deduplicate flake inputs
make re-exports explicit again
Revert "deduplicate flake inputs"
This reverts commit 95769084ce.
switch launch shell to root flake's nixpkgs, see #279
use flake-sourced nixos-anywhere in tf, to reproduce modules for nix
properly pass repo dir for prod, be it with hard-coded TF init
move tf init out of python over read-only nix env
skip tf lock in views.py over read-only nix env
specify XDG_CACHE_HOME, workaround to error writing to /var/empty/.cache
update
document updating TF module
get TF in prod to the same 'installable ... does not correspond to a Nix language value' for non-flakes
seemingly gets further when a similar command is tried from terminal.
as per https://github.com/NixOS/nix/issues/8752#issuecomment-1694714693,
this may have to do with aligning the current working directory.
rm launch flake, as i seem to have reached similar progress without it
update nixos-anywhere to fix error 'installable ... does not correspond to a Nix language value'
rm comment
untrack TF generated provider/module stuff - local dev now requires following launch/README.md
for now gitignore .auto.tfvars.json used to track TF module of nixos-anywhere
in case we want that file for something else, we can move this (and its
ignore) to something separate.
use a mutable HOME in TF for nixos-anywhere to make a `.ssh` dir in - will this not backfire?
change ssh user to root
allow accessing test vms from fedi201's machine ssh key, closes#286
allow accessing test vms from fedi201's machine ssh key, closes#286
update nixpkgs to unstable - resolves manual deploy error on bootloader already on newer version
switch to bash deployment
tmp
adds a deploy button to the panel form - covers the local part of #76.
As a workaround to pass info (from our user form) into nixops4 uses
environment variable `DEPLOYMENT` thru nix's
`--extra-experimental-features configurable-impure-env`.
- simplify the configuration module
the `package` attribute makes little sense to be user-configurable,
since it will always need to be the derivation defined in this very
repository. for debugging one may as well change the original code itself.
- unbreak deployment
setting `CREDENTIALS_DIRECTORY` disabled the systemd mechanism set up
in the configuration module.
- remove unneeded configuration for deployment
- unbreak integration tests
before that missed waiting for the service to create some
state before running the application-level tests.
This setup is greatly inspired by the one used for [0], although with
notable modifications, such as:
- a SASS preprocessor and CSS compressor
- more streamlined NixOS integration tests
- cleaned up service configuration
- a few notes on how to do things better in the future
[0]: https://github.com/Nix-Security-WG/nix-security-tracker/
Apart from cloning the Nix setup, there were additional steps:
- Create an empty `src` directory, since the package requires it
- In the development shell, run `django-admin startproject panel src`
Note that while you can already do
```bash
manage migrate
manage runserver
```
the NixOS integration tests will fail, since `settings.py` needs
careful massaging to expose knobs that can be turned from our systemd
wrapper. The required changes are introduced in the next commit to make
them observable.
Noteworthy related work:
- https://github.com/sephii/django.nix
Rather mature setup with a clean interface, uses Caddy as reverse proxy.
- https://git.dgnum.eu/mdebray/djangonix
A work-in-progress attempt to capture more moving parts through the
module system, in particular secrets.
- https://github.com/DavHau/django-nixos
Out of date and somewhat simplistic, but serves as a reasonable
example for what can be done
I chose the variant I'm intimately familiar with in order to be able to
pass on knowledge or help with maintenance. But for the future
I strongly recommend picking the good bits from the other
implementations that control complexity in static configuration parts
through Nix expressions.
