{ config, pkgs, lib, ... }: { systemd.services.nerd = { after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; environment = { NERD_CONFIG_FILE = pkgs.writeText "nerd.cfg" '' [django] secret = TODO allowed_hosts = nerd.bula22.de debug = False language_code = de-de time_zone = Europe/Berlin csrf_trusted_origins = https://nerd.bula22.de [database] engine = postgresql_psycopg2 name = nerd user = password = host = /run/postgresql port = [email] backend = smtp.EmailBackend host = mail.n0emis.eu port = 465 user = no-reply@n0emis.eu password = TODO ssl = True tls = False from = noreply@n0emis.eu ''; PYTHONPATH = "${pkgs.python3.pkgs.nerd.pythonPath}:${pkgs.python3.pkgs.nerd}/${pkgs.python3.sitePackages}:${pkgs.python3Packages.psycopg2}/${pkgs.python3.sitePackages}"; }; serviceConfig = { User = "nerd"; Group = "nerd"; ExecStartPre = "${pkgs.python3.pkgs.nerd}/bin/nerd migrate"; ExecStart = '' ${pkgs.python3Packages.gunicorn}/bin/gunicorn \ --bind 0.0.0.0:10510 \ --access-logfile - \ nerd.wsgi ''; }; }; services.postgresql = { enable = true; ensureDatabases = [ "nerd" ]; ensureUsers = [ { name = "nerd"; ensurePermissions = { "DATABASE nerd" = "ALL PRIVILEGES"; }; } ]; }; users.users.nerd = { isSystemUser = true; group = "nerd"; }; users.groups.nerd = {}; networking.firewall.allowedTCPPorts = [ 80 443 ]; services.caddy = { enable = true; virtualHosts."nerd.bula22.de" = { extraConfig = '' route { file_server /static/* reverse_proxy * http://127.0.0.1:10510 } root * ${pkgs.python3.pkgs.nerd}/var/lib/nerd/ ''; }; }; }