160 lines
4.2 KiB
Nix
160 lines
4.2 KiB
Nix
# Example NixOS configuration for Bitpoll
|
|
{ config, pkgs, ... }:
|
|
|
|
{
|
|
imports = [
|
|
# Import the Bitpoll module
|
|
./module.nix
|
|
];
|
|
|
|
# Enable Bitpoll service
|
|
services.bitpoll = {
|
|
enable = true;
|
|
|
|
# Required security keys (generate these!)
|
|
secretKey = "CHANGE-ME-django-secret-key-here";
|
|
encryptionKey = "CHANGE-ME-field-encryption-key-here";
|
|
|
|
# Network configuration
|
|
listenAddress = "127.0.0.1";
|
|
port = 3008; # uWSGI socket port
|
|
httpPort = 3009; # HTTP port for direct access
|
|
|
|
# Django settings
|
|
debug = false;
|
|
allowedHosts = [ "localhost" "bitpoll.example.com" ];
|
|
language = "en-us";
|
|
timezone = "Europe/Berlin";
|
|
|
|
# Database configuration (PostgreSQL is auto-configured)
|
|
database = {
|
|
name = "bitpoll";
|
|
user = "bitpoll";
|
|
password = ""; # Empty for peer authentication
|
|
host = "localhost";
|
|
port = 5432;
|
|
};
|
|
|
|
# Performance settings
|
|
processes = 4; # Adjust based on your server
|
|
threads = 2;
|
|
cheaperProcesses = 1;
|
|
|
|
# Additional Django settings
|
|
extraSettings = {
|
|
# Pipeline configuration for asset compression
|
|
PIPELINE_LOCAL = {
|
|
JS_COMPRESSOR = "pipeline.compressors.uglifyjs.UglifyJSCompressor";
|
|
CSS_COMPRESSOR = "pipeline.compressors.cssmin.CSSMinCompressor";
|
|
};
|
|
|
|
# Content Security Policy
|
|
CSP_ADDITIONAL_SCRIPT_SRC = [ ];
|
|
|
|
# Additional installed apps (if needed)
|
|
INSTALLED_APPS_LOCAL = [ ];
|
|
};
|
|
|
|
# Additional uWSGI configuration
|
|
extraUwsgiConfig = ''
|
|
# Reload workers after 1000 requests to prevent memory leaks
|
|
max-requests = 1000
|
|
|
|
# Reload if memory usage exceeds 512MB
|
|
reload-on-rss = 512
|
|
|
|
# Enable stats server (optional, for monitoring)
|
|
# stats = 127.0.0.1:9191
|
|
'';
|
|
};
|
|
|
|
# Nginx reverse proxy configuration
|
|
services.nginx = {
|
|
enable = true;
|
|
|
|
virtualHosts."bitpoll.example.com" = {
|
|
# Enable HTTPS with Let's Encrypt
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
locations = {
|
|
# Proxy all requests to Bitpoll
|
|
"/" = {
|
|
proxyPass = "http://127.0.0.1:3009";
|
|
proxyWebsockets = true;
|
|
extraConfig = ''
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# Increase timeouts for long-running requests
|
|
proxy_connect_timeout 60s;
|
|
proxy_send_timeout 60s;
|
|
proxy_read_timeout 60s;
|
|
'';
|
|
};
|
|
|
|
# Serve static files directly from Nginx for better performance
|
|
"/static/" = {
|
|
alias = "/var/lib/bitpoll/static/";
|
|
extraConfig = ''
|
|
expires 1y;
|
|
add_header Cache-Control "public, immutable";
|
|
gzip on;
|
|
gzip_types text/css application/javascript application/json;
|
|
'';
|
|
};
|
|
|
|
# Serve media files (user uploads)
|
|
"/media/" = {
|
|
alias = "/var/lib/bitpoll/media/";
|
|
extraConfig = ''
|
|
expires 1d;
|
|
add_header Cache-Control "public";
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
# ACME configuration for Let's Encrypt
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "admin@example.com";
|
|
};
|
|
|
|
# Firewall configuration
|
|
networking.firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [ 80 443 ];
|
|
};
|
|
|
|
# Optional: Backup configuration
|
|
services.restic.backups.bitpoll = {
|
|
initialize = true;
|
|
repository = "/backup/bitpoll";
|
|
passwordFile = "/etc/nixos/secrets/restic-password";
|
|
paths = [ "/var/lib/bitpoll" ];
|
|
timerConfig = {
|
|
OnCalendar = "daily";
|
|
Persistent = true;
|
|
};
|
|
};
|
|
|
|
# Optional: Log rotation
|
|
services.logrotate = {
|
|
enable = true;
|
|
settings = {
|
|
"/var/log/bitpoll/*.log" = {
|
|
frequency = "daily";
|
|
rotate = 30;
|
|
compress = true;
|
|
delaycompress = true;
|
|
missingok = true;
|
|
notifempty = true;
|
|
create = "644 bitpoll bitpoll";
|
|
};
|
|
};
|
|
};
|
|
}
|