From 98d8f6113cef71db4c030e736cb5077c16759b91 Mon Sep 17 00:00:00 2001 From: Kiara Grouwstra Date: Fri, 21 Mar 2025 19:01:40 +0100 Subject: [PATCH] panel: factor out env vars --- panel/default.nix | 7 ++----- panel/env.nix | 13 +++++++++++++ panel/nix/configuration.nix | 27 +++++++++------------------ 3 files changed, 24 insertions(+), 23 deletions(-) create mode 100644 panel/env.nix diff --git a/panel/default.nix b/panel/default.nix index 821333b4..d6667bc7 100644 --- a/panel/default.nix +++ b/panel/default.nix @@ -23,12 +23,9 @@ args pkgs.npins manage ]; - env = { + env = import ./env.nix { inherit lib pkgs; } // { NPINS_DIRECTORY = toString ../npins; - # explicitly use nix, as e.g. lix does not have configurable-impure-env - NIX_BIN = lib.getExe pkgs.nix; - REPO_DIR = toString ../.; - CREDENTIALS_DIRECTORY = builtins.toString ./.credentials; + CREDENTIALS_DIRECTORY = toString ./.credentials; DATABASE_URL = "sqlite:///${toString ./src}/db.sqlite3"; }; shellHook = '' diff --git a/panel/env.nix b/panel/env.nix new file mode 100644 index 00000000..5b4e3523 --- /dev/null +++ b/panel/env.nix @@ -0,0 +1,13 @@ +{ + lib, + pkgs, + ... +}: +let + inherit (builtins) toString; +in +{ + REPO_DIR = toString ../.; + # explicitly use nix, as e.g. lix does not have configurable-impure-env + NIX_BIN = lib.getExe pkgs.nix; +} diff --git a/panel/nix/configuration.nix b/panel/nix/configuration.nix index 5faf0daf..27359503 100644 --- a/panel/nix/configuration.nix +++ b/panel/nix/configuration.nix @@ -23,7 +23,13 @@ let cfg = config.services.${name}; package = pkgs.callPackage ./package.nix { }; - database-url = "sqlite:////var/lib/${name}/db.sqlite3"; + environment = import ../env.nix { inherit lib pkgs; } // { + DATABASE_URL = "sqlite:////var/lib/${name}/db.sqlite3"; + USER_SETTINGS_FILE = pkgs.concatText "configuration.py" [ + ((pkgs.formats.pythonVars { }).generate "settings.py" cfg.settings) + (builtins.toFile "extra-settings.py" cfg.extra-settings) + ]; + }; python-environment = pkgs.python3.withPackages ( ps: with ps; [ @@ -32,11 +38,6 @@ let ] ); - configFile = pkgs.concatText "configuration.py" [ - ((pkgs.formats.pythonVars { }).generate "settings.py" cfg.settings) - (builtins.toFile "extra-settings.py" cfg.extra-settings) - ]; - manage-service = writeShellApplication { name = "manage"; text = ''exec ${package}/bin/manage.py "$@"''; @@ -57,12 +58,7 @@ let --property "Group=${name}" \ --property "WorkingDirectory=/var/lib/${name}" \ --property "Environment='' - + (toString [ - "NIX_BIN=${lib.getExe pkgs.nix}" - "REPO_DIR=${../..}" - "DATABASE_URL=${database-url}" - "USER_SETTINGS_FILE=${configFile}" - ]) + + (toString (lib.mapAttrsToList (name: value: "${name}=${value}") environment)) + "\" \\\n" + optionalString (credentials != [ ]) ( (concatStringsSep " \\\n" (map (cred: "--property 'LoadCredential=${cred}'") credentials)) + " \\\n" @@ -214,12 +210,7 @@ in # - manipulation should be straightforward in both places; e.g. dumping secrets to a directory that is not git-tracked and adding values to an attrset otherwise # - error detection and correction; it should be clear where and why one messed up so it can be fixed immediately # We may also want to test the development environment in CI in order to make sure that we don't break it inadvertently, because misconfiguration due to multiplpe sources of truth wastes a lot of time. - environment = { - USER_SETTINGS_FILE = "${configFile}"; - DATABASE_URL = database-url; - NIX_BIN = lib.getExe pkgs.nix; - REPO_DIR = ../..; - }; + inherit environment; }; networking.firewall.allowedTCPPorts = [