Merge pull request #553 from karpenoktem/nix-settings

Implement default kn.settings in Nix

kn/defaultSettings.py

@@ -27,8 +27,6 @@ def defaultSettings(glbls):
     # You are very likely to override these
     # These should be of the form ('host', 'user', 'password', 'db')
     # ############################################################
-    d.WIKI_MYSQL_SECRET = None
-
     d.DOMAINNAME = 'karpenoktem.nl'
 
     # Settings you probably want to change
@@ -39,7 +37,6 @@ def defaultSettings(glbls):
 
     d.MEDIA_URL = '/djmedia/'
     d.STORAGE_URL = '/djmedia/storage'
-    d.INFRA_UID = 1002
 
     d.SCHEME = 'https'
 

kn/settings_env.py

@@ -1,39 +1,25 @@
-# Example of settings.py.
-# this file should retain python2 compatibility until Hans is ported to python3
-
+import datetime
+import json
 import os
 
-from kn.defaultSettings import defaultSettings  # noqa: E402
-
-#
-# You MUST change
-#
+from django.utils.translation import ugettext_lazy as _
 
-# CHUCK_NORRIS_HIS_SECRET = 'CHANGE ME'
-# SECRET_KEY = 'CHANGE ME'
-# MAILMAN_DEFAULT_PASSWORD = 'CHANGE ME'
-#
-# You might want to set one of the following.
-# See defaultSettings.py for more settings.
-# These should be of the form ('host', 'user', 'password', 'db')
-# FORUM_MYSQL_SECRET = ('localhost', 'punbb', 'CHANGE ME', 'punbb')
-# PHOTOS_MYSQL_SECRET = ('localhost', 'fotos', 'CHANGE ME', 'fotos')
-# DOMAINNAME = 'karpenoktem.nl'
-# INFRA_HOME = os.environ['HOME']
-INFRA_REPO = os.path.join(os.path.dirname(__file__), "../")
+with open(os.environ["KN_SETTINGS"], "r") as f:
+    globals().update(json.load(f))
 
-#GIEDO_SOCKET = "/run/infra/giedo"
+# Load more settings from environment variables, useful for secrets.
 
 for varname, value in os.environ.items():
     if varname.startswith("KN_"):
         globals()[varname[3:]] = value
 
-# TODO(HACK): should have structured config
-if "ALLOWED_HOSTS" in globals() and type(globals()["ALLOWED_HOSTS"]) == str:
-    ALLOWED_HOSTS = ALLOWED_HOSTS.split(',')
-# Do not remove the following
-#
+# Settings that cannot be represented in json. These should not need to be
+# changed anyway.
 
-defaultSettings(globals())
+DT_MIN = datetime.datetime(2004, 8, 31)
+DT_MAX = datetime.datetime(5004, 9, 1)
 
-# vim: et:sta:bs=2:sw=4:
+LANGUAGES = [
+    ("nl", _("Nederlands")),
+    ("en", _("Engels")),
+]

nix/infra.nix

@@ -144,7 +144,6 @@ in rec {
       }];
     };
     services.nginx.virtualHosts.kn = {
-      serverName = "dev.kn.cx";
       enableACME = true;
       forceSSL = true;
     };
@@ -170,6 +169,8 @@ in rec {
     nix.settings.experimental-features = [ "nix-command" "flakes" ];
     kn.shared.initialDB = true;
     kn.mailserver.hostname = "khandhas.kn.cx";
+    kn.settings.DOMAINNAME = "dev.kn.cx";
+    kn.settings.MAIL_DEBUG = false;
     # don't log these, there are *a lot*
     networking.firewall.logRefusedConnections = false;
   };
@@ -189,8 +190,8 @@ in rec {
       path = "/root/vm-host.key";
       type = "ed25519";
     }];
-    services.nginx.virtualHosts.kn.serverName = "localhost";
     age.secrets.kn-env.file = ../secrets/vm.age;
+    kn.settings.DOMAINNAME = "localhost";
     kn.shared.initialDB = true;
   };
 
@@ -245,7 +246,7 @@ in rec {
           guest.port = 22;
         }
       ];
-      qemu = { options = [ "-serial mon:stdio" ]; };
+      qemu.options = [ "-serial mon:stdio" ];
     };
   };
 }

nix/services/default.nix

@@ -7,6 +7,7 @@
     ./kn/hans.nix
     ./kn/mail.nix
     ./kn/rimapd.nix
+    ./kn/settings.nix
     ./kn/shared.nix
     ./kn/wiki.nix
     ./mailman2.nix

nix/services/kn/django.nix

@@ -5,10 +5,7 @@
 let
   cfg = config.kn.django;
   # generate a json file with configuration for uwsgi
-  kn_env = config.kn.shared.env // {
-    KN_ALLOWED_HOSTS =
-      "${config.services.nginx.virtualHosts.kn.serverName}";
-  };
+  kn_env = config.kn.shared.env;
   uswgi_conf = pkgs.writeText "uwsgi.json" (builtins.toJSON {
     uwsgi = {
       plugins = "python3";
@@ -47,6 +44,7 @@ in {
     services.nginx = {
       enable = true;
       virtualHosts.kn = {
+        serverName = config.kn.settings.DOMAINNAME;
         locations."/djmedia/".alias = "${pkgs.kninfra}/media/";
         locations."/".extraConfig = ''
           include ${pkgs.nginx}/conf/uwsgi_params;

nix/services/kn/settings.nix

@@ -0,0 +1,180 @@
+{ config, lib, pkgs, ... }:
+
+let
+  settingsFormat = pkgs.formats.json { };
+  settingsFile = settingsFormat.generate "kn.settings.json" config.kn.settings;
+  cfg = config.kn.settings;
+
+in {
+  options.kn.settings =
+    lib.mkOption { type = lib.types.lazyAttrsOf settingsFormat.type; };
+
+  options.kn.settingsFile = lib.mkOption {
+    type = lib.types.path;
+    default = settingsFile;
+  };
+
+  config.kn.settings = lib.mapAttrs (name: lib.mkDefault) (with cfg; {
+    DOMAINNAME = "karpenoktem.nl";
+
+    ALLOWED_HOSTS = [ DOMAINNAME ];
+
+    INFRA_REPO = pkgs.kninfra;
+
+    MEDIA_URL = "/djmedia/";
+    STORAGE_URL = "/djmedia/storage";
+
+    SCHEME = "https";
+
+    MEDIA_ROOT = INFRA_REPO + "/media/";
+
+    STORAGE_ROOT = "/var/lib/kndjango/storage";
+
+    # TODO: Import sankhara:/home/infra/google-oauth-key.json into age-nix
+    GOOGLE_OAUTH2_KEY = pkgs.emptyFile;
+
+    BASE_URL = SCHEME + "://" + DOMAINNAME;
+    PHOTOS_CACHE_DIR = "/var/cache/fotos";
+    MAILDOMAIN = DOMAINNAME;
+
+    LISTS_MAILDOMAIN = "lists." + DOMAINNAME;
+    MAILMAN_PATH = "/var/lib/mailman";
+    MAILMAN_DEFAULT_OWNER = "wortel@" + MAILDOMAIN;
+    DEFAULT_FROM_EMAIL =
+      "Karpe Noktems ledenadministratie <root@${MAILDOMAIN}>";
+
+    MONGO_HOST = "localhost";
+    MONGO_DB = "kn";
+
+    MODED_MAILINGLISTS = [ "discussie" "in" "uit" "test" ];
+    MOD_UI_URI = "/mailman/admindb/%s";
+    MOD_DESIRED_URI_PREFIX = SCHEME + "://" + DOMAINNAME;
+
+    MEDIAWIKI_PATH = "/srv/" + DOMAINNAME + "/htdocs/mediawiki";
+    MEDIAWIKI_USER = "www-data";
+
+    ADMINS = [
+      [ "Bas Westerbaan" "bas@karpenoktem.nl" ]
+      [ "Jille Timmermans" "jille@karpenoktem.nl" ]
+      [ "Bram Westerbaan" "bramw@karpenoktem.nl" ]
+    ];
+
+    DAAN_SOCKET = config.kn.daan.socket;
+    GIEDO_SOCKET = config.kn.giedo.socket;
+    HANS_SOCKET = config.kn.hans.socket;
+
+    GOOGLE_CALENDAR_IDS = {
+      kn = "vssp95jliss0lpr768ec9spbd8@group.calendar.google.com";
+      zeus = "a9jl7tuhqg7oe8stapcu9uhvk8@group.calendar.google.com";
+    };
+
+    POSTFIX_VIRTUAL_MAP = "/etc/postfix/virtual/kninfra_maps";
+    POSTFIX_SLM_MAP = "/etc/postfix/virtual/kninfra_slm_maps";
+
+    PHOTOS_DIR = "/var/fotos";
+
+    LOCALE = "nl_NL.UTF-8";
+    LANGUAGE_CODE = "nl";
+    LOCALE_PATHS = [ (INFRA_REPO + "/locale") ];
+
+    DATABASES.default = { };
+    CACHE_BACKEND = "locmem:///";
+    MANAGERS = ADMINS;
+    TIME_ZONE = "Europe/Amsterdam";
+    SITE_ID = 1;
+    USE_I18N = true;
+
+    ROOT_URLCONF = "kn.urls";
+
+    MIDDLEWARE_CLASSES = [
+      "django.contrib.sessions.middleware.SessionMiddleware"
+      # "django.middleware.locale.LocaleMiddleware"
+      "kn.base.backports.BackportedLocaleMiddleware"
+      "django.middleware.common.CommonMiddleware"
+      "django.middleware.csrf.CsrfViewMiddleware"
+      "django.contrib.auth.middleware.AuthenticationMiddleware"
+      "django.contrib.messages.middleware.MessageMiddleware"
+      "kn.leden.giedo.SyncStatusMiddleware"
+    ];
+
+    INSTALLED_APPS = [
+      "django.contrib.auth"
+      "django.contrib.contenttypes"
+      "django.contrib.sessions"
+      "django.contrib.messages"
+      "kn.leden"
+      "kn.subscriptions"
+      "kn.browser"
+      "kn.base"
+      "kn.planning"
+      "kn.fotos"
+      "kn.static"
+      "kn.agenda"
+    ];
+
+    TEMPLATES = [{
+      BACKEND = "django.template.backends.django.DjangoTemplates";
+      APP_DIRS = true;
+      OPTIONS.context_processors = [
+        "django.contrib.auth.context_processors.auth"
+        "django.template.context_processors.debug"
+        "django.template.context_processors.i18n"
+        "django.template.context_processors.media"
+        "django.contrib.messages.context_processors.messages"
+        "kn.base.context_processors.base_url"
+        "kn.base.context_processors.dev_banner"
+        "kn.leden.context_processors.may_manage_planning"
+        "django.template.context_processors.request"
+      ];
+    }];
+
+    AUTHENTICATION_BACKENDS = [ "kn.leden.auth.MongoBackend" ];
+    SESSION_ENGINE = "kn.leden.sessions";
+    LOGIN_REDIRECT_URL = "/smoelen/";
+    DEFAULT_FILE_STORAGE = "kn.base.storage.OurFileSystemStorage";
+
+    FORCE_SCRIPT_NAME = "";
+
+    SMOELEN_PHOTOS_PATH = "smoelen";
+    SMOELEN_WIDTH = 300;
+    SMOELEN_HEIGHT = 300;
+
+    GRAPHS_PATH = "graphs";
+
+    EXTERNAL_URLS = {
+      stukken = BASE_URL + "/groups/leden/";
+      wiki = "/wiki";
+      wiki-home = "/wiki/Hoofdpagina";
+    };
+
+    HOME_SLIDESHOW = map (file: MEDIA_URL + file) [
+      "static/slideshow/picknicktafel.jpg"
+      "static/slideshow/galapoker.jpg"
+      "static/slideshow/alternatief.jpg"
+      "static/slideshow/tie-dye.jpg"
+      "static/slideshow/roel.jpg"
+      "static/slideshow/galalampjes.jpg"
+      "static/slideshow/lan.jpg"
+    ];
+
+    USERNAME_CHARS = "qwertyuiopasdfghjklzxcvbnm123456789-";
+
+    DEBUG = true;
+
+    MAIL_DEBUG = DEBUG;
+
+    ABSOLUTE_MEDIA_URL = BASE_URL + MEDIA_URL;
+
+    # http://daniel.hepper.net/blog/2014/04/fixing-1_6-w001-when-upgrading;
+    TEST_RUNNER = "django.test.runner.DiscoverRunner";
+
+    FIN_YAML_PATH = "/groups/boekenlezers/fins.yaml";
+
+    BANK_ACCOUNT_NUMBER = "NL81 RABO 0145 9278 22";
+    BANK_ACCOUNT_HOLDER = "A.S.V. Karpe Noktem";
+
+    QUAESTOR_USERNAME = "penningmeester";
+
+    PRIVATE_GROUPS = [ ];
+  });
+}

nix/services/kn/shared.nix

@@ -38,19 +38,23 @@ in {
       giedo = rec {
         requires = [ "kn_initial_state.service" ];
         after = requires;
+        environment.KN_SETTINGS = config.kn.settingsFile;
         serviceConfig.EnvironmentFile = config.age.secrets.kn-env.path;
       };
       kndjango = rec {
         requires = [ "kn_initial_state.service" ];
         after = requires;
+        environment.KN_SETTINGS = config.kn.settingsFile;
         serviceConfig.EnvironmentFile = config.age.secrets.kn-env.path;
       };
       daan.serviceConfig.EnvironmentFile = config.age.secrets.kn-env.path;
       rimapd = rec {
         requires = [ "kn_initial_state.service" ];
         after = requires;
+        environment.KN_SETTINGS = config.kn.settingsFile;
         serviceConfig.EnvironmentFile = config.age.secrets.kn-env.path;
       };
+      hans.environment.KN_SETTINGS = config.kn.settingsFile;
       hans.serviceConfig.EnvironmentFile = config.age.secrets.kn-env.path;
       kn_initial_state = rec {
         requires = [ "mongodb.service" ];