parent
75c222852b
commit
25b41d6496
|
@ -30,6 +30,7 @@ def bitvend_user_loader(username, profile=None):
|
|||
def create_app():
|
||||
app = flask.Flask(__name__)
|
||||
app.config.from_object('bitvend.default_settings')
|
||||
print('Loading extra settings from {}...'.format(os.environ.get('BITVEND_SETTINGS', '')))
|
||||
app.config.from_pyfile(os.environ.get('BITVEND_SETTINGS', ''), silent=True)
|
||||
|
||||
# Use proper proxy headers, this fixes invalid scheme in
|
||||
|
|
|
@ -0,0 +1,110 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (lib) mkIf mkOption types;
|
||||
|
||||
cfg = config.services.bitvend;
|
||||
|
||||
bitvendUser = "bitvend";
|
||||
bitvendGroup = "bitvend";
|
||||
|
||||
bitvend = (import ./default.nix);
|
||||
cfgFile = pkgs.writeText "bitvend.cfg"
|
||||
''
|
||||
SQLALCHEMY_DATABASE_URI = 'sqlite:///${cfg.stateDir}/bitvend.db'
|
||||
SPACEAUTH_CONSUMER_KEY = '${cfg.spaceauthConsumerKey}'
|
||||
SPACEAUTH_CONSUMER_SECRET = '${cfg.spaceauthConsumerSecret}'
|
||||
BLOCKCYPHER_TOKEN = '${cfg.blockcypherToken}'
|
||||
SECRET_KEY = '${cfg.secretKey}'
|
||||
'';
|
||||
|
||||
|
||||
in {
|
||||
options.services.bitvend = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether to enable bitvend";
|
||||
};
|
||||
stateDir = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/db/bitvend";
|
||||
description = "Location of bitvend's config/data directory";
|
||||
};
|
||||
spaceauthConsumerKey = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "spaceauth consumer key";
|
||||
};
|
||||
spaceauthConsumerSecret = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "spaceauth consumer secret";
|
||||
};
|
||||
blockcypherToken = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "blockcypher token";
|
||||
};
|
||||
secretKey = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "blockcypher token";
|
||||
};
|
||||
hostName = mkOption {
|
||||
type = types.str;
|
||||
default = "vending.waw.hackerspace.pl";
|
||||
description = "hostname";
|
||||
};
|
||||
};
|
||||
config = mkIf cfg.enable {
|
||||
ids.uids.bitvend = 2137;
|
||||
ids.gids.bitvend = 2137;
|
||||
|
||||
users.users.bitvend = {
|
||||
name = bitvendUser;
|
||||
group = bitvendGroup;
|
||||
uid = config.ids.uids.bitvend;
|
||||
description = "Bitvend daemon user";
|
||||
home = cfg.stateDir;
|
||||
};
|
||||
users.groups.bitvend = {
|
||||
name = bitvendGroup;
|
||||
gid = config.ids.gids.bitvend;
|
||||
};
|
||||
systemd.services.bitvend = {
|
||||
environment = {
|
||||
BITVEND_SETTINGS = cfgFile;
|
||||
};
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
script = ''
|
||||
${bitvend}/bin/bitvend-run.py
|
||||
'';
|
||||
serviceConfig = {
|
||||
User = bitvendUser;
|
||||
};
|
||||
};
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${cfg.stateDir}' 0750 '${bitvendUser}' '${bitvendGroup}' - -"
|
||||
];
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
appendHttpConfig = ''
|
||||
proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=qrcode_cache:10m max_size=50m inactive=60m;
|
||||
'';
|
||||
virtualHosts."${cfg.hostName}" = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:5000";
|
||||
};
|
||||
locations."/qrcode/" = {
|
||||
proxyPass = "http://127.0.0.1:5000";
|
||||
extraConfig = ''
|
||||
add_header X-Proxy-Cache $upstream_cache_status;
|
||||
proxy_cache qrcode_cache;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue