Loading nixos/modules/services/misc/sourcehut/default.nix +23 −11 Original line number Diff line number Diff line Loading @@ -238,10 +238,15 @@ in }; smtp-user = mkOptionNullOrStr "Outgoing SMTP user."; smtp-password = mkOptionNullOrStr "Outgoing SMTP password."; smtp-from = mkOptionNullOrStr "Outgoing SMTP FROM."; smtp-from = mkOption { type = types.str; description = "Outgoing SMTP FROM."; }; error-to = mkOptionNullOrStr "Address receiving application exceptions"; error-from = mkOptionNullOrStr "Address sending application exceptions"; pgp-privkey = mkOptionNullOrStr '' pgp-privkey = mkOption { type = types.str; description = '' An absolute file path (which should be outside the Nix-store) to an OpenPGP private key. Loading @@ -250,8 +255,15 @@ in You can do this with <code>gpg --edit-key [key-id]</code>, then use the <code>passwd</code> command and do not enter a new password. ''; pgp-pubkey = mkOptionNullOrStr "OpenPGP public key."; pgp-key-id = mkOptionNullOrStr "OpenPGP key identifier."; }; pgp-pubkey = mkOption { type = with types; either path str; description = "OpenPGP public key."; }; pgp-key-id = mkOption { type = types.str; description = "OpenPGP key identifier."; }; }; options.objects = { s3-upstream = mkOption { Loading nixos/tests/sourcehut.nix +39 −0 Original line number Diff line number Diff line Loading @@ -169,6 +169,45 @@ in oauth-client-id = "d07cb713d920702e"; }; settings.webhooks.private-key = pkgs.writeText "webhook-key" "Ra3IjxgFiwG9jxgp4WALQIZw/BMYt30xWiOsqD0J7EA="; settings.mail = { smtp-from = "root+hut@${domain}"; # WARNING: take care to keep pgp-privkey outside the Nix store in production, # or use LoadCredentialEncrypted= pgp-privkey = toString (pkgs.writeText "sourcehut.pgp-privkey" '' -----BEGIN PGP PRIVATE KEY BLOCK----- lFgEYqDRORYJKwYBBAHaRw8BAQdAehGoy36FUx2OesYm07be2rtLyvR5Pb/ltstd Gk7hYQoAAP9X4oPmxxrHN8LewBpWITdBomNqlHoiP7mI0nz/BOPJHxEktDZuaXhv cy90ZXN0cy9zb3VyY2VodXQgPHJvb3QraHV0QHNvdXJjZWh1dC5sb2NhbGRvbWFp bj6IlwQTFgoAPxYhBPqjgjnL8RHN4JnADNicgXaYm0jJBQJioNE5AhsDBQkDwmcA BgsJCAcDCgUVCgkICwUWAwIBAAIeBQIXgAAKCRDYnIF2mJtIySVCAP9e2nHsVHSi 2B1YGZpVG7Xf36vxljmMkbroQy+0gBPwRwEAq+jaiQqlbGhQ7R/HMFcAxBIVsq8h Aw1rngsUd0o3dAicXQRioNE5EgorBgEEAZdVAQUBAQdAXZV2Sd5ZNBVTBbTGavMv D6ORrUh8z7TI/3CsxCE7+yADAQgHAAD/c1RU9xH+V/uI1fE7HIn/zL0LUPpsuce2 cH++g4u3kBgTOYh+BBgWCgAmFiEE+qOCOcvxEc3gmcAM2JyBdpibSMkFAmKg0TkC GwwFCQPCZwAACgkQ2JyBdpibSMlKagD/cTre6p1m8QuJ7kwmCFRSz5tBzIuYMMgN xtT7dmS91csA/35fWsOykSiFRojQ7ccCSUTHL7ApF2EbL968tP/D2hIG =Hjoc -----END PGP PRIVATE KEY BLOCK----- ''); pgp-pubkey = pkgs.writeText "sourcehut.pgp-pubkey" '' -----BEGIN PGP PUBLIC KEY BLOCK----- mDMEYqDRORYJKwYBBAHaRw8BAQdAehGoy36FUx2OesYm07be2rtLyvR5Pb/ltstd Gk7hYQq0Nm5peG9zL3Rlc3RzL3NvdXJjZWh1dCA8cm9vdCtodXRAc291cmNlaHV0 LmxvY2FsZG9tYWluPoiXBBMWCgA/FiEE+qOCOcvxEc3gmcAM2JyBdpibSMkFAmKg 0TkCGwMFCQPCZwAGCwkIBwMKBRUKCQgLBRYDAgEAAh4FAheAAAoJENicgXaYm0jJ JUIA/17acexUdKLYHVgZmlUbtd/fq/GWOYyRuuhDL7SAE/BHAQCr6NqJCqVsaFDt H8cwVwDEEhWyryEDDWueCxR3Sjd0CLg4BGKg0TkSCisGAQQBl1UBBQEBB0BdlXZJ 3lk0FVMFtMZq8y8Po5GtSHzPtMj/cKzEITv7IAMBCAeIfgQYFgoAJhYhBPqjgjnL 8RHN4JnADNicgXaYm0jJBQJioNE5AhsMBQkDwmcAAAoJENicgXaYm0jJSmoA/3E6 3uqdZvELie5MJghUUs+bQcyLmDDIDcbU+3ZkvdXLAP9+X1rDspEohUaI0O3HAklE xy+wKRdhGy/evLT/w9oSBg== =pJD7 -----END PGP PUBLIC KEY BLOCK----- ''; pgp-key-id = "0xFAA38239CBF111CDE099C00CD89C8176989B48C9"; }; }; networking.firewall.allowedTCPPorts = [ 443 ]; Loading Loading
nixos/modules/services/misc/sourcehut/default.nix +23 −11 Original line number Diff line number Diff line Loading @@ -238,10 +238,15 @@ in }; smtp-user = mkOptionNullOrStr "Outgoing SMTP user."; smtp-password = mkOptionNullOrStr "Outgoing SMTP password."; smtp-from = mkOptionNullOrStr "Outgoing SMTP FROM."; smtp-from = mkOption { type = types.str; description = "Outgoing SMTP FROM."; }; error-to = mkOptionNullOrStr "Address receiving application exceptions"; error-from = mkOptionNullOrStr "Address sending application exceptions"; pgp-privkey = mkOptionNullOrStr '' pgp-privkey = mkOption { type = types.str; description = '' An absolute file path (which should be outside the Nix-store) to an OpenPGP private key. Loading @@ -250,8 +255,15 @@ in You can do this with <code>gpg --edit-key [key-id]</code>, then use the <code>passwd</code> command and do not enter a new password. ''; pgp-pubkey = mkOptionNullOrStr "OpenPGP public key."; pgp-key-id = mkOptionNullOrStr "OpenPGP key identifier."; }; pgp-pubkey = mkOption { type = with types; either path str; description = "OpenPGP public key."; }; pgp-key-id = mkOption { type = types.str; description = "OpenPGP key identifier."; }; }; options.objects = { s3-upstream = mkOption { Loading
nixos/tests/sourcehut.nix +39 −0 Original line number Diff line number Diff line Loading @@ -169,6 +169,45 @@ in oauth-client-id = "d07cb713d920702e"; }; settings.webhooks.private-key = pkgs.writeText "webhook-key" "Ra3IjxgFiwG9jxgp4WALQIZw/BMYt30xWiOsqD0J7EA="; settings.mail = { smtp-from = "root+hut@${domain}"; # WARNING: take care to keep pgp-privkey outside the Nix store in production, # or use LoadCredentialEncrypted= pgp-privkey = toString (pkgs.writeText "sourcehut.pgp-privkey" '' -----BEGIN PGP PRIVATE KEY BLOCK----- lFgEYqDRORYJKwYBBAHaRw8BAQdAehGoy36FUx2OesYm07be2rtLyvR5Pb/ltstd Gk7hYQoAAP9X4oPmxxrHN8LewBpWITdBomNqlHoiP7mI0nz/BOPJHxEktDZuaXhv cy90ZXN0cy9zb3VyY2VodXQgPHJvb3QraHV0QHNvdXJjZWh1dC5sb2NhbGRvbWFp bj6IlwQTFgoAPxYhBPqjgjnL8RHN4JnADNicgXaYm0jJBQJioNE5AhsDBQkDwmcA BgsJCAcDCgUVCgkICwUWAwIBAAIeBQIXgAAKCRDYnIF2mJtIySVCAP9e2nHsVHSi 2B1YGZpVG7Xf36vxljmMkbroQy+0gBPwRwEAq+jaiQqlbGhQ7R/HMFcAxBIVsq8h Aw1rngsUd0o3dAicXQRioNE5EgorBgEEAZdVAQUBAQdAXZV2Sd5ZNBVTBbTGavMv D6ORrUh8z7TI/3CsxCE7+yADAQgHAAD/c1RU9xH+V/uI1fE7HIn/zL0LUPpsuce2 cH++g4u3kBgTOYh+BBgWCgAmFiEE+qOCOcvxEc3gmcAM2JyBdpibSMkFAmKg0TkC GwwFCQPCZwAACgkQ2JyBdpibSMlKagD/cTre6p1m8QuJ7kwmCFRSz5tBzIuYMMgN xtT7dmS91csA/35fWsOykSiFRojQ7ccCSUTHL7ApF2EbL968tP/D2hIG =Hjoc -----END PGP PRIVATE KEY BLOCK----- ''); pgp-pubkey = pkgs.writeText "sourcehut.pgp-pubkey" '' -----BEGIN PGP PUBLIC KEY BLOCK----- mDMEYqDRORYJKwYBBAHaRw8BAQdAehGoy36FUx2OesYm07be2rtLyvR5Pb/ltstd Gk7hYQq0Nm5peG9zL3Rlc3RzL3NvdXJjZWh1dCA8cm9vdCtodXRAc291cmNlaHV0 LmxvY2FsZG9tYWluPoiXBBMWCgA/FiEE+qOCOcvxEc3gmcAM2JyBdpibSMkFAmKg 0TkCGwMFCQPCZwAGCwkIBwMKBRUKCQgLBRYDAgEAAh4FAheAAAoJENicgXaYm0jJ JUIA/17acexUdKLYHVgZmlUbtd/fq/GWOYyRuuhDL7SAE/BHAQCr6NqJCqVsaFDt H8cwVwDEEhWyryEDDWueCxR3Sjd0CLg4BGKg0TkSCisGAQQBl1UBBQEBB0BdlXZJ 3lk0FVMFtMZq8y8Po5GtSHzPtMj/cKzEITv7IAMBCAeIfgQYFgoAJhYhBPqjgjnL 8RHN4JnADNicgXaYm0jJBQJioNE5AhsMBQkDwmcAAAoJENicgXaYm0jJSmoA/3E6 3uqdZvELie5MJghUUs+bQcyLmDDIDcbU+3ZkvdXLAP9+X1rDspEohUaI0O3HAklE xy+wKRdhGy/evLT/w9oSBg== =pJD7 -----END PGP PUBLIC KEY BLOCK----- ''; pgp-key-id = "0xFAA38239CBF111CDE099C00CD89C8176989B48C9"; }; }; networking.firewall.allowedTCPPorts = [ 443 ]; Loading
