MODEL/usda-dash-config
5
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Move ragenix to externally managed, and ask for env file references

Browse Source
This commit is contained in:
Hunter David Halloran
2026-01-30 12:59:04 -05:00
parent 60d2f30680
commit 5538d54fb4
7 changed files with 728 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
default.nix
View File

@@ -1,4 +1,8 @@
{ inputs, ... }:
{ usda-vision-packages ? null
, envFile ? null
, azureEnvFile ? null
, ...
}:
# ============================================================================
# USDA Dashboard External System Module
@@ -21,6 +25,25 @@
# - Unprivileged: no (or privileged: yes)
# Edit the container config in Proxmox: /etc/pve/lxc/<VMID>.conf
# Add: features: nesting=1,keyctl=1
#
# USAGE FROM ATHENIX:
#
# 1. Add usda-vision as a flake input in athenix/flake.nix:
#
# inputs.usda-vision = {
# url = "path:/path/to/usda-dash-config/usda-vision";
# inputs.nixpkgs.follows = "nixpkgs";
# };
#
# 2. In inventory.nix, pass the usda-vision packages and ragenix-managed secrets:
#
# imports = [
# (import /path/to/usda-dash-config/default.nix {
# usda-vision-packages = inputs.usda-vision.packages.${system};
# envFile = config.age.secrets.usda-vision-env.path;
# azureEnvFile = config.age.secrets.usda-vision-azure-env.path;
# })
# ];
{
config,
@@ -30,12 +53,17 @@
}:
let
# Import the usda-vision flake
usda-vision-flake = (builtins.getFlake (toString ./usda-vision)).packages.${pkgs.system};
# Get packages from the flake
camera-sdk = usda-vision-flake.camera-sdk;
usda-vision-app = usda-vision-flake.usda-vision;
# Get packages from the parameter passed by athenix
# Fallback to local callPackage if not provided (for standalone testing)
camera-sdk =
if usda-vision-packages != null
then usda-vision-packages.camera-sdk
else pkgs.callPackage ./usda-vision/camera-sdk.nix {};
usda-vision-app =
if usda-vision-packages != null
then usda-vision-packages.usda-vision
else pkgs.callPackage ./usda-vision/package.nix {};
in
{
@@ -157,10 +185,9 @@ in
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
# Only start if .env file exists and is not empty
unitConfig = {
ConditionPathExists = "/var/lib/usda-vision/.env";
ConditionPathIsReadWrite = "/var/lib/usda-vision/.env";
# Only start if .env file exists (will be managed by ragenix)
unitConfig = lib.mkIf (envFile != null) {
ConditionPathExists = envFile;
};
preStart = ''
@@ -170,18 +197,34 @@ in
--checksum \
--exclude='node_modules' \
--exclude='.env' \
--exclude='.env.azure' \
--exclude='__pycache__' \
--exclude='.venv' \
${usda-vision-app}/opt/usda-vision/ /var/lib/usda-vision/
# Ensure .env file exists with defaults if empty
if [ ! -s /var/lib/usda-vision/.env ]; then
if [ -f ${usda-vision-app}/opt/usda-vision/.env.example ]; then
echo "Copying .env.example to /var/lib/usda-vision/.env"
cp ${usda-vision-app}/opt/usda-vision/.env.example /var/lib/usda-vision/.env
echo "Please edit /var/lib/usda-vision/.env with your configuration"
# Copy ragenix-managed secrets to working directory
${lib.optionalString (envFile != null) ''
echo "Copying environment file from ragenix-managed secret..."
cp ${envFile} /var/lib/usda-vision/.env
chmod 644 /var/lib/usda-vision/.env
''}
${lib.optionalString (azureEnvFile != null) ''
echo "Copying Azure environment file from ragenix-managed secret..."
cp ${azureEnvFile} /var/lib/usda-vision/.env.azure
chmod 644 /var/lib/usda-vision/.env.azure
''}
# Fallback: use example file if no secrets provided
${lib.optionalString (envFile == null) ''
if [ ! -s /var/lib/usda-vision/.env ]; then
if [ -f ${usda-vision-app}/opt/usda-vision/.env.example ]; then
echo "WARNING: No ragenix-managed secrets provided, using .env.example"
echo "Please configure secrets in athenix using ragenix"
cp ${usda-vision-app}/opt/usda-vision/.env.example /var/lib/usda-vision/.env
fi
fi
fi
''}
'';
serviceConfig = {