{ pkgs, lib, config, ... }: let src = pkgs.fetchgit { url = "https://git.rz.ens.wtf/HackENS/gestiojeux.git"; rev = "HEAD"; hash = "sha256-ly786xct9U4hdsHr7NLl23smnOfE891au9/GXqxpFb4="; }; in { imports = [ ]; systemd.services.django-gestiohackens.serviceConfig = { DynamicUser = lib.mkForce false; User = "django-gestiohackens"; SupplementaryGroups = [ "nginx" ]; }; users.users.django-gestiohackens = { group = "django-gestiohackens"; isSystemUser = true; }; users.groups.django-gestiohackens = { }; services.nginx = { enable = true; recommendedProxySettings = true; virtualHosts."inventaire.hackens.org" = { enableACME = true; forceSSL = true; locations = { "/" = { proxyPass = "http://localhost:51667"; }; "/media/".alias = "/var/lib/django-gestiohackens/media/"; "/static".root = config.services.django.gestiohackens.staticAssets; }; }; }; services.django.gestiohackens = { inherit src; enable = true; mainModule = "gestiojeux"; port = 51667; settings = { DEBUG = false; CSRF_COOKIE_SECURE = true; AUTHENS_ALLOW_STAFF = true; SESSION_COOKIE_SECURE = true; MEDIA_URL = "media/"; ALLOWED_HOSTS = [ "inventaire.hackens.org" ]; DATABASES = { "default" = { "ENGINE" = "django.db.backends.sqlite3"; "NAME" = "/var/lib/django-gestiohackens/db.sqlite3"; }; }; HAYSTACK_CONNECTIONS = { "default" = { "ENGINE" = "haystack.backends.whoosh_backend.WhooshEngine"; "PATH" = "/var/lib/django-gestiohackens/whoosh_index"; }; }; MEDIA_ROOT = "/var/lib/django-gestiohackens/media"; }; extraPackages = ps: [ ps.django-autoslug ps.loadcredential ps.django-cleanup ps.django-haystack ps.django-markdownx ps.django-tables2 ps.pillow ps.whoosh ps.markdown-icons ps.authens ps.qrcode ps.pillow # Django haystack is drunk ps.setuptools ]; secrets = { SECRET_KEY = config.age.secrets.django-gestiohackens.path; }; }; }