org: orga v2
This commit is contained in:
parent
1d56410e26
commit
0054c74806
10 changed files with 47 additions and 157 deletions
|
@ -1,22 +1,17 @@
|
||||||
{ pkgs, lib, config, ... }:
|
{ pkgs, lib, config, ... }:
|
||||||
let
|
let
|
||||||
assets = import ./mkAssets.nix {
|
src = pkgs.fetchgit {
|
||||||
inherit pkgs;
|
|
||||||
app = "hackens_orga";
|
|
||||||
settings = config.services.django.hackens_orga.settings;
|
|
||||||
source = pkgs.fetchgit {
|
|
||||||
url = "https://git.rz.ens.wtf/HackENS/hackens-orga.git";
|
url = "https://git.rz.ens.wtf/HackENS/hackens-orga.git";
|
||||||
rev = "75fe83a41f";
|
rev = "HEAD";
|
||||||
hash = "sha256-cfUjSfZrsMpGRO3HOWOk6zdc9+e+ZaJLiJQ5OpIKxos=";
|
hash = "sha256-BiOKGeDPVp7EV/q4S9Zc54jUeBTpfOs5e/MsCPGAk/I=";
|
||||||
};
|
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./module.nix
|
|
||||||
];
|
];
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
virtualHosts."hackens.org" = {
|
virtualHosts."hackens.org" = {
|
||||||
locations = {
|
locations = {
|
||||||
"/orga" = {
|
"/orga" = {
|
||||||
|
@ -25,18 +20,29 @@ in
|
||||||
proxy_set_header SCRIPT_NAME /orga;
|
proxy_set_header SCRIPT_NAME /orga;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
"/static".root = assets.static-assets;
|
"/static".root = config.services.django.hackens-orga.staticAssets;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
services.django.hackens_orga = {
|
services.django.hackens-orga = {
|
||||||
|
inherit src;
|
||||||
enable = true;
|
enable = true;
|
||||||
assets = assets;
|
mainModule = "hackens_orga";
|
||||||
settings = {
|
settings = {
|
||||||
HACKENS_ORGA_DEBUG = "0";
|
DEBUG = false;
|
||||||
HACKENS_ORGA_ALLOWED_HOSTS = [ "hackens.org" ];
|
ALLOWED_HOSTS = [ "hackens.org" ];
|
||||||
HACKENS_ORGA_SECRET_KEY._file = config.age.secrets.django.path;
|
DATABASES = {
|
||||||
HACKENS_ORGA_DB_FILE = "/var/lib/hackens-orga/db.sqlite3";
|
"default" = {
|
||||||
|
"ENGINE" = "django.db.backends.sqlite3";
|
||||||
|
"NAME" = "/var/lib/django-hackens-orga/db.sqlite3";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
extraPackages = p: let pythoncas = (p.callPackage ./python-cas.nix { }); in [
|
||||||
|
(p.callPackage ./authens.nix { inherit pythoncas; })
|
||||||
|
];
|
||||||
|
secrets = {
|
||||||
|
SECRET_KEY = config.age.secrets.django.path;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,27 +0,0 @@
|
||||||
{ pkgs, settings, source, app }:
|
|
||||||
let
|
|
||||||
manage-py-file = "${source}/${app}/manage.py";
|
|
||||||
python = import ./python.nix { inherit pkgs; };
|
|
||||||
static-assets = pkgs.callPackage ./static-assets.nix { inherit python source app; envPrefix = "HACKENS_ORGA_"; };
|
|
||||||
mkEnv = settings: let # make env file to source before using manage.py and other commands
|
|
||||||
lib = pkgs.lib;
|
|
||||||
mkVarVal = v: let
|
|
||||||
isHasAttr = s: lib.isAttrs v && lib.hasAttr s v;
|
|
||||||
in
|
|
||||||
if builtins.isString v then v
|
|
||||||
else if builtins.isList v && lib.any lib.strings.isConvertibleWithToString v then (lib.concatMapStringsSep "," toString v)
|
|
||||||
else if builtins.isInt v then toString v
|
|
||||||
else if builtins.isBool v then toString (if v then 1 else 0)
|
|
||||||
else if isHasAttr "_file" then "$(cat ${v._file} | xargs)"
|
|
||||||
else if isHasAttr "_raw" then v._raw
|
|
||||||
else abort "The django conf value ${lib.generators.toPretty {} v} can not be encoded.";
|
|
||||||
in lib.concatStringsSep "\n" (lib.mapAttrsToList (k: v: "export ${k}=${mkVarVal v}") settings);
|
|
||||||
envFile = pkgs.writeScript "django-${app}-env.sh" (mkEnv settings);
|
|
||||||
managePy = pkgs.writeScript "manage-${app}" ''
|
|
||||||
source ${envFile}
|
|
||||||
${python}/bin/python ${manage-py-file} $@
|
|
||||||
'';
|
|
||||||
in
|
|
||||||
{
|
|
||||||
inherit managePy static-assets envFile source python;
|
|
||||||
}
|
|
|
@ -1,65 +0,0 @@
|
||||||
{ pkgs, lib, config, ... }:
|
|
||||||
let
|
|
||||||
app = "hackens_orga";
|
|
||||||
cfg = config.services.django.${app};
|
|
||||||
assets = cfg.assets;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
|
|
||||||
options = {
|
|
||||||
services.django.${app} = {
|
|
||||||
enable = lib.mkEnableOption (lib.mdDoc "Enable django ${app}");
|
|
||||||
settings = lib.mkOption {
|
|
||||||
type = lib.types.submodule {
|
|
||||||
freeformType = with lib.types; attrsOf anything;
|
|
||||||
options = {
|
|
||||||
HACKENS_ORGA_STATIC_ROOT = lib.mkOption {
|
|
||||||
type = lib.types.path;
|
|
||||||
default = builtins.toString assets.static-assets;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
assets = lib.mkOption {
|
|
||||||
type = lib.types.attrsOf lib.types.anything;
|
|
||||||
description = lib.mdDoc "Assets for django";
|
|
||||||
};
|
|
||||||
port = lib.mkOption {
|
|
||||||
type = lib.types.port;
|
|
||||||
default = 51666;
|
|
||||||
};
|
|
||||||
processes = lib.mkOption {
|
|
||||||
type = lib.types.int;
|
|
||||||
default = 2;
|
|
||||||
};
|
|
||||||
threads = lib.mkOption {
|
|
||||||
type = lib.types.int;
|
|
||||||
default = 2;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
config = lib.mkIf cfg.enable {
|
|
||||||
systemd.services."django-${app}" = {
|
|
||||||
description = "${app} django service";
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
after = [ "network.target" ];
|
|
||||||
serviceConfig = {
|
|
||||||
User = "django-${app}";
|
|
||||||
};
|
|
||||||
script = ''
|
|
||||||
source ${assets.envFile}
|
|
||||||
${assets.managePy} migrate
|
|
||||||
${assets.python}/bin/gunicorn ${app}.wsgi \
|
|
||||||
--pythonpath ${assets.source}/${app} \
|
|
||||||
-b 127.0.0.1:${toString cfg.port} \
|
|
||||||
--workers=${toString cfg.processes} \
|
|
||||||
--threads=${toString cfg.threads}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
users.users."django-${app}" = {
|
|
||||||
isSystemUser = true;
|
|
||||||
group = "django-${app}";
|
|
||||||
};
|
|
||||||
users.groups."django-${app}" = {};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,20 +0,0 @@
|
||||||
{ pkgs ? import ../nix { }, debug ? false }:
|
|
||||||
let
|
|
||||||
python = pkgs.python310.override {
|
|
||||||
packageOverrides = self: super: {
|
|
||||||
django = super.django_4;
|
|
||||||
authens = self.callPackage ./authens.nix { };
|
|
||||||
pythoncas = self.callPackage ./python-cas.nix { };
|
|
||||||
};
|
|
||||||
};
|
|
||||||
in
|
|
||||||
python.withPackages (ps: [
|
|
||||||
ps.django
|
|
||||||
ps.djangorestframework
|
|
||||||
ps.authens
|
|
||||||
ps.gunicorn
|
|
||||||
] ++ pkgs.lib.optionals debug [
|
|
||||||
ps.django-debug-toolbar
|
|
||||||
ps.black
|
|
||||||
ps.isort
|
|
||||||
])
|
|
|
@ -1,6 +0,0 @@
|
||||||
{ pkgs ? import ../nix { } }:
|
|
||||||
pkgs.mkShell {
|
|
||||||
buildInputs = [
|
|
||||||
(import ./python.nix { inherit pkgs; debug = true; })
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,10 +0,0 @@
|
||||||
{ pkgs, python, source, app, envPrefix ? ""}:
|
|
||||||
pkgs.runCommand "django-static" { } ''
|
|
||||||
mkdir -p $out/static
|
|
||||||
export ${envPrefix}SECRET_KEY="collectstatic"
|
|
||||||
export ${envPrefix}STATIC_ROOT=$out/static
|
|
||||||
export ${envPrefix}DEBUG=0
|
|
||||||
export ${envPrefix}ALLOWED_HOSTS=
|
|
||||||
export ${envPrefix}DB_FILE=
|
|
||||||
${python}/bin/python ${source}/${app}/manage.py collectstatic
|
|
||||||
''
|
|
|
@ -1,7 +1,6 @@
|
||||||
{ ... }: {
|
{ ... }: {
|
||||||
age.secrets."django" = {
|
age.secrets."django" = {
|
||||||
file = ./django.age;
|
file = ./django.age;
|
||||||
owner = "django-hackens_orga";
|
|
||||||
};
|
};
|
||||||
age.secrets."matterbridge-env" = {
|
age.secrets."matterbridge-env" = {
|
||||||
file = ./matterbridge-env.age;
|
file = ./matterbridge-env.age;
|
||||||
|
|
Binary file not shown.
5
meta.nix
5
meta.nix
|
@ -2,6 +2,7 @@ let
|
||||||
sources = import ./npins;
|
sources = import ./npins;
|
||||||
|
|
||||||
agenix = sources.agenix + "/modules/age.nix";
|
agenix = sources.agenix + "/modules/age.nix";
|
||||||
|
djangonix = sources.djangonix + "/module.nix";
|
||||||
|
|
||||||
metadata = {
|
metadata = {
|
||||||
nodes = {
|
nodes = {
|
||||||
|
@ -24,9 +25,9 @@ let
|
||||||
deployment = {
|
deployment = {
|
||||||
targetHost = "10.10.10.1"; # todo make something with ens firewall
|
targetHost = "10.10.10.1"; # todo make something with ens firewall
|
||||||
tags = [ "server" ];
|
tags = [ "server" ];
|
||||||
targetPort = 2222;
|
targetPort = 22;
|
||||||
};
|
};
|
||||||
imports = [agenix];
|
imports = [agenix djangonix];
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
|
@ -8,9 +8,9 @@
|
||||||
"repo": "agenix"
|
"repo": "agenix"
|
||||||
},
|
},
|
||||||
"branch": "main",
|
"branch": "main",
|
||||||
"revision": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6",
|
"revision": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
|
||||||
"url": "https://github.com/ryantm/agenix/archive/8cb01a0e717311680e0cbca06a76cbceba6f3ed6.tar.gz",
|
"url": "https://github.com/ryantm/agenix/archive/c2fc0762bbe8feb06a2e59a364fa81b3a57671c9.tar.gz",
|
||||||
"hash": "1ypp731d2h7i8fj5g2pdapwcrrk6ycxwzpvam045qxiajjdp01rw"
|
"hash": "1lpkwinlax40b7xgzspbkm9rsi4a1x48hxhixnni4irxxwnav0ah"
|
||||||
},
|
},
|
||||||
"disko": {
|
"disko": {
|
||||||
"type": "Git",
|
"type": "Git",
|
||||||
|
@ -20,9 +20,20 @@
|
||||||
"repo": "disko"
|
"repo": "disko"
|
||||||
},
|
},
|
||||||
"branch": "master",
|
"branch": "master",
|
||||||
"revision": "502241afa3de2a24865ddcbe4c122f4546e32092",
|
"revision": "1bbdb06f14e2621290b250e631cf3d8948e4d19b",
|
||||||
"url": "https://github.com/nix-community/disko/archive/502241afa3de2a24865ddcbe4c122f4546e32092.tar.gz",
|
"url": "https://github.com/nix-community/disko/archive/1bbdb06f14e2621290b250e631cf3d8948e4d19b.tar.gz",
|
||||||
"hash": "0bm2x8zc81vnc4vcqwci0h9s21i8sw93mhsaznf0x70mhhg7j45w"
|
"hash": "15qbjnr8gfp0ybd4m0b6fn6bhwmdag1ybn5i217qjy55hrp8zhan"
|
||||||
|
},
|
||||||
|
"djangonix": {
|
||||||
|
"type": "Git",
|
||||||
|
"repository": {
|
||||||
|
"type": "Git",
|
||||||
|
"url": "https://git.dgnum.eu/mdebray/djangonix.git"
|
||||||
|
},
|
||||||
|
"branch": "master",
|
||||||
|
"revision": "5ea9469cc2169c0cd72ea2f5a05fc46f2ad39a9e",
|
||||||
|
"url": null,
|
||||||
|
"hash": "1wfmr1h2j5i9yrzgczj5gk9fxq26jg90840f9glazfwylki5mp3x"
|
||||||
},
|
},
|
||||||
"dns.nix": {
|
"dns.nix": {
|
||||||
"type": "GitRelease",
|
"type": "GitRelease",
|
||||||
|
@ -33,6 +44,7 @@
|
||||||
},
|
},
|
||||||
"pre_releases": false,
|
"pre_releases": false,
|
||||||
"version_upper_bound": null,
|
"version_upper_bound": null,
|
||||||
|
"release_prefix": null,
|
||||||
"version": "v1.1.2",
|
"version": "v1.1.2",
|
||||||
"revision": "c7b9645da9c0ddce4f9de4ef27ec01bb8108039a",
|
"revision": "c7b9645da9c0ddce4f9de4ef27ec01bb8108039a",
|
||||||
"url": "https://api.github.com/repos/kirelagin/dns.nix/tarball/v1.1.2",
|
"url": "https://api.github.com/repos/kirelagin/dns.nix/tarball/v1.1.2",
|
||||||
|
@ -46,9 +58,9 @@
|
||||||
"repo": "nixpkgs"
|
"repo": "nixpkgs"
|
||||||
},
|
},
|
||||||
"branch": "nixos-unstable",
|
"branch": "nixos-unstable",
|
||||||
"revision": "2726f127c15a4cc9810843b96cad73c7eb39e443",
|
"revision": "051f920625ab5aabe37c920346e3e69d7d34400e",
|
||||||
"url": "https://github.com/NixOS/nixpkgs/archive/2726f127c15a4cc9810843b96cad73c7eb39e443.tar.gz",
|
"url": "https://github.com/NixOS/nixpkgs/archive/051f920625ab5aabe37c920346e3e69d7d34400e.tar.gz",
|
||||||
"hash": "0109bpmax6nbfs2mpfw2axvk47lbvksgx3d0izrjjhw7fn41i9sh"
|
"hash": "08lin51g5x2vv89rs6vmqxnyy8pfysh0wdp6mdxw6l86dpm2rbg2"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": 3
|
"version": 3
|
||||||
|
|
Loading…
Reference in a new issue