feat(dgsi): Update, with SAML provisional auth

This commit is contained in:
Tom Hubrecht 2024-10-06 16:19:36 +02:00
parent 38231eb6e0
commit 7d24e2dfc1
Signed by: thubrecht
SSH key fingerprint: SHA256:r+nK/SIcWlJ0zFZJGHtlAoRwq1Rm+WcKAm5ADYMoQPc
5 changed files with 39 additions and 29 deletions

View file

@ -8,7 +8,7 @@
}: }:
let let
inherit (lib) mapAttrsToList; inherit (lib) toLower;
python = python =
let let
@ -33,7 +33,9 @@ let
}; };
}; };
pythonEnv = python.withPackages (ps: [ pythonEnv = python.withPackages (
ps:
[
ps.django ps.django
ps.gunicorn ps.gunicorn
ps.psycopg ps.psycopg
@ -51,7 +53,9 @@ let
ps.loadcredential ps.loadcredential
ps.pykanidm ps.pykanidm
ps.python-cas ps.python-cas
]); ]
++ ps.django-allauth.optional-dependencies.saml
);
staticDrv = pkgs.stdenv.mkDerivation { staticDrv = pkgs.stdenv.mkDerivation {
name = "dgsi-static"; name = "dgsi-static";
@ -67,8 +71,10 @@ let
configurePhase = '' configurePhase = ''
export DGSI_STATIC_ROOT=$out/static export DGSI_STATIC_ROOT=$out/static
export CREDENTIALS_DIRECTORY=$(pwd)/../.credentials export CREDENTIALS_DIRECTORY=$(pwd)/../.credentials
export DGSI_KANIDM_CLIENT="dgsi_test"; export DGSI_KANIDM_CLIENT="dgsi_test"
export DGSI_KANIDM_AUTH_TOKEN="fake.token"; export DGSI_KANIDM_AUTH_TOKEN="fake.token"
export DGSI_X509_KEY=""
export DGSI_X509_CERT=""
''; '';
doBuild = false; doBuild = false;
@ -101,12 +107,14 @@ in
serviceConfig = { serviceConfig = {
DynamicUser = true; DynamicUser = true;
LoadCredential = mapAttrsToList (name: value: "${name}:${value}") { LoadCredential = map (name: "${name}:${config.age.secrets."dgsi-${toLower name}_file".path}") [
SECRET_KEY = config.age.secrets."dgsi-secret_key_file".path; "EMAIL_HOST_PASSWORD"
KANIDM_AUTH_TOKEN = config.age.secrets."dgsi-kanidm_auth_token_file".path; "KANIDM_AUTH_TOKEN"
KANIDM_SECRET = config.age.secrets."dgsi-kanidm_secret_file".path; "KANIDM_SECRET"
EMAIL_HOST_PASSWORD = config.age.secrets."dgsi-email_host_password_file".path; "SECRET_KEY"
}; "X509_CERT"
"X509_KEY"
];
RuntimeDirectory = "django-apps/dgsi"; RuntimeDirectory = "django-apps/dgsi";
StateDirectory = "django-apps/dgsi"; StateDirectory = "django-apps/dgsi";
UMask = "0027"; UMask = "0027";

Binary file not shown.

Binary file not shown.

View file

@ -10,6 +10,8 @@ lib.setDefault { inherit publicKeys; } [
"dgsi-kanidm_auth_token_file" "dgsi-kanidm_auth_token_file"
"dgsi-kanidm_secret_file" "dgsi-kanidm_secret_file"
"dgsi-secret_key_file" "dgsi-secret_key_file"
"dgsi-x509_cert_file"
"dgsi-x509_key_file"
"ds-fr-secret_file" "ds-fr-secret_file"
"grafana-oauth_client_secret_file" "grafana-oauth_client_secret_file"
"grafana-smtp_password_file" "grafana-smtp_password_file"

View file

@ -45,9 +45,9 @@
"url": "https://git.dgnum.eu/DGNum/dgsi.git" "url": "https://git.dgnum.eu/DGNum/dgsi.git"
}, },
"branch": "main", "branch": "main",
"revision": "a88d31541cfd836ba2bd4bb3c8ec8142e4cd8aa2", "revision": "9c4413faa1610167d65b5c6110cdbc714eb14887",
"url": null, "url": null,
"hash": "0z31ib1xjdyzpwdnbj4j7r9nb5baiab3nbx0wg55dh2ifkxp2vqb" "hash": "0pn684dc1s5v3nqiy6jpxpr26mv5z6pq1i5cvza9d2hi7lddp3wb"
}, },
"disko": { "disko": {
"type": "GitRelease", "type": "GitRelease",