summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSergiusz Bazanski <q3k@q3k.org>2020-02-12 16:38:28 +0100
committerSergiusz Bazanski <q3k@q3k.org>2020-02-23 11:44:45 +0100
commit25b41d64960765a33cf2b409f3b3c9247df164fa (patch)
treef9afff1ac48a363a9bc98726bef156726bc44bd5
parent75c222852b498c87ed3230d6a496549634b1c31c (diff)
downloadbitvend-25b41d64960765a33cf2b409f3b3c9247df164fa.tar.gz
bitvend-25b41d64960765a33cf2b409f3b3c9247df164fa.tar.bz2
bitvend-25b41d64960765a33cf2b409f3b3c9247df164fa.tar.xz
bitvend-25b41d64960765a33cf2b409f3b3c9247df164fa.zip
module.nix: init
This isn't great, but hey, it works.
-rw-r--r--bitvend/__init__.py1
-rw-r--r--module.nix110
2 files changed, 111 insertions, 0 deletions
diff --git a/bitvend/__init__.py b/bitvend/__init__.py
index 0513078..2ab00a6 100644
--- a/bitvend/__init__.py
+++ b/bitvend/__init__.py
@@ -30,6 +30,7 @@ def bitvend_user_loader(username, profile=None):
def create_app():
app = flask.Flask(__name__)
app.config.from_object('bitvend.default_settings')
+ print('Loading extra settings from {}...'.format(os.environ.get('BITVEND_SETTINGS', '')))
app.config.from_pyfile(os.environ.get('BITVEND_SETTINGS', ''), silent=True)
# Use proper proxy headers, this fixes invalid scheme in
diff --git a/module.nix b/module.nix
new file mode 100644
index 0000000..b8149f5
--- /dev/null
+++ b/module.nix
@@ -0,0 +1,110 @@
+{ config, lib, pkgs, ... }:
+
+let
+ inherit (lib) mkIf mkOption types;
+
+ cfg = config.services.bitvend;
+
+ bitvendUser = "bitvend";
+ bitvendGroup = "bitvend";
+
+ bitvend = (import ./default.nix);
+ cfgFile = pkgs.writeText "bitvend.cfg"
+ ''
+ SQLALCHEMY_DATABASE_URI = 'sqlite:///${cfg.stateDir}/bitvend.db'
+ SPACEAUTH_CONSUMER_KEY = '${cfg.spaceauthConsumerKey}'
+ SPACEAUTH_CONSUMER_SECRET = '${cfg.spaceauthConsumerSecret}'
+ BLOCKCYPHER_TOKEN = '${cfg.blockcypherToken}'
+ SECRET_KEY = '${cfg.secretKey}'
+ '';
+
+
+in {
+ options.services.bitvend = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ description = "Whether to enable bitvend";
+ };
+ stateDir = mkOption {
+ type = types.path;
+ default = "/var/db/bitvend";
+ description = "Location of bitvend's config/data directory";
+ };
+ spaceauthConsumerKey = mkOption {
+ type = types.str;
+ default = "";
+ description = "spaceauth consumer key";
+ };
+ spaceauthConsumerSecret = mkOption {
+ type = types.str;
+ default = "";
+ description = "spaceauth consumer secret";
+ };
+ blockcypherToken = mkOption {
+ type = types.str;
+ default = "";
+ description = "blockcypher token";
+ };
+ secretKey = mkOption {
+ type = types.str;
+ default = "";
+ description = "blockcypher token";
+ };
+ hostName = mkOption {
+ type = types.str;
+ default = "vending.waw.hackerspace.pl";
+ description = "hostname";
+ };
+ };
+ config = mkIf cfg.enable {
+ ids.uids.bitvend = 2137;
+ ids.gids.bitvend = 2137;
+
+ users.users.bitvend = {
+ name = bitvendUser;
+ group = bitvendGroup;
+ uid = config.ids.uids.bitvend;
+ description = "Bitvend daemon user";
+ home = cfg.stateDir;
+ };
+ users.groups.bitvend = {
+ name = bitvendGroup;
+ gid = config.ids.gids.bitvend;
+ };
+ systemd.services.bitvend = {
+ environment = {
+ BITVEND_SETTINGS = cfgFile;
+ };
+ wantedBy = [ "multi-user.target" ];
+ script = ''
+ ${bitvend}/bin/bitvend-run.py
+ '';
+ serviceConfig = {
+ User = bitvendUser;
+ };
+ };
+ systemd.tmpfiles.rules = [
+ "d '${cfg.stateDir}' 0750 '${bitvendUser}' '${bitvendGroup}' - -"
+ ];
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+ services.nginx = {
+ enable = true;
+ appendHttpConfig = ''
+ proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=qrcode_cache:10m max_size=50m inactive=60m;
+ '';
+ virtualHosts."${cfg.hostName}" = {
+ locations."/" = {
+ proxyPass = "http://127.0.0.1:5000";
+ };
+ locations."/qrcode/" = {
+ proxyPass = "http://127.0.0.1:5000";
+ extraConfig = ''
+ add_header X-Proxy-Cache $upstream_cache_status;
+ proxy_cache qrcode_cache;
+ '';
+ };
+ };
+ };
+ };
+}