hackens-org-configurations/machines/hackens-org/gestiohackens/default.nix

92 lines
2.2 KiB
Nix
Raw Normal View History

2024-09-24 12:33:51 +02:00
{
pkgs,
lib,
config,
...
}:
let
src = pkgs.fetchgit {
url = "https://git.rz.ens.wtf/HackENS/gestiojeux.git";
rev = "HEAD";
hash = "sha256-ly786xct9U4hdsHr7NLl23smnOfE891au9/GXqxpFb4=";
};
in
{
imports =
[
];
systemd.services.django-gestiohackens.serviceConfig = {
DynamicUser = lib.mkForce false;
User = "django-gestiohackens";
SupplementaryGroups = [ "nginx" ];
};
users.users.django-gestiohackens = {
group = "django-gestiohackens";
isSystemUser = true;
};
users.groups.django-gestiohackens = { };
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts."inventaire.hackens.org" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://localhost:51667";
};
"/media/".alias = "/var/lib/django-gestiohackens/media/";
"/static".root = config.services.django.gestiohackens.staticAssets;
};
};
};
services.django.gestiohackens = {
inherit src;
enable = true;
mainModule = "gestiojeux";
port = 51667;
settings = {
DEBUG = false;
CSRF_COOKIE_SECURE = true;
AUTHENS_ALLOW_STAFF = true;
SESSION_COOKIE_SECURE = true;
MEDIA_URL = "media/";
ALLOWED_HOSTS = [ "inventaire.hackens.org" ];
DATABASES = {
"default" = {
"ENGINE" = "django.db.backends.sqlite3";
"NAME" = "/var/lib/django-gestiohackens/db.sqlite3";
};
};
HAYSTACK_CONNECTIONS = {
"default" = {
"ENGINE" = "haystack.backends.whoosh_backend.WhooshEngine";
"PATH" = "/var/lib/django-gestiohackens/whoosh_index";
};
};
MEDIA_ROOT = "/var/lib/django-gestiohackens/media";
};
extraPackages = ps: [
ps.django-autoslug
ps.loadcredential
ps.django-cleanup
ps.django-haystack
ps.django-markdownx
ps.django-tables2
ps.pillow
ps.whoosh
ps.markdown-icons
ps.authens
ps.qrcode
ps.pillow
# Django haystack is drunk
ps.setuptools
];
secrets = {
SECRET_KEY = config.age.secrets.django-gestiohackens.path;
};
};
}