Merge pull request 'deploy fedipanel' (#201) from kiara/Fediversity:deploy-panel into main

Reviewed-on: Fediversity/Fediversity#201 Reviewed-by: Nicolas Jeannerod <nicolas.jeannerod@moduscreate.com>
2025-02-27 22:06:24 +01:00 · 2025-02-27 22:06:24 +01:00 · 9cc1e40b5d
commit 9cc1e40b5d
parent f34f2e45ab f828afd5d5
5 changed files with 78 additions and 3 deletions
--- a/infra/machines/fedi201/default.nix
+++ b/infra/machines/fedi201/default.nix
@ -10,4 +10,10 @@
      gateway = "2a00:51c0:13:1305::1";
    };
  };
+
+  nixos.module = {
+    imports = [
+      ./fedipanel.nix
+    ];
+  };
 }
--- a/infra/machines/fedi201/fedipanel.nix
+++ b/infra/machines/fedi201/fedipanel.nix
@ -0,0 +1,39 @@
+{
+  config,
+  ...
+}:
+let
+  name = "panel";
+  panel = (import ../../../panel/default.nix { }).package;
+in
+{
+  imports = [
+    ../../../panel/nix/configuration.nix
+  ];
+
+  environment.systemPackages = [
+    panel
+  ];
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "beheer@procolix.com";
+  };
+
+  services.${name} = {
+    enable = true;
+    package = panel;
+    production = true;
+    domain = "demo.fediversity.eu";
+    host = "0.0.0.0";
+    secrets = {
+      SECRET_KEY = config.age.secrets.panel-secret-key.path;
+    };
+    port = 8000;
+    settings = {
+      DATABASE_URL = "sqlite:///var/lib/${name}/db.sqlite3";
+      CREDENTIALS_DIRECTORY = "/var/lib/${name}/.credentials";
+      STATIC_ROOT = "/var/lib/${name}/static";
+    };
+  };
+}
--- a/panel/nix/configuration.nix
+++ b/panel/nix/configuration.nix
@ -26,10 +26,19 @@ let
  database-url = "sqlite:////var/lib/${name}/db.sqlite3";

  python-environment = pkgs.python3.withPackages (
-    ps: with ps; [
-      cfg.package
+    ps:
+    with ps;
+    [
      uvicorn
+      cfg.package
+      dj-database-url
+      django-compressor
+      django-debug-toolbar
+      django-libsass
+      django_4
+      setuptools
    ]
+    ++ cfg.package.propagatedBuildInputs
  );

  configFile = pkgs.concatText "configuration.py" [
@ -180,7 +189,8 @@ in
        fi
      '';
      script = ''
-        uvicorn ${name}.asgi:application --host ${cfg.host} --port ${toString cfg.port}
+        export PYTHONPATH=$PYTHONPATH:${cfg.package}/lib/python3.12/site-packages
+        ${python-environment}/bin/python -m uvicorn ${name}.asgi:application --host ${cfg.host} --port ${toString cfg.port}
      '';
      serviceConfig = {
        Restart = "always";
@ -195,5 +205,10 @@ in
        DATABASE_URL = database-url;
      };
    };
+
+    networking.firewall.allowedTCPPorts = [
+      80
+      443
+    ];
  };
 }
--- a/secrets/panel-secret-key.age
+++ b/secrets/panel-secret-key.age
@ -0,0 +1,14 @@
+age-encryption.org/v1
+-> ssh-ed25519 BAs8QA 0TS+HcjtKeUAsLyzrsnCbj53GAq7pvXF12yQSxaxuFs
+IjmmZV2Zh4cwj1+7r/fAKnuftpl46P5fO6SxtRMevIM
+-> ssh-ed25519 ofQnlg b4maqJdxyyi7b3arE9sxySwqeFjFlC6oT+PgQjIGj0Y
+Gi5d4sJa0te/MsbkKYIOByIQ+TXBgu7hh2InES1pvXw
+-> ssh-ed25519 COspvA RiXEgUbPi3vep/8fM/RuRUYhCfBHO1XZt6Ov3WPnkV0
+tTMLMb92ct5Zkqt42y8R3UI/zblAbsuEammavVcwGOU
+-> ssh-ed25519 1MUEqQ XxxSvZrI9S6FI7CwYOSKDlfVBdLTur7/07Sm2HHLJwg
+iW5PduiY/7N2kSJpBzmfnt8aNWKPfLZ43Kq6fyLeydw
+-> ssh-ed25519 ChtTUw zixDXeL07d4+pzFBSt/1f8yB+QxXOMv6sE6h469YzVs
+rSC9S8v9gmtBw9FMKLg0h0muCmfMRuFD24JpTVw3ALc
+--- vf2SwG1rpxjri3TGARwdMBc/mccj6RSTgf54YeQeR/8
+În9…K±¼‰îÁäÞÈ9÷y¼¿«dMÈdWn@ÃµYç0Ã¬.ü½ž1uÜ›oÚ«¨Á¾jý<6A>iý`
+<EFBFBD>;1
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -27,6 +27,7 @@ concatMapAttrs
      forgejo-database-password = [ vm02116 ];
      forgejo-email-password = [ vm02116 ];
      forgejo-runner-token = [ ];
+      panel-secret-key = [ fedi201 ];
      wiki-basicauth-htpasswd = [ vm02187 ];
      wiki-password = [ vm02187 ];
      wiki-smtp-password = [ vm02187 ];