feat(web03/gestiocof): Make the configuration suitable for a production setup

2025-01-16 18:49:02 +01:00 · 2025-01-16 18:49:02 +01:00 · af7f161e24
commit af7f161e24
parent 776f5f5426
1 changed files with 38 additions and 1 deletions
--- a/machines/nixos/web03/django-apps/gestiocof.nix
+++ b/machines/nixos/web03/django-apps/gestiocof.nix
@ -7,12 +7,17 @@
 {
  services.django-apps.sites.gestiocof = {
    source = "https://git.dgnum.eu/DGNum/gestioCOF";
-    branch = "django-apps";
+    branch = "cof-staging";
    domain = "gestiocof.webapps.dgnum.eu";

    nginx = {
      enableACME = true;
      forceSSL = true;
+
+      locations."/ws/" = {
+        proxyPass = "http://unix:/run/django-apps/gestiocof/socket";
+        proxyWebsockets = true;
+      };
    };

    webHookSecret = config.age.secrets."webhook-gestiocof_token".path;
@ -41,6 +46,7 @@
    dependencies = ps: [
      ps.authens
      ps.channels
+      ps.channels-redis
      ps.configparser
      ps.django
      ps.django-autocomplete-light
@ -55,6 +61,7 @@
      ps.loadcredential
      ps.pillow
      ps.python-dateutil
+      ps.redis
      ps.statistics
      ps.wagtail
      ps.wagtail-modeltranslation
@ -63,6 +70,7 @@

    application = {
      module = "gestioasso";
+      type = "daphne";
      settingsModule = "gestioasso.settings_cof";
    };

@ -72,5 +80,34 @@
      HCAPTCHA_SITEKEY = config.age.secrets."dj_gestiocof-hcaptcha_sitekey_file".path;
      KFETOPEN_TOKEN = config.age.secrets."dj_gestiocof-kfetopen_token_file".path;
    };
+
+    environment = {
+      GESTIOCOF_CHANNEL_LAYERS.default = {
+        BACKEND = "shared.channels.ChannelLayer";
+        CONFIG.hosts = [ "unix://${config.services.redis.servers.gestiocof.unixSocket}" ];
+      };
+      GESTIOCOF_CACHES.default = {
+        BACKEND = "django.core.cache.backends.redis.RedisCache";
+        LOCATION = "unix://${config.services.redis.servers.gestiocof.unixSocket}";
+      };
+      GESTIOCOF_CORS_ALLOWED_ORIGINS = [
+        "https://${config.services.django-apps.sites.gestiocof.domain}"
+      ];
+    };
+
+    extraServices.worker = {
+      script = "python3 manage.py runworker default";
+
+      serviceConfig = {
+        WorkingDirectory = "/var/lib/django-apps/gestiocof/source";
+        SupplementaryGroups = [ "redis-gestiocof" ];
+      };
+    };
  };
+
+  services.redis.servers.gestiocof = {
+    enable = true;
+  };
+
+  systemd.services.dj-gestiocof.serviceConfig.SupplementaryGroups = [ "redis-gestiocof" ];
 }