org: orga v2

This commit is contained in:
sinavir 2024-06-11 14:41:49 +02:00
parent 1d56410e26
commit 0054c74806
10 changed files with 47 additions and 157 deletions

View file

@ -1,22 +1,17 @@
{ pkgs, lib, config, ... }: { pkgs, lib, config, ... }:
let let
assets = import ./mkAssets.nix { src = pkgs.fetchgit {
inherit pkgs;
app = "hackens_orga";
settings = config.services.django.hackens_orga.settings;
source = pkgs.fetchgit {
url = "https://git.rz.ens.wtf/HackENS/hackens-orga.git"; url = "https://git.rz.ens.wtf/HackENS/hackens-orga.git";
rev = "75fe83a41f"; rev = "HEAD";
hash = "sha256-cfUjSfZrsMpGRO3HOWOk6zdc9+e+ZaJLiJQ5OpIKxos="; hash = "sha256-BiOKGeDPVp7EV/q4S9Zc54jUeBTpfOs5e/MsCPGAk/I=";
};
}; };
in in
{ {
imports = [ imports = [
./module.nix
]; ];
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedProxySettings = true;
virtualHosts."hackens.org" = { virtualHosts."hackens.org" = {
locations = { locations = {
"/orga" = { "/orga" = {
@ -25,18 +20,29 @@ in
proxy_set_header SCRIPT_NAME /orga; proxy_set_header SCRIPT_NAME /orga;
''; '';
}; };
"/static".root = assets.static-assets; "/static".root = config.services.django.hackens-orga.staticAssets;
}; };
}; };
}; };
services.django.hackens_orga = { services.django.hackens-orga = {
inherit src;
enable = true; enable = true;
assets = assets; mainModule = "hackens_orga";
settings = { settings = {
HACKENS_ORGA_DEBUG = "0"; DEBUG = false;
HACKENS_ORGA_ALLOWED_HOSTS = [ "hackens.org" ]; ALLOWED_HOSTS = [ "hackens.org" ];
HACKENS_ORGA_SECRET_KEY._file = config.age.secrets.django.path; DATABASES = {
HACKENS_ORGA_DB_FILE = "/var/lib/hackens-orga/db.sqlite3"; "default" = {
"ENGINE" = "django.db.backends.sqlite3";
"NAME" = "/var/lib/django-hackens-orga/db.sqlite3";
};
};
};
extraPackages = p: let pythoncas = (p.callPackage ./python-cas.nix { }); in [
(p.callPackage ./authens.nix { inherit pythoncas; })
];
secrets = {
SECRET_KEY = config.age.secrets.django.path;
}; };
}; };
} }

View file

@ -1,27 +0,0 @@
{ pkgs, settings, source, app }:
let
manage-py-file = "${source}/${app}/manage.py";
python = import ./python.nix { inherit pkgs; };
static-assets = pkgs.callPackage ./static-assets.nix { inherit python source app; envPrefix = "HACKENS_ORGA_"; };
mkEnv = settings: let # make env file to source before using manage.py and other commands
lib = pkgs.lib;
mkVarVal = v: let
isHasAttr = s: lib.isAttrs v && lib.hasAttr s v;
in
if builtins.isString v then v
else if builtins.isList v && lib.any lib.strings.isConvertibleWithToString v then (lib.concatMapStringsSep "," toString v)
else if builtins.isInt v then toString v
else if builtins.isBool v then toString (if v then 1 else 0)
else if isHasAttr "_file" then "$(cat ${v._file} | xargs)"
else if isHasAttr "_raw" then v._raw
else abort "The django conf value ${lib.generators.toPretty {} v} can not be encoded.";
in lib.concatStringsSep "\n" (lib.mapAttrsToList (k: v: "export ${k}=${mkVarVal v}") settings);
envFile = pkgs.writeScript "django-${app}-env.sh" (mkEnv settings);
managePy = pkgs.writeScript "manage-${app}" ''
source ${envFile}
${python}/bin/python ${manage-py-file} $@
'';
in
{
inherit managePy static-assets envFile source python;
}

View file

@ -1,65 +0,0 @@
{ pkgs, lib, config, ... }:
let
app = "hackens_orga";
cfg = config.services.django.${app};
assets = cfg.assets;
in
{
options = {
services.django.${app} = {
enable = lib.mkEnableOption (lib.mdDoc "Enable django ${app}");
settings = lib.mkOption {
type = lib.types.submodule {
freeformType = with lib.types; attrsOf anything;
options = {
HACKENS_ORGA_STATIC_ROOT = lib.mkOption {
type = lib.types.path;
default = builtins.toString assets.static-assets;
};
};
};
};
assets = lib.mkOption {
type = lib.types.attrsOf lib.types.anything;
description = lib.mdDoc "Assets for django";
};
port = lib.mkOption {
type = lib.types.port;
default = 51666;
};
processes = lib.mkOption {
type = lib.types.int;
default = 2;
};
threads = lib.mkOption {
type = lib.types.int;
default = 2;
};
};
};
config = lib.mkIf cfg.enable {
systemd.services."django-${app}" = {
description = "${app} django service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
User = "django-${app}";
};
script = ''
source ${assets.envFile}
${assets.managePy} migrate
${assets.python}/bin/gunicorn ${app}.wsgi \
--pythonpath ${assets.source}/${app} \
-b 127.0.0.1:${toString cfg.port} \
--workers=${toString cfg.processes} \
--threads=${toString cfg.threads}
'';
};
users.users."django-${app}" = {
isSystemUser = true;
group = "django-${app}";
};
users.groups."django-${app}" = {};
};
}

View file

@ -1,20 +0,0 @@
{ pkgs ? import ../nix { }, debug ? false }:
let
python = pkgs.python310.override {
packageOverrides = self: super: {
django = super.django_4;
authens = self.callPackage ./authens.nix { };
pythoncas = self.callPackage ./python-cas.nix { };
};
};
in
python.withPackages (ps: [
ps.django
ps.djangorestframework
ps.authens
ps.gunicorn
] ++ pkgs.lib.optionals debug [
ps.django-debug-toolbar
ps.black
ps.isort
])

View file

@ -1,6 +0,0 @@
{ pkgs ? import ../nix { } }:
pkgs.mkShell {
buildInputs = [
(import ./python.nix { inherit pkgs; debug = true; })
];
}

View file

@ -1,10 +0,0 @@
{ pkgs, python, source, app, envPrefix ? ""}:
pkgs.runCommand "django-static" { } ''
mkdir -p $out/static
export ${envPrefix}SECRET_KEY="collectstatic"
export ${envPrefix}STATIC_ROOT=$out/static
export ${envPrefix}DEBUG=0
export ${envPrefix}ALLOWED_HOSTS=
export ${envPrefix}DB_FILE=
${python}/bin/python ${source}/${app}/manage.py collectstatic
''

View file

@ -1,7 +1,6 @@
{ ... }: { { ... }: {
age.secrets."django" = { age.secrets."django" = {
file = ./django.age; file = ./django.age;
owner = "django-hackens_orga";
}; };
age.secrets."matterbridge-env" = { age.secrets."matterbridge-env" = {
file = ./matterbridge-env.age; file = ./matterbridge-env.age;

View file

@ -2,6 +2,7 @@ let
sources = import ./npins; sources = import ./npins;
agenix = sources.agenix + "/modules/age.nix"; agenix = sources.agenix + "/modules/age.nix";
djangonix = sources.djangonix + "/module.nix";
metadata = { metadata = {
nodes = { nodes = {
@ -24,9 +25,9 @@ let
deployment = { deployment = {
targetHost = "10.10.10.1"; # todo make something with ens firewall targetHost = "10.10.10.1"; # todo make something with ens firewall
tags = [ "server" ]; tags = [ "server" ];
targetPort = 2222; targetPort = 22;
}; };
imports = [agenix]; imports = [agenix djangonix];
}; };
}; };

View file

@ -8,9 +8,9 @@
"repo": "agenix" "repo": "agenix"
}, },
"branch": "main", "branch": "main",
"revision": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", "revision": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
"url": "https://github.com/ryantm/agenix/archive/8cb01a0e717311680e0cbca06a76cbceba6f3ed6.tar.gz", "url": "https://github.com/ryantm/agenix/archive/c2fc0762bbe8feb06a2e59a364fa81b3a57671c9.tar.gz",
"hash": "1ypp731d2h7i8fj5g2pdapwcrrk6ycxwzpvam045qxiajjdp01rw" "hash": "1lpkwinlax40b7xgzspbkm9rsi4a1x48hxhixnni4irxxwnav0ah"
}, },
"disko": { "disko": {
"type": "Git", "type": "Git",
@ -20,9 +20,20 @@
"repo": "disko" "repo": "disko"
}, },
"branch": "master", "branch": "master",
"revision": "502241afa3de2a24865ddcbe4c122f4546e32092", "revision": "1bbdb06f14e2621290b250e631cf3d8948e4d19b",
"url": "https://github.com/nix-community/disko/archive/502241afa3de2a24865ddcbe4c122f4546e32092.tar.gz", "url": "https://github.com/nix-community/disko/archive/1bbdb06f14e2621290b250e631cf3d8948e4d19b.tar.gz",
"hash": "0bm2x8zc81vnc4vcqwci0h9s21i8sw93mhsaznf0x70mhhg7j45w" "hash": "15qbjnr8gfp0ybd4m0b6fn6bhwmdag1ybn5i217qjy55hrp8zhan"
},
"djangonix": {
"type": "Git",
"repository": {
"type": "Git",
"url": "https://git.dgnum.eu/mdebray/djangonix.git"
},
"branch": "master",
"revision": "5ea9469cc2169c0cd72ea2f5a05fc46f2ad39a9e",
"url": null,
"hash": "1wfmr1h2j5i9yrzgczj5gk9fxq26jg90840f9glazfwylki5mp3x"
}, },
"dns.nix": { "dns.nix": {
"type": "GitRelease", "type": "GitRelease",
@ -33,6 +44,7 @@
}, },
"pre_releases": false, "pre_releases": false,
"version_upper_bound": null, "version_upper_bound": null,
"release_prefix": null,
"version": "v1.1.2", "version": "v1.1.2",
"revision": "c7b9645da9c0ddce4f9de4ef27ec01bb8108039a", "revision": "c7b9645da9c0ddce4f9de4ef27ec01bb8108039a",
"url": "https://api.github.com/repos/kirelagin/dns.nix/tarball/v1.1.2", "url": "https://api.github.com/repos/kirelagin/dns.nix/tarball/v1.1.2",
@ -46,9 +58,9 @@
"repo": "nixpkgs" "repo": "nixpkgs"
}, },
"branch": "nixos-unstable", "branch": "nixos-unstable",
"revision": "2726f127c15a4cc9810843b96cad73c7eb39e443", "revision": "051f920625ab5aabe37c920346e3e69d7d34400e",
"url": "https://github.com/NixOS/nixpkgs/archive/2726f127c15a4cc9810843b96cad73c7eb39e443.tar.gz", "url": "https://github.com/NixOS/nixpkgs/archive/051f920625ab5aabe37c920346e3e69d7d34400e.tar.gz",
"hash": "0109bpmax6nbfs2mpfw2axvk47lbvksgx3d0izrjjhw7fn41i9sh" "hash": "08lin51g5x2vv89rs6vmqxnyy8pfysh0wdp6mdxw6l86dpm2rbg2"
} }
}, },
"version": 3 "version": 3