From e38a4f7bf0b35e3eded515aa820394cb3d47be3d Mon Sep 17 00:00:00 2001 From: Reinout Meliesie Date: Sun, 9 Mar 2025 12:55:12 +0100 Subject: [PATCH] Introduce bookwyrm-env in Bookwyrm --- packages/bookwyrm/nixos-module.nix | 2 +- packages/bookwyrm/package.nix | 21 ++++++++++++++++++--- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/packages/bookwyrm/nixos-module.nix b/packages/bookwyrm/nixos-module.nix index c3714dc..2691563 100644 --- a/packages/bookwyrm/nixos-module.nix +++ b/packages/bookwyrm/nixos-module.nix @@ -15,7 +15,7 @@ with pkgs . kernelmaft ; [Service] ExecStartPre=${coreutils-full}/bin/ln -sf ${bookwyrm}/var/lib/bookwyrm/VERSION /var/lib/bookwyrm/ - ExecStart=${bookwyrm}/bin/bookwyrm + ExecStart=${bookwyrm}/bin/bookwyrm-env ${bookwyrm}/bin/bookwyrm WorkingDirectory=/var/lib/bookwyrm diff --git a/packages/bookwyrm/package.nix b/packages/bookwyrm/package.nix index 8290884..c5e937d 100644 --- a/packages/bookwyrm/package.nix +++ b/packages/bookwyrm/package.nix @@ -111,6 +111,7 @@ mkDerivation { # Python dependencies pythonDependencies="${ concatStringsSep " " pythonDependencies }" + for package in $pythonDependencies ; do for directory in $( cd $package/lib/python3.11/site-packages ; find -mindepth 1 -type d -not -name __pycache__ ) ; do mkdir -p $out/lib/python3.11/site-packages/$directory & @@ -137,20 +138,34 @@ mkDerivation { cat <<- EOF > $out/bin/bookwyrm #!${bash}/bin/sh + exec ${gunicorn}/bin/gunicorn bookwyrm.wsgi:application --bind=unix:/run/bookwyrm/http-socket + EOF + + cat <<- EOF > $out/bin/bookwyrm-env + #!${bash}/bin/sh + + if [ $( id -un ) != "bookwyrm" || $( id -gn ) != "bookwyrm" ] ; do + echo "You are not running as the 'bookwyrm' user and group, quitting" + exit 1 + done + export PYTHONPATH="$out/lib/python3.11/site-packages" export DEBUG="false" + export DOMAIN="" export EMAIL="" export EMAIL_HOST="" export EMAIL_HOST_USER="" export EMAIL_HOST_PASSWORD="" - export SECRET_KEY="\$( ${coreutils-full}/bin/cat /etc/nixos/assets/bookwyrm-secret-key )" # The escape here is required in order to retrieve the key file contents at runtime - exec ${gunicorn}/bin/gunicorn bookwyrm.wsgi:application --bind=unix:/run/bookwyrm/http-socket + # The escape here is required in order to retrieve the key file contents at runtime + export SECRET_KEY="\$( ${coreutils-full}/bin/cat /etc/nixos/assets/bookwyrm-secret-key )" + + exec $@ EOF - chmod +x $out/bin/bookwyrm + chmod +x $out/bin/* # Working directory contents