nix-module

This commit is contained in:
sinavir 2023-03-07 18:34:43 +01:00
parent 4b95292b14
commit 9c8b772ecb
9 changed files with 128 additions and 27 deletions

View file

@ -177,7 +177,7 @@ USE_TZ = True
STATIC_URL = "/static/" STATIC_URL = "/static/"
STATIC_ROOT = "static/" STATIC_ROOT = os.environ.get(f"{env_prefix}STATIC_ROOT", "static/")
# Default primary key field type # Default primary key field type
# https://docs.djangoproject.com/en/3.2/ref/settings/#default-auto-field # https://docs.djangoproject.com/en/3.2/ref/settings/#default-auto-field

View file

@ -1,4 +1,4 @@
{ lib , pythoncas, django, ldap, buildPythonPackage }: { lib, pythoncas, django, ldap, buildPythonPackage }:
buildPythonPackage rec { buildPythonPackage rec {
pname = "authens"; pname = "authens";
version = "v0.1b5"; version = "v0.1b5";

26
provisioning/mkAssets.nix Normal file
View file

@ -0,0 +1,26 @@
{ pkgs, settings, source, app }:
let
manage-py-file = "${source}/${app}/manage.py";
static-assets = pkgs.callPackage ./static-assets.nix { inherit python managePy; envPrefix = "HACKENS_ORGA_"};
mkEnv = settings: let # make env file to source before using manage.py and other commands
lib = pkgs.lib;
mkVarVal = v: let
isHasAttr = s: isAttrs v && hasAttr s v;
in
if builtins.isString v then lib.escapeShellArg v
# NOTE: If any value contains a , (comma) this will not get escaped
else if builtins.isList v && any lib.strings.isCoercibleToString v then lib.escapeShellArg (concatMapStringsSep "," toString v)
else if builtins.isInt v then toString v
else if builtins.isBool v then toString (if v then 1 else 0)
else if isHasAttr "_file" then "$(cat ${lib.escapeShellArg v._file} | xargs)"
else if isHasAttr "_raw" then v._raw
else abort "The django conf value ${lib.generators.toPretty {} v} can not be encoded.";
in lib.concatStrinsSep "\n" (lib.mapAttrsToList (k: v: "export ${k}=${mkVarVal v}") settings);
envFile = mkEnv settings;
managePy = pkgs.writeScript "manage-${app}" ''
source ${envFile}
${python}/bin/python ${manage-py-file} $@
'';
{
inherit managePy static-assets envFile source;
}

63
provisioning/module.nix Normal file
View file

@ -0,0 +1,63 @@
{ pkgs, lib, config }:
let
app = "hackens-orga";
cfg = config.services.django.${app};
assets = import ./mk-assets.nix {
inherit pkgs app;
settings = cfg.settings;
source = cfg.src;
};
in
{
options = {
services.django.${app} = {
settings = lib.mkOption {
type = with lib.types; attrsOf anything;
default = {};
description = ''
Configuration for django ${app}
'';
};
src = lib.mkOption {
type = lib.types.package;
description = lib.mdDoc "Which DokuWiki package to use.";
};
port = lib.mkOption {
type = lib.types.port;
default = 51666;
};
processes = lib.mkOption {
type = lib.types.int;
default = 2;
};
threads = lib.mkOption {
type = lib.types.int;
default = 2;
};
};
};
config = {
systemd.services.${user} = {
description = "${name} django service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
User = user;
};
script = ''
source ${assets.envFile}
${assets.managePy} migrate
${python}/bin/gunicorn ${app}.wsgi \
--pythonpath ${cfg.src}/${app} \
-b 127.0.0.1:${toString cfg.port} \
--workers=${toString cfg.processes} \
--threads=${toString cfg.threads}
'';
};
users.users."django-${app}" = {
isSystemUser = true;
group = "django-${app}";
};
users.groups."django-${app}" = {};
}

View file

@ -1,4 +1,4 @@
{ lib , requests, lxml, six, buildPythonPackage , fetchFromGitHub }: { lib, requests, lxml, six, buildPythonPackage, fetchFromGitHub }:
buildPythonPackage rec { buildPythonPackage rec {
pname = "python-cas"; pname = "python-cas";
version = "1.6.0"; version = "1.6.0";

19
provisioning/python.nix Normal file
View file

@ -0,0 +1,19 @@
{ pkgs ? import ../nix { }, debug ? false }:
let
python = pkgs.python310.override {
packageOverrides = self: super: {
django = super.django_4;
authens = self.callPackage ./authens.nix { };
pythoncas = self.callPackage ./python-cas.nix { };
};
};
in
python.withPackages (ps: [
ps.django
ps.djangorestframework
ps.authens
] ++ pkgs.lib.optionals debug [
ps.django-debug-toolbar
ps.black
ps.isort
])

6
provisioning/shell.nix Normal file
View file

@ -0,0 +1,6 @@
{ pkgs ? import ../nix { } }:
pkgs.mkShell {
buildInputs = [
(import ./python.nix { inherit pkgs; debug = true; })
];
}

View file

@ -0,0 +1,10 @@
{ python, managePy, envPrefix ? ""}:
pkgs.runCommand "${name}-static" { buildInputs = [ src python ]; } ''
mkdir $out
export ${envPrefix}SECRET_KEY="collectstatic"
export ${envPrefix}STATIC_ROOT=$out
export ${envPrefix}DEBUG=0
export ${envPrefix}ALLOWED_HOSTS=
export ${envPrefix}DB_FILE=
${managePy} collectstatic
''

View file

@ -1,24 +0,0 @@
{ pkgs ? import ./nix {} }:
let
python = pkgs.python310.override {
packageOverrides = self: super: {
django = super.django_4;
authens = self.callPackage ./authens.nix {};
pythoncas = self.callPackage ./python-cas.nix {};
};
};
in
pkgs.mkShell {
buildInputs = [
(python.withPackages (ps: [
ps.django
ps.black
ps.isort
ps.djangorestframework
ps.django-debug-toolbar
ps.authens
# (ps.django-extensions.override { inherit django; })
# ps.django-compressor
]))
];
}

1
shell.nix Symbolic link
View file

@ -0,0 +1 @@
provisioning/shell.nix