infrastructure/machines/nixos/compute01/ds-fr/default.nix

# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2

{
  config,
  pkgs,
  sources,
  ...
}:

let
  host = "demarches.dgnum.eu";
  port = 3000;

  dgn-id = "8dfdc60d1aa66e7206461ed7a49199f624a66b4e";
  patch = pkgs.fetchurl {
    url = "https://git.dgnum.eu/DGNum/demarches-normaliennes/commit/${dgn-id}.patch";
    hash = "sha256-6JdbUf2fc79E5F1wtYFnP1JLGJffhGbjaxysRFr8xN4=";
  };
in
{
  imports = [ ./module.nix ];

  dgn-web.internalPorts.ds-fr = port;

  services.demarches-simplifiees = {
    enable = true;

    package = (import sources.nix-pkgs { inherit pkgs; }).demarches-simplifiees.overrideAttrs (old: {
      dsModules = old.dsModules.overrideAttrs {
        prePatch = ''
          ${pkgs.lib.getExe pkgs.git} apply -p1 < ${patch}
        '';
      };

      patches = (old.patches or [ ]) ++ [ ./01-smtp-tls.patch ];

      prePatch = ''
        ${pkgs.lib.getExe pkgs.git} apply -p1 < ${patch}
      '';

      postPatch = ''
        rm -f lib/tasks/deployment/20240830192553_backfill_hide_instructeurs_email.rake
        rm -f lib/tasks/deployment/20240912151317_clean_virtual_column_from_procedure_presentation.rake
        rm -f lib/tasks/deployment/20240920130741_migrate_procedure_presentation_to_columns.rake
      '';
    });

    inherit host port;

    environmentFile = config.age.secrets."ds-fr-secret_file".path;

    initialDeploymentDate = "20230923";

    environment = {
      # Disable France Connect and Agent Connect
      FRANCE_CONNECT_ENABLED = "disabled";
      AGENT_CONNECT_ENABLED = "disabled";

      # S3 storage setup
      ACTIVE_STORAGE_SERVICE = "local";

      # SAML_IDP_ENABLED = "enabled";

      # Optional settings
      APPLICATION_NAME = ''"Démarches normaliennes"'';
      APPLICATION_SHORTNAME = "d-s.dgnum.eu";
      APPLICATION_BASE_URL = "https://${host}";

      # SMTP setup, TODO: Fix and stop using sendmail
      CLASSIC_SMTP_ENABLED = "enabled";
      SMTP_HOST = "kurisu.lahfa.xyz";
      SMTP_PORT = "465";
      SMTP_USER = "web-services@infra.dgnum.eu";
      SMTP_STARTTLS = "";
      SMTP_TLS = "true";
      SMTP_AUTHENTICATION = "plain";

      SUPER_ADMIN_OTP_ENABLED = "disabled";

      CONTACT_EMAIL = "demarches@infra.dgnum.eu";
      EQUIPE_EMAIL = "equipe@infra.dgnum.eu";
      TECH_EMAIL = "tech@infra.dgnum.eu";
      NO_REPLY_EMAIL = ''"Ne pas répondre <demarches@infra.dgnum.eu>"'';
      OLD_CONTACT_EMAIL = "";
      CONTACT_PHONE = "";

      STATUS_URL = "https://status.dgnum.eu/demarches-normaliennes";

      DEMANDE_INSCRIPTION_ADMIN_PAGE_URL = "https://demarches.dgnum.eu/commencer/demande-d-inscription-demarches-normaliennes";
      DOC_URL = "https://docs.dgnum.eu/s/demarches-normaliennes";

      ADMINS_GROUP_ENABLED = "enabled";

      RUBY_YJIT_ENABLE = "1";

      STRICT_EMAIL_VALIDATION_STARTS_ON = "2024-12-18";
    };
  };

  # dgn-backups.jobs.ds-fr.settings.paths = [ "/var/lib/private/demarches-simplifiees/" ];
  dgn-backups.postgresDatabases = [ "ds-fr" ];
}
chore: Add license and copyright information Signed-off-by: Tom Hubrecht <tom.hubrecht@dgnum.eu> Acked-by: Ryan Lahfa <ryan.lahfa@dgnum.eu> Acked-by: Maurice Debray <maurice.debray@dgnum.eu> Acked-by: Lubin Bailly <lubin.bailly@dgnum.eu> Acked-by: Jean-Marc Gailis <jean-marc.gailis@dgnum.eu> as the legal authority, at the time of writing, in DGNum. Acked-by: Elias Coppens <elias.coppens@dgnum.eu> as a member, at the time of writing, of the DGNum executive counsel. 2024-12-12 14:41:43 +01:00			`# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>`
			`#`
			`# SPDX-License-Identifier: EUPL-1.2`

fix(ds-fr): Switch to nix-pkgs 2024-11-21 13:36:24 +01:00			`{`
			`config,`
			`pkgs,`
			`sources,`
			`...`
			`}:`
feat(compute01): Deploy demarches simplifiees 2023-09-24 13:16:22 +02:00
feat(shell): Add pre-commit hooks and reformat the repo 2024-02-02 10:51:31 +01:00			`let`
			`host = "demarches.dgnum.eu";`
fix(ds-fr): Update module 2024-12-17 22:17:12 +01:00			`port = 3000;`
fix(ds-fr): Switch to nix-pkgs 2024-11-21 13:36:24 +01:00
fix(ds-fr): Update module 2024-12-17 22:17:12 +01:00			`dgn-id = "8dfdc60d1aa66e7206461ed7a49199f624a66b4e";`
			`patch = pkgs.fetchurl {`
			`url = "https://git.dgnum.eu/DGNum/demarches-normaliennes/commit/${dgn-id}.patch";`
			`hash = "sha256-6JdbUf2fc79E5F1wtYFnP1JLGJffhGbjaxysRFr8xN4=";`
			`};`
feat(shell): Add pre-commit hooks and reformat the repo 2024-02-02 10:51:31 +01:00			`in`
			`{`
feat(compute01): Deploy demarches simplifiees 2023-09-24 13:16:22 +02:00			`imports = [ ./module.nix ];`

fix(ds-fr): Update module 2024-12-17 22:17:12 +01:00			`dgn-web.internalPorts.ds-fr = port;`
feat(nginx): Switch to simpleProxies for the majority of configs 2024-10-12 19:30:36 +02:00
feat(compute01): Deploy demarches simplifiees 2023-09-24 13:16:22 +02:00			`services.demarches-simplifiees = {`
			`enable = true;`

fix(ds-fr): Update module 2024-12-17 22:17:12 +01:00			`package = (import sources.nix-pkgs { inherit pkgs; }).demarches-simplifiees.overrideAttrs (old: {`
			`dsModules = old.dsModules.overrideAttrs {`
			`prePatch = ''`
			`${pkgs.lib.getExe pkgs.git} apply -p1 < ${patch}`
			`'';`
			`};`
feat(compute01): Deploy demarches simplifiees 2023-09-24 13:16:22 +02:00
fix(ds-fr): Make email work again 2024-12-18 09:50:31 +01:00			`patches = (old.patches or [ ]) ++ [ ./01-smtp-tls.patch ];`

fix(ds-fr): Update module 2024-12-17 22:17:12 +01:00			`prePatch = ''`
			`${pkgs.lib.getExe pkgs.git} apply -p1 < ${patch}`
			`'';`

			`postPatch = ''`
			`rm -f lib/tasks/deployment/20240830192553_backfill_hide_instructeurs_email.rake`
			`rm -f lib/tasks/deployment/20240912151317_clean_virtual_column_from_procedure_presentation.rake`
			`rm -f lib/tasks/deployment/20240920130741_migrate_procedure_presentation_to_columns.rake`
			`'';`
			`});`

			`inherit host port;`
feat(compute01): Deploy demarches simplifiees 2023-09-24 13:16:22 +02:00
fix(ds-fr): Update module 2024-12-17 22:17:12 +01:00			`environmentFile = config.age.secrets."ds-fr-secret_file".path;`
feat(compute01): Deploy demarches simplifiees 2023-09-24 13:16:22 +02:00
fix(ds-fr): Update module 2024-12-17 22:17:12 +01:00			`initialDeploymentDate = "20230923";`

			`environment = {`
fix(ds-fr): Switch to local storage Also disable France Connect login 2023-09-26 20:46:38 +02:00			`# Disable France Connect and Agent Connect`
feat(compute01): Deploy demarches simplifiees 2023-09-24 13:16:22 +02:00			`FRANCE_CONNECT_ENABLED = "disabled";`
fix(ds-fr): Switch to local storage Also disable France Connect login 2023-09-26 20:46:38 +02:00			`AGENT_CONNECT_ENABLED = "disabled";`
feat(compute01): Deploy demarches simplifiees 2023-09-24 13:16:22 +02:00
			`# S3 storage setup`
fix(ds-fr): Switch to local storage Also disable France Connect login 2023-09-26 20:46:38 +02:00			`ACTIVE_STORAGE_SERVICE = "local";`
feat(compute01): Deploy demarches simplifiees 2023-09-24 13:16:22 +02:00
			`# SAML_IDP_ENABLED = "enabled";`

			`# Optional settings`
			`APPLICATION_NAME = ''"Démarches normaliennes"'';`
			`APPLICATION_SHORTNAME = "d-s.dgnum.eu";`
			`APPLICATION_BASE_URL = "https://${host}";`

			`# SMTP setup, TODO: Fix and stop using sendmail`
			`CLASSIC_SMTP_ENABLED = "enabled";`
			`SMTP_HOST = "kurisu.lahfa.xyz";`
			`SMTP_PORT = "465";`
			`SMTP_USER = "web-services@infra.dgnum.eu";`
fix(ds-fr): Make email work again 2024-12-18 09:50:31 +01:00			`SMTP_STARTTLS = "";`
			`SMTP_TLS = "true";`
feat(compute01): Deploy demarches simplifiees 2023-09-24 13:16:22 +02:00			`SMTP_AUTHENTICATION = "plain";`

			`SUPER_ADMIN_OTP_ENABLED = "disabled";`

			`CONTACT_EMAIL = "demarches@infra.dgnum.eu";`
			`EQUIPE_EMAIL = "equipe@infra.dgnum.eu";`
			`TECH_EMAIL = "tech@infra.dgnum.eu";`
feat(dgn-secrets): Add a matches option This option allows specifying regexes tied to options. When a secret matches a pattern, the the options are applied to it. 2023-10-02 22:48:18 +02:00			`NO_REPLY_EMAIL = ''"Ne pas répondre <demarches@infra.dgnum.eu>"'';`
feat(compute01): Deploy demarches simplifiees 2023-09-24 13:16:22 +02:00			`OLD_CONTACT_EMAIL = "";`
			`CONTACT_PHONE = "";`

feat(ds-fr): Update patches 2023-12-03 13:24:09 +01:00			`STATUS_URL = "https://status.dgnum.eu/demarches-normaliennes";`

feat(ds-fr): Replace the signup link 2023-12-10 19:32:49 +01:00			`DEMANDE_INSCRIPTION_ADMIN_PAGE_URL = "https://demarches.dgnum.eu/commencer/demande-d-inscription-demarches-normaliennes";`
feat(ds-fr): Add custom documentation url 2023-12-10 20:24:21 +01:00			`DOC_URL = "https://docs.dgnum.eu/s/demarches-normaliennes";`
feat(ds-fr): Replace the signup link 2023-12-10 19:32:49 +01:00
feat(ds-fr): Update to latest version and enable admins group 2023-12-13 14:40:20 +01:00			`ADMINS_GROUP_ENABLED = "enabled";`

feat(ds-fr): Update 2024-01-12 10:59:15 +01:00			`RUBY_YJIT_ENABLE = "1";`

fix(ds-fr): Update module 2024-12-17 22:17:12 +01:00			`STRICT_EMAIL_VALIDATION_STARTS_ON = "2024-12-18";`
feat(compute01): Deploy demarches simplifiees 2023-09-24 13:16:22 +02:00			`};`
			`};`

chore(ds-fr): Disable var/lib backups for now It is spitting out errors 2024-12-18 07:57:05 +01:00			`# dgn-backups.jobs.ds-fr.settings.paths = [ "/var/lib/private/demarches-simplifiees/" ];`
feat(compute01): Create some backups 2024-02-21 22:49:20 +01:00			`dgn-backups.postgresDatabases = [ "ds-fr" ];`
feat(compute01): Deploy demarches simplifiees 2023-09-24 13:16:22 +02:00			`}`