modules(pretalx): partial setup

modules/default.nix

@@ -3,5 +3,4 @@
   drone-server = ./servers/drone.nix;
   drone-exec-runner = ./servers/drone-exec-runner.nix;
   wordpress = ./web-apps/wordpress;
-  lychee = ./web-apps/lychee;
 }

modules/web-apps/lychee/default.nix

@@ -1,187 +0,0 @@
-{ pkgs, lib, config, ... }:
-let
-  cfg = config.services.lychee;
-  src = cfg.package;
-  envConf = cfg.settings;
-in {
-  options.services.lychee = {
-    enable = lib.mkEnableOption "Whether to enable lychee";
-    website = lib.mkOption {
-      type = lib.types.str;
-      default = "localhost";
-      example = "www.example.com";
-    };
-    package = lib.mkOption { type = lib.types.path; };
-    forceSSL = lib.mkOption {
-      type = lib.types.bool;
-      default = false;
-      description = "Whether to force SSL for the nginx virtual host";
-    };
-    enableACME = lib.mkOption {
-      type = lib.types.bool;
-      default = false;
-      description = "Whether to enableACME for the nginx virtual host";
-    };
-    upload_max_filesize = lib.mkOption {
-      type = lib.types.ints.positive;
-      default = 30;
-      description = "Max uploaded file size";
-    };
-    post_max_size = lib.mkOption {
-      type = lib.types.ints.positive;
-      default = 100;
-      description = "Max post request size";
-    };
-    user = lib.mkOption {
-      type = lib.types.str;
-      default = "lychee";
-      description = "The user that will operate on mutable files";
-    };
-    settings = lib.mkOption {
-      default = { };
-      type = lib.types.submodule {
-        freeformType = with lib.types; attrsOf str;
-        options = {
-          APP_URL = lib.mkOption {
-            type = lib.types.str;
-            default = "http://${cfg.website}";
-          };
-          DB_CONNECTION = lib.mkOption {
-            type = lib.types.str;
-            default = "sqlite";
-          };
-          DB_LOG_SQL = lib.mkOption {
-            type = lib.types.str;
-            default = ''"false"'';
-          };
-          CACHE_DRIVER = lib.mkOption {
-            type = lib.types.str;
-            default = "file";
-          };
-          SESSION_DRIVER = lib.mkOption {
-            type = lib.types.str;
-            default = "file";
-          };
-          SESSION_LIFETIME = lib.mkOption {
-            type = lib.types.str;
-            default = "120";
-          };
-          SECURITY_HEADER_HSTS_ENABLE = lib.mkOption {
-            type = lib.types.str;
-            default = ''"false"'';
-          };
-          SESSION_SECURE_COOKIE = lib.mkOption {
-            type = lib.types.str;
-            default = ''"false"'';
-          };
-          REDIS_PASSWORD = lib.mkOption {
-            type = lib.types.str;
-            default = ''"null"'';
-          };
-          REDIS_PORT = lib.mkOption {
-            type = lib.types.str;
-            default = "6379";
-          };
-          MAIL_DRIVER = lib.mkOption {
-            type = lib.types.str;
-            default = "smtp";
-          };
-        };
-      };
-    };
-  };
-  config = lib.mkIf cfg.enable {
-    services.nginx = {
-      enable = true;
-      virtualHosts.${cfg.website} = {
-        root = "/var/lib/lychee/public/";
-        forceSSL = lib.mkDefault cfg.forceSSL;
-        enableACME = lib.mkDefault cfg.enableACME;
-        locations = {
-          "^~ /index.php" = {
-            fastcgiParams = {
-              SCRIPT_FILENAME = "$document_root$fastcgi_script_name";
-            };
-            extraConfig = ''
-              fastcgi_split_path_info ^(.+?\.php)(/.*)$;
-              fastcgi_pass unix:${
-                config.services.phpfpm.pools."${cfg.website}".socket
-              };
-              fastcgi_index index.php;
-              client_max_body_size ${
-                builtins.toString cfg.upload_max_filesize
-              }M;
-            '';
-          };
-          "~ [^/].php(/|$)" = { return = "403"; };
-        };
-        extraConfig = ''
-          index index.php;
-          if (!-e $request_filename)
-          {
-              rewrite ^/(.*)$ /index.php?/$1 last;
-              break;
-          }
-        '';
-      };
-    };
-    systemd.services."lychee-install" = {
-      wantedBy = [ "phpfpm-${cfg.website}.service" ];
-      before = [ "phpfpm-${cfg.website}.service" ];
-      script = let rsync = pkgs.rsync;
-      in ''
-        ${rsync}/bin/rsync -a --ignore-existing ${src}/ $STATE_DIRECTORY
-        chmod u+w $STATE_DIRECTORY/
-        chmod u+w $STATE_DIRECTORY/.env
-        chmod u+w $STATE_DIRECTORY/database/
-        chmod u+w $STATE_DIRECTORY/database/database.sqlite
-        chmod -R u+w $STATE_DIRECTORY/storage/
-        chmod -R u+w $STATE_DIRECTORY/public/
-        chmod -R u+w $STATE_DIRECTORY/bootstrap/cache/
-      '';
-      serviceConfig = {
-        Type = "oneshot";
-        StateDirectory = "lychee";
-        User = cfg.user;
-        Restart = "on-failure";
-        ProtectHome = true;
-        ProtectSystem = "strict";
-        PrivateTmp = true;
-        PrivateDevices = true;
-        ProtectHostname = true;
-        ProtectClock = true;
-        ProtectKernelTunables = true;
-        ProtectKernelModules = true;
-        ProtectKernelLogs = true;
-        ProtectControlGroups = true;
-        NoNewPrivileges = true;
-        RestrictRealtime = true;
-        RestrictSUIDSGID = true;
-        RemoveIPC = true;
-        PrivateMounts = true;
-      };
-    };
-    services.phpfpm.pools.${cfg.website} = {
-      user = cfg.user;
-      phpPackage = pkgs.php81.withExtensions ({ enabled, all }:
-        enabled ++ [ all.imagick all.bcmath all.mbstring all.gd ]);
-      phpOptions = ''
-        upload_max_filesize = ${builtins.toString cfg.upload_max_filesize}M
-        post_max_size = ${builtins.toString cfg.post_max_size}M
-      '';
-      settings = {
-        "pm" = "dynamic";
-        "listen.owner" = config.services.nginx.user;
-        "listen.group" = config.services.nginx.group;
-      };
-      phpEnv = { "PATH" = lib.makeBinPath [ pkgs.ffmpeg ]; } // envConf;
-    };
-    users.users.${cfg.user} = {
-      isSystemUser = lib.mkDefault true;
-      home = lib.mkDefault src;
-      group = lib.mkDefault cfg.user;
-    };
-    users.groups.${cfg.user} = { };
-  };
-}
-

modules/web-apps/lychee/test.nix

@@ -1,31 +0,0 @@
-{ pkgs ? import <nixpkgs> { }, myPkgs ? import ../.. { } }:
-pkgs.nixosTest ({
-  # NixOS tests are run inside a virtual machine, and here we specify system of the machine.
-  nodes = {
-    server = { config, pkgs, ... }: {
-      imports = [ myPkgs.modules.lychee ];
-
-      security.acme.acceptTerms = true;
-      security.acme.defaults.email = "test@test.fr";
-      services.lychee = {
-        enable = true;
-        package = myPkgs.lychee-gallery;
-        forceSSL = true;
-        enableACME = true;
-      };
-      environment.systemPackages = [ pkgs.w3m ];
-
-      users = {
-        mutableUsers = false;
-        users = {
-          # For ease of debugging the VM as the `root` user
-          root.password = "";
-        };
-      };
-    };
-  };
-  testScript = ''
-    start_all()
-    server.wait_for_unit("phpfpm-localhost.service")
-  '';
-})

pkgs/default.nix

@@ -9,7 +9,7 @@ let
     callPackage f (subsetArgs // extraArgs);
     self = rec {
       acme-dns = callPackage ./servers/acme-dns.nix {};
-    lychee-gallery = callPackage ./web-apps/lychee-gallery.nix {};
+      pretalx = callPackage ./web-apps/pretalx {};
     };
 in
 self

pkgs/web-apps/lychee-gallery.nix

@@ -1,15 +0,0 @@
-{ stdenv, fetchzip, pkgs, env ? {} }:
-stdenv.mkDerivation rec {
-  pname = "Lychee";
-  version = "4.6.2";
-  src = fetchzip {
-    url = "https://github.com/LycheeOrg/Lychee/releases/download/v${version}/Lychee.zip";
-    sha256 = "sha256-dNujUTGaxvc6uZgyanNh9kIzRqfFA9yFhAtexu1sVc4=";
-  };
-  installPhase = ''
-    shopt -s dotglob
-    mkdir $out
-    mv .env.example .env
-    mv * $out/
-    '';
-}

pkgs/web-apps/pretalx/README.md

@@ -0,0 +1,3 @@
+# Python environment for Nixcon VPS
+
+Note: Requires a patched version of poetry to work

pkgs/web-apps/pretalx/default.nix

@@ -0,0 +1,28 @@
+{
+  pkgs ? import <nixpkgs> { },
+}:
+
+let
+  poetry2nix = pkgs.poetry2nix;
+in (poetry2nix.mkPoetryApplication {
+  projectDir = ./.;
+  doCheck = false;
+  overrides = poetry2nix.overrides.withDefaults (self: super: {
+    pretalx = super.pretalx.overrideAttrs (old: {
+      nativeBuildInputs = old.nativeBuildInputs ++ [
+        pkgs.sass
+      ];
+    });
+
+    cssutils = super.cssutils.override {
+      preferWheel = true;
+    };
+
+    django-scopes = super.django-scopes.override {
+      preferWheel = true;
+    };
+
+  });
+})/*.overrideAttrs(old: {
+  inherit (old.passthru.python.pythonPackages.pretalx) pname name version;
+})*/

pkgs/web-apps/pretalx/pretalx_wrapper.py

@@ -0,0 +1,10 @@
+import sys
+import os
+
+
+module_name = 'pretalx'
+
+
+def main():
+    os.environ['PYTHONPATH'] = ':'.join(sys.path)
+    os.execv(sys.executable, [sys.executable, '-m', module_name] + sys.argv[1:])

pkgs/web-apps/pretalx/pyproject.toml

@@ -0,0 +1,22 @@
+[tool.poetry]
+name = "pretalx_wrapper"
+version = "0.2.0"
+description = ""
+authors = ["adisbladis <adisbladis@gmail.com>", "Raito Bezarius <masterancpp@gmail.com>"]
+license = "MIT"
+
+[tool.poetry.dependencies]
+python = "^3.9"
+pretalx = "^2.2"
+# psycopg2-binary = "^2.8"
+# dj-static = "^0.0.6"
+# django-redis = "^4.10"
+
+[tool.poetry.dev-dependencies]
+
+[build-system]
+requires = ["poetry>=0.12"]
+build-backend = "poetry.masonry.api"
+
+[tool.poetry.scripts]
+pretalx = "pretalx_wrapper:main"