From d77172a2657ce6959f720317ce23476d8132f628 Mon Sep 17 00:00:00 2001
From: Auguste Baum <auguste.apple@gmail.com>
Date: Tue, 22 Aug 2023 22:00:15 +0200
Subject: [PATCH] Fix `nixosConfigurations.pretalx-*`.

Co-authored-by: Andres Navarro <git@andresnav.com>
---
 all-packages.nix            | 12 +++++++++---
 configs/pretalx/pretalx.nix | 38 ++++++++++++++++++++++++-------------
 configs/pretalx/vm.nix      | 10 ++++++++++
 modules/pretalx.nix         |  5 ++---
 tests/pretalx/default.nix   | 17 ++---------------
 5 files changed, 48 insertions(+), 34 deletions(-)
 create mode 100644 configs/pretalx/vm.nix

diff --git a/all-packages.nix b/all-packages.nix
index 10b3f3f4..bfc60df1 100644
--- a/all-packages.nix
+++ b/all-packages.nix
@@ -9,9 +9,15 @@
     liberaforms-env = callPackage ./pkgs/liberaforms/env.nix {};
     libgnunetchat = callPackage ./pkgs/libgnunetchat {};
     librecast = callPackage ./pkgs/librecast {inherit lcrq;};
-    pretalx-mysql = callPackage ./pkgs/pretalx { withMysql = true; withRedis=true;};
-    pretalx-postgresql = callPackage ./pkgs/pretalx { withPostgresql = true; withRedis=true;};
-    pretalx = callPackage ./pkgs/pretalx { 
+    pretalx-mysql = callPackage ./pkgs/pretalx {
+      withMysql = true;
+      withRedis = true;
+    };
+    pretalx-postgresql = callPackage ./pkgs/pretalx {
+      withPostgresql = true;
+      withRedis = true;
+    };
+    pretalx = callPackage ./pkgs/pretalx {
       withMysql = true;
       withPostgresql = true;
       withRedis = true;
diff --git a/configs/pretalx/pretalx.nix b/configs/pretalx/pretalx.nix
index 543cdc4e..2d50dbdd 100644
--- a/configs/pretalx/pretalx.nix
+++ b/configs/pretalx/pretalx.nix
@@ -3,23 +3,33 @@
   pkgs,
   ...
 }: {
+  imports = [
+    ./vm.nix
+  ];
+
   nixpkgs.hostPlatform = "x86_64-linux";
 
-  networking.firewall.allowedTCPPorts = [config.services.nginx.defaultHTTPListenPort];
+  networking = {
+    firewall.allowedTCPPorts = [config.services.nginx.defaultHTTPListenPort];
+    hostName = "server";
+    domain = "example.com";
+  };
 
-  sops.secrets = let
-    pretalxSecret = {
-      # For a production configuration also `sopsFile` is required.
-      # See <https://github.com/Mic92/sops-nix>.
-      owner = config.services.pretalx.user;
-      group = config.services.pretalx.group;
+  sops = {
+    secrets = let
+      pretalxSecret = {
+        # For a production configuration also `sopsFile` is required.
+        # See <https://github.com/Mic92/sops-nix>.
+        owner = config.services.pretalx.user;
+        group = config.services.pretalx.group;
+      };
+    in {
+      "pretalx/database/password" = pretalxSecret;
+      "pretalx/redis/location" = pretalxSecret;
+      "pretalx/init/admin/password" = pretalxSecret;
+      "pretalx/celery/backend" = pretalxSecret;
+      "pretalx/celery/broker" = pretalxSecret;
     };
-  in {
-    "pretalx/database/password" = pretalxSecret;
-    "pretalx/redis/location" = pretalxSecret;
-    "pretalx/init/admin/password" = pretalxSecret;
-    "pretalx/celery/backend" = pretalxSecret;
-    "pretalx/celery/broker" = pretalxSecret;
   };
 
   services = {
@@ -69,4 +79,6 @@
       recommendedProxySettings = true;
     };
   };
+
+  system.stateVersion = "22.11";
 }
diff --git a/configs/pretalx/vm.nix b/configs/pretalx/vm.nix
new file mode 100644
index 00000000..dbbfc7d8
--- /dev/null
+++ b/configs/pretalx/vm.nix
@@ -0,0 +1,10 @@
+{modulesPath, ...}: {
+  imports = [
+    "${modulesPath}/virtualisation/qemu-vm.nix"
+  ];
+
+  sops = {
+    age.keyFile = ./postgresql.nix;
+    defaultSopsFile = ./postgresql.nix;
+  };
+}
diff --git a/modules/pretalx.nix b/modules/pretalx.nix
index d6e9499f..c7de3186 100644
--- a/modules/pretalx.nix
+++ b/modules/pretalx.nix
@@ -485,10 +485,9 @@ in {
           script = ''
             ${exportPasswordEnv}
 
-            # ${cfg.package}/bin/pretalx compilemessages
+            # ${cfg.package}/bin/pretalx compilemessages # FIXME: when run, pretalx-web hangs
             ${cfg.package}/bin/pretalx collectstatic --noinput
-            # FIXME: Remove `--force`, was only added for PRETALX_DEBUG=true not to crash.
-            ${cfg.package}/bin/pretalx compress --force
+            ${cfg.package}/bin/pretalx compress
 
             exec ${gunicorn}/bin/gunicorn pretalx.wsgi --name=${pretalxWebServiceName} --bind=${gunicornSocket} ${cfg.gunicorn.extraArgs}
           '';
diff --git a/tests/pretalx/default.nix b/tests/pretalx/default.nix
index fb727476..05317b6d 100644
--- a/tests/pretalx/default.nix
+++ b/tests/pretalx/default.nix
@@ -7,22 +7,9 @@
         configurations.server
       ];
 
-      networking.hostName = "server";
-      networking.domain = "example.com";
-
-      sops = {
+      sops = pkgs.lib.mkForce {
         age.keyFile = ./sops/keys.txt;
-        secrets = let
-          pretalxSecret = {
-            sopsFile = ./sops/pretalx.yaml;
-          };
-        in {
-          "pretalx/database/password" = pretalxSecret;
-          "pretalx/redis/location" = pretalxSecret;
-          "pretalx/init/admin/password" = pretalxSecret;
-          "pretalx/celery/backend" = pretalxSecret;
-          "pretalx/celery/broker" = pretalxSecret;
-        };
+        defaultSopsFile = ./sops/pretalx.yaml;
       };
 
       # Use kmscon <https://www.freedesktop.org/wiki/Software/kmscon/>