From 4b3096a7022f2785b58eddfe5f1d98eed0495165 Mon Sep 17 00:00:00 2001
From: stuebinm
Date: Wed, 14 Feb 2024 23:24:52 +0100
Subject: modules/bookwyrm: init

this should be mostly usable for actual deployments. Only thing that's
really still annoying is having to set the SECRET_KEY via Nix, since
not having set it makes the package fail to build. But it doesn't
actually end up in the derivation, so changing it afterwards should be
fine; I've just not tested that yet.
---
 modules/bookwyrm.nix | 140 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 140 insertions(+)
 create mode 100644 modules/bookwyrm.nix

(limited to 'modules')

diff --git a/modules/bookwyrm.nix b/modules/bookwyrm.nix
new file mode 100644
index 0000000..4fcc323
--- /dev/null
+++ b/modules/bookwyrm.nix
@@ -0,0 +1,140 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.services.bookwyrm;
+in
+{
+  options.services.bookwyrm = with lib; {
+    enable = mkEnableOption "bookwyrm";
+
+    settings = mkOption {
+      default = {};
+      type = types.attrsOf (types.oneOf [ types.bool types.str types.int ]);
+      description = mdDoc ''
+        Settings passed to bookwyrm via environment variables. See bookwyrm's
+        [.env.example](https://github.com/bookwyrm-social/bookwyrm/blob/v0.7.2/.env.example)
+        file for what is permissible here.
+      '';
+    };
+
+    package = mkOption {
+      default = pkgs.bookwyrm.override { inherit (cfg) settings; };
+      type = types.package;
+      description = mdDoc ''
+        The bookwyrm package to use. Note that this includes the settings .env file;
+        if you set this directly, settings set via {option}`services.bookwyrm.settings`
+        will be ignored.
+      '';
+    };
+
+    stateDir = mkOption {
+      default = "/var/lib/bookwyrm";
+      type = types.path;
+      description = mdDoc ''
+        Where bookwyrm keeps dynamic data (in practice, exclusively book covers?) when
+        not configured to use an S3-compatible storage. This should be persistent storage,
+        otherwise you will have missing book covers and no obvious way to re-download them
+        from a catalogue.
+      '';
+    };
+
+    bindAddress = mkOption {
+      default = "0.0.0.0";
+      type = types.str;
+      description = mdDoc ''
+        Address bookwyrm should bind to.
+      '';
+    };
+
+    port = mkOption {
+      default = 8000;
+      type = types.port;
+      description = mdDoc ''
+        Port bookwyrm should listen on.
+      '';
+    };
+
+    threads = mkOption {
+      default = 8;
+      type = types.int;
+      description = mdDoc ''
+        Number of threads that gunicorn should spawn.
+      '';
+    };
+
+    setupNginx = mkOption {
+      default = false;
+      type = types.bool;
+      description = mdDoc ''
+        Whether to set up a simple nginx config to server bookwyrm's `static/` and `image`
+        directories.
+      '';
+    };
+
+    nginxVirtualHost = mkOption {
+      default = "default";
+      type = types.str;
+      description = mdDoc ''
+        The name of the nginx virtual host to set up.
+      '';
+    };
+  };
+
+
+  config = with lib; mkIf cfg.enable {
+    systemd.packages = [ cfg.package ];
+
+    systemd.services = {
+      bookwyrm = {
+        enable = true;
+        wantedBy = [ "multi-user.target" ];
+        serviceConfig = {
+          BindPaths = [
+            cfg.package.passthru.gunicorn
+            cfg.package.passthru.celery
+            cfg.stateDir
+          ];
+        } // mkIf (cfg.bindAddress != "0.0.0.0" || cfg.port != 8000 || cfg.threads != 8) {
+          ExecStart = "${lib.getExe cfg.package.passthru.gunicorn} bookwyrm.wsgi:application --threads=${toString cfg.threads} --bind ${cfg.bindAddress}:${toString cfg.port}";
+        };
+
+        environment.PYTHONPATH = cfg.package.passthru.pythonPath;
+      };
+
+      bookwyrm-worker = {
+        enable = true;
+        wantedBy = [ "multi-user.target" ];
+        environment.PYTHONPATH = cfg.package.passthru.pythonPath;
+        serviceConfig.BindPaths = [
+          cfg.stateDir
+        ];
+      };
+      bookwyrm-scheduler = {
+        enable = true;
+        wantedBy = [ "multi-user.target" ];
+        environment.PYTHONPATH = cfg.package.passthru.pythonPath;
+      };
+    };
+
+    systemd.tmpfiles.rules = [
+      "d ${cfg.stateDir}/images 0750 bookwyrm bookwyrm - -"
+    ];
+
+    services.nginx = mkIf cfg.setupNginx {
+      enable = true;
+      virtualHosts.${cfg.nginxVirtualHost} = {
+        locations."/static".root = config.services.bookwyrm.package;
+        locations."/images".root = cfg.stateDir;
+        locations."/".proxyPass = "http://${cfg.bindAddress}:${toString cfg.port}";
+      };
+    };
+
+    users.users.bookwyrm = {
+      isSystemUser = true;
+      group = "bookwyrm";
+    };
+    users.users.nginx.extraGroups = [ "bookwyrm" ];
+    users.groups.bookwyrm = {};
+  };
+
+}
-- 
cgit v1.2.3