nix-module

2023-03-07 18:34:43 +01:00 · 2023-03-07 18:34:43 +01:00 · 9c8b772ecb
commit 9c8b772ecb
parent 4b95292b14
9 changed files with 128 additions and 27 deletions
--- a/hackens_orga/hackens_orga/settings.py
+++ b/hackens_orga/hackens_orga/settings.py
@ -177,7 +177,7 @@ USE_TZ = True

 STATIC_URL = "/static/"

-STATIC_ROOT = "static/"
+STATIC_ROOT = os.environ.get(f"{env_prefix}STATIC_ROOT", "static/")

 # Default primary key field type
 # https://docs.djangoproject.com/en/3.2/ref/settings/#default-auto-field
--- a/provisioning/authens.nix
+++ b/provisioning/authens.nix
@ -1,4 +1,4 @@
-{ lib , pythoncas, django, ldap, buildPythonPackage }:
+{ lib, pythoncas, django, ldap, buildPythonPackage }:
 buildPythonPackage rec {
  pname = "authens";
  version = "v0.1b5";
--- a/provisioning/mkAssets.nix
+++ b/provisioning/mkAssets.nix
@ -0,0 +1,26 @@
+{ pkgs, settings, source, app }:
+let
+  manage-py-file = "${source}/${app}/manage.py";
+  static-assets = pkgs.callPackage ./static-assets.nix { inherit python managePy; envPrefix = "HACKENS_ORGA_"};
+  mkEnv = settings: let # make env file to source before using manage.py and other commands
+    lib = pkgs.lib;
+    mkVarVal = v: let
+      isHasAttr = s: isAttrs v && hasAttr s v;
+    in
+    if builtins.isString v then lib.escapeShellArg v
+    # NOTE: If any value contains a , (comma) this will not get escaped
+    else if builtins.isList v && any lib.strings.isCoercibleToString v then lib.escapeShellArg (concatMapStringsSep "," toString v)
+    else if builtins.isInt v then toString v
+    else if builtins.isBool v then toString (if v then 1 else 0)
+    else if isHasAttr "_file" then "$(cat ${lib.escapeShellArg v._file} | xargs)"
+    else if isHasAttr "_raw" then v._raw
+    else abort "The django conf value ${lib.generators.toPretty {} v} can not be encoded.";
+  in lib.concatStrinsSep "\n" (lib.mapAttrsToList (k: v: "export ${k}=${mkVarVal v}") settings);
+  envFile = mkEnv settings;
+  managePy = pkgs.writeScript "manage-${app}" ''
+    source ${envFile}
+    ${python}/bin/python ${manage-py-file} $@
+  '';
+{
+  inherit managePy static-assets envFile source;
+}
--- a/provisioning/module.nix
+++ b/provisioning/module.nix
@ -0,0 +1,63 @@
+{ pkgs, lib, config }:
+let
+  app = "hackens-orga";
+  cfg = config.services.django.${app};
+  assets = import ./mk-assets.nix {
+    inherit pkgs app;
+    settings = cfg.settings;
+    source = cfg.src;
+  };
+in
+{
+
+  options = {
+    services.django.${app} = {
+      settings = lib.mkOption {
+        type = with lib.types; attrsOf anything;
+        default = {};
+        description = ''
+          Configuration for django ${app}
+        '';
+      };
+      src = lib.mkOption {
+        type = lib.types.package;
+        description = lib.mdDoc "Which DokuWiki package to use.";
+      };
+      port = lib.mkOption {
+        type = lib.types.port;
+        default = 51666;
+      };
+      processes = lib.mkOption {
+        type = lib.types.int;
+        default = 2;
+      };
+      threads = lib.mkOption {
+        type = lib.types.int;
+        default = 2;
+      };
+    };
+  };
+  config = {
+    systemd.services.${user} = {
+      description = "${name} django service";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      serviceConfig = {
+        User = user;
+      };
+      script = ''
+        source ${assets.envFile}
+        ${assets.managePy} migrate
+        ${python}/bin/gunicorn ${app}.wsgi \
+            --pythonpath ${cfg.src}/${app} \
+            -b 127.0.0.1:${toString cfg.port} \
+            --workers=${toString cfg.processes} \
+            --threads=${toString cfg.threads}
+      '';
+    };
+    users.users."django-${app}" = {
+      isSystemUser = true;
+      group = "django-${app}";
+    };
+    users.groups."django-${app}" = {};
+}
--- a/provisioning/python-cas.nix
+++ b/provisioning/python-cas.nix
@ -1,4 +1,4 @@
-{ lib , requests, lxml, six, buildPythonPackage , fetchFromGitHub }:
+{ lib, requests, lxml, six, buildPythonPackage, fetchFromGitHub }:
 buildPythonPackage rec {
  pname = "python-cas";
  version = "1.6.0";
--- a/provisioning/python.nix
+++ b/provisioning/python.nix
@ -0,0 +1,19 @@
+{ pkgs ? import ../nix { }, debug ? false }:
+let
+  python = pkgs.python310.override {
+    packageOverrides = self: super: {
+      django = super.django_4;
+      authens = self.callPackage ./authens.nix { };
+      pythoncas = self.callPackage ./python-cas.nix { };
+    };
+  };
+in
+python.withPackages (ps: [
+  ps.django
+  ps.djangorestframework
+  ps.authens
+] ++ pkgs.lib.optionals debug [
+  ps.django-debug-toolbar
+  ps.black
+  ps.isort
+])
--- a/provisioning/shell.nix
+++ b/provisioning/shell.nix
@ -0,0 +1,6 @@
+{ pkgs ? import ../nix { } }:
+pkgs.mkShell {
+  buildInputs = [
+    (import ./python.nix { inherit pkgs; debug = true; })
+  ];
+}
--- a/provisioning/static-assets.nix
+++ b/provisioning/static-assets.nix
@ -0,0 +1,10 @@
+{ python, managePy, envPrefix ? ""}:
+pkgs.runCommand "${name}-static" { buildInputs = [ src python ]; } ''
+  mkdir $out
+  export ${envPrefix}SECRET_KEY="collectstatic"
+  export ${envPrefix}STATIC_ROOT=$out
+  export ${envPrefix}DEBUG=0
+  export ${envPrefix}ALLOWED_HOSTS=
+  export ${envPrefix}DB_FILE=
+  ${managePy} collectstatic
+''
--- a/shell.nix
+++ b/shell.nix
@ -1,24 +0,0 @@
-{ pkgs ? import ./nix {} }:
-let
-  python = pkgs.python310.override {
-    packageOverrides = self: super: {
-      django = super.django_4;
-      authens = self.callPackage ./authens.nix {};
-      pythoncas = self.callPackage ./python-cas.nix {};
-    };
-  };
-in
-pkgs.mkShell {
-  buildInputs = [
-    (python.withPackages (ps: [
-      ps.django
-      ps.black
-      ps.isort
-      ps.djangorestframework
-      ps.django-debug-toolbar
-      ps.authens
-      # (ps.django-extensions.override { inherit django; })
-      # ps.django-compressor
-    ]))
-  ];
-}
--- a/shell.nix
+++ b/shell.nix
@ -0,0 +1 @@
+provisioning/shell.nix