From 3354c8950340019b567b11d51f5c1d4eeb5ed51b Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Tue, 25 Feb 2025 09:45:28 +0100
Subject: [PATCH 1/4] WIP: deploy fedipanel

Closes #101
---
 infra/machines/fedi201/default.nix   |  6 +++++
 infra/machines/fedi201/fedipanel.nix | 38 ++++++++++++++++++++++++++++
 secrets/panel-secret-key.age         | 14 ++++++++++
 secrets/secrets.nix                  |  1 +
 4 files changed, 59 insertions(+)
 create mode 100644 infra/machines/fedi201/fedipanel.nix
 create mode 100644 secrets/panel-secret-key.age

diff --git a/infra/machines/fedi201/default.nix b/infra/machines/fedi201/default.nix
index c0d1bd90..529a52b7 100644
--- a/infra/machines/fedi201/default.nix
+++ b/infra/machines/fedi201/default.nix
@@ -10,4 +10,10 @@
       gateway = "2a00:51c0:13:1305::1";
     };
   };
+
+  nixos.module = {
+    imports = [
+      ./fedipanel.nix
+    ];
+  };
 }
diff --git a/infra/machines/fedi201/fedipanel.nix b/infra/machines/fedi201/fedipanel.nix
new file mode 100644
index 00000000..4178739f
--- /dev/null
+++ b/infra/machines/fedi201/fedipanel.nix
@@ -0,0 +1,38 @@
+{
+  config,
+  ...
+}:
+let
+  name = "panel";
+  panel = (import ../../panel/default.nix { }).package;
+in
+{
+  imports = [
+    ../../panel/nix/configuration.nix
+  ];
+
+  environment.systemPackages = [
+    panel
+  ];
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "beheer@procolix.com";
+  };
+
+  services.${name} = {
+    enable = true;
+    package = panel;
+    production = true;
+    domain = "demo.fediversity.eu";
+    host = "0.0.0.0";
+    secrets = {
+      SECRET_KEY = config.age.secrets.panel-secret-key.path;
+    };
+    port = 80;
+    settings = {
+      DATABASE_URL = "sqlite:///var/lib/${name}/db.sqlite3";
+      CREDENTIALS_DIRECTORY = "/var/lib/${name}/.credentials";
+    };
+  };
+}
diff --git a/secrets/panel-secret-key.age b/secrets/panel-secret-key.age
new file mode 100644
index 00000000..4dea00eb
--- /dev/null
+++ b/secrets/panel-secret-key.age
@@ -0,0 +1,14 @@
+age-encryption.org/v1
+-> ssh-ed25519 BAs8QA 0TS+HcjtKeUAsLyzrsnCbj53GAq7pvXF12yQSxaxuFs
+IjmmZV2Zh4cwj1+7r/fAKnuftpl46P5fO6SxtRMevIM
+-> ssh-ed25519 ofQnlg b4maqJdxyyi7b3arE9sxySwqeFjFlC6oT+PgQjIGj0Y
+Gi5d4sJa0te/MsbkKYIOByIQ+TXBgu7hh2InES1pvXw
+-> ssh-ed25519 COspvA RiXEgUbPi3vep/8fM/RuRUYhCfBHO1XZt6Ov3WPnkV0
+tTMLMb92ct5Zkqt42y8R3UI/zblAbsuEammavVcwGOU
+-> ssh-ed25519 1MUEqQ XxxSvZrI9S6FI7CwYOSKDlfVBdLTur7/07Sm2HHLJwg
+iW5PduiY/7N2kSJpBzmfnt8aNWKPfLZ43Kq6fyLeydw
+-> ssh-ed25519 ChtTUw zixDXeL07d4+pzFBSt/1f8yB+QxXOMv6sE6h469YzVs
+rSC9S8v9gmtBw9FMKLg0h0muCmfMRuFD24JpTVw3ALc
+--- vf2SwG1rpxjri3TGARwdMBc/mccj6RSTgf54YeQeR/8
+�n9�K��������9�y���dM�dWn@õY�0��.���1uܛoګ���j��i�`
+�;1
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index ae5f19ed..f2e30797 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -27,6 +27,7 @@ concatMapAttrs
       forgejo-database-password = [ vm02116 ];
       forgejo-email-password = [ vm02116 ];
       forgejo-runner-token = [ ];
+      panel-secret-key = [ fedi201 ];
       wiki-basicauth-htpasswd = [ vm02187 ];
       wiki-password = [ vm02187 ];
       wiki-smtp-password = [ vm02187 ];

From d5264a52a1591b14c2aab55513dfd98e9b7b60a0 Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Tue, 25 Feb 2025 15:02:20 +0100
Subject: [PATCH 2/4] panel: override STATIC_ROOT

---
 infra/machines/fedi201/fedipanel.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/infra/machines/fedi201/fedipanel.nix b/infra/machines/fedi201/fedipanel.nix
index 4178739f..b755fb19 100644
--- a/infra/machines/fedi201/fedipanel.nix
+++ b/infra/machines/fedi201/fedipanel.nix
@@ -33,6 +33,7 @@ in
     settings = {
       DATABASE_URL = "sqlite:///var/lib/${name}/db.sqlite3";
       CREDENTIALS_DIRECTORY = "/var/lib/${name}/.credentials";
+      STATIC_ROOT = "/var/lib/${name}/static";
     };
   };
 }

From 1d4004ccf43bac93fdb43f758e175d9065203c3d Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Tue, 25 Feb 2025 17:11:50 +0100
Subject: [PATCH 3/4] update fedipanel import references

---
 infra/machines/fedi201/fedipanel.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/infra/machines/fedi201/fedipanel.nix b/infra/machines/fedi201/fedipanel.nix
index b755fb19..896af61d 100644
--- a/infra/machines/fedi201/fedipanel.nix
+++ b/infra/machines/fedi201/fedipanel.nix
@@ -4,11 +4,11 @@
 }:
 let
   name = "panel";
-  panel = (import ../../panel/default.nix { }).package;
+  panel = (import ../../../panel/default.nix { }).package;
 in
 {
   imports = [
-    ../../panel/nix/configuration.nix
+    ../../../panel/nix/configuration.nix
   ];
 
   environment.systemPackages = [

From f828afd5d5f0f3e0cbdd6b3bec7ae447c4fbdc78 Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Thu, 27 Feb 2025 09:07:13 +0100
Subject: [PATCH 4/4] minimum setup i got working for deployment

---
 infra/machines/fedi201/fedipanel.nix |  2 +-
 panel/nix/configuration.nix          | 21 ++++++++++++++++++---
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/infra/machines/fedi201/fedipanel.nix b/infra/machines/fedi201/fedipanel.nix
index 896af61d..5312eafb 100644
--- a/infra/machines/fedi201/fedipanel.nix
+++ b/infra/machines/fedi201/fedipanel.nix
@@ -29,7 +29,7 @@ in
     secrets = {
       SECRET_KEY = config.age.secrets.panel-secret-key.path;
     };
-    port = 80;
+    port = 8000;
     settings = {
       DATABASE_URL = "sqlite:///var/lib/${name}/db.sqlite3";
       CREDENTIALS_DIRECTORY = "/var/lib/${name}/.credentials";
diff --git a/panel/nix/configuration.nix b/panel/nix/configuration.nix
index dae242b5..d790e30c 100644
--- a/panel/nix/configuration.nix
+++ b/panel/nix/configuration.nix
@@ -26,10 +26,19 @@ let
   database-url = "sqlite:////var/lib/${name}/db.sqlite3";
 
   python-environment = pkgs.python3.withPackages (
-    ps: with ps; [
-      cfg.package
+    ps:
+    with ps;
+    [
       uvicorn
+      cfg.package
+      dj-database-url
+      django-compressor
+      django-debug-toolbar
+      django-libsass
+      django_4
+      setuptools
     ]
+    ++ cfg.package.propagatedBuildInputs
   );
 
   configFile = pkgs.concatText "configuration.py" [
@@ -180,7 +189,8 @@ in
         fi
       '';
       script = ''
-        uvicorn ${name}.asgi:application --host ${cfg.host} --port ${toString cfg.port}
+        export PYTHONPATH=$PYTHONPATH:${cfg.package}/lib/python3.12/site-packages
+        ${python-environment}/bin/python -m uvicorn ${name}.asgi:application --host ${cfg.host} --port ${toString cfg.port}
       '';
       serviceConfig = {
         Restart = "always";
@@ -195,5 +205,10 @@ in
         DATABASE_URL = database-url;
       };
     };
+
+    networking.firewall.allowedTCPPorts = [
+      80
+      443
+    ];
   };
 }