package nerd

hosts/nerd/configuration.nix

@@ -4,6 +4,7 @@
   imports =
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
+      ./nerd.nix
     ];
 
   # Use the systemd-boot EFI boot loader.
@@ -18,13 +19,11 @@
       matchConfig = {
         Name = "ens18";
       };
-      address = [ "10.42.10.24/24" "fd00:10:42:10::240/64" "2a01:4f8:1c0c:8221::240/64" ];
+      address = [ "10.42.10.24/24" "fd00:10:42:10::24/64" "2a01:4f8:1c0c:8221::24/64" ];
-      gateway = [ "10.42.10.1" "2a01:4f8:1c0c:8221::1" ];
+      gateway = [ "10.42.10.1" ];
     };
   };
 
-  environment.systemPackages = with pkgs; [ colmena ];
-
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave

hosts/nerd/nerd.nix

@@ -0,0 +1,86 @@
+{ config, pkgs, lib, ... }:
+
+{
+  systemd.services.nerd = {
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+
+    environment = {
+      NERD_CONFIG_FILE = pkgs.writeText "nerd.cfg" ''
+        [django]
+        secret = TODO
+        allowed_hosts = nerd.bula22.de
+        debug = False
+        language_code = de-de
+        time_zone = Europe/Berlin
+        csrf_trusted_origins = https://nerd.bula22.de
+
+        [database]
+        engine = postgresql_psycopg2
+        name = nerd
+        user =
+        password =
+        host = /run/postgresql
+        port =
+
+        [email]
+        backend = smtp.EmailBackend
+        host = mail.n0emis.eu
+        port = 465
+        user = no-reply@n0emis.eu
+        password = TODO
+        ssl = True
+        tls = False
+        from = noreply@n0emis.eu
+      '';
+      PYTHONPATH = "${pkgs.python3.pkgs.nerd.pythonPath}:${pkgs.python3.pkgs.nerd}/${pkgs.python3.sitePackages}:${pkgs.python3Packages.psycopg2}/${pkgs.python3.sitePackages}";
+    };
+
+    serviceConfig = {
+      User = "nerd";
+      Group = "nerd";
+      ExecStartPre = "${pkgs.python3.pkgs.nerd}/bin/nerd migrate";
+      ExecStart = ''
+        ${pkgs.python3Packages.gunicorn}/bin/gunicorn \
+          --bind 0.0.0.0:10510 \
+          --access-logfile - \
+          nerd.wsgi
+      '';
+    };
+  };
+
+  services.postgresql = {
+    enable = true;
+    ensureDatabases = [ "nerd" ];
+    ensureUsers = [
+      {
+        name = "nerd";
+        ensurePermissions = {
+          "DATABASE nerd" = "ALL PRIVILEGES";
+        };
+      }
+    ];
+  };
+
+  users.users.nerd = {
+    isSystemUser = true;
+    group = "nerd";
+  };
+  users.groups.nerd = {};
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  services.caddy = {
+    enable = true;
+    virtualHosts."nerd.bula22.de" = {
+      extraConfig = ''
+        route {
+          file_server /static/*
+          reverse_proxy * http://127.0.0.1:10510
+        }
+
+        root * ${pkgs.python3.pkgs.nerd}/var/lib/nerd/
+      '';
+    };
+  };
+}

packages/python/default.nix

@@ -4,4 +4,8 @@ self: super: {
   ywsd = self.callPackage ./ywsd { };
   mitel-ommclient2 = self.callPackage ./mitel-ommclient2 { };
   fieldpoc = self.callPackage ./fieldpoc { };
+  django-admin-autocomplete-filter = self.callPackage ./django-admin-autocomplete-filter { };
+  django-bootstrap5 = self.callPackage ./django-bootstrap5 { };
+  django-verify-email = self.callPackage ./django-verify-email { };
+  nerd = self.callPackage ./nerd { };
 }

packages/python/django-admin-autocomplete-filter/default.nix

@@ -0,0 +1,23 @@
+{ lib
+, buildPythonPackage
+, fetchPypi
+, django
+}:
+
+buildPythonPackage rec {
+  pname = "django-admin-autocomplete-filter";
+  version = "0.7.1";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "5a8c9a7016e03104627b80b40811dcc567f26759971e4407f933951546367ba0";
+  };
+
+  buildInputs = [
+    django
+  ];
+
+  pythonImportsCheck = [ "admin_auto_filters" ];
+
+  doCheck = false;
+}

packages/python/django-bootstrap5/default.nix

@@ -0,0 +1,28 @@
+{ lib
+, buildPythonPackage
+, fetchPypi
+, django
+, beautifulsoup4
+}:
+
+buildPythonPackage rec {
+  pname = "django-bootstrap5";
+  version = "21.3";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "35086341881780a44b2e27255894f6029fc5ef75e5a0ec8ebd82f47a5184fa73";
+  };
+
+  buildInputs = [
+    django
+  ];
+
+  propagatedBuildInputs = [
+    beautifulsoup4
+  ];
+
+  pythonImportsCheck = [ "django_bootstrap5" ];
+
+  doCheck = false;
+}

packages/python/django-verify-email/default.nix

@@ -0,0 +1,21 @@
+{ lib
+, buildPythonPackage
+, fetchPypi
+, django
+}:
+
+buildPythonPackage rec {
+  pname = "Django-Verify-Email";
+  version = "1.0.9";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "05d296a6a7ef03db07327b076093373e086d9e76e7fa9970a033e4e01168197f";
+  };
+
+  buildInputs = [
+    django
+  ];
+
+  doCheck = false;
+}

packages/python/nerd/default.nix

@@ -0,0 +1,50 @@
+{ lib
+, buildPythonApplication
+, makePythonPath
+, fetchFromGitHub
+, python3
+, hatchling
+, django_4
+, django-bootstrap5
+, django-admin-autocomplete-filter
+, django-verify-email
+}:
+
+buildPythonApplication rec {
+  pname = "nerd";
+  version = "0.0.1";
+
+  src = fetchFromGitHub {
+    owner = "dect-e";
+    repo = pname;
+    #rev = "v${version}";
+    rev = "8b8becaeb9d77c3ff2c5dadb1d5be6d66b6ed5f2";
+    sha256 = "sha256-R2kOECPtfTTnbqjujGR1AeNGyXNswqC7UJtQu+W4pXo=";
+  };
+
+  sourceRoot = "source/src";
+
+  format = "pyproject";
+
+  buildInputs = [ python3 hatchling ];
+  propagatedBuildInputs = [
+    django_4
+    django-bootstrap5
+    django-admin-autocomplete-filter
+    django-verify-email
+  ];
+
+  postInstall = ''
+    python ./manage.py collectstatic
+
+    mkdir -p $out/var/lib/nerd
+    cp -r static $out/var/lib/nerd/
+  '';
+
+  passthru = {
+    # PYTHONPATH of all dependencies used by the package
+    pythonPath = python3.pkgs.makePythonPath propagatedBuildInputs;
+  };
+
+  doCheck = false;
+}