MODEL/usda-vision
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Move ragenix to externally managed, and ask for env file references

Browse Source
This commit is contained in:
Hunter David Halloran
2026-01-30 12:48:48 -05:00
parent f7c1d86244
commit 20a01c89af
4 changed files with 6 additions and 262 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@@ -4,7 +4,7 @@ __pycache__/
*.egg-info/ *.egg-info/
.venv/ .venv/
.uv/ .uv/
.env *.env
.env.*.local .env.*.local
.pytest_cache/ .pytest_cache/
.mypy_cache/ .mypy_cache/
@@ -38,4 +38,4 @@ management-dashboard-web-app/users.txt
# Nix # Nix
result result
result-* result-*
.direnv/ .direnv/

180
flake.lock generated
View File

@@ -1,67 +1,5 @@
{ {
"nodes": { "nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": [
"ragenix",
"nixpkgs"
],
"systems": "systems_2"
},
"locked": {
"lastModified": 1761656077,
"narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=",
"owner": "ryantm",
"repo": "agenix",
"rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"crane": {
"locked": {
"lastModified": 1760924934,
"narHash": "sha256-tuuqY5aU7cUkR71sO2TraVKK2boYrdW3gCSXUkF4i44=",
"owner": "ipetkov",
"repo": "crane",
"rev": "c6b4d5308293d0d04fcfeee92705017537cad02f",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"ragenix",
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems"
@@ -80,46 +18,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"ragenix",
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1769461804, "lastModified": 1769461804,
@@ -136,56 +34,10 @@
"type": "github" "type": "github"
} }
}, },
"ragenix": {
"inputs": {
"agenix": "agenix",
"crane": "crane",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1761832913,
"narHash": "sha256-VCNVjjuRvrKPiYYwqhE3BAKIaReiKXGpxGp27lZ0MFM=",
"owner": "yaxitech",
"repo": "ragenix",
"rev": "83bccfdea758241999f32869fb6b36f7ac72f1ac",
"type": "github"
},
"original": {
"owner": "yaxitech",
"repo": "ragenix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs"
"ragenix": "ragenix"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"ragenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1761791894,
"narHash": "sha256-myRIDh+PxaREz+z9LzbqBJF+SnTFJwkthKDX9zMyddY=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "59c45eb69d9222a4362673141e00ff77842cd219",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
} }
}, },
"systems": { "systems": {
@@ -202,36 +54,6 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

82
flake.nix
View File

@@ -4,15 +4,9 @@
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
# For secrets management
ragenix = {
url = "github:yaxitech/ragenix";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = { self, nixpkgs, flake-utils, ragenix }: outputs = { self, nixpkgs, flake-utils }:
flake-utils.lib.eachDefaultSystem (system: flake-utils.lib.eachDefaultSystem (system:
let let
pkgs = import nixpkgs { pkgs = import nixpkgs {
@@ -63,11 +57,6 @@
# Camera SDK # Camera SDK
camera-sdk camera-sdk
# Secrets management
ragenix.packages.${system}.default
age
ssh-to-age
# Utilities # Utilities
jq jq
yq yq
@@ -94,83 +83,18 @@
echo "Available commands:" echo "Available commands:"
echo " - docker-compose: Manage containers" echo " - docker-compose: Manage containers"
echo " - supabase: Supabase CLI" echo " - supabase: Supabase CLI"
echo " - ragenix: Manage encrypted secrets"
echo " - age: Encrypt/decrypt files"
echo "" echo ""
echo "To activate Python venv: source .venv/bin/activate" echo "To activate Python venv: source .venv/bin/activate"
echo "To edit secrets: ragenix -e secrets/env.age" echo "To edit secrets: ragenix -e secrets/env.age"
echo "" echo ""
echo "NOTE: Secrets should be managed by ragenix in athenix for production deployments"
echo ""
''; '';
# Additional environment configuration # Additional environment configuration
DOCKER_BUILDKIT = "1"; DOCKER_BUILDKIT = "1";
COMPOSE_DOCKER_CLI_BUILD = "1"; COMPOSE_DOCKER_CLI_BUILD = "1";
}; };
# NixOS module for easy integration
nixosModules.default = { config, lib, ... }: {
options.services.usda-vision = {
enable = lib.mkEnableOption "USDA Vision camera management system";
secretsFile = lib.mkOption {
type = lib.types.path;
description = "Path to the ragenix-managed secrets file";
};
dataDir = lib.mkOption {
type = lib.types.str;
default = "/var/lib/usda-vision";
description = "Directory for USDA Vision application data";
};
};
config = lib.mkIf config.services.usda-vision.enable {
environment.systemPackages = [
usda-vision-package
camera-sdk
pkgs.docker-compose
];
environment.variables.LD_LIBRARY_PATH = "${camera-sdk}/lib";
virtualisation.docker = {
enable = true;
autoPrune.enable = true;
};
systemd.services.usda-vision = {
description = "USDA Vision Docker Compose Stack";
after = [ "docker.service" "network-online.target" ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
# Sync application code
${pkgs.rsync}/bin/rsync -av --delete \
--checksum \
--exclude='node_modules' \
--exclude='.env' \
--exclude='__pycache__' \
--exclude='.venv' \
${usda-vision-package}/opt/usda-vision/ ${config.services.usda-vision.dataDir}/
# Copy secrets if managed by ragenix
if [ -f "${config.services.usda-vision.secretsFile}" ]; then
cp "${config.services.usda-vision.secretsFile}" ${config.services.usda-vision.dataDir}/.env
fi
'';
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
WorkingDirectory = config.services.usda-vision.dataDir;
ExecStart = "${pkgs.docker-compose}/bin/docker-compose up -d --build";
ExecStop = "${pkgs.docker-compose}/bin/docker-compose down";
TimeoutStartSec = 300;
};
};
};
};
} }
); );
} }

2
package.nix
View File

@@ -48,8 +48,6 @@ stdenv.mkDerivation {
if [ -f $src/docker-compose.yml ]; then if [ -f $src/docker-compose.yml ]; then
# Basic path replacements with sed # Basic path replacements with sed
${gnused}/bin/sed \ ${gnused}/bin/sed \
-e 's|env_file:.*management-dashboard-web-app/\.env|env_file: /var/lib/usda-vision/.env|g' \
-e 's|\./management-dashboard-web-app/\.env|/var/lib/usda-vision/.env|g' \
-e 's|\./management-dashboard-web-app|/var/lib/usda-vision/management-dashboard-web-app|g' \ -e 's|\./management-dashboard-web-app|/var/lib/usda-vision/management-dashboard-web-app|g' \
-e 's|\./media-api|/var/lib/usda-vision/media-api|g' \ -e 's|\./media-api|/var/lib/usda-vision/media-api|g' \
-e 's|\./video-remote|/var/lib/usda-vision/video-remote|g' \ -e 's|\./video-remote|/var/lib/usda-vision/video-remote|g' \