diff options
Diffstat (limited to 'modules/services')
-rw-r--r-- | modules/services/default.nix | 1 | ||||
-rw-r--r-- | modules/services/sourcegraph/default.nix | 46 |
2 files changed, 47 insertions, 0 deletions
diff --git a/modules/services/default.nix b/modules/services/default.nix index 88d8145..538e564 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -15,6 +15,7 @@ ./prometheus ./rclone ./samba + ./sourcegraph ./ssh-server ./syncthing ./tailscale diff --git a/modules/services/sourcegraph/default.nix b/modules/services/sourcegraph/default.nix new file mode 100644 index 0000000..adf7051 --- /dev/null +++ b/modules/services/sourcegraph/default.nix @@ -0,0 +1,46 @@ +{ config, pkgs, lib, ... }: +let + cfg = config.my.services.sourcegraph; + secrets = config.age.secrets; +in { + options.my.services.sourcegraph = with lib; { + enable = mkEnableOption "sourcegraph server"; + vhostName = mkOption { + type = types.str; + example = "cs.fcuny.net"; + description = "Name for the virtual host"; + }; + }; + + config = lib.mkIf cfg.enable { + virtualisation.oci-containers.containers.sourcegraph = { + image = "sourcegraph/server:3.31.2"; + + ports = [ "127.0.0.1:7080:7080" ]; + + volumes = [ + "/var/lib/sourcegraph/etc:/etc/sourcegraph" + "/var/lib/sourcegraph/data:/var/opt/sourcegraph" + ]; + + # Sourcegraph needs a higher nofile limit, it logs warnings + # otherwise (unclear whether it actually affects the service). + extraOptions = [ "--ulimit" "nofile=10000:10000" ]; + }; + + services.nginx.virtualHosts."${cfg.vhostName}" = { + forceSSL = true; + useACMEHost = cfg.vhostName; + locations."/" = { proxyPass = "http://127.0.0.1:7080"; }; + }; + + security.acme.certs."${cfg.vhostName}}" = { + dnsProvider = "gcloud"; + credentialsFile = secrets."acme/credentials".path; + }; + + my.services.backup = { + paths = [ "/var/lib/sourcegraph/etc" "/var/lib/sourcegraph/data" ]; + }; + }; +} |