From 0054c74806eb59f450378b112bd64d802435e3fa Mon Sep 17 00:00:00 2001 From: sinavir Date: Tue, 11 Jun 2024 14:41:49 +0200 Subject: [PATCH] org: orga v2 --- machines/hackens-org/orga/default.nix | 38 +++++++----- machines/hackens-org/orga/mkAssets.nix | 27 -------- machines/hackens-org/orga/module.nix | 65 -------------------- machines/hackens-org/orga/python.nix | 20 ------ machines/hackens-org/orga/shell.nix | 6 -- machines/hackens-org/orga/static-assets.nix | 10 --- machines/hackens-org/secrets/default.nix | 1 - machines/hackens-org/secrets/django.age | Bin 1654 -> 1509 bytes meta.nix | 7 ++- npins/sources.json | 30 ++++++--- 10 files changed, 47 insertions(+), 157 deletions(-) delete mode 100644 machines/hackens-org/orga/mkAssets.nix delete mode 100644 machines/hackens-org/orga/module.nix delete mode 100644 machines/hackens-org/orga/python.nix delete mode 100644 machines/hackens-org/orga/shell.nix delete mode 100644 machines/hackens-org/orga/static-assets.nix diff --git a/machines/hackens-org/orga/default.nix b/machines/hackens-org/orga/default.nix index b273810..25c53c7 100644 --- a/machines/hackens-org/orga/default.nix +++ b/machines/hackens-org/orga/default.nix @@ -1,22 +1,17 @@ { pkgs, lib, config, ... }: let - assets = import ./mkAssets.nix { - inherit pkgs; - app = "hackens_orga"; - settings = config.services.django.hackens_orga.settings; - source = pkgs.fetchgit { + src = pkgs.fetchgit { url = "https://git.rz.ens.wtf/HackENS/hackens-orga.git"; - rev = "75fe83a41f"; - hash = "sha256-cfUjSfZrsMpGRO3HOWOk6zdc9+e+ZaJLiJQ5OpIKxos="; + rev = "HEAD"; + hash = "sha256-BiOKGeDPVp7EV/q4S9Zc54jUeBTpfOs5e/MsCPGAk/I="; }; - }; in { imports = [ - ./module.nix ]; services.nginx = { enable = true; + recommendedProxySettings = true; virtualHosts."hackens.org" = { locations = { "/orga" = { @@ -25,18 +20,29 @@ in proxy_set_header SCRIPT_NAME /orga; ''; }; - "/static".root = assets.static-assets; + "/static".root = config.services.django.hackens-orga.staticAssets; }; }; }; - services.django.hackens_orga = { + services.django.hackens-orga = { + inherit src; enable = true; - assets = assets; + mainModule = "hackens_orga"; settings = { - HACKENS_ORGA_DEBUG = "0"; - HACKENS_ORGA_ALLOWED_HOSTS = [ "hackens.org" ]; - HACKENS_ORGA_SECRET_KEY._file = config.age.secrets.django.path; - HACKENS_ORGA_DB_FILE = "/var/lib/hackens-orga/db.sqlite3"; + DEBUG = false; + ALLOWED_HOSTS = [ "hackens.org" ]; + DATABASES = { + "default" = { + "ENGINE" = "django.db.backends.sqlite3"; + "NAME" = "/var/lib/django-hackens-orga/db.sqlite3"; + }; + }; + }; + extraPackages = p: let pythoncas = (p.callPackage ./python-cas.nix { }); in [ + (p.callPackage ./authens.nix { inherit pythoncas; }) + ]; + secrets = { + SECRET_KEY = config.age.secrets.django.path; }; }; } diff --git a/machines/hackens-org/orga/mkAssets.nix b/machines/hackens-org/orga/mkAssets.nix deleted file mode 100644 index 3c3b85c..0000000 --- a/machines/hackens-org/orga/mkAssets.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ pkgs, settings, source, app }: -let - manage-py-file = "${source}/${app}/manage.py"; - python = import ./python.nix { inherit pkgs; }; - static-assets = pkgs.callPackage ./static-assets.nix { inherit python source app; envPrefix = "HACKENS_ORGA_"; }; - mkEnv = settings: let # make env file to source before using manage.py and other commands - lib = pkgs.lib; - mkVarVal = v: let - isHasAttr = s: lib.isAttrs v && lib.hasAttr s v; - in - if builtins.isString v then v - else if builtins.isList v && lib.any lib.strings.isConvertibleWithToString v then (lib.concatMapStringsSep "," toString v) - else if builtins.isInt v then toString v - else if builtins.isBool v then toString (if v then 1 else 0) - else if isHasAttr "_file" then "$(cat ${v._file} | xargs)" - else if isHasAttr "_raw" then v._raw - else abort "The django conf value ${lib.generators.toPretty {} v} can not be encoded."; - in lib.concatStringsSep "\n" (lib.mapAttrsToList (k: v: "export ${k}=${mkVarVal v}") settings); - envFile = pkgs.writeScript "django-${app}-env.sh" (mkEnv settings); - managePy = pkgs.writeScript "manage-${app}" '' - source ${envFile} - ${python}/bin/python ${manage-py-file} $@ - ''; -in -{ - inherit managePy static-assets envFile source python; -} diff --git a/machines/hackens-org/orga/module.nix b/machines/hackens-org/orga/module.nix deleted file mode 100644 index 9f32a2e..0000000 --- a/machines/hackens-org/orga/module.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ pkgs, lib, config, ... }: -let - app = "hackens_orga"; - cfg = config.services.django.${app}; - assets = cfg.assets; -in -{ - - options = { - services.django.${app} = { - enable = lib.mkEnableOption (lib.mdDoc "Enable django ${app}"); - settings = lib.mkOption { - type = lib.types.submodule { - freeformType = with lib.types; attrsOf anything; - options = { - HACKENS_ORGA_STATIC_ROOT = lib.mkOption { - type = lib.types.path; - default = builtins.toString assets.static-assets; - }; - }; - }; - }; - assets = lib.mkOption { - type = lib.types.attrsOf lib.types.anything; - description = lib.mdDoc "Assets for django"; - }; - port = lib.mkOption { - type = lib.types.port; - default = 51666; - }; - processes = lib.mkOption { - type = lib.types.int; - default = 2; - }; - threads = lib.mkOption { - type = lib.types.int; - default = 2; - }; - }; - }; - config = lib.mkIf cfg.enable { - systemd.services."django-${app}" = { - description = "${app} django service"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - serviceConfig = { - User = "django-${app}"; - }; - script = '' - source ${assets.envFile} - ${assets.managePy} migrate - ${assets.python}/bin/gunicorn ${app}.wsgi \ - --pythonpath ${assets.source}/${app} \ - -b 127.0.0.1:${toString cfg.port} \ - --workers=${toString cfg.processes} \ - --threads=${toString cfg.threads} - ''; - }; - users.users."django-${app}" = { - isSystemUser = true; - group = "django-${app}"; - }; - users.groups."django-${app}" = {}; - }; -} diff --git a/machines/hackens-org/orga/python.nix b/machines/hackens-org/orga/python.nix deleted file mode 100644 index dc77ffc..0000000 --- a/machines/hackens-org/orga/python.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs ? import ../nix { }, debug ? false }: -let - python = pkgs.python310.override { - packageOverrides = self: super: { - django = super.django_4; - authens = self.callPackage ./authens.nix { }; - pythoncas = self.callPackage ./python-cas.nix { }; - }; - }; -in -python.withPackages (ps: [ - ps.django - ps.djangorestframework - ps.authens - ps.gunicorn -] ++ pkgs.lib.optionals debug [ - ps.django-debug-toolbar - ps.black - ps.isort -]) diff --git a/machines/hackens-org/orga/shell.nix b/machines/hackens-org/orga/shell.nix deleted file mode 100644 index 69ca0e9..0000000 --- a/machines/hackens-org/orga/shell.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ pkgs ? import ../nix { } }: -pkgs.mkShell { - buildInputs = [ - (import ./python.nix { inherit pkgs; debug = true; }) - ]; -} diff --git a/machines/hackens-org/orga/static-assets.nix b/machines/hackens-org/orga/static-assets.nix deleted file mode 100644 index 4c4e128..0000000 --- a/machines/hackens-org/orga/static-assets.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, python, source, app, envPrefix ? ""}: -pkgs.runCommand "django-static" { } '' - mkdir -p $out/static - export ${envPrefix}SECRET_KEY="collectstatic" - export ${envPrefix}STATIC_ROOT=$out/static - export ${envPrefix}DEBUG=0 - export ${envPrefix}ALLOWED_HOSTS= - export ${envPrefix}DB_FILE= - ${python}/bin/python ${source}/${app}/manage.py collectstatic -'' diff --git a/machines/hackens-org/secrets/default.nix b/machines/hackens-org/secrets/default.nix index 77f1e27..c5a3822 100644 --- a/machines/hackens-org/secrets/default.nix +++ b/machines/hackens-org/secrets/default.nix @@ -1,7 +1,6 @@ { ... }: { age.secrets."django" = { file = ./django.age; - owner = "django-hackens_orga"; }; age.secrets."matterbridge-env" = { file = ./matterbridge-env.age; diff --git a/machines/hackens-org/secrets/django.age b/machines/hackens-org/secrets/django.age index a5b4e5daa2d7ad4bf63fa33a45fee480621a8b93..50830db67e57a16ca2e453510788dcc805cb8be9 100644 GIT binary patch literal 1509 zcmZY9x$FFR9R~0|EUdeoHV%tu5x-6*$>eAjlgTl;^T}j#SxquIJ~PSWoLsCHg1XHX zg0Oh7{la#NuyzY}79utZg0O|1jg3~~Hb0B~{RJ<0KhN{NHFd(z2f`*j@_v8Oq=;8wNddD9{FVwE|8r0Hnc~6bQf3=XIZ7Ejn>ZJo>QVQg_kO&A*$dl^8h2n~4m81y-jDo_6 z56PD`x`^&rz9A*Is8YYvx6ut?S2BX4Z_ zvd1mMU~K4}DFYuR^Krk-4}!Fv^5J!ubtRWomZu{?@(EG`6`Zxs!^N03&c~->i}#^E zG8N$xK5ITJ<)&SzIhCoqC5}8@wrN!7!mf^ve1+^m-a@X`P|nYMC7WJv+;q1gE$ZJ*Ab< zPb(9yIz23CyR!<#y;Vb+7YcXUTL%gejMX3J@EVpLI^2&#nL6|7|JQ!i+wC}k1Z*O^ zNYQ;YLI)Roa>SUXzb4A;dxnU`f#R_SED4AAuqi~A>pV*yuA3m{(e^xxo$U+Q9hB3= zc;d1L$8BN_X1a}E>n-N6w9ReoqJZJUdiY*h(|D1sP-@UJ*!l;lAPvQe zq;cI6#@Ah|W-;2UGE?(mDfBuU2?{vjLb}lF*1?l?eN9V7m*3}`9%n9`t*b|TATNtn z&~__LbrxhIbjuDp32R&}etVejJ#y%xr!tE-U#VeV<1&BDI>tH5o0yu{Fz&kM~cEnP{}6}^}}mLrZe-y$lMb4xs3 z?%6}83R*tSYdCrjzR-q7v_Xs!E25a;H#4-o8k z)0}UFnxr(q&)uO)tn_l|yPk!|0AO8HmZ@$_8^1W{q-}}lB{`!aCn}7P~yW-z_{`0qg z{rR^)`_|t+`ToDY{>HmM)qXMl6aMD*{NDmm(7ey}a7> zefAPZH~<*4llXuuB=D0SlWy|*j3Xd!T#!WE{Nxg;H#*CqJnPuDYl1}OeMj3v*paQd^bNtd*X^Cb1?{ zNgPKRmnr?(ATt5Umkqn1Jyg1_AZ6rYSOr-g6oQ_rw!>>B68a(^B7j^@W*ze@L%DCK z(V6!^(;XwZnKRSR(;cjQH;Ey9p9;}>UM&S~^jbj7BONqoS(hXfO!y=`4}%ogu#X0j z7GAo%>s_E@IqSv-rgmrZc^@BD{U)vJ{oSLpkBR|37A$^}Z7RR!xPnT(0h_-1RIxFti97>7zJpu0C1Qpu0R?huU_9Qo#x56%$m<40XwOzcK zRx*jygSvDhrNR@LP*FAfQqk{ zi>A`CtRpkgpL>RE;xZYtLQGkPsW3<>=Zf>a6qE7zNFdP$`@IZ^?jFM|oVlSu#avsR z3!RDaBK4$WI9#+tcQzs=ibF|&x^uvUWDW;sM=p@kI**8bddDPWnvKxdQR8r-#6ga5 zrK8D5(yr5qzA6;8&qI%A$oY7bf~FA4=K<39y{Y640h{^tuxCxs^h|l)hb6KM#Phbz zk=3*t66DtWX4^Mkf?gT=a@Yl%dfU=RW^~7S-EstJ$<>cUlT;IVu^WzV_*7g?*XC5n zHAOLO&ofVnNqOOX^rE$taFS^6&IwFkk3>cz8tcpYJKl!VjRonhLIY*>RDf{Ijh46? zmtmh$_S{6o#E9uuQ73Z87sSQ1AlJ3qZlzMYm=r!=c!9YqNlqNF={3n^Kg_BrHWTa7T8QqSW2DT38-PGg zXu8Fl)!L{H(@uMcuajXZ^A+om5IEFk+QMNS)hT;)CC-<2DHO#cvcdLv#}Wr%^OEiq zR=Hlr>Du8ai}(}gIe3Zr*WlQ@VPG+nq+RoiYNh^WK{$IcU?;(f?RHe2jKaHjaUj?N zsAzc&hdaouT4b?ft^R+v=q2r9zmIqKwsUt?x5K{tP4gSy`H}%inm9_9<8ekk^A7Gy zjYLw`bOf=I;ymoNx6sGI>zmue5*f}Zt48af9_zxPs@7>+$mu>iH0 zC#CsgLs8S5O~9kNK<6rlV-8Jj@at$oFE1~W`p&wGe{?})|{o4<|`mHa#`up#``$g@SpAG+Mf922L4?p_v&p!UihhP82 zAEyWZt3Q4G;om;_-t;N_FT~H8_ul{9k2LW9UqAW7kALv$Hy{1`ANmKsfA7=!e?I?H H*