kiara/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity

Merge pull request 'deploy fedipanel' () from kiara/Fediversity:deploy-panel into main

Browse source 
Reviewed-on: 
Reviewed-by: Nicolas Jeannerod <nicolas.jeannerod@moduscreate.com>
This commit is contained in:
kiara Grouwstra 2025-02-27 22:06:24 +01:00
commit 9cc1e40b5d
5 changed files with 78 additions and 3 deletions

6
infra/machines/fedi201/default.nix
View file

@ -10,4 +10,10 @@
gateway = "2a00:51c0:13:1305::1";
};
};
nixos.module = {
imports = [
./fedipanel.nix
];
};
}

39
infra/machines/fedi201/fedipanel.nix Normal file
View file

@ -0,0 +1,39 @@
{
config,
...
}:
let
name = "panel";
panel = (import ../../../panel/default.nix { }).package;
in
{
imports = [
../../../panel/nix/configuration.nix
];
environment.systemPackages = [
panel
];
security.acme = {
acceptTerms = true;
defaults.email = "beheer@procolix.com";
};
services.${name} = {
enable = true;
package = panel;
production = true;
domain = "demo.fediversity.eu";
host = "0.0.0.0";
secrets = {
SECRET_KEY = config.age.secrets.panel-secret-key.path;
};
port = 8000;
settings = {
DATABASE_URL = "sqlite:///var/lib/${name}/db.sqlite3";
CREDENTIALS_DIRECTORY = "/var/lib/${name}/.credentials";
STATIC_ROOT = "/var/lib/${name}/static";
};
};
}

21
panel/nix/configuration.nix
View file

@ -26,10 +26,19 @@ let
database-url = "sqlite:////var/lib/${name}/db.sqlite3";
python-environment = pkgs.python3.withPackages (
ps: with ps; [
cfg.package
ps:
with ps;
[
uvicorn
cfg.package
dj-database-url
django-compressor
django-debug-toolbar
django-libsass
django_4
setuptools
]
++ cfg.package.propagatedBuildInputs
);
configFile = pkgs.concatText "configuration.py" [
@ -180,7 +189,8 @@ in
fi
'';
script = ''
uvicorn ${name}.asgi:application --host ${cfg.host} --port ${toString cfg.port}
export PYTHONPATH=$PYTHONPATH:${cfg.package}/lib/python3.12/site-packages
${python-environment}/bin/python -m uvicorn ${name}.asgi:application --host ${cfg.host} --port ${toString cfg.port}
'';
serviceConfig = {
Restart = "always";
@ -195,5 +205,10 @@ in
DATABASE_URL = database-url;
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
};
}

14
secrets/panel-secret-key.age Normal file
View file

@ -0,0 +1,14 @@
age-encryption.org/v1
-> ssh-ed25519 BAs8QA 0TS+HcjtKeUAsLyzrsnCbj53GAq7pvXF12yQSxaxuFs
IjmmZV2Zh4cwj1+7r/fAKnuftpl46P5fO6SxtRMevIM
-> ssh-ed25519 ofQnlg b4maqJdxyyi7b3arE9sxySwqeFjFlC6oT+PgQjIGj0Y
Gi5d4sJa0te/MsbkKYIOByIQ+TXBgu7hh2InES1pvXw
-> ssh-ed25519 COspvA RiXEgUbPi3vep/8fM/RuRUYhCfBHO1XZt6Ov3WPnkV0
tTMLMb92ct5Zkqt42y8R3UI/zblAbsuEammavVcwGOU
-> ssh-ed25519 1MUEqQ XxxSvZrI9S6FI7CwYOSKDlfVBdLTur7/07Sm2HHLJwg
iW5PduiY/7N2kSJpBzmfnt8aNWKPfLZ43Kq6fyLeydw
-> ssh-ed25519 ChtTUw zixDXeL07d4+pzFBSt/1f8yB+QxXOMv6sE6h469YzVs
rSC9S8v9gmtBw9FMKLg0h0muCmfMRuFD24JpTVw3ALc
--- vf2SwG1rpxjri3TGARwdMBc/mccj6RSTgf54YeQeR/8
În9K±¼‰îÁä ÞÈ9÷y¼¿«dMÈdWn@õYç0ì.ü½ž1uÜoÚ«¨Á¾jý<6A>iý`
<EFBFBD>;1

1
secrets/secrets.nix
View file

@ -27,6 +27,7 @@ concatMapAttrs
forgejo-database-password = [ vm02116 ];
forgejo-email-password = [ vm02116 ];
forgejo-runner-token = [ ];
panel-secret-key = [ fedi201 ];
wiki-basicauth-htpasswd = [ vm02187 ];
wiki-password = [ vm02187 ];
wiki-smtp-password = [ vm02187 ];