Add initial Bitpoll Nix flake and example configuration

2025-07-04 12:54:08 +02:00 · 2025-07-04 12:54:08 +02:00 · 8de81ea2ab
commit 8de81ea2ab
parent 1b58a0ded8
4 changed files with 631 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,186 @@
+# Bitpoll Nix Flake
+
+This repository provides a Nix flake for [Bitpoll](https://github.com/fsinfuhh/Bitpoll), a web application for scheduling meetings and general polling.
+
+## Features
+
+- ✅ **Nix Flake**: Uses NixOS 25.05 with pinned dependencies
+- ✅ **Bitpoll Package**: Builds Bitpoll from the current master commit (4a3e6a5)
+- ✅ **NixOS Service**: Complete systemd service configuration
+- ✅ **Data Storage**: All data stored in `/var/lib/bitpoll` as requested
+- ✅ **Security**: Proper user isolation and security hardening
+- ✅ **Cross-platform**: Works on Linux and macOS
+
+## Quick Start
+
+### 1. Using the Package Directly
+
+```bash
+# Run Bitpoll development server
+nix run git+https://git.s1q.dev/phg/bitpoll-nix
+
+# Run management commands
+nix run git+https://git.s1q.dev/phg/bitpoll-nix#bitpoll-manage -- migrate
+nix run git+https://git.s1q.dev/phg/bitpoll-nix#bitpoll-manage -- createsuperuser
+```
+
+### 2. Using as a NixOS Service
+
+Add this flake to your NixOS configuration:
+
+```nix
+{
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
+    bitpoll.url = "git+https://git.s1q.dev/phg/bitpoll-nix";
+  };
+
+  outputs = { self, nixpkgs, bitpoll }: {
+    nixosConfigurations.myhost = nixpkgs.lib.nixosSystem {
+      system = "x86_64-linux";
+      modules = [
+        bitpoll.nixosModules.default
+        {
+          services.bitpoll = {
+            enable = true;
+            port = 8080;
+            host = "0.0.0.0";
+            allowedHosts = [ 
+              "bitpoll.example.com" 
+              "localhost" 
+              "127.0.0.1" 
+            ];
+          };
+          
+          # Open firewall port
+          networking.firewall.allowedTCPPorts = [ 8080 ];
+        }
+      ];
+    };
+  };
+}
+```
+
+Then rebuild your system:
+
+```bash
+sudo nixos-rebuild switch --flake .#myhost
+```
+
+### 3. Development Environment
+
+```bash
+# Enter development shell
+nix develop git+https://git.s1q.dev/phg/bitpoll-nix
+
+# Or clone and develop locally
+git clone https://git.s1q.dev/phg/bitpoll-nix
+cd bitpoll-nix
+nix develop
+```
+
+## Configuration Options
+
+The NixOS service provides the following configuration options:
+
+```nix
+services.bitpoll = {
+  enable = true;                    # Enable the service
+  port = 8000;                      # Port to listen on (default: 8000)
+  host = "127.0.0.1";              # Host to bind to (default: 127.0.0.1)
+  dataDir = "/var/lib/bitpoll";     # Data directory (default: /var/lib/bitpoll)
+  secretKeyFile = "/path/to/key";   # Optional: File containing Django secret key
+  allowedHosts = [ "localhost" ];   # List of allowed hosts
+  extraSettings = "";               # Extra Django settings
+};
+```
+
+## Data Storage
+
+All Bitpoll data is stored in `/var/lib/bitpoll` as requested:
+
+- `/var/lib/bitpoll/db.sqlite3` - SQLite database
+- `/var/lib/bitpoll/static/` - Static files (CSS, JS, images)
+- `/var/lib/bitpoll/media/` - User uploaded files
+
+## Security
+
+The service runs with proper security hardening:
+
+- Dedicated `bitpoll` user and group
+- Restricted filesystem access
+- No new privileges
+- Private temporary directories
+- Protected system directories
+
+## Production Deployment
+
+For production use, consider:
+
+1. **Use a secret key file**:
+   ```nix
+   services.bitpoll.secretKeyFile = "/etc/bitpoll/secret-key";
+   ```
+
+2. **Configure allowed hosts properly**:
+   ```nix
+   services.bitpoll.allowedHosts = [ "bitpoll.yourdomain.com" ];
+   ```
+
+3. **Use a reverse proxy** (nginx, traefik, etc.) for HTTPS termination
+
+4. **Set up backups** for `/var/lib/bitpoll/`
+
+## Example Complete Configuration
+
+See `example-configuration.nix` for a complete NixOS configuration example.
+
+## Building and Testing
+
+```bash
+# Check flake
+nix flake check
+
+# Build package
+nix build
+
+# Test the service
+nix run .#bitpoll-manage -- check
+```
+
+## Dependencies
+
+This flake includes all necessary dependencies:
+
+- Django and related packages
+- Calendar handling (caldav, icalendar)
+- Database support (SQLite by default, PostgreSQL available)
+- Security libraries (cryptography)
+- Markup processing (markdown, bleach)
+- LDAP support (optional)
+
+## Version Information
+
+- **NixOS Version**: 25.05
+- **Bitpoll Version**: master (commit 4a3e6a5)
+- **Python Version**: 3.x (from nixpkgs)
+- **Django Version**: Latest from nixpkgs
+
+## Contributing
+
+1. Fork this repository
+2. Make your changes
+3. Test with `nix flake check`
+4. Submit a pull request
+
+## License
+
+This flake is provided under the same license as Bitpoll (GPL-3.0).
+
+## Support
+
+For issues with:
+
+- **This flake**: Open an issue at [this repository](https://git.s1q.dev/phg/bitpoll-nix)
+- **Bitpoll itself**: See the [upstream repository](https://github.com/fsinfuhh/Bitpoll)
+- **NixOS**: See the [NixOS manual](https://nixos.org/manual/nixos/stable/)