phg/bitpoll-nix
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial Bitpoll Nix package and service

Browse source
This commit is contained in:
Philip Henning 2025-07-03 17:35:13 +02:00
commit 0b3e086c03
5 changed files with 898 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

160
example-configuration.nix Normal file
View file

@ -0,0 +1,160 @@
# Example NixOS configuration for Bitpoll
{ config, pkgs, ... }:
{
imports = [
# Import the Bitpoll module
./module.nix
];
# Enable Bitpoll service
services.bitpoll = {
enable = true;
# Required security keys (generate these!)
secretKey = "CHANGE-ME-django-secret-key-here";
encryptionKey = "CHANGE-ME-field-encryption-key-here";
# Network configuration
listenAddress = "127.0.0.1";
port = 3008; # uWSGI socket port
httpPort = 3009; # HTTP port for direct access
# Django settings
debug = false;
allowedHosts = [ "localhost" "bitpoll.example.com" ];
language = "en-us";
timezone = "Europe/Berlin";
# Database configuration (PostgreSQL is auto-configured)
database = {
name = "bitpoll";
user = "bitpoll";
password = ""; # Empty for peer authentication
host = "localhost";
port = 5432;
};
# Performance settings
processes = 4; # Adjust based on your server
threads = 2;
cheaperProcesses = 1;
# Additional Django settings
extraSettings = {
# Pipeline configuration for asset compression
PIPELINE_LOCAL = {
JS_COMPRESSOR = "pipeline.compressors.uglifyjs.UglifyJSCompressor";
CSS_COMPRESSOR = "pipeline.compressors.cssmin.CSSMinCompressor";
};
# Content Security Policy
CSP_ADDITIONAL_SCRIPT_SRC = [ ];
# Additional installed apps (if needed)
INSTALLED_APPS_LOCAL = [ ];
};
# Additional uWSGI configuration
extraUwsgiConfig = ''
# Reload workers after 1000 requests to prevent memory leaks
max-requests = 1000
# Reload if memory usage exceeds 512MB
reload-on-rss = 512
# Enable stats server (optional, for monitoring)
# stats = 127.0.0.1:9191
'';
};
# Nginx reverse proxy configuration
services.nginx = {
enable = true;
virtualHosts."bitpoll.example.com" = {
# Enable HTTPS with Let's Encrypt
enableACME = true;
forceSSL = true;
locations = {
# Proxy all requests to Bitpoll
"/" = {
proxyPass = "http://127.0.0.1:3009";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Increase timeouts for long-running requests
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
'';
};
# Serve static files directly from Nginx for better performance
"/static/" = {
alias = "/var/lib/bitpoll/static/";
extraConfig = ''
expires 1y;
add_header Cache-Control "public, immutable";
gzip on;
gzip_types text/css application/javascript application/json;
'';
};
# Serve media files (user uploads)
"/media/" = {
alias = "/var/lib/bitpoll/media/";
extraConfig = ''
expires 1d;
add_header Cache-Control "public";
'';
};
};
};
};
# ACME configuration for Let's Encrypt
security.acme = {
acceptTerms = true;
defaults.email = "admin@example.com";
};
# Firewall configuration
networking.firewall = {
enable = true;
allowedTCPPorts = [ 80 443 ];
};
# Optional: Backup configuration
services.restic.backups.bitpoll = {
initialize = true;
repository = "/backup/bitpoll";
passwordFile = "/etc/nixos/secrets/restic-password";
paths = [ "/var/lib/bitpoll" ];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
};
};
# Optional: Log rotation
services.logrotate = {
enable = true;
settings = {
"/var/log/bitpoll/*.log" = {
frequency = "daily";
rotate = 30;
compress = true;
delaycompress = true;
missingok = true;
notifempty = true;
create = "644 bitpoll bitpoll";
};
};
};
}