kiara/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity

add TODO, reformat

Browse source
This commit is contained in:
Valentin Gagarin 2025-03-20 13:06:16 +01:00
parent ee70a0026d
commit 658fa7ff60
1 changed files with 25 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
panel/nix/configuration.nix
View file

@ -56,12 +56,14 @@ let
--property "User=${name}" \ --property "User=${name}" \
--property "Group=${name}" \ --property "Group=${name}" \
--property "WorkingDirectory=/var/lib/${name}" \ --property "WorkingDirectory=/var/lib/${name}" \
--property "Environment=DATABASE_URL=${database-url} USER_SETTINGS_FILE=${configFile} '' --property "Environment=''
+ + (toString [
# env vars mandatory in `settings.py` tho not used in `manage` "NIX_BIN=${lib.getExe pkgs.nix}"
'' "REPO_DIR=${../..}"
NIX_BIN=${lib.getExe pkgs.nix} REPO_DIR=${../..}" \ "DATABASE_URL=${database-url}"
'' "USER_SETTINGS_FILE=${configFile}"
])
+ "\" \\\n"
+ optionalString (credentials != [ ]) ( + optionalString (credentials != [ ]) (
(concatStringsSep " \\\n" (map (cred: "--property 'LoadCredential=${cred}'") credentials)) + " \\\n" (concatStringsSep " \\\n" (map (cred: "--property 'LoadCredential=${cred}'") credentials)) + " \\\n"
) )
@ -194,6 +196,23 @@ in
RuntimeDirectory = name; RuntimeDirectory = name;
LogsDirectory = name; LogsDirectory = name;
} // lib.optionalAttrs (credentials != [ ]) { LoadCredential = credentials; }; } // lib.optionalAttrs (credentials != [ ]) { LoadCredential = credentials; };
# TODO(@fricklerhandwerk):
# Unify handling of runtime settings.
# Right now we have four(!) places where we need to set environment variables, each in its own format:
# - Django's `settings.py` declaring the setting
# - the development environment
# - the `manage` command
# - here, the service configuration
# Ideally we'd set them in two places (development environment and service configuration) but in the same format.
# For that we need to take into account
# - the different types of settings
# - secrets, which must not end up in the store
# - other values, which can be world-readable
# - ergonomics
# - manipulation should be straightforward in both places; e.g. dumping secrets to a directory that is not git-tracked and adding values to an attrset otherwise
# - error detection and correction; it should be clear where and why one messed up so it can be fixed immediately
# We meay also want to test the development environment in CI in order to make sure that we don't break it inadvertently, because misconfiguration due to multiplpe sources of truth wastes a lot of time.
environment = { environment = {
USER_SETTINGS_FILE = "${configFile}"; USER_SETTINGS_FILE = "${configFile}";
DATABASE_URL = database-url; DATABASE_URL = database-url;