From 913a4a0b260c9ad0766facf2d2b80a254532b4de Mon Sep 17 00:00:00 2001
From: eyjhb <eyjhbb@gmail.com>
Date: Tue, 3 Dec 2024 22:07:03 +0100
Subject: [PATCH] wger: adds a BUNCH of changes

---
 machines/gerd/services/wger/default.nix | 125 ++++++++++++++++--------
 1 file changed, 84 insertions(+), 41 deletions(-)

diff --git a/machines/gerd/services/wger/default.nix b/machines/gerd/services/wger/default.nix
index 535cd9e..2cfb71b 100644
--- a/machines/gerd/services/wger/default.nix
+++ b/machines/gerd/services/wger/default.nix
@@ -16,7 +16,7 @@ let
 # WGER_SETTINGS["MIN_ACCOUNT_AGE_TO_TRUST"] = 21  # in days
 # WGER_SETTINGS["EXERCISE_CACHE_TTL"] = 3600  # in seconds
   wger_settings = {
-    EMAIL_FROM = "wger Workout Manager <wger@example.com>";
+    EMAIL_FROM = "wger Workout Manager <wger@fricloud.dk>";
     ALLOW_REGISTRATION = true;
     ALLOW_GUEST_USERS = true;
     ALLOW_UPLOAD_VIDEOS = false;
@@ -27,12 +27,6 @@ let
   django_settings = rec {
     DEBUG = true;
     DATABASES.default = {
-        # ENGINE = "django.db.backends.sqlite3";
-        # NAME = "${statedir}/database.sqlite";
-        # USER = "";
-        # PASSWORD = "";
-        # HOST = "";
-        # PORT = "";
         ENGINE = "django.db.backends.postgresql";
         NAME = "wger";
         USER = "wger";
@@ -41,31 +35,37 @@ let
         PORT = "";
     };
 
-    ADMINS = [["Your Name" "test@test.dk"]];
+    ADMINS = [["eyjhb" "eyjhb@fricloud.dk"]];
     MANAGERS = ADMINS;
 
-    TIME_ZONE = "Europe/Berlin";
+    TIME_ZONE = "Europe/Copenhagen";
 
-    SECRET_KEY = "2w!yl6ausb-$05#mjnec)g_h#nc9pzzw0c(kvaskocvyyg1oqc";
+    SECRET_KEY = "$SECRET_KEY";
 
-    SITE_URL = "http://localhost:8100";
+    SITE_URL = "https://${svc_domain}";
 
     MEDIA_ROOT = "${statedir}/media";
     MEDIA_URL = "/media/";
 
-    EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend";
-
-# DEFAULT_FROM_EMAIL = WGER_SETTINGS['EMAIL_FROM']
 
+    # EMAIL
+    EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend";
+    EMAIL_HOST = config.mine.shared.settings.mail.domain_smtp;
+    EMAIL_PORT = config.mine.shared.settings.mail.ports.submissions;
+    EMAIL_USE_SSL = true;
+    EMAIL_HOST_USER = "wger";
+    EMAIL_HOST_PASSWORD = "$EMAIL_HOST_PASSWORD";
+    EMAIL_FROM_ADDRESS = wger_settings.EMAIL_FROM;
     EMAIL_PAGE_DOMAIN = SITE_URL;
 
+    # setup allowed hosts
     CSRF_TRUSTED_ORIGINS = [ "https://${svc_domain}" ];
     ALLOWED_HOSTS = [ svc_domain ];
 
+    # disable recaptcha
     RECAPTCHA_PUBLIC_KEY = "";
     RECAPTCHA_PRIVATE_KEY = "";
     USE_RECAPTCHA = false;
-
   };
 
   wger_settings_file = pkgs.writeText "settings.json" (builtins.toJSON wger_settings);
@@ -73,50 +73,73 @@ let
   settingsFile = pkgs.writeText "settings.py" ''
     from wger.settings_global import *
     import json
+    import os
     
     with open("${django_settings_file}") as f:
-        globals().update(json.load(f))
+        for k, v in json.load(f).items():
+            if isinstance(v, str) and v.startswith("$"):
+                v = os.environ[v[1:]]
+
+            globals()[k] = v
     
     with open("${wger_settings_file}") as f:
-        WGER_SETTINGS.update(json.load(f))
+        for k, v in json.load(f).items():
+            if isinstance(v, str) and v.startswith("$"):
+                v = os.environ[v[1:]]
+
+            WGER_SETTINGS[k] = v
   '';
 in {
 
+  # main service
   systemd.services.wger = {
     description = "wger fitness";
     wantedBy = [ "multi-user.target" ];
     after = [ "networking.target" ];
-    script = ''
-      # general wger things
-      ${wgerpkgs}/bin/wger migrate-db -s ${settingsFile} || true
-      # ${wgerpkgs}/bin/wger load-fixtures -s ${settingsFile} || true
-      # ${wgerpkgs}/bin/wger load-online-fixtures -s ${settingsFile} || true
 
-      # manage things
-      # WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage download-exercise-images || true
-      # WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage download-exercise-videos || true
-      # WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage download-ingredient-images || true
-      WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage sync-exercises || true
-      # WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage sync-ingredients || true
-      WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage exercises-health-check || true
+    script = ''
+      # initial setup
+      ${wgerpkgs}/bin/wger migrate-db -s ${settingsFile} || true
+      ${wgerpkgs}/bin/wger load-fixtures -s ${settingsFile} || true
 
       # run server
       ${wgerpkgs}/bin/wger start -s ${settingsFile}
     '';
 
     serviceConfig = {
+      EnvironmentFile = config.age.secrets.wger-env.path;
+
       User = "wger";
       Group = "wger";
-      
     };
   };
-  users.users."${wger_user}"= {
-    uid = 738;
-    isSystemUser = true;
-    group = wger_user;
-    
+
+  # periodic keep up-to-date
+  systemd.timers."wger-housekeeping" = {
+    wantedBy = [ "timers.target" ];
+    timerConfig.OnCalendar = "daily";
+  };
+  
+  systemd.services."wger-housekeeping" = {
+    after = [ "wger.service" ];
+    requires = [ "wger.service" ];
+    script = ''
+      WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage sync-exercises || true
+      WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage download-exercise-images || true
+      WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage download-exercise-videos || true
+      WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage sync-ingredients || true
+      ${wgerpkgs}/bin/wger load-online-fixtures -s ${settingsFile} || true
+      WGER_SETTINGS=${settingsFile} ${wgerpkgs}/bin/manage exercises-health-check || true
+    '';
+
+    serviceConfig = {
+      EnvironmentFile = config.age.secrets.wger-env.path;
+
+      # Type = "oneshot";
+      User = "wger";
+      Group = "wger";
+    };
   };
-  users.groups."${wger_user}".gid = 738;
 
   services.postgresql = {
     ensureDatabases = [ wger_user ];
@@ -127,13 +150,18 @@ in {
   };
 
 
-  services.nginx.virtualHosts."${svc_domain}" = {
+  # setup users
+  users.users."${wger_user}"= {
+    uid = 738;
+    isSystemUser = true;
+    group = wger_user;
+  };
+  users.groups."${wger_user}".gid = 738;
+
+  # nginx
+  services.nginx.virtualHosts."${svc_domain}" = config.mine.shared.lib.authelia.mkProtectedWebsite {
     forceSSL = true;
     enableACME = true;
-
-    extraConfig = ''
-      include ${config.mine.shared.lib.authelia.autheliaLocation};
-    '';
     
     locations."/" = config.mine.shared.lib.authelia.mkProtectedLocation {
       proxyPass = "http://localhost:${builtins.toString port}";
@@ -146,4 +174,19 @@ in {
     locations."/media".proxyPass = "http://localhost:${builtins.toString port}";
     locations."/api".proxyPass = "http://localhost:${builtins.toString port}";
   };
+
+  # metadata
+  mine.shared.meta.wger = {
+    name = "Wger";
+    description = "We host Wger, which is a FLOSS fitness/workout/nutrition and weight tracker, with FLOSS apps, read more [here](https://wger.de/).";
+    url = "https://${svc_domain}";
+
+    package = let
+      pkg = wgerpkgs;
+    in {
+      name = pkg.pname;
+      version = pkg.version;
+      meta = pkg.meta;
+    };
+  };
 }