diff options
author | Franck Cuny <franck@fcuny.net> | 2022-05-22 14:46:25 -0700 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2022-05-22 15:09:49 -0700 |
commit | aff15167063120dd25240a9478853077d89886ce (patch) | |
tree | a43c05bd3c1f15c0df7bb2252535ee5cfb4bd090 /modules | |
parent | feat(dns): add cs.fcuny.xyz (diff) | |
download | world-aff15167063120dd25240a9478853077d89886ce.tar.gz |
feat(modules): create a module for sourcegraph
Run sourcegraph ([0]) in a docker container. It's exposed as cs.fcuny.xyz, and we backup some of the directories. [0] https://docs.sourcegraph.com
Diffstat (limited to 'modules')
-rw-r--r-- | modules/services/default.nix | 1 | ||||
-rw-r--r-- | modules/services/sourcegraph/default.nix | 46 |
2 files changed, 47 insertions, 0 deletions
diff --git a/modules/services/default.nix b/modules/services/default.nix index 88d8145..538e564 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -15,6 +15,7 @@ ./prometheus ./rclone ./samba + ./sourcegraph ./ssh-server ./syncthing ./tailscale diff --git a/modules/services/sourcegraph/default.nix b/modules/services/sourcegraph/default.nix new file mode 100644 index 0000000..adf7051 --- /dev/null +++ b/modules/services/sourcegraph/default.nix @@ -0,0 +1,46 @@ +{ config, pkgs, lib, ... }: +let + cfg = config.my.services.sourcegraph; + secrets = config.age.secrets; +in { + options.my.services.sourcegraph = with lib; { + enable = mkEnableOption "sourcegraph server"; + vhostName = mkOption { + type = types.str; + example = "cs.fcuny.net"; + description = "Name for the virtual host"; + }; + }; + + config = lib.mkIf cfg.enable { + virtualisation.oci-containers.containers.sourcegraph = { + image = "sourcegraph/server:3.31.2"; + + ports = [ "127.0.0.1:7080:7080" ]; + + volumes = [ + "/var/lib/sourcegraph/etc:/etc/sourcegraph" + "/var/lib/sourcegraph/data:/var/opt/sourcegraph" + ]; + + # Sourcegraph needs a higher nofile limit, it logs warnings + # otherwise (unclear whether it actually affects the service). + extraOptions = [ "--ulimit" "nofile=10000:10000" ]; + }; + + services.nginx.virtualHosts."${cfg.vhostName}" = { + forceSSL = true; + useACMEHost = cfg.vhostName; + locations."/" = { proxyPass = "http://127.0.0.1:7080"; }; + }; + + security.acme.certs."${cfg.vhostName}}" = { + dnsProvider = "gcloud"; + credentialsFile = secrets."acme/credentials".path; + }; + + my.services.backup = { + paths = [ "/var/lib/sourcegraph/etc" "/var/lib/sourcegraph/data" ]; + }; + }; +} |