From 0054c74806eb59f450378b112bd64d802435e3fa Mon Sep 17 00:00:00 2001 From: sinavir Date: Tue, 11 Jun 2024 14:41:49 +0200 Subject: [PATCH] org: orga v2 --- machines/hackens-org/orga/default.nix | 38 +++++++----- machines/hackens-org/orga/mkAssets.nix | 27 -------- machines/hackens-org/orga/module.nix | 65 -------------------- machines/hackens-org/orga/python.nix | 20 ------ machines/hackens-org/orga/shell.nix | 6 -- machines/hackens-org/orga/static-assets.nix | 10 --- machines/hackens-org/secrets/default.nix | 1 - machines/hackens-org/secrets/django.age | Bin 1654 -> 1509 bytes meta.nix | 7 ++- npins/sources.json | 30 ++++++--- 10 files changed, 47 insertions(+), 157 deletions(-) delete mode 100644 machines/hackens-org/orga/mkAssets.nix delete mode 100644 machines/hackens-org/orga/module.nix delete mode 100644 machines/hackens-org/orga/python.nix delete mode 100644 machines/hackens-org/orga/shell.nix delete mode 100644 machines/hackens-org/orga/static-assets.nix diff --git a/machines/hackens-org/orga/default.nix b/machines/hackens-org/orga/default.nix index b273810..25c53c7 100644 --- a/machines/hackens-org/orga/default.nix +++ b/machines/hackens-org/orga/default.nix @@ -1,22 +1,17 @@ { pkgs, lib, config, ... }: let - assets = import ./mkAssets.nix { - inherit pkgs; - app = "hackens_orga"; - settings = config.services.django.hackens_orga.settings; - source = pkgs.fetchgit { + src = pkgs.fetchgit { url = "https://git.rz.ens.wtf/HackENS/hackens-orga.git"; - rev = "75fe83a41f"; - hash = "sha256-cfUjSfZrsMpGRO3HOWOk6zdc9+e+ZaJLiJQ5OpIKxos="; + rev = "HEAD"; + hash = "sha256-BiOKGeDPVp7EV/q4S9Zc54jUeBTpfOs5e/MsCPGAk/I="; }; - }; in { imports = [ - ./module.nix ]; services.nginx = { enable = true; + recommendedProxySettings = true; virtualHosts."hackens.org" = { locations = { "/orga" = { @@ -25,18 +20,29 @@ in proxy_set_header SCRIPT_NAME /orga; ''; }; - "/static".root = assets.static-assets; + "/static".root = config.services.django.hackens-orga.staticAssets; }; }; }; - services.django.hackens_orga = { + services.django.hackens-orga = { + inherit src; enable = true; - assets = assets; + mainModule = "hackens_orga"; settings = { - HACKENS_ORGA_DEBUG = "0"; - HACKENS_ORGA_ALLOWED_HOSTS = [ "hackens.org" ]; - HACKENS_ORGA_SECRET_KEY._file = config.age.secrets.django.path; - HACKENS_ORGA_DB_FILE = "/var/lib/hackens-orga/db.sqlite3"; + DEBUG = false; + ALLOWED_HOSTS = [ "hackens.org" ]; + DATABASES = { + "default" = { + "ENGINE" = "django.db.backends.sqlite3"; + "NAME" = "/var/lib/django-hackens-orga/db.sqlite3"; + }; + }; + }; + extraPackages = p: let pythoncas = (p.callPackage ./python-cas.nix { }); in [ + (p.callPackage ./authens.nix { inherit pythoncas; }) + ]; + secrets = { + SECRET_KEY = config.age.secrets.django.path; }; }; } diff --git a/machines/hackens-org/orga/mkAssets.nix b/machines/hackens-org/orga/mkAssets.nix deleted file mode 100644 index 3c3b85c..0000000 --- a/machines/hackens-org/orga/mkAssets.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ pkgs, settings, source, app }: -let - manage-py-file = "${source}/${app}/manage.py"; - python = import ./python.nix { inherit pkgs; }; - static-assets = pkgs.callPackage ./static-assets.nix { inherit python source app; envPrefix = "HACKENS_ORGA_"; }; - mkEnv = settings: let # make env file to source before using manage.py and other commands - lib = pkgs.lib; - mkVarVal = v: let - isHasAttr = s: lib.isAttrs v && lib.hasAttr s v; - in - if builtins.isString v then v - else if builtins.isList v && lib.any lib.strings.isConvertibleWithToString v then (lib.concatMapStringsSep "," toString v) - else if builtins.isInt v then toString v - else if builtins.isBool v then toString (if v then 1 else 0) - else if isHasAttr "_file" then "$(cat ${v._file} | xargs)" - else if isHasAttr "_raw" then v._raw - else abort "The django conf value ${lib.generators.toPretty {} v} can not be encoded."; - in lib.concatStringsSep "\n" (lib.mapAttrsToList (k: v: "export ${k}=${mkVarVal v}") settings); - envFile = pkgs.writeScript "django-${app}-env.sh" (mkEnv settings); - managePy = pkgs.writeScript "manage-${app}" '' - source ${envFile} - ${python}/bin/python ${manage-py-file} $@ - ''; -in -{ - inherit managePy static-assets envFile source python; -} diff --git a/machines/hackens-org/orga/module.nix b/machines/hackens-org/orga/module.nix deleted file mode 100644 index 9f32a2e..0000000 --- a/machines/hackens-org/orga/module.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ pkgs, lib, config, ... }: -let - app = "hackens_orga"; - cfg = config.services.django.${app}; - assets = cfg.assets; -in -{ - - options = { - services.django.${app} = { - enable = lib.mkEnableOption (lib.mdDoc "Enable django ${app}"); - settings = lib.mkOption { - type = lib.types.submodule { - freeformType = with lib.types; attrsOf anything; - options = { - HACKENS_ORGA_STATIC_ROOT = lib.mkOption { - type = lib.types.path; - default = builtins.toString assets.static-assets; - }; - }; - }; - }; - assets = lib.mkOption { - type = lib.types.attrsOf lib.types.anything; - description = lib.mdDoc "Assets for django"; - }; - port = lib.mkOption { - type = lib.types.port; - default = 51666; - }; - processes = lib.mkOption { - type = lib.types.int; - default = 2; - }; - threads = lib.mkOption { - type = lib.types.int; - default = 2; - }; - }; - }; - config = lib.mkIf cfg.enable { - systemd.services."django-${app}" = { - description = "${app} django service"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - serviceConfig = { - User = "django-${app}"; - }; - script = '' - source ${assets.envFile} - ${assets.managePy} migrate - ${assets.python}/bin/gunicorn ${app}.wsgi \ - --pythonpath ${assets.source}/${app} \ - -b 127.0.0.1:${toString cfg.port} \ - --workers=${toString cfg.processes} \ - --threads=${toString cfg.threads} - ''; - }; - users.users."django-${app}" = { - isSystemUser = true; - group = "django-${app}"; - }; - users.groups."django-${app}" = {}; - }; -} diff --git a/machines/hackens-org/orga/python.nix b/machines/hackens-org/orga/python.nix deleted file mode 100644 index dc77ffc..0000000 --- a/machines/hackens-org/orga/python.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs ? import ../nix { }, debug ? false }: -let - python = pkgs.python310.override { - packageOverrides = self: super: { - django = super.django_4; - authens = self.callPackage ./authens.nix { }; - pythoncas = self.callPackage ./python-cas.nix { }; - }; - }; -in -python.withPackages (ps: [ - ps.django - ps.djangorestframework - ps.authens - ps.gunicorn -] ++ pkgs.lib.optionals debug [ - ps.django-debug-toolbar - ps.black - ps.isort -]) diff --git a/machines/hackens-org/orga/shell.nix b/machines/hackens-org/orga/shell.nix deleted file mode 100644 index 69ca0e9..0000000 --- a/machines/hackens-org/orga/shell.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ pkgs ? import ../nix { } }: -pkgs.mkShell { - buildInputs = [ - (import ./python.nix { inherit pkgs; debug = true; }) - ]; -} diff --git a/machines/hackens-org/orga/static-assets.nix b/machines/hackens-org/orga/static-assets.nix deleted file mode 100644 index 4c4e128..0000000 --- a/machines/hackens-org/orga/static-assets.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, python, source, app, envPrefix ? ""}: -pkgs.runCommand "django-static" { } '' - mkdir -p $out/static - export ${envPrefix}SECRET_KEY="collectstatic" - export ${envPrefix}STATIC_ROOT=$out/static - export ${envPrefix}DEBUG=0 - export ${envPrefix}ALLOWED_HOSTS= - export ${envPrefix}DB_FILE= - ${python}/bin/python ${source}/${app}/manage.py collectstatic -'' diff --git a/machines/hackens-org/secrets/default.nix b/machines/hackens-org/secrets/default.nix index 77f1e27..c5a3822 100644 --- a/machines/hackens-org/secrets/default.nix +++ b/machines/hackens-org/secrets/default.nix @@ -1,7 +1,6 @@ { ... }: { age.secrets."django" = { file = ./django.age; - owner = "django-hackens_orga"; }; age.secrets."matterbridge-env" = { file = ./matterbridge-env.age; diff --git a/machines/hackens-org/secrets/django.age b/machines/hackens-org/secrets/django.age index a5b4e5daa2d7ad4bf63fa33a45fee480621a8b93..50830db67e57a16ca2e453510788dcc805cb8be9 100644 GIT binary patch literal 1509 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUla<4G=OIJt@&~^=u z^l+*ycS+1Nsc#}IaEuCcNed4!D0d7A z49+j}3CnZ~^Ura#^ba=ojc~UJ%=R`;^T{wwFGja5J0d^HJ5a&P%*VpTr6ADB*QLa- zGSbP?I55buEHlHc!Y8OO#Kb4pw;(mk*TugqGm^{9**Le-(JZ9WG0fGdFw;1~ILswI zIoH`S(zQxEE!WN4#W*u6A|oitIT_tH^Ngr$gLDNGw~&n7)bJu7{iv)!gA|jfOxJL~ zocwU-K<~`Js^nC6(<*1fLbu?8uyQVsB8y@-L#HTx*9@m*qe2spOvj1{{m|l2KUXu$ zd}Ch&^Ca(*TbK7m}7CQccK#mQwAr7k{+f#yZ&x!y&_d4c5t zW%?Et29}Xwp=Q2DWo~|X*@+c-#wGzlIeB442L34~l~wNUE)SbE@ly--bG|_BW)-RKX4(F(WlrWfg{e{b=`M!(Q65gY zT&98Pg_(|p-rA1gY2luEkzSsOPMJPsIfX`9mPO{i-j3NN?iIlbB~>mKZd^t=mPV23DVCl^Nm*67;W;5mE|z{_9>tNN!9{_Q>A6uZ`2m@} zX{81(fkvgq7Rkom{uU7yVd1_R5q^p32Buuve)(12hF)G-C0PZ|zFx)^Mm}KyX=w$? zMrMww+QF&0F2&_l7Lipx<|UQdg@*nao*`MeC8_Bdo{qt${?2AxF1}UaB^8k=kvU=7 zCD|S&IjKPv!SK+ArCa^7^1$Rkg{XjxRBhATvdkbOmvECZ1B-&|Ei=RS*)AlbMuaSm>3Oq+RUgZjtX4nd4IIV;SY*85nHjl3HnAr5|LJTvdf(TXI>5 zlWDp_v5`fhV}OsBhf#@1Vx@P6c|f6Cd45_%nrmiAPElr1vZZf|zmvXmMRqZlb5T^O zXN7B4xMzN5alVnelSf)nV3lQ1l~<;JxmU1>uWz8GledAZZ!U&y;iVQ{K7k79#y&1l z=@Ci6>6w<6USWlvnfiquiAk9u?xB_D7M_LXxo&1D+KGO}2I*Wu{uNnKW|8jc{;t7^ z*=c$1W*O%09u-xQWnpvys=TVo$l@d)%j|StSEH(Q z?IizPS7+0L4DARfSKlIE@4^tb0`1TOj1nNi)UdoFUBM;a#LU~vFC;(DJS*EUIK(T{ ztg67x-Pj_+$X!3mr6{aC*D}M^EF#g^fU7tn!#LGEvoa+s%OoJ8w6M6q$j>vgxXdRz zGa#qHFVoj3&@bONJS#9GnM+q!S0N(RFErdgLf_EE%p@x<%_qqq(>*uD%``hK(=|2F zF|WeEAj;gYASlbzgiA1y%S|)?@$(nYu2IQ|7O1;<`iS4fc@D1k zi=7?`ZGNP4Q2oxD+E4O4b`!m4mEHJJQKQy-etN;K?@DfSN>)zE-T6$)V&}GlZvkDX B@>2i+ literal 1654 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUla<4G=OIL_Y&yV!> zPx1E53AYR{3C}AiN=vc`iYSUSO)U@bNc1%bG%)b+4^2!rwBV{p3#$yw2`$g7a5kv4 zNH#Apa(BuPN{kHk_D%Fp4~cSh%ZxC{$#5w(3PiUpJ0d^HJ5Zs*GN{7D#IMrFrQ9zk z%Eu`!)z8~3Ej2YI!!^UF*e%c`!$Uu_qRKG9pqMKsve3gT!=xfGG|ME%(Z|@lEU&Q0 zDBmZ=qc|(GB*j!ez$G|8)xFZvEE3%|^Ngr$gLDN;ugHvua`Rl5Fw;u+qB759?Xa>e z&(PeUP#^6A|9lVqU}y8B0)w3V922gjGNUq&T*nfxq;Ty-gQOI{bK7m}>6^5y~CWYzV-kv#?rg^?0rs3v6iDp?9 zDN(tJt|_i1Ia%2u{)VZcRV6ur0m1qqg=yt3t_EhFVHU=wVNqpVS$lu7yRZRl%WYWu9i)W&uT|X1>~GCTV6V870mIg%w6VncB|fjs?c$ zTouNl+L?(#79JLUSuUkH1(hWQImxBvMrEGvVR_nKZiengrIkrJ>3(UMAr*N!Ug@b} z>8_Ol7M|hGMs8{Trd)*?=0=WQDVde2jwxP-UP&STE|G?TRY}45*-bSg;#`-B$+KI*9rp85K zsoGB38Ij2zW~r`)d2U($mZ?Tr=}}(J$t3}Pjzw;PDLyHw$zC2@MQ%x!$tIcFNp2C| zS^7DlZl(I+E*L3EzpOkkIZ(l@v?RdHv&1{a$fwBMBs;CJvdqOi$j8jgA~QM4-O{Ao z+1V?pAj=~s*OANLqBz(mv%pw8I5Wu6!YSCapx83U%_2ERzoNuAH>9dOCA6ThNX<6u*UR_<=*nU)janrIN z7h;?r8dMgpUE!S_;-8-A7nS918WHB|>se71<(pcC5t6Q+C5B~=3P}|fCFQ=so&{x2 zQRaTh1{S%cDL&;Tkx8aW-f8CMg+>LHp;cy8hJG#cFsmxW*(cZ1$2~I4v&7gb%hcB( zCn&ij%rql3-_yy^Io}r?Zz;OzMX8C!sS06*MUe`5MGA&W(ZM#gih*2Sex9XXp%GE8 zf%)a`5k`q#1zsj*p=HjdsXpmO?%Gj>A<2nGra3{$Rb@`b8Ah%?m44>_run7$*_9@q z>1iQcMTM5xDV0_FIf2Q^rN!E2PNoK-mbqqriKPW*W@Y6WWu{SPMM?gyc@eIbjs=;4 z?vX!56U)!XgKD}HaiuyCH$j#FjX?)y$(nD_8WTN#7V nUE}SR+~Sfm{Y=FlJUKb5!|uR}uOIyrj&U>l|BzYh9pMB36&EBA diff --git a/meta.nix b/meta.nix index 79dc429..1678889 100644 --- a/meta.nix +++ b/meta.nix @@ -2,13 +2,14 @@ let sources = import ./npins; agenix = sources.agenix + "/modules/age.nix"; + djangonix = sources.djangonix + "/module.nix"; metadata = { nodes = { hackens-milieu = { deployment = { targetHost = null; #"milieu.cave.hackens.org"; - # targetPort = 4243; + #targetPort = 4243; allowLocalDeployment = true; tags = [ "desktop" ]; }; @@ -24,9 +25,9 @@ let deployment = { targetHost = "10.10.10.1"; # todo make something with ens firewall tags = [ "server" ]; - targetPort = 2222; + targetPort = 22; }; - imports = [agenix]; + imports = [agenix djangonix]; }; }; diff --git a/npins/sources.json b/npins/sources.json index 5448ba9..9fe63ab 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -8,9 +8,9 @@ "repo": "agenix" }, "branch": "main", - "revision": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", - "url": "https://github.com/ryantm/agenix/archive/8cb01a0e717311680e0cbca06a76cbceba6f3ed6.tar.gz", - "hash": "1ypp731d2h7i8fj5g2pdapwcrrk6ycxwzpvam045qxiajjdp01rw" + "revision": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9", + "url": "https://github.com/ryantm/agenix/archive/c2fc0762bbe8feb06a2e59a364fa81b3a57671c9.tar.gz", + "hash": "1lpkwinlax40b7xgzspbkm9rsi4a1x48hxhixnni4irxxwnav0ah" }, "disko": { "type": "Git", @@ -20,9 +20,20 @@ "repo": "disko" }, "branch": "master", - "revision": "502241afa3de2a24865ddcbe4c122f4546e32092", - "url": "https://github.com/nix-community/disko/archive/502241afa3de2a24865ddcbe4c122f4546e32092.tar.gz", - "hash": "0bm2x8zc81vnc4vcqwci0h9s21i8sw93mhsaznf0x70mhhg7j45w" + "revision": "1bbdb06f14e2621290b250e631cf3d8948e4d19b", + "url": "https://github.com/nix-community/disko/archive/1bbdb06f14e2621290b250e631cf3d8948e4d19b.tar.gz", + "hash": "15qbjnr8gfp0ybd4m0b6fn6bhwmdag1ybn5i217qjy55hrp8zhan" + }, + "djangonix": { + "type": "Git", + "repository": { + "type": "Git", + "url": "https://git.dgnum.eu/mdebray/djangonix.git" + }, + "branch": "master", + "revision": "5ea9469cc2169c0cd72ea2f5a05fc46f2ad39a9e", + "url": null, + "hash": "1wfmr1h2j5i9yrzgczj5gk9fxq26jg90840f9glazfwylki5mp3x" }, "dns.nix": { "type": "GitRelease", @@ -33,6 +44,7 @@ }, "pre_releases": false, "version_upper_bound": null, + "release_prefix": null, "version": "v1.1.2", "revision": "c7b9645da9c0ddce4f9de4ef27ec01bb8108039a", "url": "https://api.github.com/repos/kirelagin/dns.nix/tarball/v1.1.2", @@ -46,9 +58,9 @@ "repo": "nixpkgs" }, "branch": "nixos-unstable", - "revision": "2726f127c15a4cc9810843b96cad73c7eb39e443", - "url": "https://github.com/NixOS/nixpkgs/archive/2726f127c15a4cc9810843b96cad73c7eb39e443.tar.gz", - "hash": "0109bpmax6nbfs2mpfw2axvk47lbvksgx3d0izrjjhw7fn41i9sh" + "revision": "051f920625ab5aabe37c920346e3e69d7d34400e", + "url": "https://github.com/NixOS/nixpkgs/archive/051f920625ab5aabe37c920346e3e69d7d34400e.tar.gz", + "hash": "08lin51g5x2vv89rs6vmqxnyy8pfysh0wdp6mdxw6l86dpm2rbg2" } }, "version": 3