modules/bookwyrm: use environmentFile for secrets

this allows setting options via an environment file that is passed to the systemd units, in addition to the ones set during build time of the package. For now this is tailored to SECRET_KEY, but it may be useful for other settings as well (e.g. EMAIL_HOST_PASSWORD), and I'm not sure if it takes priority over the build-time settings ...
author: stuebinm 2024-02-15 17:57:19 +0100
committer: stuebinm 2024-02-15 17:57:19 +0100
commit: ed53fa3cf4b9c00064c89e75df68a2fe1e965275 (patch)
tree: da566f39b14a618fb199c837b8798dac604f6fae /pkgs
parent: 9f230e2b7a2fb077b3405e320b56a205ce3e085e (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/pkgs/bookwyrm.nix b/pkgs/bookwyrm.nix
index 309e90b..0c9cb70 100644
--- a/pkgs/bookwyrm.nix
+++ b/pkgs/bookwyrm.nix
@@ -11,7 +11,6 @@ let
   settingsWithDefaults = {
     DOMAIN = "localhost";
     DEBUG = false;
-    SECRET_KEY = "fnord";
     USE_HTTPS = false;
     EMAIL = "your@email.here";
     PGPORT = 5432;
@@ -95,6 +94,9 @@ let
 
     postBuild = ''
       ln -s ${envfile} .env
+      # needed for the python settings.py file to not fail, but not
+      # used during the commands executed below, so this is safe
+      export SECRET_KEY=fnord
 
       substituteInPlace contrib/systemd/* \
         --replace /opt/bookwyrm/venv/bin/gunicorn ${lib.getExe python.pkgs.gunicorn} \
@@ -104,7 +106,7 @@ let
       sed -i /BindPath/d contrib/systemd/*
 
       python manage.py compile_themes
-      python manage.py collectstatic --no-input --ignore=*.scss
+      python manage.py collectstatic --no-input
     '';
 
     postInstall = ''
author	stuebinm	2024-02-15 17:57:19 +0100
committer	stuebinm	2024-02-15 17:57:19 +0100
commit	ed53fa3cf4b9c00064c89e75df68a2fe1e965275 (patch)
tree	da566f39b14a618fb199c837b8798dac604f6fae /pkgs
parent	9f230e2b7a2fb077b3405e320b56a205ce3e085e (diff)