diff --git a/infra/machines/fedi201/default.nix b/infra/machines/fedi201/default.nix
index c0d1bd90..529a52b7 100644
--- a/infra/machines/fedi201/default.nix
+++ b/infra/machines/fedi201/default.nix
@@ -10,4 +10,10 @@
gateway = "2a00:51c0:13:1305::1";
};
};
+
+ nixos.module = {
+ imports = [
+ ./fedipanel.nix
+ ];
+ };
}
diff --git a/infra/machines/fedi201/fedipanel.nix b/infra/machines/fedi201/fedipanel.nix
new file mode 100644
index 00000000..5312eafb
--- /dev/null
+++ b/infra/machines/fedi201/fedipanel.nix
@@ -0,0 +1,39 @@
+{
+ config,
+ ...
+}:
+let
+ name = "panel";
+ panel = (import ../../../panel/default.nix { }).package;
+in
+{
+ imports = [
+ ../../../panel/nix/configuration.nix
+ ];
+
+ environment.systemPackages = [
+ panel
+ ];
+
+ security.acme = {
+ acceptTerms = true;
+ defaults.email = "beheer@procolix.com";
+ };
+
+ services.${name} = {
+ enable = true;
+ package = panel;
+ production = true;
+ domain = "demo.fediversity.eu";
+ host = "0.0.0.0";
+ secrets = {
+ SECRET_KEY = config.age.secrets.panel-secret-key.path;
+ };
+ port = 8000;
+ settings = {
+ DATABASE_URL = "sqlite:///var/lib/${name}/db.sqlite3";
+ CREDENTIALS_DIRECTORY = "/var/lib/${name}/.credentials";
+ STATIC_ROOT = "/var/lib/${name}/static";
+ };
+ };
+}
diff --git a/panel/nix/configuration.nix b/panel/nix/configuration.nix
index dae242b5..d790e30c 100644
--- a/panel/nix/configuration.nix
+++ b/panel/nix/configuration.nix
@@ -26,10 +26,19 @@ let
database-url = "sqlite:////var/lib/${name}/db.sqlite3";
python-environment = pkgs.python3.withPackages (
- ps: with ps; [
- cfg.package
+ ps:
+ with ps;
+ [
uvicorn
+ cfg.package
+ dj-database-url
+ django-compressor
+ django-debug-toolbar
+ django-libsass
+ django_4
+ setuptools
]
+ ++ cfg.package.propagatedBuildInputs
);
configFile = pkgs.concatText "configuration.py" [
@@ -180,7 +189,8 @@ in
fi
'';
script = ''
- uvicorn ${name}.asgi:application --host ${cfg.host} --port ${toString cfg.port}
+ export PYTHONPATH=$PYTHONPATH:${cfg.package}/lib/python3.12/site-packages
+ ${python-environment}/bin/python -m uvicorn ${name}.asgi:application --host ${cfg.host} --port ${toString cfg.port}
'';
serviceConfig = {
Restart = "always";
@@ -195,5 +205,10 @@ in
DATABASE_URL = database-url;
};
};
+
+ networking.firewall.allowedTCPPorts = [
+ 80
+ 443
+ ];
};
}
diff --git a/secrets/panel-secret-key.age b/secrets/panel-secret-key.age
new file mode 100644
index 00000000..4dea00eb
--- /dev/null
+++ b/secrets/panel-secret-key.age
@@ -0,0 +1,14 @@
+age-encryption.org/v1
+-> ssh-ed25519 BAs8QA 0TS+HcjtKeUAsLyzrsnCbj53GAq7pvXF12yQSxaxuFs
+IjmmZV2Zh4cwj1+7r/fAKnuftpl46P5fO6SxtRMevIM
+-> ssh-ed25519 ofQnlg b4maqJdxyyi7b3arE9sxySwqeFjFlC6oT+PgQjIGj0Y
+Gi5d4sJa0te/MsbkKYIOByIQ+TXBgu7hh2InES1pvXw
+-> ssh-ed25519 COspvA RiXEgUbPi3vep/8fM/RuRUYhCfBHO1XZt6Ov3WPnkV0
+tTMLMb92ct5Zkqt42y8R3UI/zblAbsuEammavVcwGOU
+-> ssh-ed25519 1MUEqQ XxxSvZrI9S6FI7CwYOSKDlfVBdLTur7/07Sm2HHLJwg
+iW5PduiY/7N2kSJpBzmfnt8aNWKPfLZ43Kq6fyLeydw
+-> ssh-ed25519 ChtTUw zixDXeL07d4+pzFBSt/1f8yB+QxXOMv6sE6h469YzVs
+rSC9S8v9gmtBw9FMKLg0h0muCmfMRuFD24JpTVw3ALc
+--- vf2SwG1rpxjri3TGARwdMBc/mccj6RSTgf54YeQeR/8
+�n9���K����������9�y����dM�dWn@õY�0���.���1uܛoګ���j���i�`
+�;1
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index ae5f19ed..f2e30797 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -27,6 +27,7 @@ concatMapAttrs
forgejo-database-password = [ vm02116 ];
forgejo-email-password = [ vm02116 ];
forgejo-runner-token = [ ];
+ panel-secret-key = [ fedi201 ];
wiki-basicauth-htpasswd = [ vm02187 ];
wiki-password = [ vm02187 ];
wiki-smtp-password = [ vm02187 ];