diff --git a/machines/hackens-org/orga/default.nix b/machines/hackens-org/orga/default.nix index b273810..25c53c7 100644 --- a/machines/hackens-org/orga/default.nix +++ b/machines/hackens-org/orga/default.nix @@ -1,22 +1,17 @@ { pkgs, lib, config, ... }: let - assets = import ./mkAssets.nix { - inherit pkgs; - app = "hackens_orga"; - settings = config.services.django.hackens_orga.settings; - source = pkgs.fetchgit { + src = pkgs.fetchgit { url = "https://git.rz.ens.wtf/HackENS/hackens-orga.git"; - rev = "75fe83a41f"; - hash = "sha256-cfUjSfZrsMpGRO3HOWOk6zdc9+e+ZaJLiJQ5OpIKxos="; + rev = "HEAD"; + hash = "sha256-BiOKGeDPVp7EV/q4S9Zc54jUeBTpfOs5e/MsCPGAk/I="; }; - }; in { imports = [ - ./module.nix ]; services.nginx = { enable = true; + recommendedProxySettings = true; virtualHosts."hackens.org" = { locations = { "/orga" = { @@ -25,18 +20,29 @@ in proxy_set_header SCRIPT_NAME /orga; ''; }; - "/static".root = assets.static-assets; + "/static".root = config.services.django.hackens-orga.staticAssets; }; }; }; - services.django.hackens_orga = { + services.django.hackens-orga = { + inherit src; enable = true; - assets = assets; + mainModule = "hackens_orga"; settings = { - HACKENS_ORGA_DEBUG = "0"; - HACKENS_ORGA_ALLOWED_HOSTS = [ "hackens.org" ]; - HACKENS_ORGA_SECRET_KEY._file = config.age.secrets.django.path; - HACKENS_ORGA_DB_FILE = "/var/lib/hackens-orga/db.sqlite3"; + DEBUG = false; + ALLOWED_HOSTS = [ "hackens.org" ]; + DATABASES = { + "default" = { + "ENGINE" = "django.db.backends.sqlite3"; + "NAME" = "/var/lib/django-hackens-orga/db.sqlite3"; + }; + }; + }; + extraPackages = p: let pythoncas = (p.callPackage ./python-cas.nix { }); in [ + (p.callPackage ./authens.nix { inherit pythoncas; }) + ]; + secrets = { + SECRET_KEY = config.age.secrets.django.path; }; }; } diff --git a/machines/hackens-org/orga/mkAssets.nix b/machines/hackens-org/orga/mkAssets.nix deleted file mode 100644 index 3c3b85c..0000000 --- a/machines/hackens-org/orga/mkAssets.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ pkgs, settings, source, app }: -let - manage-py-file = "${source}/${app}/manage.py"; - python = import ./python.nix { inherit pkgs; }; - static-assets = pkgs.callPackage ./static-assets.nix { inherit python source app; envPrefix = "HACKENS_ORGA_"; }; - mkEnv = settings: let # make env file to source before using manage.py and other commands - lib = pkgs.lib; - mkVarVal = v: let - isHasAttr = s: lib.isAttrs v && lib.hasAttr s v; - in - if builtins.isString v then v - else if builtins.isList v && lib.any lib.strings.isConvertibleWithToString v then (lib.concatMapStringsSep "," toString v) - else if builtins.isInt v then toString v - else if builtins.isBool v then toString (if v then 1 else 0) - else if isHasAttr "_file" then "$(cat ${v._file} | xargs)" - else if isHasAttr "_raw" then v._raw - else abort "The django conf value ${lib.generators.toPretty {} v} can not be encoded."; - in lib.concatStringsSep "\n" (lib.mapAttrsToList (k: v: "export ${k}=${mkVarVal v}") settings); - envFile = pkgs.writeScript "django-${app}-env.sh" (mkEnv settings); - managePy = pkgs.writeScript "manage-${app}" '' - source ${envFile} - ${python}/bin/python ${manage-py-file} $@ - ''; -in -{ - inherit managePy static-assets envFile source python; -} diff --git a/machines/hackens-org/orga/module.nix b/machines/hackens-org/orga/module.nix deleted file mode 100644 index 9f32a2e..0000000 --- a/machines/hackens-org/orga/module.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ pkgs, lib, config, ... }: -let - app = "hackens_orga"; - cfg = config.services.django.${app}; - assets = cfg.assets; -in -{ - - options = { - services.django.${app} = { - enable = lib.mkEnableOption (lib.mdDoc "Enable django ${app}"); - settings = lib.mkOption { - type = lib.types.submodule { - freeformType = with lib.types; attrsOf anything; - options = { - HACKENS_ORGA_STATIC_ROOT = lib.mkOption { - type = lib.types.path; - default = builtins.toString assets.static-assets; - }; - }; - }; - }; - assets = lib.mkOption { - type = lib.types.attrsOf lib.types.anything; - description = lib.mdDoc "Assets for django"; - }; - port = lib.mkOption { - type = lib.types.port; - default = 51666; - }; - processes = lib.mkOption { - type = lib.types.int; - default = 2; - }; - threads = lib.mkOption { - type = lib.types.int; - default = 2; - }; - }; - }; - config = lib.mkIf cfg.enable { - systemd.services."django-${app}" = { - description = "${app} django service"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - serviceConfig = { - User = "django-${app}"; - }; - script = '' - source ${assets.envFile} - ${assets.managePy} migrate - ${assets.python}/bin/gunicorn ${app}.wsgi \ - --pythonpath ${assets.source}/${app} \ - -b 127.0.0.1:${toString cfg.port} \ - --workers=${toString cfg.processes} \ - --threads=${toString cfg.threads} - ''; - }; - users.users."django-${app}" = { - isSystemUser = true; - group = "django-${app}"; - }; - users.groups."django-${app}" = {}; - }; -} diff --git a/machines/hackens-org/orga/python.nix b/machines/hackens-org/orga/python.nix deleted file mode 100644 index dc77ffc..0000000 --- a/machines/hackens-org/orga/python.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs ? import ../nix { }, debug ? false }: -let - python = pkgs.python310.override { - packageOverrides = self: super: { - django = super.django_4; - authens = self.callPackage ./authens.nix { }; - pythoncas = self.callPackage ./python-cas.nix { }; - }; - }; -in -python.withPackages (ps: [ - ps.django - ps.djangorestframework - ps.authens - ps.gunicorn -] ++ pkgs.lib.optionals debug [ - ps.django-debug-toolbar - ps.black - ps.isort -]) diff --git a/machines/hackens-org/orga/shell.nix b/machines/hackens-org/orga/shell.nix deleted file mode 100644 index 69ca0e9..0000000 --- a/machines/hackens-org/orga/shell.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ pkgs ? import ../nix { } }: -pkgs.mkShell { - buildInputs = [ - (import ./python.nix { inherit pkgs; debug = true; }) - ]; -} diff --git a/machines/hackens-org/orga/static-assets.nix b/machines/hackens-org/orga/static-assets.nix deleted file mode 100644 index 4c4e128..0000000 --- a/machines/hackens-org/orga/static-assets.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, python, source, app, envPrefix ? ""}: -pkgs.runCommand "django-static" { } '' - mkdir -p $out/static - export ${envPrefix}SECRET_KEY="collectstatic" - export ${envPrefix}STATIC_ROOT=$out/static - export ${envPrefix}DEBUG=0 - export ${envPrefix}ALLOWED_HOSTS= - export ${envPrefix}DB_FILE= - ${python}/bin/python ${source}/${app}/manage.py collectstatic -'' diff --git a/machines/hackens-org/secrets/default.nix b/machines/hackens-org/secrets/default.nix index 77f1e27..c5a3822 100644 --- a/machines/hackens-org/secrets/default.nix +++ b/machines/hackens-org/secrets/default.nix @@ -1,7 +1,6 @@ { ... }: { age.secrets."django" = { file = ./django.age; - owner = "django-hackens_orga"; }; age.secrets."matterbridge-env" = { file = ./matterbridge-env.age; diff --git a/machines/hackens-org/secrets/django.age b/machines/hackens-org/secrets/django.age index a5b4e5d..50830db 100644 Binary files a/machines/hackens-org/secrets/django.age and b/machines/hackens-org/secrets/django.age differ diff --git a/meta.nix b/meta.nix index 79dc429..1678889 100644 --- a/meta.nix +++ b/meta.nix @@ -2,13 +2,14 @@ let sources = import ./npins; agenix = sources.agenix + "/modules/age.nix"; + djangonix = sources.djangonix + "/module.nix"; metadata = { nodes = { hackens-milieu = { deployment = { targetHost = null; #"milieu.cave.hackens.org"; - # targetPort = 4243; + #targetPort = 4243; allowLocalDeployment = true; tags = [ "desktop" ]; }; @@ -24,9 +25,9 @@ let deployment = { targetHost = "10.10.10.1"; # todo make something with ens firewall tags = [ "server" ]; - targetPort = 2222; + targetPort = 22; }; - imports = [agenix]; + imports = [agenix djangonix]; }; }; diff --git a/npins/sources.json b/npins/sources.json index 5448ba9..9fe63ab 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -8,9 +8,9 @@ "repo": "agenix" }, "branch": "main", - "revision": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", - "url": "https://github.com/ryantm/agenix/archive/8cb01a0e717311680e0cbca06a76cbceba6f3ed6.tar.gz", - "hash": "1ypp731d2h7i8fj5g2pdapwcrrk6ycxwzpvam045qxiajjdp01rw" + "revision": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9", + "url": "https://github.com/ryantm/agenix/archive/c2fc0762bbe8feb06a2e59a364fa81b3a57671c9.tar.gz", + "hash": "1lpkwinlax40b7xgzspbkm9rsi4a1x48hxhixnni4irxxwnav0ah" }, "disko": { "type": "Git", @@ -20,9 +20,20 @@ "repo": "disko" }, "branch": "master", - "revision": "502241afa3de2a24865ddcbe4c122f4546e32092", - "url": "https://github.com/nix-community/disko/archive/502241afa3de2a24865ddcbe4c122f4546e32092.tar.gz", - "hash": "0bm2x8zc81vnc4vcqwci0h9s21i8sw93mhsaznf0x70mhhg7j45w" + "revision": "1bbdb06f14e2621290b250e631cf3d8948e4d19b", + "url": "https://github.com/nix-community/disko/archive/1bbdb06f14e2621290b250e631cf3d8948e4d19b.tar.gz", + "hash": "15qbjnr8gfp0ybd4m0b6fn6bhwmdag1ybn5i217qjy55hrp8zhan" + }, + "djangonix": { + "type": "Git", + "repository": { + "type": "Git", + "url": "https://git.dgnum.eu/mdebray/djangonix.git" + }, + "branch": "master", + "revision": "5ea9469cc2169c0cd72ea2f5a05fc46f2ad39a9e", + "url": null, + "hash": "1wfmr1h2j5i9yrzgczj5gk9fxq26jg90840f9glazfwylki5mp3x" }, "dns.nix": { "type": "GitRelease", @@ -33,6 +44,7 @@ }, "pre_releases": false, "version_upper_bound": null, + "release_prefix": null, "version": "v1.1.2", "revision": "c7b9645da9c0ddce4f9de4ef27ec01bb8108039a", "url": "https://api.github.com/repos/kirelagin/dns.nix/tarball/v1.1.2", @@ -46,9 +58,9 @@ "repo": "nixpkgs" }, "branch": "nixos-unstable", - "revision": "2726f127c15a4cc9810843b96cad73c7eb39e443", - "url": "https://github.com/NixOS/nixpkgs/archive/2726f127c15a4cc9810843b96cad73c7eb39e443.tar.gz", - "hash": "0109bpmax6nbfs2mpfw2axvk47lbvksgx3d0izrjjhw7fn41i9sh" + "revision": "051f920625ab5aabe37c920346e3e69d7d34400e", + "url": "https://github.com/NixOS/nixpkgs/archive/051f920625ab5aabe37c920346e3e69d7d34400e.tar.gz", + "hash": "08lin51g5x2vv89rs6vmqxnyy8pfysh0wdp6mdxw6l86dpm2rbg2" } }, "version": 3