80 lines
1.9 KiB
Nix
80 lines
1.9 KiB
Nix
{
|
|
sources,
|
|
lib,
|
|
pkgs,
|
|
config,
|
|
...
|
|
}:
|
|
{
|
|
services.django.ragb = {
|
|
enable = true;
|
|
src = pkgs.ragb-src + "/frontend";
|
|
settings = {
|
|
DEBUG = false;
|
|
WEBSOCKET_ENDPOINT = "https://agb.hackens.org/api";
|
|
ALLOWED_HOSTS = [
|
|
"127.0.0.1"
|
|
"agb.hackens.org"
|
|
];
|
|
DATABASES = {
|
|
"default" = {
|
|
"ENGINE" = "django.db.backends.sqlite3";
|
|
"NAME" = "/var/lib/django-ragb/ragb_frontend.sqlite3";
|
|
};
|
|
};
|
|
};
|
|
processes = 2;
|
|
threads = 4;
|
|
port = 9991;
|
|
extraPackages = p: [
|
|
p.authens
|
|
p.pyjwt
|
|
];
|
|
secrets = {
|
|
SECRET_KEY = config.age.secrets.ragb.path;
|
|
JWT_SECRET = config.age.secrets.ragbJWT.path;
|
|
};
|
|
};
|
|
services.nginx.virtualHosts."agb.hackens.org" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations = {
|
|
"/" = {
|
|
proxyPass = "http://localhost:9991";
|
|
};
|
|
"/api" = {
|
|
proxyPass = "http://localhost:9999";
|
|
proxyWebsockets = true;
|
|
};
|
|
"/static".root = config.services.django.ragb.staticAssets;
|
|
"= /api-docs" = {
|
|
return = "302 /api-docs/";
|
|
};
|
|
"/api-docs/" = {
|
|
alias = "${pkgs.ragb-src + "/api-docs/"}/";
|
|
extraConfig = "autoindex on;";
|
|
};
|
|
"= /api-docs/patch.json".alias = pkgs.ragb-src + "/frontend/patch.json";
|
|
};
|
|
};
|
|
|
|
systemd.services.django-ragb.serviceConfig = {
|
|
Wants = [ "ragb-backend.service" ];
|
|
};
|
|
systemd.services.ragb-backend = {
|
|
script = ''
|
|
export JWT_SECRET=$(cat $CREDENTIALS_DIRECTORY/jwt_secret)
|
|
export BK_FILE="$STATE_DIRECTORY/data.json"
|
|
export BIND_TCP="10.10.10.1:1235"
|
|
export RUST_LOG=debug
|
|
${pkgs.ragb-backend}/bin/ragb-backend
|
|
'';
|
|
serviceConfig = {
|
|
LoadCredential = [
|
|
"jwt_secret:${config.age.secrets.ragbJWT.path}"
|
|
];
|
|
DynamicUser = true;
|
|
StateDirectory = "ragb-backend";
|
|
};
|
|
};
|
|
}
|