# Example NixOS configuration for Bitpoll { config, pkgs, ... }: { imports = [ # Import the Bitpoll module ./module.nix ]; # Enable Bitpoll service services.bitpoll = { enable = true; # Required security keys (generate these!) secretKey = "CHANGE-ME-django-secret-key-here"; encryptionKey = "CHANGE-ME-field-encryption-key-here"; # Network configuration listenAddress = "127.0.0.1"; port = 3008; # uWSGI socket port httpPort = 3009; # HTTP port for direct access # Django settings debug = false; allowedHosts = [ "localhost" "bitpoll.example.com" ]; language = "en-us"; timezone = "Europe/Berlin"; # Database configuration (PostgreSQL is auto-configured) database = { name = "bitpoll"; user = "bitpoll"; password = ""; # Empty for peer authentication host = "localhost"; port = 5432; }; # Performance settings processes = 4; # Adjust based on your server threads = 2; cheaperProcesses = 1; # Additional Django settings extraSettings = { # Pipeline configuration for asset compression PIPELINE_LOCAL = { JS_COMPRESSOR = "pipeline.compressors.uglifyjs.UglifyJSCompressor"; CSS_COMPRESSOR = "pipeline.compressors.cssmin.CSSMinCompressor"; }; # Content Security Policy CSP_ADDITIONAL_SCRIPT_SRC = [ ]; # Additional installed apps (if needed) INSTALLED_APPS_LOCAL = [ ]; }; # Additional uWSGI configuration extraUwsgiConfig = '' # Reload workers after 1000 requests to prevent memory leaks max-requests = 1000 # Reload if memory usage exceeds 512MB reload-on-rss = 512 # Enable stats server (optional, for monitoring) # stats = 127.0.0.1:9191 ''; }; # Nginx reverse proxy configuration services.nginx = { enable = true; virtualHosts."bitpoll.example.com" = { # Enable HTTPS with Let's Encrypt enableACME = true; forceSSL = true; locations = { # Proxy all requests to Bitpoll "/" = { proxyPass = "http://127.0.0.1:3009"; proxyWebsockets = true; extraConfig = '' proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Increase timeouts for long-running requests proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; ''; }; # Serve static files directly from Nginx for better performance "/static/" = { alias = "/var/lib/bitpoll/static/"; extraConfig = '' expires 1y; add_header Cache-Control "public, immutable"; gzip on; gzip_types text/css application/javascript application/json; ''; }; # Serve media files (user uploads) "/media/" = { alias = "/var/lib/bitpoll/media/"; extraConfig = '' expires 1d; add_header Cache-Control "public"; ''; }; }; }; }; # ACME configuration for Let's Encrypt security.acme = { acceptTerms = true; defaults.email = "admin@example.com"; }; # Firewall configuration networking.firewall = { enable = true; allowedTCPPorts = [ 80 443 ]; }; # Optional: Backup configuration services.restic.backups.bitpoll = { initialize = true; repository = "/backup/bitpoll"; passwordFile = "/etc/nixos/secrets/restic-password"; paths = [ "/var/lib/bitpoll" ]; timerConfig = { OnCalendar = "daily"; Persistent = true; }; }; # Optional: Log rotation services.logrotate = { enable = true; settings = { "/var/log/bitpoll/*.log" = { frequency = "daily"; rotate = 30; compress = true; delaycompress = true; missingok = true; notifempty = true; create = "644 bitpoll bitpoll"; }; }; }; }