231 lines
4.9 KiB
Markdown
231 lines
4.9 KiB
Markdown
# Bitpoll Nix Package
|
|
|
|
This repository contains a Nix flake for packaging [Bitpoll](https://github.com/fsinfuhh/Bitpoll), a web application for scheduling meetings and general polling.
|
|
|
|
## Features
|
|
|
|
- **Complete Nix Package**: Bitpoll packaged as a Nix derivation with all Python dependencies
|
|
- **NixOS Service Module**: Ready-to-use systemd service with PostgreSQL integration
|
|
- **Security Hardened**: Runs with minimal privileges and security restrictions
|
|
- **Configurable**: All major settings exposed as NixOS options
|
|
- **Production Ready**: Uses uWSGI with proper process management
|
|
|
|
## Quick Start
|
|
|
|
### 1. Add to your NixOS configuration
|
|
|
|
```nix
|
|
{
|
|
inputs = {
|
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
|
|
bitpoll.url = "github:your-username/bitpoll-nix";
|
|
};
|
|
|
|
outputs = { self, nixpkgs, bitpoll }: {
|
|
nixosConfigurations.your-host = nixpkgs.lib.nixosSystem {
|
|
system = "x86_64-linux";
|
|
modules = [
|
|
bitpoll.nixosModules.default
|
|
{
|
|
services.bitpoll = {
|
|
enable = true;
|
|
secretKey = "your-secret-key-here";
|
|
encryptionKey = "your-encryption-key-here";
|
|
allowedHosts = [ "your-domain.com" ];
|
|
};
|
|
}
|
|
];
|
|
};
|
|
};
|
|
}
|
|
```
|
|
|
|
### 2. Generate required keys
|
|
|
|
```bash
|
|
# Generate Django secret key
|
|
python -c "from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())"
|
|
|
|
# Generate field encryption key (32 bytes, base64 encoded)
|
|
python -c "import base64, os; print(base64.b64encode(os.urandom(32)).decode())"
|
|
```
|
|
|
|
### 3. Deploy
|
|
|
|
```bash
|
|
sudo nixos-rebuild switch --flake .#your-host
|
|
```
|
|
|
|
## Configuration Options
|
|
|
|
### Basic Configuration
|
|
|
|
```nix
|
|
services.bitpoll = {
|
|
enable = true;
|
|
|
|
# Required security keys
|
|
secretKey = "your-django-secret-key";
|
|
encryptionKey = "your-field-encryption-key";
|
|
|
|
# Network settings
|
|
listenAddress = "127.0.0.1";
|
|
port = 3008; # uWSGI socket
|
|
httpPort = 3009; # HTTP port (null to disable)
|
|
|
|
# Django settings
|
|
debug = false;
|
|
allowedHosts = [ "your-domain.com" ];
|
|
language = "en-us";
|
|
timezone = "Europe/Berlin";
|
|
};
|
|
```
|
|
|
|
### Database Configuration
|
|
|
|
```nix
|
|
services.bitpoll = {
|
|
# PostgreSQL is enabled by default
|
|
enablePostgreSQL = true;
|
|
|
|
database = {
|
|
name = "bitpoll";
|
|
user = "bitpoll";
|
|
password = ""; # Leave empty for peer authentication
|
|
host = "localhost";
|
|
port = 5432;
|
|
};
|
|
};
|
|
```
|
|
|
|
### Performance Tuning
|
|
|
|
```nix
|
|
services.bitpoll = {
|
|
# uWSGI process management
|
|
processes = 8; # Max processes
|
|
threads = 4; # Threads per process
|
|
cheaperProcesses = 2; # Min processes
|
|
|
|
# Additional uWSGI configuration
|
|
extraUwsgiConfig = ''
|
|
max-requests = 1000
|
|
reload-on-rss = 512
|
|
'';
|
|
};
|
|
```
|
|
|
|
### Advanced Settings
|
|
|
|
```nix
|
|
services.bitpoll = {
|
|
# Additional Django settings
|
|
extraSettings = {
|
|
PIPELINE_LOCAL = {
|
|
JS_COMPRESSOR = "pipeline.compressors.uglifyjs.UglifyJSCompressor";
|
|
CSS_COMPRESSOR = "pipeline.compressors.cssmin.CSSMinCompressor";
|
|
};
|
|
CSP_ADDITIONAL_SCRIPT_SRC = [ "your-analytics-domain.com" ];
|
|
};
|
|
};
|
|
```
|
|
|
|
## Reverse Proxy Setup
|
|
|
|
### Nginx Example
|
|
|
|
```nix
|
|
services.nginx = {
|
|
enable = true;
|
|
virtualHosts."your-domain.com" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations = {
|
|
"/" = {
|
|
proxyPass = "http://127.0.0.1:3009";
|
|
proxyWebsockets = true;
|
|
extraConfig = ''
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
'';
|
|
};
|
|
"/static/" = {
|
|
alias = "/var/lib/bitpoll/static/";
|
|
extraConfig = ''
|
|
expires 1y;
|
|
add_header Cache-Control "public, immutable";
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
};
|
|
```
|
|
|
|
## Data Storage
|
|
|
|
All persistent data is stored in `/var/lib/bitpoll/`:
|
|
- `media/` - User uploaded files
|
|
- `static/` - Collected static files
|
|
- Database data (if using PostgreSQL, stored in PostgreSQL data directory)
|
|
|
|
## Security
|
|
|
|
The service runs with extensive security hardening:
|
|
- Dedicated user account (`bitpoll`)
|
|
- Restricted filesystem access
|
|
- No network access except required ports
|
|
- Memory execution protection
|
|
- System call filtering
|
|
|
|
## Development
|
|
|
|
### Building the package
|
|
|
|
```bash
|
|
nix build .#bitpoll
|
|
```
|
|
|
|
### Development shell
|
|
|
|
```bash
|
|
nix develop
|
|
```
|
|
|
|
### Testing the module
|
|
|
|
```bash
|
|
nixos-rebuild build-vm --flake .#test-vm
|
|
```
|
|
|
|
## Troubleshooting
|
|
|
|
### Check service status
|
|
|
|
```bash
|
|
systemctl status bitpoll
|
|
journalctl -u bitpoll -f
|
|
```
|
|
|
|
### Database issues
|
|
|
|
```bash
|
|
# Check PostgreSQL status
|
|
systemctl status postgresql
|
|
|
|
# Connect to database
|
|
sudo -u postgres psql bitpoll
|
|
```
|
|
|
|
### Permission issues
|
|
|
|
```bash
|
|
# Fix data directory permissions
|
|
sudo chown -R bitpoll:bitpoll /var/lib/bitpoll
|
|
sudo chmod -R u=rwX,g=rX,o= /var/lib/bitpoll
|
|
```
|
|
|
|
## License
|
|
|
|
This packaging is released under the same license as Bitpoll (GPL-3.0).
|