add TODO, reformat

2025-03-20 13:06:16 +01:00 · 2025-03-20 13:06:16 +01:00 · 658fa7ff60
commit 658fa7ff60
parent ee70a0026d
1 changed files with 25 additions and 6 deletions
--- a/panel/nix/configuration.nix
+++ b/panel/nix/configuration.nix
@ -56,12 +56,14 @@ let
          --property "User=${name}" \
          --property "Group=${name}" \
          --property "WorkingDirectory=/var/lib/${name}" \
-          --property "Environment=DATABASE_URL=${database-url} USER_SETTINGS_FILE=${configFile} ''
-      +
-        # env vars mandatory in `settings.py` tho not used in `manage`
-        ''
-          NIX_BIN=${lib.getExe pkgs.nix} REPO_DIR=${../..}" \
-        ''
+          --property "Environment=''
+      + (toString [
+        "NIX_BIN=${lib.getExe pkgs.nix}"
+        "REPO_DIR=${../..}"
+        "DATABASE_URL=${database-url}"
+        "USER_SETTINGS_FILE=${configFile}"
+      ])
+      + "\" \\\n"
      + optionalString (credentials != [ ]) (
        (concatStringsSep " \\\n" (map (cred: "--property 'LoadCredential=${cred}'") credentials)) + " \\\n"
      )
@ -194,6 +196,23 @@ in
        RuntimeDirectory = name;
        LogsDirectory = name;
      } // lib.optionalAttrs (credentials != [ ]) { LoadCredential = credentials; };
+
+      # TODO(@fricklerhandwerk):
+      #     Unify handling of runtime settings.
+      #     Right now we have four(!) places where we need to set environment variables, each in its own format:
+      #     - Django's `settings.py` declaring the setting
+      #     - the development environment
+      #     - the `manage` command
+      #     - here, the service configuration
+      #     Ideally we'd set them in two places (development environment and service configuration) but in the same format.
+      #     For that we need to take into account
+      #     - the different types of settings
+      #       - secrets, which must not end up in the store
+      #       - other values, which can be world-readable
+      #     - ergonomics
+      #       - manipulation should be straightforward in both places; e.g. dumping secrets to a directory that is not git-tracked and adding values to an attrset otherwise
+      #       - error detection and correction; it should be clear where and why one messed up so it can be fixed immediately
+      #     We meay also want to test the development environment in CI in order to make sure that we don't break it inadvertently, because misconfiguration due to multiplpe sources of truth wastes a lot of time.
      environment = {
        USER_SETTINGS_FILE = "${configFile}";
        DATABASE_URL = database-url;