{ sources, lib, pkgs, config, ... }: { services.django.ragb = { enable = true; src = pkgs.ragb-src + "/frontend"; settings = { DEBUG = false; WEBSOCKET_ENDPOINT = "https://agb.hackens.org/api"; ALLOWED_HOSTS = [ "127.0.0.1" "agb.hackens.org" ]; DATABASES = { "default" = { "ENGINE" = "django.db.backends.sqlite3"; "NAME" = "/var/lib/django-ragb/ragb_frontend.sqlite3"; }; }; }; processes = 2; threads = 4; port = 9991; extraPackages = p: [ p.authens p.pyjwt ]; secrets = { SECRET_KEY = config.age.secrets.ragb.path; JWT_SECRET = config.age.secrets.ragbJWT.path; }; }; services.nginx.virtualHosts."agb.hackens.org" = { forceSSL = true; enableACME = true; locations = { "/" = { proxyPass = "http://localhost:9991"; }; "/api" = { proxyPass = "http://localhost:9999"; proxyWebsockets = true; }; "/static".root = config.services.django.ragb.staticAssets; "= /api-docs" = { return = "302 /api-docs/"; }; "/api-docs/" = { alias = "${pkgs.ragb-src + "/api-docs/"}/"; extraConfig = "autoindex on;"; }; "= /api-docs/patch.json".alias = pkgs.ragb-src + "/frontend/patch.json"; }; }; systemd.services.django-ragb.serviceConfig = { Wants = [ "ragb-backend.service" ]; }; systemd.services.ragb-backend = { script = '' export JWT_SECRET=$(cat $CREDENTIALS_DIRECTORY/jwt_secret) export BK_FILE="$STATE_DIRECTORY/data.json" # export RUST_LOG=info ${pkgs.ragb-backend}/bin/ragb-backend ''; serviceConfig = { LoadCredential = [ "jwt_secret:${config.age.secrets.ragbJWT.path}" ]; DynamicUser = true; }; }; }