infrastructure/machines/nixos/web03/django-apps/gestiocof.nix

# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2

{ config, lib, ... }:

let
  inherit (lib) listToAttrs nameValuePair;
in

{
  services.django-apps.sites.gestiocof = {
    source = "https://git.dgnum.eu/DGNum/gestioCOF";
    branch = "cof-staging";
    domain = "gestiocof.webapps.dgnum.eu";

    nginx = {
      enableACME = true;
      forceSSL = true;

      locations =
        {
          "/ws/" = {
            proxyPass = "http://unix:/run/django-apps/gestiocof/socket";
            proxyWebsockets = true;
          };
        }
        // (listToAttrs (
          builtins.map (folder: nameValuePair "~ ^/${folder}/" { root = "/users/guests/cof/www/"; }) [
            "arcanoid"
            "cirque"
            "pompom"
            "trouveres"
          ]
        ));

      extraConfig = ''
        rewrite ^/$ /news;
      '';
    };

    webHookSecret = config.age.secrets."webhook-gestiocof_token".path;

    overlays = {
      kat-pkgs = [
        "django-djconfig"
        "django-hCaptcha"
        "wagtail-modeltranslation"
        "wagtailmenus"
        "django-cogwheels"
      ];

      nix-pkgs = [
        # Required packages
        "authens"
        "django-bootstrap-form"
        "django-cas-ng"
        "loadcredential"

        # Dependencies
        "python-cas"
      ];
    };

    dependencies = ps: [
      ps.authens
      ps.channels
      ps.channels-redis
      ps.configparser
      ps.django
      ps.django-autocomplete-light
      ps.django-bootstrap-form
      ps.django-cas-ng
      ps.django-cors-headers
      ps.django-djconfig
      ps.django-hCaptcha
      ps.django-js-reverse
      ps.django-widget-tweaks
      ps.icalendar
      ps.loadcredential
      ps.pillow
      ps.python-dateutil
      ps.redis
      ps.statistics
      ps.wagtail
      ps.wagtail-modeltranslation
      ps.wagtailmenus
    ];

    application = {
      module = "gestioasso";
      type = "daphne";
      settingsModule = "gestioasso.settings_cof";
    };

    credentials = {
      SECRET_KEY = config.age.secrets."dj_gestiocof-secret_key_file".path;
      HCAPTCHA_SECRET = config.age.secrets."dj_gestiocof-hcaptcha_secret_file".path;
      HCAPTCHA_SITEKEY = config.age.secrets."dj_gestiocof-hcaptcha_sitekey_file".path;
      KFETOPEN_TOKEN = config.age.secrets."dj_gestiocof-kfetopen_token_file".path;
    };

    environment = {
      GESTIOCOF_CHANNEL_LAYERS.default = {
        BACKEND = "shared.channels.ChannelLayer";
        CONFIG.hosts = [ "unix://${config.services.redis.servers.gestiocof.unixSocket}" ];
      };
      GESTIOCOF_CACHES.default = {
        BACKEND = "django.core.cache.backends.redis.RedisCache";
        LOCATION = "unix://${config.services.redis.servers.gestiocof.unixSocket}";
      };
      GESTIOCOF_CORS_ALLOWED_ORIGINS = [
        "https://${config.services.django-apps.sites.gestiocof.domain}"
      ];
    };

    extraServices.worker = {
      script = "python3 manage.py runworker default";

      serviceConfig = {
        WorkingDirectory = "/var/lib/django-apps/gestiocof/source";
        SupplementaryGroups = [ "redis-gestiocof" ];
      };
    };
  };

  services.redis.servers.gestiocof = {
    enable = true;
  };

  systemd.services.dj-gestiocof.serviceConfig.SupplementaryGroups = [ "redis-gestiocof" ];
}