initial commit

templates/dev/flask-hello/.envrc

@@ -0,0 +1 @@
+use flake

templates/dev/flask-hello/.github/workflows/python-nix.yml

@@ -0,0 +1,23 @@
+name: Python Nix Pipeline
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  build-and-test:
+    name: Build and Test
+    runs-on: ubuntu-latest
+    
+    steps:
+    - uses: actions/checkout@v3
+    
+    - name: Set up Nix
+      uses: cachix/install-nix-action@v18
+      with:
+          nix_path: nixpkgs=channel:nixos-unstable
+
+    - name: Run nix flake check
+      run: nix flake check

templates/dev/flask-hello/.gitignore

@@ -0,0 +1,30 @@
+# Byte-compiled Python files
+*.py[cod]
+__pycache__/
+
+# Distribution / packaging
+.Python
+*.egg
+*.egg-info/
+.coverage
+.htmlcov/
+.pytest_cache/
+.tox/
+.venv/
+.direnv/
+ENV/
+build/
+dist/
+env.bak/
+env/
+venv.bak/
+venv/
+
+# IDE/editor files
+*.sublime-project
+*.sublime-workspace
+.idea/
+.vscode/
+
+# Nix-related files
+result

templates/dev/flask-hello/app.py

@@ -0,0 +1,5 @@
+#!/usr/bin/env python3
+
+from flask_hello import create_app
+
+app = create_app()

templates/dev/flask-hello/flake.nix

@@ -0,0 +1,77 @@
+{
+  description = "A hello world template for Python Flask";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    pre-commit-hooks = {
+      url = "github:cachix/pre-commit-hooks.nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+
+  outputs =
+    {
+      self,
+      nixpkgs,
+      ...
+    }:
+    let
+      supportedSystems = [
+        "x86_64-linux"
+        "aarch64-linux"
+        "x86_64-darwin"
+        "aarch64-darwin"
+      ];
+
+      forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
+
+      nixpkgsFor = forAllSystems (
+        system:
+        import nixpkgs {
+          inherit system;
+          overlays = [ self.overlays.default ];
+        }
+      );
+    in
+    {
+      overlays.default = final: _prev: {
+        flask_hello = self.packages.${final.system}.default;
+      };
+
+      packages = forAllSystems (system: {
+        default = nixpkgsFor.${system}.callPackage ./nix/package.nix { };
+      });
+
+      devShells = forAllSystems (system: {
+        default = import ./nix/shell.nix { pkgs = nixpkgsFor.${system}; };
+      });
+
+      nixosModules = {
+        flask_hello = import ./nix/module.nix;
+      };
+
+      formatter = forAllSystems (
+        system:
+        let
+          pkgs = nixpkgs.legacyPackages.${system};
+          config = self.checks.${system}.pre-commit-check.config;
+          inherit (config) package configFile;
+          script = ''
+            ${pkgs.lib.getExe package} run --all-files --config ${configFile}
+          '';
+        in
+        pkgs.writeShellScriptBin "pre-commit-run" script
+      );
+
+      checks = forAllSystems (system: {
+        build-packages = nixpkgsFor."${system}".linkFarm "flake-packages-${system}" self.packages.${system};
+        pre-commit-check = self.inputs.pre-commit-hooks.lib.${system}.run {
+          src = ./.;
+          hooks = {
+            nixfmt.enable = true;
+            black.enable = true;
+          };
+        };
+      });
+    };
+}

templates/dev/flask-hello/flask_hello/__init__.py

@@ -0,0 +1,17 @@
+from flask import Flask
+
+
+def create_app():
+    app = Flask(__name__)
+
+    from .blueprints.home import home_bp
+
+    app.register_blueprint(home_bp)
+
+    from flask import render_template
+
+    @app.errorhandler(404)
+    def not_found_error(error):
+        return render_template("errors.html", error="Page not found"), 404
+
+    return app

templates/dev/flask-hello/flask_hello/blueprints/home.py

@@ -0,0 +1,8 @@
+from flask import Blueprint, render_template
+
+home_bp = Blueprint("home", __name__)
+
+
+@home_bp.route("/")
+def index():
+    return render_template("index.html")

templates/dev/flask-hello/flask_hello/static/css/style.css

@@ -0,0 +1,9 @@
+body {
+    font-family: Arial, sans-serif;
+    margin: 40px;
+    background-color: #f5f5f5;
+}
+
+h1 {
+    color: #333;
+}

templates/dev/flask-hello/flask_hello/templates/base.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>{% block title %}Flask App{% endblock %}</title>
+    <link rel="stylesheet" href="{{ url_for('static', filename='css/style.css') }}">
+</head>
+<body>
+    {% block content %}{% endblock %}
+</body>
+</html>

templates/dev/flask-hello/flask_hello/templates/errors.html

@@ -0,0 +1,7 @@
+{% extends "base.html" %}
+
+{% block content %}
+<h1>Error</h1>
+<p>{{ error }}</p>
+<a href="{{ url_for('home.index') }}">Go Home</a>
+{% endblock %}

templates/dev/flask-hello/flask_hello/templates/index.html

@@ -0,0 +1,6 @@
+{% extends "base.html" %}
+
+{% block content %}
+<h1>Hello, World!</h1>
+<p>Welcome to your Flask application.</p>
+{% endblock %}

templates/dev/flask-hello/nix/module.nix

@@ -0,0 +1,132 @@
+{
+  inputs,
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  cfg = config.services.flask_hello;
+  domain = config.networking.domain;
+  fqdn = if (cfg.nginx.subdomain != "") then "${cfg.nginx.subdomain}.${domain}" else domain;
+
+  python-with-packages = pkgs.python3.withPackages (
+    p: with p; [
+      flask
+    ]
+  );
+
+  inherit (lib)
+    concatStringsSep
+    getExe
+    mkDefault
+    mkEnableOption
+    mkIf
+    mkOption
+    mkPackageOption
+    types
+    ;
+in
+{
+  options.services.flask_hello = {
+    enable = mkEnableOption "Flask Hello World service.";
+
+    package = mkPackageOption pkgs "flask_hello" { };
+
+    port = mkOption {
+      type = types.port;
+      default = 5000;
+      description = "The port to listen on.";
+    };
+
+    user = mkOption {
+      type = types.str;
+      description = "The user the Flask service will run as.";
+      default = "flaskapp";
+    };
+
+    group = mkOption {
+      type = types.str;
+      description = "The group the Flask service will run as.";
+      default = "flaskapp";
+    };
+
+    nginx = {
+      enable = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Enable Nginx as a reverse proxy for the Flask application.";
+      };
+      subdomain = mkOption {
+        type = types.str;
+        default = "flask_hello";
+        description = "Subdomain for the Nginx virtual host. Leave empty for root domain.";
+      };
+      ssl = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Enable SSL for the Nginx virtual host using ACME.";
+      };
+    };
+
+    gunicorn.extraArgs = mkOption {
+      type = types.listOf types.str;
+      default = [ ];
+      description = "Extra arguments for gunicorn.";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    nixpkgs.overlays = [ inputs.flask_hello.overlays.default ];
+
+    networking.firewall.allowedTCPPorts = [
+      80 # ACME challenge
+      443
+    ];
+
+    systemd.services.flask_hello = {
+      description = "Flask Hello World";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      environment = {
+        PYTHONPATH = "${python-with-packages}/${python-with-packages.sitePackages}";
+      };
+      serviceConfig = {
+        ExecStart = ''
+          ${getExe pkgs.python3Packages.gunicorn} \
+            --bind=127.0.0.1:${toString cfg.port} \
+            ${concatStringsSep " " cfg.gunicorn.extraArgs} \
+            app:app
+        '';
+        WorkingDirectory = "${cfg.package}";
+        Restart = "on-failure";
+        User = cfg.user;
+        Group = cfg.group;
+      };
+    };
+
+    users.users."${cfg.user}" = {
+      home = "/var/lib/${cfg.user}";
+      isSystemUser = true;
+      group = cfg.group;
+    };
+    users.groups."${cfg.group}" = { };
+
+    services.nginx = mkIf cfg.nginx.enable {
+      enable = mkDefault true;
+      virtualHosts."${fqdn}" = {
+        enableACME = cfg.nginx.ssl;
+        forceSSL = cfg.nginx.ssl;
+        locations."/".proxyPass = "http://127.0.0.1:${toString cfg.port}";
+      };
+    };
+
+    security.acme = mkIf (cfg.nginx.enable && cfg.nginx.ssl) {
+      acceptTerms = true;
+      defaults.email = mkDefault "postmaster@${domain}";
+      defaults.webroot = mkDefault "/var/lib/acme/acme-challenge";
+      certs."${domain}".postRun = "systemctl reload nginx.service";
+    };
+  };
+}

templates/dev/flask-hello/nix/package.nix

@@ -0,0 +1,31 @@
+{
+  python3,
+  ...
+}:
+
+python3.pkgs.buildPythonApplication rec {
+  pname = "flask_hello";
+  version = "0.1.0";
+  pyproject = true;
+
+  build-system = [ python3.pkgs.setuptools ];
+
+  dependencies = with python3.pkgs; [
+    flask
+  ];
+
+  src = ../.;
+
+  installPhase = ''
+    runHook preInstall
+
+    mkdir -p $out
+    cp -r $src/${pname} $out/
+    cp $src/app.py $out/
+    chmod +x $out/app.py
+
+    runHook postInstall
+  '';
+
+  doCheck = false;
+}

templates/dev/flask-hello/nix/shell.nix

@@ -0,0 +1,17 @@
+{
+  pkgs ? import <nixpkgs> { },
+  ...
+}:
+
+pkgs.mkShell {
+  buildInputs = [
+    (pkgs.python3.withPackages (
+      p: with p; [
+        flask
+        gunicorn
+      ]
+    ))
+    pkgs.nixfmt-tree
+    pkgs.black
+  ];
+}

templates/dev/flask-hello/pyproject.toml

@@ -0,0 +1,13 @@
+[build-system]
+requires = ["setuptools"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "flask_hello"
+version = "0.1.0"
+dependencies = [
+    "flask",
+]
+
+[tool.setuptools.packages.find]
+include = ["flask_hello*"]