org: orga v2

machines/hackens-org/orga/default.nix

@@ -1,22 +1,17 @@
 { pkgs, lib, config, ... }:
 let
-  assets = import ./mkAssets.nix {
-    inherit pkgs;
-    app = "hackens_orga";
-    settings = config.services.django.hackens_orga.settings;
-    source = pkgs.fetchgit {
+ src = pkgs.fetchgit {
       url = "https://git.rz.ens.wtf/HackENS/hackens-orga.git";
-      rev = "75fe83a41f";
-      hash = "sha256-cfUjSfZrsMpGRO3HOWOk6zdc9+e+ZaJLiJQ5OpIKxos=";
+      rev = "HEAD";
+      hash = "sha256-BiOKGeDPVp7EV/q4S9Zc54jUeBTpfOs5e/MsCPGAk/I=";
     };
-  };
 in
 {
   imports = [
-    ./module.nix
   ];
   services.nginx = {
     enable = true;
+    recommendedProxySettings = true;
     virtualHosts."hackens.org" = {
       locations = {
         "/orga" = {
@@ -25,18 +20,29 @@ in
             proxy_set_header SCRIPT_NAME /orga;
           '';
         };
-        "/static".root = assets.static-assets;
+        "/static".root = config.services.django.hackens-orga.staticAssets;
       };
     };
   };
-  services.django.hackens_orga = {
+  services.django.hackens-orga = {
+    inherit src;
     enable = true;
-    assets = assets;
+    mainModule = "hackens_orga";
     settings = {
-      HACKENS_ORGA_DEBUG = "0";
-      HACKENS_ORGA_ALLOWED_HOSTS = [ "hackens.org" ];
-      HACKENS_ORGA_SECRET_KEY._file = config.age.secrets.django.path;
-      HACKENS_ORGA_DB_FILE = "/var/lib/hackens-orga/db.sqlite3";
+      DEBUG = false;
+      ALLOWED_HOSTS = [ "hackens.org" ];
+      DATABASES = {
+        "default" = {
+          "ENGINE" = "django.db.backends.sqlite3";
+          "NAME" = "/var/lib/django-hackens-orga/db.sqlite3";
+        };
+      };
+    };
+    extraPackages = p: let pythoncas = (p.callPackage ./python-cas.nix { }); in [
+      (p.callPackage ./authens.nix { inherit pythoncas; })
+    ];
+    secrets = {
+      SECRET_KEY = config.age.secrets.django.path;
     };
   };
 }

machines/hackens-org/orga/mkAssets.nix

@@ -1,27 +0,0 @@
-{ pkgs, settings, source, app }:
-let
-  manage-py-file = "${source}/${app}/manage.py";
-  python = import ./python.nix { inherit pkgs; };
-  static-assets = pkgs.callPackage ./static-assets.nix { inherit python source app; envPrefix = "HACKENS_ORGA_"; };
-  mkEnv = settings: let # make env file to source before using manage.py and other commands
-    lib = pkgs.lib;
-    mkVarVal = v: let
-      isHasAttr = s: lib.isAttrs v && lib.hasAttr s v;
-    in
-    if builtins.isString v then v
-    else if builtins.isList v && lib.any lib.strings.isConvertibleWithToString v then (lib.concatMapStringsSep "," toString v)
-    else if builtins.isInt v then toString v
-    else if builtins.isBool v then toString (if v then 1 else 0)
-    else if isHasAttr "_file" then "$(cat ${v._file} | xargs)"
-    else if isHasAttr "_raw" then v._raw
-    else abort "The django conf value ${lib.generators.toPretty {} v} can not be encoded.";
-  in lib.concatStringsSep "\n" (lib.mapAttrsToList (k: v: "export ${k}=${mkVarVal v}") settings);
-  envFile = pkgs.writeScript "django-${app}-env.sh" (mkEnv settings);
-  managePy = pkgs.writeScript "manage-${app}" ''
-    source ${envFile}
-    ${python}/bin/python ${manage-py-file} $@
-  '';
-in
-{
-  inherit managePy static-assets envFile source python;
-}

machines/hackens-org/orga/module.nix

@@ -1,65 +0,0 @@
-{ pkgs, lib, config, ... }:
-let
-  app = "hackens_orga";
-  cfg = config.services.django.${app};
-  assets = cfg.assets;
-in
-{
-
-  options = {
-    services.django.${app} = {
-      enable = lib.mkEnableOption (lib.mdDoc "Enable django ${app}");
-      settings = lib.mkOption {
-        type = lib.types.submodule {
-          freeformType = with lib.types; attrsOf anything;
-          options = {
-            HACKENS_ORGA_STATIC_ROOT = lib.mkOption {
-              type = lib.types.path;
-              default = builtins.toString assets.static-assets;
-            };
-          };
-        };
-      };
-      assets = lib.mkOption {
-        type = lib.types.attrsOf lib.types.anything;
-        description = lib.mdDoc "Assets for django";
-      };
-      port = lib.mkOption {
-        type = lib.types.port;
-        default = 51666;
-      };
-      processes = lib.mkOption {
-        type = lib.types.int;
-        default = 2;
-      };
-      threads = lib.mkOption {
-        type = lib.types.int;
-        default = 2;
-      };
-    };
-  };
-  config = lib.mkIf cfg.enable {
-    systemd.services."django-${app}" = {
-      description = "${app} django service";
-      wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" ];
-      serviceConfig = {
-        User = "django-${app}";
-      };
-      script = ''
-        source ${assets.envFile}
-        ${assets.managePy} migrate
-        ${assets.python}/bin/gunicorn ${app}.wsgi \
-            --pythonpath ${assets.source}/${app} \
-            -b 127.0.0.1:${toString cfg.port} \
-            --workers=${toString cfg.processes} \
-            --threads=${toString cfg.threads}
-      '';
-    };
-    users.users."django-${app}" = {
-      isSystemUser = true;
-      group = "django-${app}";
-    };
-    users.groups."django-${app}" = {};
-  };
-}

machines/hackens-org/orga/python.nix

@@ -1,20 +0,0 @@
-{ pkgs ? import ../nix { }, debug ? false }:
-let
-  python = pkgs.python310.override {
-    packageOverrides = self: super: {
-      django = super.django_4;
-      authens = self.callPackage ./authens.nix { };
-      pythoncas = self.callPackage ./python-cas.nix { };
-    };
-  };
-in
-python.withPackages (ps: [
-  ps.django
-  ps.djangorestframework
-  ps.authens
-  ps.gunicorn
-] ++ pkgs.lib.optionals debug [
-  ps.django-debug-toolbar
-  ps.black
-  ps.isort
-])

machines/hackens-org/orga/shell.nix

@@ -1,6 +0,0 @@
-{ pkgs ? import ../nix { } }:
-pkgs.mkShell {
-  buildInputs = [
-    (import ./python.nix { inherit pkgs; debug = true; })
-  ];
-}

machines/hackens-org/orga/static-assets.nix

@@ -1,10 +0,0 @@
-{ pkgs, python, source, app, envPrefix ? ""}:
-pkgs.runCommand "django-static" { } ''
-  mkdir -p $out/static
-  export ${envPrefix}SECRET_KEY="collectstatic"
-  export ${envPrefix}STATIC_ROOT=$out/static
-  export ${envPrefix}DEBUG=0
-  export ${envPrefix}ALLOWED_HOSTS=
-  export ${envPrefix}DB_FILE=
-  ${python}/bin/python ${source}/${app}/manage.py collectstatic
-''

machines/hackens-org/secrets/default.nix

@@ -1,7 +1,6 @@
 { ... }: {
   age.secrets."django" = {
     file = ./django.age;
-    owner = "django-hackens_orga";
   };
   age.secrets."matterbridge-env" = {
     file = ./matterbridge-env.age;

meta.nix

@@ -2,13 +2,14 @@ let
   sources = import ./npins;
 
   agenix = sources.agenix + "/modules/age.nix";
+  djangonix = sources.djangonix + "/module.nix";
 
   metadata = {
     nodes = {
       hackens-milieu = {
         deployment = {
           targetHost = null; #"milieu.cave.hackens.org";
-          # targetPort = 4243;
+          #targetPort = 4243;
           allowLocalDeployment = true;
           tags = [ "desktop" ];
         };
@@ -24,9 +25,9 @@ let
         deployment = {
           targetHost = "10.10.10.1"; # todo make something with ens firewall
           tags = [ "server" ];
-          targetPort = 2222;
+          targetPort = 22;
         };
-        imports = [agenix];
+        imports = [agenix djangonix];
       };
 
     };

npins/sources.json

@@ -8,9 +8,9 @@
         "repo": "agenix"
       },
       "branch": "main",
-      "revision": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6",
-      "url": "https://github.com/ryantm/agenix/archive/8cb01a0e717311680e0cbca06a76cbceba6f3ed6.tar.gz",
-      "hash": "1ypp731d2h7i8fj5g2pdapwcrrk6ycxwzpvam045qxiajjdp01rw"
+      "revision": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
+      "url": "https://github.com/ryantm/agenix/archive/c2fc0762bbe8feb06a2e59a364fa81b3a57671c9.tar.gz",
+      "hash": "1lpkwinlax40b7xgzspbkm9rsi4a1x48hxhixnni4irxxwnav0ah"
     },
     "disko": {
       "type": "Git",
@@ -20,9 +20,20 @@
         "repo": "disko"
       },
       "branch": "master",
-      "revision": "502241afa3de2a24865ddcbe4c122f4546e32092",
-      "url": "https://github.com/nix-community/disko/archive/502241afa3de2a24865ddcbe4c122f4546e32092.tar.gz",
-      "hash": "0bm2x8zc81vnc4vcqwci0h9s21i8sw93mhsaznf0x70mhhg7j45w"
+      "revision": "1bbdb06f14e2621290b250e631cf3d8948e4d19b",
+      "url": "https://github.com/nix-community/disko/archive/1bbdb06f14e2621290b250e631cf3d8948e4d19b.tar.gz",
+      "hash": "15qbjnr8gfp0ybd4m0b6fn6bhwmdag1ybn5i217qjy55hrp8zhan"
+    },
+    "djangonix": {
+      "type": "Git",
+      "repository": {
+        "type": "Git",
+        "url": "https://git.dgnum.eu/mdebray/djangonix.git"
+      },
+      "branch": "master",
+      "revision": "5ea9469cc2169c0cd72ea2f5a05fc46f2ad39a9e",
+      "url": null,
+      "hash": "1wfmr1h2j5i9yrzgczj5gk9fxq26jg90840f9glazfwylki5mp3x"
     },
     "dns.nix": {
       "type": "GitRelease",
@@ -33,6 +44,7 @@
       },
       "pre_releases": false,
       "version_upper_bound": null,
+      "release_prefix": null,
       "version": "v1.1.2",
       "revision": "c7b9645da9c0ddce4f9de4ef27ec01bb8108039a",
       "url": "https://api.github.com/repos/kirelagin/dns.nix/tarball/v1.1.2",
@@ -46,9 +58,9 @@
         "repo": "nixpkgs"
       },
       "branch": "nixos-unstable",
-      "revision": "2726f127c15a4cc9810843b96cad73c7eb39e443",
-      "url": "https://github.com/NixOS/nixpkgs/archive/2726f127c15a4cc9810843b96cad73c7eb39e443.tar.gz",
-      "hash": "0109bpmax6nbfs2mpfw2axvk47lbvksgx3d0izrjjhw7fn41i9sh"
+      "revision": "051f920625ab5aabe37c920346e3e69d7d34400e",
+      "url": "https://github.com/NixOS/nixpkgs/archive/051f920625ab5aabe37c920346e3e69d7d34400e.tar.gz",
+      "hash": "08lin51g5x2vv89rs6vmqxnyy8pfysh0wdp6mdxw6l86dpm2rbg2"
     }
   },
   "version": 3