hackens-org-configurations/machines/hackens-org/ragb.nix
2024-11-07 20:58:01 +01:00

80 lines
1.9 KiB
Nix

{
sources,
lib,
pkgs,
config,
...
}:
{
services.django.ragb = {
enable = true;
src = pkgs.ragb-src + "/frontend";
settings = {
DEBUG = false;
WEBSOCKET_ENDPOINT = "https://agb.hackens.org/api";
ALLOWED_HOSTS = [
"127.0.0.1"
"agb.hackens.org"
];
DATABASES = {
"default" = {
"ENGINE" = "django.db.backends.sqlite3";
"NAME" = "/var/lib/django-ragb/ragb_frontend.sqlite3";
};
};
};
processes = 2;
threads = 4;
port = 9991;
extraPackages = p: [
p.authens
p.pyjwt
];
secrets = {
SECRET_KEY = config.age.secrets.ragb.path;
JWT_SECRET = config.age.secrets.ragbJWT.path;
};
};
services.nginx.virtualHosts."agb.hackens.org" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
proxyPass = "http://localhost:9991";
};
"/api" = {
proxyPass = "http://localhost:9999";
proxyWebsockets = true;
};
"/static".root = config.services.django.ragb.staticAssets;
"= /api-docs" = {
return = "302 /api-docs/";
};
"/api-docs/" = {
alias = "${pkgs.ragb-src + "/api-docs/"}/";
extraConfig = "autoindex on;";
};
"= /api-docs/patch.json".alias = pkgs.ragb-src + "/frontend/patch.json";
};
};
systemd.services.django-ragb.serviceConfig = {
Wants = [ "ragb-backend.service" ];
};
systemd.services.ragb-backend = {
script = ''
export JWT_SECRET=$(cat $CREDENTIALS_DIRECTORY/jwt_secret)
export BK_FILE="$STATE_DIRECTORY/data.json"
export BIND_TCP="10.10.10.1:1235"
export RUST_LOG=debug
${pkgs.ragb-backend}/bin/ragb-backend
'';
serviceConfig = {
LoadCredential = [
"jwt_secret:${config.age.secrets.ragbJWT.path}"
];
DynamicUser = true;
StateDirectory = "ragb-backend";
};
};
}