refactor variables (#269)

Reviewed-on: Fediversity/Fediversity#269
Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io>
Co-authored-by: Kiara Grouwstra <kiara@procolix.eu>
Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>

panel/default.nix

@@ -6,26 +6,26 @@
     config = { };
     overlays = [ (import ./nix/overlay.nix) ];
   },
-}:
+}@args:
 let
   inherit (pkgs) lib;
   manage = pkgs.writeScriptBin "manage" ''
     exec ${pkgs.lib.getExe pkgs.python3} ${toString ./src/manage.py} $@
   '';
 in
-{
+# re-export inputs so they can be overridden granularly
+# (they can't be accessed from the outside any other way)
+args
+// {
   shell = pkgs.mkShellNoCC {
     inputsFrom = [ (pkgs.callPackage ./nix/package.nix { }) ];
     packages = [
       pkgs.npins
       manage
     ];
-    env = {
+    env = import ./env.nix { inherit lib pkgs; } // {
       NPINS_DIRECTORY = toString ../npins;
-      # explicitly use nix, as e.g. lix does not have configurable-impure-env
-      NIX_BIN = lib.getExe pkgs.nix;
-      REPO_DIR = toString ../.;
-      CREDENTIALS_DIRECTORY = builtins.toString ./.credentials;
+      CREDENTIALS_DIRECTORY = toString ./.credentials;
       DATABASE_URL = "sqlite:///${toString ./src}/db.sqlite3";
     };
     shellHook = ''
@@ -39,12 +39,7 @@ in
 
   module = import ./nix/configuration.nix;
   tests = pkgs.callPackage ./nix/tests.nix { };
-
-  # re-export inputs so they can be overridden granularly
-  # (they can't be accessed from the outside any other way)
-  inherit
-    sources
-    system
-    pkgs
-    ;
 }
+# re-export inputs so they can be overridden granularly
+# (they can't be accessed from the outside any other way)
+// args

panel/env.nix

@@ -0,0 +1,18 @@
+{
+  lib,
+  pkgs,
+  ...
+}:
+let
+  inherit (builtins) toString;
+in
+{
+  REPO_DIR = toString ../.;
+  # explicitly use nix, as e.g. lix does not have configurable-impure-env
+  BIN_PATH = lib.makeBinPath [
+    # explicitly use nix, as e.g. lix does not have configurable-impure-env
+    pkgs.nix
+    # nixops error maybe due to our flake git hook: executing 'git': No such file or directory
+    pkgs.git
+  ];
+}

panel/nix/configuration.nix

@@ -23,7 +23,13 @@ let
   cfg = config.services.${name};
   package = pkgs.callPackage ./package.nix { };
 
-  database-url = "sqlite:////var/lib/${name}/db.sqlite3";
+  environment = import ../env.nix { inherit lib pkgs; } // {
+    DATABASE_URL = "sqlite:////var/lib/${name}/db.sqlite3";
+    USER_SETTINGS_FILE = pkgs.concatText "configuration.py" [
+      ((pkgs.formats.pythonVars { }).generate "settings.py" cfg.settings)
+      (builtins.toFile "extra-settings.py" cfg.extra-settings)
+    ];
+  };
 
   python-environment = pkgs.python3.withPackages (
     ps: with ps; [
@@ -32,11 +38,6 @@ let
     ]
   );
 
-  configFile = pkgs.concatText "configuration.py" [
-    ((pkgs.formats.pythonVars { }).generate "settings.py" cfg.settings)
-    (builtins.toFile "extra-settings.py" cfg.extra-settings)
-  ];
-
   manage-service = writeShellApplication {
     name = "manage";
     text = ''exec ${package}/bin/manage.py "$@"'';
@@ -57,12 +58,7 @@ let
           --property "Group=${name}" \
           --property "WorkingDirectory=/var/lib/${name}" \
           --property "Environment=''
-      + (toString [
-        "NIX_BIN=${lib.getExe pkgs.nix}"
-        "REPO_DIR=${../..}"
-        "DATABASE_URL=${database-url}"
-        "USER_SETTINGS_FILE=${configFile}"
-      ])
+      + (toString (lib.mapAttrsToList (name: value: "${name}=${value}") environment))
       + "\" \\\n"
       + optionalString (credentials != [ ]) (
         (concatStringsSep " \\\n" (map (cred: "--property 'LoadCredential=${cred}'") credentials)) + " \\\n"
@@ -214,12 +210,7 @@ in
       #       - manipulation should be straightforward in both places; e.g. dumping secrets to a directory that is not git-tracked and adding values to an attrset otherwise
       #       - error detection and correction; it should be clear where and why one messed up so it can be fixed immediately
       #     We may also want to test the development environment in CI in order to make sure that we don't break it inadvertently, because misconfiguration due to multiplpe sources of truth wastes a lot of time.
-      environment = {
-        USER_SETTINGS_FILE = "${configFile}";
-        DATABASE_URL = database-url;
-        NIX_BIN = lib.getExe pkgs.nix;
-        REPO_DIR = ../..;
-      };
+      inherit environment;
     };
 
     networking.firewall.allowedTCPPorts = [

panel/src/panel/settings.py

@@ -192,8 +192,8 @@ if user_settings_file is not None:
 #     The correct thing to do here would be using a helper function such as with `get_secret()` that will catch the exception and explain what's wrong and where to put the right values.
 #     Replacing the `USER_SETTINGS_FILE` mechanism following the comment there would probably be a good thing.
 
-# a dir of nix supporting experimental feature `configurable-impure-env`.
-nix_bin=env['NIX_BIN']
+# PATH to expose to launch button
+bin_path=env['BIN_PATH']
 # path of the root flake to trigger nixops from, see #94.
 # to deploy this should be specified, for dev just use a relative path.
 repo_dir = env["REPO_DIR"]

panel/src/panel/views.py

@@ -58,11 +58,12 @@ class ConfigurationForm(LoginRequiredMixin, FormView):
             # serialize back and forth now we still need to manually inject the dummy user
             deployment = json.dumps(dummy_user | json.loads(submission))
             env = {
+                "PATH": settings.bin_path,
                 # pass in form info to our deployment
                 "DEPLOYMENT": deployment,
             }
             cmd = [
-                settings.nix_bin,
+                "nix",
                 "develop",
                 # workaround to pass in info to nixops4 thru env vars, tho impure :(
                 "--extra-experimental-features",