1 files changed, 40 insertions, 4 deletions

diff --git a/sourcehut.nix b/sourcehut.nix
index a63ca56..20a248f 100644
--- a/sourcehut.nix
+++ b/sourcehut.nix
@@ -16,10 +16,12 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with loang configuration.  If not, see <https://www.gnu.org/licenses/>.
 
-{ config, pkgs, ... }:
+{ config, lib, ... }:
 let domain = config.networking.domain;
 in {
   services = {
+    nginx.virtualHosts."hub.${domain}".serverAliases = lib.mkForce [ ];
+
     postfix = {
       enable = true;
       domain = domain;
@@ -27,7 +29,15 @@ in {
 
     sourcehut = {
       enable = true;
+      git = {
+        enable = true;
+        port = 5200; # 5001 used by IPFS
+      };
+      hub.enable = true;
+      lists.enable = true;
+      man.enable = true;
       meta.enable = true;
+
       nginx = {
         enable = true;
         virtualHost.enableACME = true;
@@ -35,15 +45,34 @@ in {
       postgresql.enable = true;
       postfix.enable = true;
       redis.enable = true;
+
       settings = {
+        "git.sr.ht" = {
+          oauth-client-id = "9be0f6dbb54f3e9f";
+          oauth-client-secret = "/etc/sr.ht/oauth-secrets/git";
+        };
+
+        "hub.sr.ht" = {
+          oauth-client-id = "0cb618265116af18";
+          oauth-client-secret = "/etc/sr.ht/oauth-secrets/hub";
+        };
+
+        "lists.sr.ht" = {
+          oauth-client-id = "963f211a96e2c160";
+          oauth-client-secret = "/etc/sr.ht/oauth-secrets/lists";
+        };
+
         mail = {
           pgp-key-id = "2D354398A720461F81C2A65A9B5A95C1B7B9CE8F";
-          pgp-privkey = "/var/lib/sourcehut/private.pgp";
-          pgp-pubkey = "/var/lib/sourcehut/public.pgp";
+          pgp-privkey = "/etc/sr.ht/private.pgp";
+          pgp-pubkey = "/etc/sr.ht/public.pgp";
           smtp-from = "sr.ht@${domain}";
         };
 
-        "meta.sr.ht".origin = "https://hut.${domain}";
+        "man.sr.ht" = {
+          oauth-client-id = "af85b2b56a729ac0";
+          oauth-client-secret = "/etc/sr.ht/oauth-secrets/man";
+        };
 
         "sr.ht" = {
           environment = "production";
@@ -55,8 +84,15 @@ in {
           service-key = "/var/lib/sourcehut/service.key";
         };
 
+        "todo.sr.ht" = {
+          oauth-client-id = "1bfa656ef3431360";
+          oauth-client-secret = "/etc/sr.ht/oauth-secrets/todo";
+        };
+
         webhooks.private-key = "/var/lib/sourcehut/webhook.key";
       };
+
+      todo.enable = true;
     };
   };
 }