server-configs/machines/gerd/services/wger/default.nix

{ config, pkgs, ... }:

let
  svc_domain = "wger.${config.mine.shared.settings.domain}";
  port = 8000;
  wger_user = "wger";
  statedir = config.mine.zfsMounts."rpool/safe/svcs/wger";

  wgerpkgs = pkgs.callPackage ./wgerpkg/default.nix {};

  wger_settings = {
    EMAIL_FROM = "wger Workout Manager <wger@${config.mine.shared.settings.domain}>";
    ALLOW_REGISTRATION = true;
    ALLOW_GUEST_USERS = true;
    ALLOW_UPLOAD_VIDEOS = false;
    MIN_ACCOUNT_AGE_TO_TRUST = 21;
    EXERCISE_CACHE_TTL = 3600;
  };

  django_settings = rec {
    # enable debug for now, otherwise it tries
    # to create a CACHE folder/file in the CWD.
    # and if I fix that, then static content no
    # longer wants to load.
    DEBUG = true;
    DATABASES.default = {
        ENGINE = "django.db.backends.postgresql";
        NAME = "wger";
        USER = "wger";
        PASSWORD = "";
        HOST = "/run/postgresql";
        PORT = "";
    };

    ADMINS = [["admin" "admin@${config.mine.shared.settings.domain}"]];
    MANAGERS = ADMINS;

    TIME_ZONE = "Europe/Copenhagen";

    SECRET_KEY = "$SECRET_KEY";

    SITE_URL = "https://${svc_domain}";
    MEDIA_ROOT = "${statedir}/media";
    MEDIA_URL = "/media/";


    # EMAIL
    EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend";
    EMAIL_HOST = config.mine.shared.settings.mail.domain_smtp;
    EMAIL_PORT = config.mine.shared.settings.mail.ports.submissions;
    EMAIL_USE_SSL = true;
    EMAIL_HOST_USER = "wger";
    EMAIL_HOST_PASSWORD = "$EMAIL_HOST_PASSWORD";
    EMAIL_FROM_ADDRESS = wger_settings.EMAIL_FROM;
    EMAIL_PAGE_DOMAIN = SITE_URL;

    # setup allowed hosts
    CSRF_TRUSTED_ORIGINS = [ "https://${svc_domain}" ];
    ALLOWED_HOSTS = [ svc_domain ];

    # disable recaptcha
    RECAPTCHA_PUBLIC_KEY = "";
    RECAPTCHA_PRIVATE_KEY = "";
    USE_RECAPTCHA = false;
  };

  wger_settings_file = pkgs.writeText "settings.json" (builtins.toJSON wger_settings);
  django_settings_file = pkgs.writeText "settings.json" (builtins.toJSON django_settings);
  settingsFile = pkgs.writeText "settings.py" ''
    from wger.settings_global import *
    import json
    import os
    
    with open("${django_settings_file}") as f:
        for k, v in json.load(f).items():
            if isinstance(v, str) and v.startswith("$"):
                v = os.environ[v[1:]]

            globals()[k] = v
    
    with open("${wger_settings_file}") as f:
        for k, v in json.load(f).items():
            if isinstance(v, str) and v.startswith("$"):
                v = os.environ[v[1:]]

            WGER_SETTINGS[k] = v
  '';
in {

  # main service
  systemd.services.wger = {
    description = "wger fitness";
    wantedBy = [ "multi-user.target" ];
    after = [ "networking.target" ];

    script = ''
      # initial setup
      ${wgerpkgs}/bin/wger migrate-db -s ${settingsFile} || true
      ${wgerpkgs}/bin/wger load-fixtures -s ${settingsFile} || true

      # run server
      ${wgerpkgs}/bin/wger start -s ${settingsFile}
    '';

    serviceConfig = {
      EnvironmentFile = config.age.secrets.wger-env.path;

      # ensure it does not try to create `/CACHE`
      PrivateTmp = "yes";
      WorkingDirectory = "/tmp";

      User = "wger";
      Group = "wger";
    };
  };

  # periodic keep up-to-date
  systemd.timers."wger-housekeeping" = {
    wantedBy = [ "timers.target" ];
    timerConfig.OnCalendar = "daily";
  };
  
  systemd.services."wger-housekeeping" = {
    after = [ "wger.service" ];
    requires = [ "wger.service" ];
    script = ''
      WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage sync-exercises || true
      WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage download-exercise-images || true
      WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage download-exercise-videos || true
      # WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage sync-ingredients || true
      ${wgerpkgs}/bin/wger load-online-fixtures -s ${settingsFile} || true
      WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage exercises-health-check || true
    '';

    serviceConfig = {
      EnvironmentFile = config.age.secrets.wger-env.path;

      # Type = "oneshot";
      User = "wger";
      Group = "wger";
    };
  };

  services.postgresql = {
    ensureDatabases = [ wger_user ];
    ensureUsers = [{
      name = wger_user;
      ensureDBOwnership = true;
    }];
  };


  # setup users
  users.users."${wger_user}"= {
    uid = 738;
    isSystemUser = true;
    group = wger_user;
  };
  users.groups."${wger_user}".gid = 738;

  # nginx
  services.nginx.virtualHosts."${svc_domain}" = config.mine.shared.lib.authelia.mkProtectedWebsite {
    forceSSL = true;
    enableACME = true;
    
    locations."/" = config.mine.shared.lib.authelia.mkProtectedLocation {
      proxyPass = "http://localhost:${builtins.toString port}";
    };
    locations."/api/v2/register" = config.mine.shared.lib.authelia.mkProtectedLocation {
      proxyPass = "http://localhost:${builtins.toString port}";
    };

    locations."/static".proxyPass = "http://localhost:${builtins.toString port}";
    locations."/media".proxyPass = "http://localhost:${builtins.toString port}";
    locations."/api".proxyPass = "http://localhost:${builtins.toString port}";
  };

  # metadata
  mine.shared.meta.wger = {
    name = "Wger";
    description = "We host Wger, which is a FLOSS fitness/workout/nutrition and weight tracker, with FLOSS apps, read more [here](https://wger.de/).";
    url = "https://${svc_domain}";

    package = let
      pkg = wgerpkgs;
    in {
      name = pkg.pname;
      version = pkg.version;
      meta = pkg.meta;
    };
  };
}
gerd.wger: init 2024-12-03 07:45:11 +00:00			`{ config, pkgs, ... }:`

			`let`
			`svc_domain = "wger.${config.mine.shared.settings.domain}";`
			`port = 8000;`
			`wger_user = "wger";`
			`statedir = config.mine.zfsMounts."rpool/safe/svcs/wger";`

			`wgerpkgs = pkgs.callPackage ./wgerpkg/default.nix {};`

			`wger_settings = {`
wger: removed hardcoded constants 2024-12-03 21:08:25 +00:00			`EMAIL_FROM = "wger Workout Manager <wger@${config.mine.shared.settings.domain}>";`
gerd.wger: init 2024-12-03 07:45:11 +00:00			`ALLOW_REGISTRATION = true;`
			`ALLOW_GUEST_USERS = true;`
			`ALLOW_UPLOAD_VIDEOS = false;`
			`MIN_ACCOUNT_AGE_TO_TRUST = 21;`
			`EXERCISE_CACHE_TTL = 3600;`
			`};`

			`django_settings = rec {`
wger: stay on debug, otherwise weird stuff happens 2024-12-03 21:45:55 +00:00			`# enable debug for now, otherwise it tries`
			`# to create a CACHE folder/file in the CWD.`
			`# and if I fix that, then static content no`
			`# longer wants to load.`
			`DEBUG = true;`
gerd.wger: init 2024-12-03 07:45:11 +00:00			`DATABASES.default = {`
			`ENGINE = "django.db.backends.postgresql";`
			`NAME = "wger";`
			`USER = "wger";`
			`PASSWORD = "";`
			`HOST = "/run/postgresql";`
			`PORT = "";`
			`};`

wger: removed hardcoded constants 2024-12-03 21:08:25 +00:00			`ADMINS = [["admin" "admin@${config.mine.shared.settings.domain}"]];`
gerd.wger: init 2024-12-03 07:45:11 +00:00			`MANAGERS = ADMINS;`

wger: adds a BUNCH of changes 2024-12-03 21:07:03 +00:00			`TIME_ZONE = "Europe/Copenhagen";`
gerd.wger: init 2024-12-03 07:45:11 +00:00
wger: adds a BUNCH of changes 2024-12-03 21:07:03 +00:00			`SECRET_KEY = "$SECRET_KEY";`
gerd.wger: init 2024-12-03 07:45:11 +00:00
wger: adds a BUNCH of changes 2024-12-03 21:07:03 +00:00			`SITE_URL = "https://${svc_domain}";`
gerd.wger: init 2024-12-03 07:45:11 +00:00			`MEDIA_ROOT = "${statedir}/media";`
			`MEDIA_URL = "/media/";`


wger: adds a BUNCH of changes 2024-12-03 21:07:03 +00:00			`# EMAIL`
			`EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend";`
			`EMAIL_HOST = config.mine.shared.settings.mail.domain_smtp;`
			`EMAIL_PORT = config.mine.shared.settings.mail.ports.submissions;`
			`EMAIL_USE_SSL = true;`
			`EMAIL_HOST_USER = "wger";`
			`EMAIL_HOST_PASSWORD = "$EMAIL_HOST_PASSWORD";`
			`EMAIL_FROM_ADDRESS = wger_settings.EMAIL_FROM;`
gerd.wger: init 2024-12-03 07:45:11 +00:00			`EMAIL_PAGE_DOMAIN = SITE_URL;`

wger: adds a BUNCH of changes 2024-12-03 21:07:03 +00:00			`# setup allowed hosts`
gerd.wger: init 2024-12-03 07:45:11 +00:00			`CSRF_TRUSTED_ORIGINS = [ "https://${svc_domain}" ];`
			`ALLOWED_HOSTS = [ svc_domain ];`

wger: adds a BUNCH of changes 2024-12-03 21:07:03 +00:00			`# disable recaptcha`
gerd.wger: init 2024-12-03 07:45:11 +00:00			`RECAPTCHA_PUBLIC_KEY = "";`
			`RECAPTCHA_PRIVATE_KEY = "";`
			`USE_RECAPTCHA = false;`
			`};`

			`wger_settings_file = pkgs.writeText "settings.json" (builtins.toJSON wger_settings);`
			`django_settings_file = pkgs.writeText "settings.json" (builtins.toJSON django_settings);`
			`settingsFile = pkgs.writeText "settings.py" ''`
			`from wger.settings_global import *`
			`import json`
wger: adds a BUNCH of changes 2024-12-03 21:07:03 +00:00			`import os`
gerd.wger: init 2024-12-03 07:45:11 +00:00
			`with open("${django_settings_file}") as f:`
wger: adds a BUNCH of changes 2024-12-03 21:07:03 +00:00			`for k, v in json.load(f).items():`
			`if isinstance(v, str) and v.startswith("$"):`
			`v = os.environ[v[1:]]`

			`globals()[k] = v`
gerd.wger: init 2024-12-03 07:45:11 +00:00
			`with open("${wger_settings_file}") as f:`
wger: adds a BUNCH of changes 2024-12-03 21:07:03 +00:00			`for k, v in json.load(f).items():`
			`if isinstance(v, str) and v.startswith("$"):`
			`v = os.environ[v[1:]]`

			`WGER_SETTINGS[k] = v`
gerd.wger: init 2024-12-03 07:45:11 +00:00			`'';`
			`in {`

wger: adds a BUNCH of changes 2024-12-03 21:07:03 +00:00			`# main service`
gerd.wger: init 2024-12-03 07:45:11 +00:00			`systemd.services.wger = {`
			`description = "wger fitness";`
			`wantedBy = [ "multi-user.target" ];`
			`after = [ "networking.target" ];`
wger: adds a BUNCH of changes 2024-12-03 21:07:03 +00:00
gerd.wger: init 2024-12-03 07:45:11 +00:00			`script = ''`
wger: adds a BUNCH of changes 2024-12-03 21:07:03 +00:00			`# initial setup`
gerd.wger: init 2024-12-03 07:45:11 +00:00			`${wgerpkgs}/bin/wger migrate-db -s ${settingsFile} \|\| true`
wger: adds a BUNCH of changes 2024-12-03 21:07:03 +00:00			`${wgerpkgs}/bin/wger load-fixtures -s ${settingsFile} \|\| true`
gerd.wger: init 2024-12-03 07:45:11 +00:00
			`# run server`
			`${wgerpkgs}/bin/wger start -s ${settingsFile}`
			`'';`

			`serviceConfig = {`
wger: adds a BUNCH of changes 2024-12-03 21:07:03 +00:00			`EnvironmentFile = config.age.secrets.wger-env.path;`

wger: stay on debug, otherwise weird stuff happens 2024-12-03 21:45:55 +00:00			# ensure it does not try to create `/CACHE`
			`PrivateTmp = "yes";`
			`WorkingDirectory = "/tmp";`

gerd.wger: init 2024-12-03 07:45:11 +00:00			`User = "wger";`
			`Group = "wger";`
			`};`
			`};`
wger: adds a BUNCH of changes 2024-12-03 21:07:03 +00:00
			`# periodic keep up-to-date`
			`systemd.timers."wger-housekeeping" = {`
			`wantedBy = [ "timers.target" ];`
			`timerConfig.OnCalendar = "daily";`
			`};`

			`systemd.services."wger-housekeeping" = {`
			`after = [ "wger.service" ];`
			`requires = [ "wger.service" ];`
			`script = ''`
			`WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage sync-exercises \|\| true`
			`WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage download-exercise-images \|\| true`
			`WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage download-exercise-videos \|\| true`
wger: disable sync of ingredients (takes up too much space in DB) 2024-12-05 09:31:38 +00:00			`# WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage sync-ingredients \|\| true`
wger: adds a BUNCH of changes 2024-12-03 21:07:03 +00:00			`${wgerpkgs}/bin/wger load-online-fixtures -s ${settingsFile} \|\| true`
			`WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage exercises-health-check \|\| true`
			`'';`

			`serviceConfig = {`
			`EnvironmentFile = config.age.secrets.wger-env.path;`

			`# Type = "oneshot";`
			`User = "wger";`
			`Group = "wger";`
			`};`
gerd.wger: init 2024-12-03 07:45:11 +00:00			`};`

			`services.postgresql = {`
			`ensureDatabases = [ wger_user ];`
			`ensureUsers = [{`
			`name = wger_user;`
			`ensureDBOwnership = true;`
			`}];`
			`};`


wger: adds a BUNCH of changes 2024-12-03 21:07:03 +00:00			`# setup users`
			`users.users."${wger_user}"= {`
			`uid = 738;`
			`isSystemUser = true;`
			`group = wger_user;`
			`};`
			`users.groups."${wger_user}".gid = 738;`

			`# nginx`
			`services.nginx.virtualHosts."${svc_domain}" = config.mine.shared.lib.authelia.mkProtectedWebsite {`
gerd.wger: init 2024-12-03 07:45:11 +00:00			`forceSSL = true;`
			`enableACME = true;`

			`locations."/" = config.mine.shared.lib.authelia.mkProtectedLocation {`
			`proxyPass = "http://localhost:${builtins.toString port}";`
			`};`
			`locations."/api/v2/register" = config.mine.shared.lib.authelia.mkProtectedLocation {`
			`proxyPass = "http://localhost:${builtins.toString port}";`
			`};`

			`locations."/static".proxyPass = "http://localhost:${builtins.toString port}";`
			`locations."/media".proxyPass = "http://localhost:${builtins.toString port}";`
			`locations."/api".proxyPass = "http://localhost:${builtins.toString port}";`
			`};`
wger: adds a BUNCH of changes 2024-12-03 21:07:03 +00:00
			`# metadata`
			`mine.shared.meta.wger = {`
			`name = "Wger";`
			`description = "We host Wger, which is a FLOSS fitness/workout/nutrition and weight tracker, with FLOSS apps, read more [here](https://wger.de/).";`
			`url = "https://${svc_domain}";`

			`package = let`
			`pkg = wgerpkgs;`
			`in {`
			`name = pkg.pname;`
			`version = pkg.version;`
			`meta = pkg.meta;`
			`};`
			`};`
gerd.wger: init 2024-12-03 07:45:11 +00:00			`}`