# Sourcehut configuration
# Copyright (C) 2022  Nguyễn Gia Phong
#
# This file is part of loang configuration.
#
# Loang configuration is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Loang configuration is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with loang configuration.  If not, see <https://www.gnu.org/licenses/>.

{ config, lib, ... }:
let
  domain = config.networking.domain;
  common = {
    enable = true;
    group = "srht";
  };
in {
  services = {
    nginx.virtualHosts."hub.${domain}".serverAliases = lib.mkForce [ ];

    postfix = {
      enable = true;
      domain = domain;
    };

    sourcehut = {
      enable = true;
      git = common // { port = 5200; }; # 5001 used by IPFS
      hub = common;
      lists = common;
      man = common;
      meta = common;

      nginx = {
        enable = true;
        virtualHost.enableACME = true;
      };
      postgresql.enable = true;
      postfix.enable = true;
      redis.enable = true;

      settings = {
        "git.sr.ht" = {
          oauth-client-id = "9be0f6dbb54f3e9f";
          oauth-client-secret = "/etc/sr.ht/oauth-secrets/git";
        };

        "hub.sr.ht" = {
          oauth-client-id = "0cb618265116af18";
          oauth-client-secret = "/etc/sr.ht/oauth-secrets/hub";
        };

        "lists.sr.ht" = {
          oauth-client-id = "963f211a96e2c160";
          oauth-client-secret = "/etc/sr.ht/oauth-secrets/lists";
        };

        mail = {
          pgp-key-id = "2D354398A720461F81C2A65A9B5A95C1B7B9CE8F";
          pgp-privkey = "/etc/sr.ht/private.pgp";
          pgp-pubkey = "/etc/sr.ht/public.pgp";
          smtp-from = "sr.ht@${domain}";
        };

        "man.sr.ht" = {
          oauth-client-id = "af85b2b56a729ac0";
          oauth-client-secret = "/etc/sr.ht/oauth-secrets/man";
        };

        "sr.ht" = {
          environment = "production";
          global-domain = domain;
          network-key = "/var/lib/sourcehut/network.key";
          origin = "https://hub.${domain}";
          owner-email = config.security.acme.defaults.email;
          owner-name = "Nguyễn Gia Phong";
          service-key = "/var/lib/sourcehut/service.key";
        };

        "todo.sr.ht" = {
          oauth-client-id = "1bfa656ef3431360";
          oauth-client-secret = "/etc/sr.ht/oauth-secrets/todo";
        };

        webhooks.private-key = "/var/lib/sourcehut/webhook.key";
      };

      todo = common;
    };
  };
}