move radicle module

2025-11-29 14:11:50 +01:00
parent 0096acaf81
commit d92ea6d742
3 changed files with 2 additions and 1 deletions
--- a/modules/flake-module.nix
+++ b/modules/flake-module.nix
@@ -15,6 +15,7 @@
    user-rpqt.imports = [ ./user-rpqt.nix ];
    hardened-ssh-server.imports = [ ./hardened-ssh-server.nix ];
    nextcloud.imports = [ ./nextcloud.nix ];
+    radicle.imports = [ ./radicle.nix ];

    server.imports = [
      ./motd.nix
--- a/modules/radicle.nix
+++ b/modules/radicle.nix
@@ -0,0 +1,44 @@
+{
+  config,
+  pkgs,
+  ...
+}:
+{
+  services.radicle = {
+    enable = true;
+    privateKeyFile = config.clan.core.vars.generators.radicle.files."id_ed25519".path;
+    publicKey = config.clan.core.vars.generators.radicle.files."id_ed25519.pub".value;
+    node = {
+      openFirewall = true;
+    };
+    httpd = {
+      enable = true;
+      nginx = {
+        serverName = "radicle.rpqt.fr";
+        enableACME = true;
+        forceSSL = true;
+      };
+    };
+    settings = {
+      # FIXME: activation fails with rad saying the config is invalid
+      web.avatarUrl = "https://rpqt.fr/favicon.svg";
+      web.description = "rpqt's radicle node";
+      web.pinned.repositories = [
+        "rad:z2DH9K384tPCrM5HJcpiKEoZZdftY" # lila
+        "rad:z29gVX1f6HC1XGx755RL1m1hhMp6x" # corner
+        "rad:z36HRN3Soay4wMXBSiR4aW7Hg9rT7" # flocon
+      ];
+    };
+  };
+
+  clan.core.vars.generators.radicle = {
+    files."id_ed25519".secret = true;
+    files."id_ed25519.pub".secret = false;
+    runtimeInputs = [ pkgs.openssh ];
+    script = ''
+      ssh-keygen -t ed25519 -f "$out"/id_ed25519 -N "" -C "radicle"
+    '';
+  };
+
+  clan.core.state.radicle.folders = [ "/var/lib/radicle" ];
+}