From a5c310ad03f8805161b22c8d546b94b1fd41a47a Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Mon, 24 Mar 2025 10:04:43 +0100
Subject: [PATCH] refactor variables (#269)
Reviewed-on: https://git.fediversity.eu/Fediversity/Fediversity/pulls/269
Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io>
Co-authored-by: Kiara Grouwstra <kiara@procolix.eu>
Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>
---
panel/default.nix | 25 ++++++++++---------------
panel/env.nix | 18 ++++++++++++++++++
panel/nix/configuration.nix | 27 +++++++++------------------
panel/src/panel/settings.py | 4 ++--
panel/src/panel/views.py | 3 ++-
5 files changed, 41 insertions(+), 36 deletions(-)
create mode 100644 panel/env.nix
diff --git a/panel/default.nix b/panel/default.nix
index 8a27c20c..63f53810 100644
--- a/panel/default.nix
+++ b/panel/default.nix
@@ -6,26 +6,26 @@
config = { };
overlays = [ (import ./nix/overlay.nix) ];
},
-}:
+}@args:
let
inherit (pkgs) lib;
manage = pkgs.writeScriptBin "manage" ''
exec ${pkgs.lib.getExe pkgs.python3} ${toString ./src/manage.py} $@
'';
in
-{
+# re-export inputs so they can be overridden granularly
+# (they can't be accessed from the outside any other way)
+args
+// {
shell = pkgs.mkShellNoCC {
inputsFrom = [ (pkgs.callPackage ./nix/package.nix { }) ];
packages = [
pkgs.npins
manage
];
- env = {
+ env = import ./env.nix { inherit lib pkgs; } // {
NPINS_DIRECTORY = toString ../npins;
- # explicitly use nix, as e.g. lix does not have configurable-impure-env
- NIX_BIN = lib.getExe pkgs.nix;
- REPO_DIR = toString ../.;
- CREDENTIALS_DIRECTORY = builtins.toString ./.credentials;
+ CREDENTIALS_DIRECTORY = toString ./.credentials;
DATABASE_URL = "sqlite:///${toString ./src}/db.sqlite3";
};
shellHook = ''
@@ -39,12 +39,7 @@ in
module = import ./nix/configuration.nix;
tests = pkgs.callPackage ./nix/tests.nix { };
-
- # re-export inputs so they can be overridden granularly
- # (they can't be accessed from the outside any other way)
- inherit
- sources
- system
- pkgs
- ;
}
+# re-export inputs so they can be overridden granularly
+# (they can't be accessed from the outside any other way)
+// args
diff --git a/panel/env.nix b/panel/env.nix
new file mode 100644
index 00000000..07ce4193
--- /dev/null
+++ b/panel/env.nix
@@ -0,0 +1,18 @@
+{
+ lib,
+ pkgs,
+ ...
+}:
+let
+ inherit (builtins) toString;
+in
+{
+ REPO_DIR = toString ../.;
+ # explicitly use nix, as e.g. lix does not have configurable-impure-env
+ BIN_PATH = lib.makeBinPath [
+ # explicitly use nix, as e.g. lix does not have configurable-impure-env
+ pkgs.nix
+ # nixops error maybe due to our flake git hook: executing 'git': No such file or directory
+ pkgs.git
+ ];
+}
diff --git a/panel/nix/configuration.nix b/panel/nix/configuration.nix
index 5faf0daf..27359503 100644
--- a/panel/nix/configuration.nix
+++ b/panel/nix/configuration.nix
@@ -23,7 +23,13 @@ let
cfg = config.services.${name};
package = pkgs.callPackage ./package.nix { };
- database-url = "sqlite:////var/lib/${name}/db.sqlite3";
+ environment = import ../env.nix { inherit lib pkgs; } // {
+ DATABASE_URL = "sqlite:////var/lib/${name}/db.sqlite3";
+ USER_SETTINGS_FILE = pkgs.concatText "configuration.py" [
+ ((pkgs.formats.pythonVars { }).generate "settings.py" cfg.settings)
+ (builtins.toFile "extra-settings.py" cfg.extra-settings)
+ ];
+ };
python-environment = pkgs.python3.withPackages (
ps: with ps; [
@@ -32,11 +38,6 @@ let
]
);
- configFile = pkgs.concatText "configuration.py" [
- ((pkgs.formats.pythonVars { }).generate "settings.py" cfg.settings)
- (builtins.toFile "extra-settings.py" cfg.extra-settings)
- ];
-
manage-service = writeShellApplication {
name = "manage";
text = ''exec ${package}/bin/manage.py "$@"'';
@@ -57,12 +58,7 @@ let
--property "Group=${name}" \
--property "WorkingDirectory=/var/lib/${name}" \
--property "Environment=''
- + (toString [
- "NIX_BIN=${lib.getExe pkgs.nix}"
- "REPO_DIR=${../..}"
- "DATABASE_URL=${database-url}"
- "USER_SETTINGS_FILE=${configFile}"
- ])
+ + (toString (lib.mapAttrsToList (name: value: "${name}=${value}") environment))
+ "\" \\\n"
+ optionalString (credentials != [ ]) (
(concatStringsSep " \\\n" (map (cred: "--property 'LoadCredential=${cred}'") credentials)) + " \\\n"
@@ -214,12 +210,7 @@ in
# - manipulation should be straightforward in both places; e.g. dumping secrets to a directory that is not git-tracked and adding values to an attrset otherwise
# - error detection and correction; it should be clear where and why one messed up so it can be fixed immediately
# We may also want to test the development environment in CI in order to make sure that we don't break it inadvertently, because misconfiguration due to multiplpe sources of truth wastes a lot of time.
- environment = {
- USER_SETTINGS_FILE = "${configFile}";
- DATABASE_URL = database-url;
- NIX_BIN = lib.getExe pkgs.nix;
- REPO_DIR = ../..;
- };
+ inherit environment;
};
networking.firewall.allowedTCPPorts = [
diff --git a/panel/src/panel/settings.py b/panel/src/panel/settings.py
index 192710db..b270612c 100644
--- a/panel/src/panel/settings.py
+++ b/panel/src/panel/settings.py
@@ -192,8 +192,8 @@ if user_settings_file is not None:
# The correct thing to do here would be using a helper function such as with `get_secret()` that will catch the exception and explain what's wrong and where to put the right values.
# Replacing the `USER_SETTINGS_FILE` mechanism following the comment there would probably be a good thing.
-# a dir of nix supporting experimental feature `configurable-impure-env`.
-nix_bin=env['NIX_BIN']
+# PATH to expose to launch button
+bin_path=env['BIN_PATH']
# path of the root flake to trigger nixops from, see #94.
# to deploy this should be specified, for dev just use a relative path.
repo_dir = env["REPO_DIR"]
diff --git a/panel/src/panel/views.py b/panel/src/panel/views.py
index c89f5ab3..16d29849 100644
--- a/panel/src/panel/views.py
+++ b/panel/src/panel/views.py
@@ -58,11 +58,12 @@ class ConfigurationForm(LoginRequiredMixin, FormView):
# serialize back and forth now we still need to manually inject the dummy user
deployment = json.dumps(dummy_user | json.loads(submission))
env = {
+ "PATH": settings.bin_path,
# pass in form info to our deployment
"DEPLOYMENT": deployment,
}
cmd = [
- settings.nix_bin,
+ "nix",
"develop",
# workaround to pass in info to nixops4 thru env vars, tho impure :(
"--extra-experimental-features",