panel: factor out env vars

2025-03-21 19:01:40 +01:00 · 2025-03-21 19:01:40 +01:00 · 98d8f6113c
commit 98d8f6113c
parent 7d8a0b3ab5
3 changed files with 24 additions and 23 deletions
--- a/panel/default.nix
+++ b/panel/default.nix
@ -23,12 +23,9 @@ args
      pkgs.npins
      manage
    ];
-    env = {
+    env = import ./env.nix { inherit lib pkgs; } // {
      NPINS_DIRECTORY = toString ../npins;
-      # explicitly use nix, as e.g. lix does not have configurable-impure-env
-      NIX_BIN = lib.getExe pkgs.nix;
-      REPO_DIR = toString ../.;
-      CREDENTIALS_DIRECTORY = builtins.toString ./.credentials;
+      CREDENTIALS_DIRECTORY = toString ./.credentials;
      DATABASE_URL = "sqlite:///${toString ./src}/db.sqlite3";
    };
    shellHook = ''
--- a/panel/env.nix
+++ b/panel/env.nix
@ -0,0 +1,13 @@
+{
+  lib,
+  pkgs,
+  ...
+}:
+let
+  inherit (builtins) toString;
+in
+{
+  REPO_DIR = toString ../.;
+  # explicitly use nix, as e.g. lix does not have configurable-impure-env
+  NIX_BIN = lib.getExe pkgs.nix;
+}
--- a/panel/nix/configuration.nix
+++ b/panel/nix/configuration.nix
@ -23,7 +23,13 @@ let
  cfg = config.services.${name};
  package = pkgs.callPackage ./package.nix { };

-  database-url = "sqlite:////var/lib/${name}/db.sqlite3";
+  environment = import ../env.nix { inherit lib pkgs; } // {
+    DATABASE_URL = "sqlite:////var/lib/${name}/db.sqlite3";
+    USER_SETTINGS_FILE = pkgs.concatText "configuration.py" [
+      ((pkgs.formats.pythonVars { }).generate "settings.py" cfg.settings)
+      (builtins.toFile "extra-settings.py" cfg.extra-settings)
+    ];
+  };

  python-environment = pkgs.python3.withPackages (
    ps: with ps; [
@ -32,11 +38,6 @@ let
    ]
  );

-  configFile = pkgs.concatText "configuration.py" [
-    ((pkgs.formats.pythonVars { }).generate "settings.py" cfg.settings)
-    (builtins.toFile "extra-settings.py" cfg.extra-settings)
-  ];
-
  manage-service = writeShellApplication {
    name = "manage";
    text = ''exec ${package}/bin/manage.py "$@"'';
@ -57,12 +58,7 @@ let
          --property "Group=${name}" \
          --property "WorkingDirectory=/var/lib/${name}" \
          --property "Environment=''
-      + (toString [
-        "NIX_BIN=${lib.getExe pkgs.nix}"
-        "REPO_DIR=${../..}"
-        "DATABASE_URL=${database-url}"
-        "USER_SETTINGS_FILE=${configFile}"
-      ])
+      + (toString (lib.mapAttrsToList (name: value: "${name}=${value}") environment))
      + "\" \\\n"
      + optionalString (credentials != [ ]) (
        (concatStringsSep " \\\n" (map (cred: "--property 'LoadCredential=${cred}'") credentials)) + " \\\n"
@ -214,12 +210,7 @@ in
      #       - manipulation should be straightforward in both places; e.g. dumping secrets to a directory that is not git-tracked and adding values to an attrset otherwise
      #       - error detection and correction; it should be clear where and why one messed up so it can be fixed immediately
      #     We may also want to test the development environment in CI in order to make sure that we don't break it inadvertently, because misconfiguration due to multiplpe sources of truth wastes a lot of time.
-      environment = {
-        USER_SETTINGS_FILE = "${configFile}";
-        DATABASE_URL = database-url;
-        NIX_BIN = lib.getExe pkgs.nix;
-        REPO_DIR = ../..;
-      };
+      inherit environment;
    };

    networking.firewall.allowedTCPPorts = [