadOnlyPaths = # Note that those /usr/bin/* paths are hardcoded in multiple places in *.sr.ht, # for instance to get the user from the [git.sr.ht::dispatch] settings. From 79dc7c3c101f9b18c8ff3da4f5c5ecba05092528 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Sat, 11 Nov 2023 13:35:12 +0100 Subject: [PATCH 26/29] sourcehut: add overrides for `flask-sqlalchemy` and `factory-boy` These are needed, as the used sourcehut version is not compatible with the newer major-releases for both packages. Signed-off-by: Christoph Heiss --- .../version-management/sourcehut/default.nix | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/pkgs/applications/version-management/sourcehut/default.nix b/pkgs/applications/version-management/sourcehut/default.nix index b2005f5643be6..37840f486dc5d 100644 --- a/pkgs/applications/version-management/sourcehut/default.nix +++ b/pkgs/applications/version-management/sourcehut/default.nix @@ -37,6 +37,40 @@ let nativeCheckInputs = with super; [ pytestCheckHook mock ]; disabledTestPaths = []; }); + + flask-sqlalchemy = super.flask-sqlalchemy.overridePythonAttrs (oldAttrs: rec { + version = "2.5.1"; + format = "setuptools"; + src = fetchPypi { + pname = "Flask-SQLAlchemy"; + inherit version; + hash = "sha256-K9pEtD58rLFdTgX/PMH4vJeTbMRkYjQkECv8LDXpWRI="; + }; + propagatedBuildInputs = with self; [ + flask + sqlalchemy + ]; + }); + + # sourcehut is not (yet) compatible with factory-boy 3.x + factory-boy = super.factory-boy.overridePythonAttrs (oldAttrs: rec { + version = "2.12.0"; + src = fetchPypi { + pname = "factory_boy"; + inherit version; + hash = "sha256-+vSNYIoXNfDQo8nL9TbWT5EytUfa57pFLE2Zp56Eo3A="; + }; + nativeCheckInputs = (with super; [ + django + flask + mongoengine + pytestCheckHook + ]) ++ (with self; [ + sqlalchemy + flask-sqlalchemy + ]); + postPatch = ""; + }); }; }; in From acd21dad52d61370abd384b45eb8233ca3b7b4af Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Sat, 11 Nov 2023 13:49:35 +0100 Subject: [PATCH 27/29] sourcehut: use systemd.tmpfiles instead of manually creating logfiles Signed-off-by: Christoph Heiss --- .../services/misc/sourcehut/default.nix | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index a375b8eafe240..f2b09f4bc4b61 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -793,19 +793,19 @@ in ${pkgs.sourcehut.gitsrht}/bin/gitsrht-dispatch "$@" ''; }; + systemd.tmpfiles.settings."10-sourcehut-gitsrht" = mkIf cfg.git.enable ( + builtins.listToAttrs (map (name: { + name = "/var/log/sourcehut/gitsrht-${name}"; + value.f = { + inherit (cfg.git) user group; + mode = "0644"; + }; + }) [ "keys" "shell" "update-hook" ]) + ); systemd.services.sshd = { - preStart = concatStringsSep "\n" ( - optionals cfg.git.enable (map (n: '' - touch /var/log/sourcehut/gitsrht-${n} # create if it does not exist yet - chown --silent ${cfg.git.user}:${cfg.git.group} /var/log/sourcehut/gitsrht-${n} || true - '') [ - "keys" - "shell" - "update-hook" - ]) ++ - optional cfg.hg.enable [ - "chown ${cfg.hg.user}:${cfg.hg.group} /var/log/sourcehut/hgsrht-keys" - ]); + preStart = mkIf cfg.hg.enable '' + chown ${cfg.hg.user}:${cfg.hg.group} /var/log/sourcehut/hgsrht-keys + ''; serviceConfig = { LogsDirectory = "sourcehut"; BindReadOnlyPaths = From 66b86f8a2e665832a431d7a69c6ab806c74eec88 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Sat, 11 Nov 2023 13:50:54 +0100 Subject: [PATCH 28/29] sourcehut: de-duplicate nginx `add_header` directives Signed-off-by: Christoph Heiss --- nixos/modules/services/misc/sourcehut/service.nix | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/nixos/modules/services/misc/sourcehut/service.nix b/nixos/modules/services/misc/sourcehut/service.nix index dcd76f898f9ff..101389c4d942b 100644 --- a/nixos/modules/services/misc/sourcehut/service.nix +++ b/nixos/modules/services/misc/sourcehut/service.nix @@ -225,19 +225,17 @@ in locations."/query" = mkIf (cfg.settings.${iniKey} ? api-origin) { proxyPass = cfg.settings.${iniKey}.api-origin; extraConfig = '' + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; + if ($request_method = 'OPTIONS') { - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain; charset=utf-8'; add_header 'Content-Length' 0; return 204; } - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; ''; }; From 88a3d2a0b43e80f9275af1952a9b94b6ddcd88af Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Sat, 11 Nov 2023 15:50:16 +0100 Subject: [PATCH 29/29] sourcehut: fix postgresql database permission for postgresql >= 15 Signed-off-by: Christoph Heiss --- nixos/modules/services/misc/sourcehut/service.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/nixos/modules/services/misc/sourcehut/service.nix b/nixos/modules/services/misc/sourcehut/service.nix index 101389c4d942b..18c2f5effc5a5 100644 --- a/nixos/modules/services/misc/sourcehut/service.nix +++ b/nixos/modules/services/misc/sourcehut/service.nix @@ -377,6 +377,20 @@ in } extraService ])) extraServices) + + # Work around 'pq: permission denied for schema public' with postgres v15, until a + # solution for `services.postgresql.ensureUsers` is found. + # See https://github.com/NixOS/nixpkgs/issues/216989 + # Workaround taken from nixos/forgejo: https://github.com/NixOS/nixpkgs/pull/262741 + (lib.mkIf ( + cfg.postgresql.enable + && lib.strings.versionAtLeast config.services.postgresql.package.version "15.0" + ) { + postgresql.postStart = (lib.mkAfter '' + $PSQL -tAc 'ALTER DATABASE "${srvCfg.postgresql.database}" OWNER TO "${srvCfg.user}";' + ''); + } + ) ]; systemd.timers = mapAttrs (timerName: timer: