feat(dgsi): Update, with SAML provisional auth
This commit is contained in:
parent
38231eb6e0
commit
7d24e2dfc1
5 changed files with 39 additions and 29 deletions
|
@ -8,7 +8,7 @@
|
||||||
}:
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (lib) mapAttrsToList;
|
inherit (lib) toLower;
|
||||||
|
|
||||||
python =
|
python =
|
||||||
let
|
let
|
||||||
|
@ -33,7 +33,9 @@ let
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
pythonEnv = python.withPackages (ps: [
|
pythonEnv = python.withPackages (
|
||||||
|
ps:
|
||||||
|
[
|
||||||
ps.django
|
ps.django
|
||||||
ps.gunicorn
|
ps.gunicorn
|
||||||
ps.psycopg
|
ps.psycopg
|
||||||
|
@ -51,7 +53,9 @@ let
|
||||||
ps.loadcredential
|
ps.loadcredential
|
||||||
ps.pykanidm
|
ps.pykanidm
|
||||||
ps.python-cas
|
ps.python-cas
|
||||||
]);
|
]
|
||||||
|
++ ps.django-allauth.optional-dependencies.saml
|
||||||
|
);
|
||||||
|
|
||||||
staticDrv = pkgs.stdenv.mkDerivation {
|
staticDrv = pkgs.stdenv.mkDerivation {
|
||||||
name = "dgsi-static";
|
name = "dgsi-static";
|
||||||
|
@ -67,8 +71,10 @@ let
|
||||||
configurePhase = ''
|
configurePhase = ''
|
||||||
export DGSI_STATIC_ROOT=$out/static
|
export DGSI_STATIC_ROOT=$out/static
|
||||||
export CREDENTIALS_DIRECTORY=$(pwd)/../.credentials
|
export CREDENTIALS_DIRECTORY=$(pwd)/../.credentials
|
||||||
export DGSI_KANIDM_CLIENT="dgsi_test";
|
export DGSI_KANIDM_CLIENT="dgsi_test"
|
||||||
export DGSI_KANIDM_AUTH_TOKEN="fake.token";
|
export DGSI_KANIDM_AUTH_TOKEN="fake.token"
|
||||||
|
export DGSI_X509_KEY=""
|
||||||
|
export DGSI_X509_CERT=""
|
||||||
'';
|
'';
|
||||||
|
|
||||||
doBuild = false;
|
doBuild = false;
|
||||||
|
@ -101,12 +107,14 @@ in
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
DynamicUser = true;
|
DynamicUser = true;
|
||||||
LoadCredential = mapAttrsToList (name: value: "${name}:${value}") {
|
LoadCredential = map (name: "${name}:${config.age.secrets."dgsi-${toLower name}_file".path}") [
|
||||||
SECRET_KEY = config.age.secrets."dgsi-secret_key_file".path;
|
"EMAIL_HOST_PASSWORD"
|
||||||
KANIDM_AUTH_TOKEN = config.age.secrets."dgsi-kanidm_auth_token_file".path;
|
"KANIDM_AUTH_TOKEN"
|
||||||
KANIDM_SECRET = config.age.secrets."dgsi-kanidm_secret_file".path;
|
"KANIDM_SECRET"
|
||||||
EMAIL_HOST_PASSWORD = config.age.secrets."dgsi-email_host_password_file".path;
|
"SECRET_KEY"
|
||||||
};
|
"X509_CERT"
|
||||||
|
"X509_KEY"
|
||||||
|
];
|
||||||
RuntimeDirectory = "django-apps/dgsi";
|
RuntimeDirectory = "django-apps/dgsi";
|
||||||
StateDirectory = "django-apps/dgsi";
|
StateDirectory = "django-apps/dgsi";
|
||||||
UMask = "0027";
|
UMask = "0027";
|
||||||
|
|
BIN
machines/compute01/secrets/dgsi-x509_cert_file
Normal file
BIN
machines/compute01/secrets/dgsi-x509_cert_file
Normal file
Binary file not shown.
BIN
machines/compute01/secrets/dgsi-x509_key_file
Normal file
BIN
machines/compute01/secrets/dgsi-x509_key_file
Normal file
Binary file not shown.
|
@ -10,6 +10,8 @@ lib.setDefault { inherit publicKeys; } [
|
||||||
"dgsi-kanidm_auth_token_file"
|
"dgsi-kanidm_auth_token_file"
|
||||||
"dgsi-kanidm_secret_file"
|
"dgsi-kanidm_secret_file"
|
||||||
"dgsi-secret_key_file"
|
"dgsi-secret_key_file"
|
||||||
|
"dgsi-x509_cert_file"
|
||||||
|
"dgsi-x509_key_file"
|
||||||
"ds-fr-secret_file"
|
"ds-fr-secret_file"
|
||||||
"grafana-oauth_client_secret_file"
|
"grafana-oauth_client_secret_file"
|
||||||
"grafana-smtp_password_file"
|
"grafana-smtp_password_file"
|
||||||
|
|
|
@ -45,9 +45,9 @@
|
||||||
"url": "https://git.dgnum.eu/DGNum/dgsi.git"
|
"url": "https://git.dgnum.eu/DGNum/dgsi.git"
|
||||||
},
|
},
|
||||||
"branch": "main",
|
"branch": "main",
|
||||||
"revision": "a88d31541cfd836ba2bd4bb3c8ec8142e4cd8aa2",
|
"revision": "9c4413faa1610167d65b5c6110cdbc714eb14887",
|
||||||
"url": null,
|
"url": null,
|
||||||
"hash": "0z31ib1xjdyzpwdnbj4j7r9nb5baiab3nbx0wg55dh2ifkxp2vqb"
|
"hash": "0pn684dc1s5v3nqiy6jpxpr26mv5z6pq1i5cvza9d2hi7lddp3wb"
|
||||||
},
|
},
|
||||||
"disko": {
|
"disko": {
|
||||||
"type": "GitRelease",
|
"type": "GitRelease",
|
||||||
|
|
Loading…
Reference in a new issue