jet/website
jet/website
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: update to match stalwart, and add onion

Browse source
This commit is contained in:
Jet 2026-03-19 01:25:14 -07:00
parent 55a862fabb
commit ede986080a
No known key found for this signature in database
9 changed files with 277 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

27
module.nix
View file

@ -5,6 +5,11 @@ let
cfg = config.services.jetpham-website;
package = self.packages.x86_64-linux.default;
qaApi = self.packages.x86_64-linux.qa-api;
webhookSecretPath =
if cfg.webhookSecretFile != null then
cfg.webhookSecretFile
else
config.age.secrets.webhook-secret.path;
in
{
options.services.jetpham-website = {
@ -38,7 +43,7 @@ in
};
config = lib.mkIf cfg.enable {
age.secrets.webhook-secret = {
age.secrets.webhook-secret = lib.mkIf (cfg.webhookSecretFile == null) {
file = "${self}/secrets/webhook-secret.age";
mode = "0400";
};
@ -65,7 +70,15 @@ in
services.tor = lib.mkIf cfg.tor.enable {
enable = true;
relay.onionServices.jetpham-website = {
map = [{ port = 80; target = { addr = "127.0.0.1"; port = 8888; }; }];
map = [
{
port = 80;
target = {
addr = "127.0.0.1";
port = 8888;
};
}
];
};
};
@ -98,13 +111,19 @@ in
Environment = [
"QA_DB_PATH=/var/lib/jetpham-qa/qa.db"
"QA_NOTIFY_EMAIL=${cfg.qaNotifyEmail}"
"QA_MAIL_DOMAIN=${cfg.qaMailDomain}"
];
Restart = "on-failure";
RestartSec = 5;
LoadCredential = "webhook-secret:${config.age.secrets.webhook-secret.path}";
LoadCredential = "webhook-secret:${webhookSecretPath}";
};
script = ''
export WEBHOOK_SECRET="$(cat $CREDENTIALS_DIRECTORY/webhook-secret)"
if [ ! -s "$CREDENTIALS_DIRECTORY/webhook-secret" ]; then
echo "WEBHOOK_SECRET credential is empty" >&2
exit 1
fi
export WEBHOOK_SECRET="$(cat "$CREDENTIALS_DIRECTORY/webhook-secret")"
exec ${qaApi}/bin/jetpham-qa-api
'';
};