diff options
| -rw-r--r-- | modules/bookwyrm.nix | 55 | ||||
| -rw-r--r-- | pkgs/bookwyrm.nix | 6 |
2 files changed, 51 insertions, 10 deletions
diff --git a/modules/bookwyrm.nix b/modules/bookwyrm.nix index a55d115..9f48ab3 100644 --- a/modules/bookwyrm.nix +++ b/modules/bookwyrm.nix @@ -78,6 +78,24 @@ in The name of the nginx virtual host to set up. ''; }; + + installWrapper = mkOption { + default = true; + type = types.bool; + description = mdDoc '' + Whether to install a wrapper script `bookworm-manage.py` into the system environmnt, + which calls bookwyrm's `manage.py` script with the correct python path. + ''; + }; + + environmentFile = mkOption { + default = null; + type = types.nullOr types.path; + description = mdDoc '' + An environment file containing config options which should not be set via Nix / not + be contained in the nix store. + ''; + }; }; @@ -91,32 +109,44 @@ in serviceConfig = mkMerge [ { BindPaths = [ - cfg.package.passthru.gunicorn - cfg.package.passthru.celery + cfg.package.gunicorn + cfg.package.celery cfg.stateDir ]; } (mkIf (cfg.bindAddress != "0.0.0.0" || cfg.port != 8000 || cfg.threads != 8) { - ExecStart = "${lib.getExe cfg.package.passthru.gunicorn} bookwyrm.wsgi:application --threads=${toString cfg.threads} --bind ${cfg.bindAddress}:${toString cfg.port}"; - + ExecStart = "${lib.getExe cfg.package.gunicorn} bookwyrm.wsgi:application --threads=${toString cfg.threads} --bind ${cfg.bindAddress}:${toString cfg.port}"; + }) + (mkIf (cfg.environmentFile != null) { + EnvironmentFile = cfg.environmentFile; }) ]; - environment.PYTHONPATH = cfg.package.passthru.pythonPath; + environment.PYTHONPATH = cfg.package.pythonPath; + + preStart = '' + ${lib.getExe cfg.package.manage} migrate + # will fail after the first time + ${lib.getExe cfg.package.manage} initdb || true + ''; }; bookwyrm-worker = { enable = true; wantedBy = [ "multi-user.target" ]; - environment.PYTHONPATH = cfg.package.passthru.pythonPath; + environment.PYTHONPATH = cfg.package.pythonPath; serviceConfig.BindPaths = [ cfg.stateDir ]; + serviceConfig.EnvironmentFile = + mkIf (cfg.environmentFile != null) cfg.environmentFile; }; bookwyrm-scheduler = { enable = true; wantedBy = [ "multi-user.target" ]; - environment.PYTHONPATH = cfg.package.passthru.pythonPath; + environment.PYTHONPATH = cfg.package.pythonPath; + serviceConfig.EnvironmentFile = + mkIf (cfg.environmentFile != null) cfg.environmentFile; }; }; @@ -146,6 +176,15 @@ in ]; users.groups.bookwyrm = {}; - }; + environment.systemPackages = mkIf cfg.installWrapper [ + cfg.package.manage + ]; + + warnings = mkIf (cfg.settings ? "SECRET_KEY") [ '' + Setting bookwyrm's SECRET_KEY via the free-form services.bookwyrm.settings.* is discouraged. + It's better to pass an env file containing it to servies.bookwyrm.envFile instead. + '' + ]; + }; } diff --git a/pkgs/bookwyrm.nix b/pkgs/bookwyrm.nix index 309e90b..0c9cb70 100644 --- a/pkgs/bookwyrm.nix +++ b/pkgs/bookwyrm.nix @@ -11,7 +11,6 @@ let settingsWithDefaults = { DOMAIN = "localhost"; DEBUG = false; - SECRET_KEY = "fnord"; USE_HTTPS = false; EMAIL = "your@email.here"; PGPORT = 5432; @@ -95,6 +94,9 @@ let postBuild = '' ln -s ${envfile} .env + # needed for the python settings.py file to not fail, but not + # used during the commands executed below, so this is safe + export SECRET_KEY=fnord substituteInPlace contrib/systemd/* \ --replace /opt/bookwyrm/venv/bin/gunicorn ${lib.getExe python.pkgs.gunicorn} \ @@ -104,7 +106,7 @@ let sed -i /BindPath/d contrib/systemd/* python manage.py compile_themes - python manage.py collectstatic --no-input --ignore=*.scss + python manage.py collectstatic --no-input ''; postInstall = '' |