nixos/weblate: improve smtp setup; make local postgresql optional; fix ssh

Author: MarcelCoding

nixos/modules/services/web-apps/weblate.nix

@@ -48,15 +48,6 @@ let
       COMPRESS_OFFLINE = True
       DEBUG = False
 
-      DATABASES = {
-        "default": {
-          "ENGINE": "django.db.backends.postgresql",
-          "HOST": "/run/postgresql",
-          "NAME": "weblate",
-          "USER": "weblate",
-        }
-      }
-
       with open("${cfg.djangoSecretKeyFile}") as f:
         SECRET_KEY = f.read().rstrip("\n")
 
@@ -65,9 +56,9 @@ let
           "BACKEND": "django_redis.cache.RedisCache",
           "LOCATION": "unix://${config.services.redis.servers.weblate.unixSocket}",
           "OPTIONS": {
-              "CLIENT_CLASS": "django_redis.client.DefaultClient",
-              "PASSWORD": None,
-              "CONNECTION_POOL_KWARGS": {},
+            "CLIENT_CLASS": "django_redis.client.DefaultClient",
+            "PASSWORD": None,
+            "CONNECTION_POOL_KWARGS": {},
           },
           "KEY_PREFIX": "weblate",
           "TIMEOUT": 3600,
@@ -80,7 +71,6 @@ let
         }
       }
 
-
       CELERY_TASK_ALWAYS_EAGER = False
       CELERY_BROKER_URL = "redis+socket://${config.services.redis.servers.weblate.unixSocket}"
       CELERY_RESULT_BACKEND = CELERY_BROKER_URL
@@ -93,20 +83,31 @@ let
       OTP_WEBAUTHN_RP_NAME = SITE_TITLE
       OTP_WEBAUTHN_RP_ID = SITE_DOMAIN.split(":")[0]
       OTP_WEBAUTHN_ALLOWED_ORIGINS = [SITE_URL]
-
+    ''
+    + lib.optionalString cfg.configurePostgresql ''
+      DATABASES = {
+        "default": {
+          "ENGINE": "django.db.backends.postgresql",
+          "HOST": "/run/postgresql",
+          "NAME": "weblate",
+          "USER": "weblate",
+        }
+      }
     ''
     + lib.optionalString cfg.smtp.enable ''
-      ADMINS = (("Weblate Admin", "${cfg.smtp.user}"),)
-
       EMAIL_HOST = "${cfg.smtp.host}"
       EMAIL_USE_TLS = True
+      EMAIL_PORT = ${builtins.toString cfg.smtp.port}
+      SERVER_EMAIL = "${cfg.smtp.from}"
+      DEFAULT_FROM_EMAIL = "${cfg.smtp.from}"
+    ''
+    + lib.optionalString (cfg.smtp.enable && cfg.smtp.user != null) ''
+      ADMINS = (("Weblate Admin", "${cfg.smtp.user}"),)
       EMAIL_HOST_USER = "${cfg.smtp.user}"
-      SERVER_EMAIL = "${cfg.smtp.user}"
-      DEFAULT_FROM_EMAIL = "${cfg.smtp.user}"
-      EMAIL_PORT = 587
+    ''
+    + lib.optionalString (cfg.smtp.enable && cfg.smtp.passwordFile != null) ''
       with open("${cfg.smtp.passwordFile}") as f:
         EMAIL_HOST_PASSWORD = f.read().rstrip("\n")
-
     ''
     + cfg.extraConfig;
   settings_py =
@@ -139,6 +140,7 @@ let
     tesseract
     licensee
     mercurial
+    openssh
   ];
 in
 {
@@ -166,6 +168,15 @@ in
         type = lib.types.path;
       };
 
+      configurePostgresql = lib.mkOption {
+        type = lib.types.bool;
+        default = true;
+        description = ''
+          Whether to enable and configure a local PostgreSQL server by creating a user and database for weblate.
+          The default `settings` reference this database, if you disable this option you must provide a database URL in `extraConfig`.
+        '';
+      };
+
       extraConfig = lib.mkOption {
         type = lib.types.lines;
         default = "";
@@ -176,10 +187,20 @@ in
 
       smtp = {
         enable = lib.mkEnableOption "Weblate SMTP support";
+
+        from = lib.mkOption {
+          description = "The from address being used in sent emails.";
+          example = "[email protected]";
+          default = config.services.weblate.smtp.user;
+          defaultText = "config.services.weblate.smtp.user";
+          type = lib.types.str;
+        };
+
         user = lib.mkOption {
           description = "SMTP login name.";
           example = "[email protected]";
-          type = lib.types.str;
+          type = lib.types.nullOr lib.types.str;
+          default = null;
         };
 
         host = lib.mkOption {
@@ -188,16 +209,23 @@ in
           example = "127.0.0.1";
         };
 
+        port = lib.mkOption {
+          description = "SMTP port used when sending emails to users.";
+          type = lib.types.port;
+          default = 587;
+          example = 25;
+        };
+
         passwordFile = lib.mkOption {
           description = ''
             Location of a file containing the SMTP password.
 
             This should be a path pointing to a file with secure permissions (not /nix/store).
           '';
-          type = lib.types.path;
+          type = lib.types.nullOr lib.types.path;
+          default = null;
         };
       };
-
     };
   };
 
@@ -218,7 +246,6 @@ in
           "/media/".alias = "/var/lib/weblate/media/";
           "/".proxyPass = "http://unix:///run/weblate.socket";
         };
-
       };
     };
 
@@ -237,8 +264,14 @@ in
 
     systemd.services.weblate-migrate = {
       description = "Weblate migration";
-      after = [ "weblate-postgresql-setup.service" ];
-      requires = [ "weblate-postgresql-setup.service" ];
+      after = [
+        "weblate-postgresql-setup.service"
+        "redis-weblate.service"
+      ];
+      requires = [
+        "weblate-postgresql-setup.service"
+        "redis-weblate.service"
+      ];
       # We want this to be active on boot, not just on socket activation
       wantedBy = [ "multi-user.target" ];
       inherit environment;
@@ -256,7 +289,7 @@ in
       description = "Weblate Celery";
       after = [
         "network.target"
-        "redis.service"
+        "redis-weblate.service"
         "postgresql.service"
       ];
       # We want this to be active on boot, not just on socket activation
@@ -371,7 +404,7 @@ in
       unixSocketPerm = 770;
     };
 
-    services.postgresql = {
+    services.postgresql = lib.mkIf cfg.configurePostgresql {
       enable = true;
       ensureUsers = [
         {