Release to main

.envrc

@@ -0,0 +1,3 @@
+# shellcheck disable=SC2148
+
+use nix

.github/workflows/deploy.yaml

@@ -19,29 +19,29 @@ jobs:
           echo "TAG=${{ github.head_ref || github.ref_name }}" >> $GITHUB_ENV
 
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Install Nix
-        uses: cachix/install-nix-action@v22
+        uses: cachix/install-nix-action@v24
         with:
-          nix_path: nixpkgs=channel:nixos-23.05
+          nix_path: nixpkgs=channel:nixpkgs-23.11-darwin
           extra_nix_config: |
             trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
             substituters = https://cache.nixos.org/
 
       - name: Install dependencies
         run: |
-          nix-shell --run "true"
+          nix-shell --pure --run true
 
-      - name: Compile cython
+      - name: Build Cython
         run: |
-          nix-shell --run "pipenv run make"
+          nix-shell --pure --run cython-build
 
-      - name: Build
+      - name: Build Docker image
         run: |
           echo "IMAGE_PATH=$(nix-build --no-out-link)" >> $GITHUB_ENV
 
-      - name: Set up SSH
+      - name: Configure SSH
         run: |
           mkdir -p ~/.ssh
           echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa
@@ -53,25 +53,34 @@ jobs:
             IdentityFile ~/.ssh/id_rsa
           " > ~/.ssh/config
 
-      - name: Upload image
+      - name: Upload Docker image
         run: |
-          scp $IMAGE_PATH remote:~
+          scp "${{ env.IMAGE_PATH }}" remote:~
 
       - name: Deploy
         run: |
-          ssh remote <<EOF
+          ssh remote <<\EOF
             set -e
+            tag="${{ env.TAG }}"
+            image_filename="$(basename "${{ env.IMAGE_PATH }}")"
 
-            echo "Loading docker image"
-            docker load < $(basename $IMAGE_PATH) && rm $(basename $IMAGE_PATH)
+            cleanup() {
+              cd ~
+              echo "Cleaning up"
+              rm -f "$image_filename"
+            }
 
-            echo "Fetching latest changes from the repository"
-            cd $TAG
-            git fetch origin $TAG
-            git checkout $TAG
-            git reset --hard origin/$TAG
+            trap cleanup EXIT
+
+            echo "Loading Docker image"
+            docker load < "$image_filename"
+
+            echo "Fetching latest changes from the git repository"
+            cd "$tag"
+            git fetch origin "$tag"
+            git checkout "$tag"
+            git reset --hard "origin/$tag"
 
             echo "Restarting containers"
-            export TAG=$TAG
-            docker compose --env-file envs/compose/$TAG.env up -d
+            TAG="$tag" docker compose --env-file "envs/compose/$tag.env" up -d
           EOF

Caddyfile

@@ -1,5 +1,7 @@
 :443 {
-    reverse_proxy cache:80
+    reverse_proxy cache:80 {
+        header_up X-Forwarded-For {http.request.header.CF-Connecting-IP}
+    }
 
     tls /cert/ssl.crt /cert/ssl.key {
         client_auth {

README.md

@@ -31,11 +31,11 @@ It's your shortcut to seamless dependency management and reproducible environmen
 It will save you lots of time and spare you from unnecessary stress.
 
 ```sh
-# Install dependencies and packages
+# Install dependencies and enter shell
 nix-shell
 
 # Start up the database
-make dev-start
+dev-start
 
 # Launch the web server
 uvicorn main:app
@@ -47,8 +47,8 @@ Navigate to http://localhost:8000 to access the web app locally.
 
 ```sh
 # Terminate the database
-make dev-stop
+dev-stop
 
-# Purge data
-rm -r data
+# Purge database
+dev-clean
 ```

api/v1/node.py

@@ -1,33 +1,30 @@
 import re
 from datetime import datetime
 
-from dateutil import tz
 from fastapi import APIRouter, HTTPException
-from timezonefinder import TimezoneFinder
+from pytz import timezone
+from tzfpy import get_tz
 
 from models.lonlat import LonLat
 from states.aed_state import AEDStateDep
 from states.photo_state import PhotoStateDep
 
 router = APIRouter()
 
-tf = TimezoneFinder()
-
 photo_id_re = re.compile(r'view/(?P<id>\S+)\.')
 
 
 def _get_timezone(lonlat: LonLat) -> tuple[str | None, str | None]:
-    timezone_name = tf.timezone_at(lng=lonlat.lon, lat=lonlat.lat)
+    timezone_name: str | None = get_tz(lonlat.lon, lonlat.lat)
+    timezone_offset = None
 
     if timezone_name:
         try:
-            dt = datetime.now(tz=tz.gettz(timezone_name))
+            dt = datetime.now(tz=timezone(timezone_name))
             offset = dt.strftime('%z')
             timezone_offset = f'UTC{offset[:3]}:{offset[3:]}'
-        except Exception:
-            timezone_offset = None
-    else:
-        timezone_offset = None
+        except Exception:  # noqa: S110
+            pass
 
     return timezone_name, timezone_offset
 

api/v1/photos.py

@@ -13,7 +13,6 @@
 from states.aed_state import AEDStateDep
 from states.photo_report_state import PhotoReportStateDep
 from states.photo_state import PhotoStateDep
-from utils import upgrade_https
 
 router = APIRouter(prefix='/photos')
 
@@ -77,7 +76,7 @@ async def upload(
         raise HTTPException(403, 'User has an active block on OpenStreetMap')
 
     photo_info = await photo_state.set_photo(node_id, str(osm_user['id']), file)
-    photo_url = upgrade_https(str(request.url_for('view', id=photo_info.id)))
+    photo_url = f'{request.base_url}api/v1/photos/view/{photo_info.id}.webp'
 
     node_xml = await osm.get_node_xml(node_id)
 
@@ -110,7 +109,7 @@ async def report_rss(
     fg = FeedGenerator()
     fg.title('AED Photo Reports')
     fg.description('This feed contains a list of recent AED photo reports')
-    fg.link(href=upgrade_https(str(request.url)), rel='self')
+    fg.link(href=str(request.url), rel='self')
 
     for report in await photo_report_state.get_recent_reports():
         info = await photo_state.get_photo_by_id(report.photo_id)
@@ -130,7 +129,7 @@ async def report_rss(
             ),
             type='CDATA',
         )
-        fe.link(href=upgrade_https(f'{request.base_url}api/v1/photos/view/{report.photo_id}.webp'))
+        fe.link(href=f'{request.base_url}api/v1/photos/view/{report.photo_id}.webp')
         fe.published(datetime.utcfromtimestamp(report.timestamp).astimezone(tz=UTC))
 
     return Response(content=fg.rss_str(pretty=True), media_type='application/rss+xml')

config.py

@@ -9,7 +9,7 @@
 from pyproj import Transformer
 
 NAME = 'openaedmap-backend'
-VERSION = '2.3'
+VERSION = '2.4'
 VERSION_TIMESTAMP = 0
 CREATED_BY = f'{NAME} {VERSION}'
 WEBSITE = 'https://openaedmap.org'

default.nix

@@ -1,28 +1,23 @@
-{ pkgsnix ? import ./pkgs.nix
-, pkgs ? pkgsnix.pkgs
-, unstable ? pkgsnix.unstable
-}:
+{ pkgs ? import <nixpkgs> { }, ... }:
 
-with pkgs; let
+let
   envTag = builtins.getEnv "TAG";
 
   shell = import ./shell.nix {
-    inherit pkgs;
-    inherit unstable;
-    isDocker = true;
+    isDevelopment = false;
   };
 
-  python-venv = buildEnv {
+  python-venv = pkgs.buildEnv {
     name = "python-venv";
     paths = [
-      (runCommand "python-venv" { } ''
+      (pkgs.runCommand "python-venv" { } ''
         mkdir -p $out/lib
-        cp -r "${./.venv/lib/python3.11/site-packages}"/* $out/lib
+        cp -r "${./.venv/lib/python3.12/site-packages}"/* $out/lib
       '')
     ];
   };
 in
-dockerTools.buildLayeredImage {
+with pkgs; dockerTools.buildLayeredImage {
   name = "backend";
   tag = if envTag != "" then envTag else "latest";
 
@@ -33,20 +28,20 @@ dockerTools.buildLayeredImage {
     mkdir tmp
     mkdir app && cd app
     cp "${./.}"/LICENSE .
-    cp "${./.}"/Makefile .
     cp "${./.}"/*.py .
     cp -r "${./.}"/api .
     cp -r "${./.}"/cython_lib .
     cp -r "${./.}"/middlewares .
     cp -r "${./.}"/models .
     cp -r "${./.}"/states .
+    export PATH="${lib.makeBinPath shell.buildInputs}":$PATH
     ${shell.shellHook}
   '';
 
   config = {
     WorkingDir = "/app";
     Env = [
-      "LD_LIBRARY_PATH=${lib.makeLibraryPath shell.buildInputs}"
+      "LD_LIBRARY_PATH=${lib.makeLibraryPath shell.libraries}"
       "PYTHONPATH=${python-venv}/lib"
       "PYTHONUNBUFFERED=1"
       "PYTHONDONTWRITEBYTECODE=1"

docker-compose.yml

@@ -75,20 +75,9 @@ services:
     depends_on:
       - app
 
-    volumes:
-      - ./default.vcl:/etc/varnish/default.vcl:ro
-      - ./data/cache:/var/lib/varnish
-
-  https:
-    image: caddy:alpine
-    restart: unless-stopped
-
-    depends_on:
-      - cache
-
     ports:
-      - ${LISTEN:-443}:443
+      - ${LISTEN:-80}:80
 
     volumes:
-      - ./Caddyfile:/etc/caddy/Caddyfile:ro
-      - ./cert:/cert:ro
+      - ./default.vcl:/etc/varnish/default.vcl:ro
+      - ./data/cache:/var/lib/varnish

envs/compose/dev.env

@@ -1,2 +1,2 @@
-LISTEN=49223
+LISTEN=127.0.0.1:49223
 WORKERS=4

envs/compose/main.env

@@ -1,2 +1,2 @@
-LISTEN=49222
+LISTEN=127.0.0.1:49222
 WORKERS=12