From aff15167063120dd25240a9478853077d89886ce Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Sun, 22 May 2022 14:46:25 -0700
Subject: feat(modules): create a module for sourcegraph

Run sourcegraph ([0]) in a docker container. It's exposed as
cs.fcuny.xyz, and we backup some of the directories.

[0] https://docs.sourcegraph.com
---
 modules/services/default.nix             |  1 +
 modules/services/sourcegraph/default.nix | 46 ++++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+)
 create mode 100644 modules/services/sourcegraph/default.nix

(limited to 'modules')

diff --git a/modules/services/default.nix b/modules/services/default.nix
index 88d8145..538e564 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -15,6 +15,7 @@
     ./prometheus
     ./rclone
     ./samba
+    ./sourcegraph
     ./ssh-server
     ./syncthing
     ./tailscale
diff --git a/modules/services/sourcegraph/default.nix b/modules/services/sourcegraph/default.nix
new file mode 100644
index 0000000..adf7051
--- /dev/null
+++ b/modules/services/sourcegraph/default.nix
@@ -0,0 +1,46 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.my.services.sourcegraph;
+  secrets = config.age.secrets;
+in {
+  options.my.services.sourcegraph = with lib; {
+    enable = mkEnableOption "sourcegraph server";
+    vhostName = mkOption {
+      type = types.str;
+      example = "cs.fcuny.net";
+      description = "Name for the virtual host";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    virtualisation.oci-containers.containers.sourcegraph = {
+      image = "sourcegraph/server:3.31.2";
+
+      ports = [ "127.0.0.1:7080:7080" ];
+
+      volumes = [
+        "/var/lib/sourcegraph/etc:/etc/sourcegraph"
+        "/var/lib/sourcegraph/data:/var/opt/sourcegraph"
+      ];
+
+      # Sourcegraph needs a higher nofile limit, it logs warnings
+      # otherwise (unclear whether it actually affects the service).
+      extraOptions = [ "--ulimit" "nofile=10000:10000" ];
+    };
+
+    services.nginx.virtualHosts."${cfg.vhostName}" = {
+      forceSSL = true;
+      useACMEHost = cfg.vhostName;
+      locations."/" = { proxyPass = "http://127.0.0.1:7080"; };
+    };
+
+    security.acme.certs."${cfg.vhostName}}" = {
+      dnsProvider = "gcloud";
+      credentialsFile = secrets."acme/credentials".path;
+    };
+
+    my.services.backup = {
+      paths = [ "/var/lib/sourcegraph/etc" "/var/lib/sourcegraph/data" ];
+    };
+  };
+}
-- 
cgit 1.4.1