feat(dgsi): Update, with SAML provisional auth

This commit is contained in:
Tom Hubrecht 2024-10-06 16:19:36 +02:00
parent 38231eb6e0
commit 7d24e2dfc1
Signed by: thubrecht
SSH key fingerprint: SHA256:r+nK/SIcWlJ0zFZJGHtlAoRwq1Rm+WcKAm5ADYMoQPc
5 changed files with 39 additions and 29 deletions

View file

@ -8,7 +8,7 @@
}:
let
inherit (lib) mapAttrsToList;
inherit (lib) toLower;
python =
let
@ -33,7 +33,9 @@ let
};
};
pythonEnv = python.withPackages (ps: [
pythonEnv = python.withPackages (
ps:
[
ps.django
ps.gunicorn
ps.psycopg
@ -51,7 +53,9 @@ let
ps.loadcredential
ps.pykanidm
ps.python-cas
]);
]
++ ps.django-allauth.optional-dependencies.saml
);
staticDrv = pkgs.stdenv.mkDerivation {
name = "dgsi-static";
@ -67,8 +71,10 @@ let
configurePhase = ''
export DGSI_STATIC_ROOT=$out/static
export CREDENTIALS_DIRECTORY=$(pwd)/../.credentials
export DGSI_KANIDM_CLIENT="dgsi_test";
export DGSI_KANIDM_AUTH_TOKEN="fake.token";
export DGSI_KANIDM_CLIENT="dgsi_test"
export DGSI_KANIDM_AUTH_TOKEN="fake.token"
export DGSI_X509_KEY=""
export DGSI_X509_CERT=""
'';
doBuild = false;
@ -101,12 +107,14 @@ in
serviceConfig = {
DynamicUser = true;
LoadCredential = mapAttrsToList (name: value: "${name}:${value}") {
SECRET_KEY = config.age.secrets."dgsi-secret_key_file".path;
KANIDM_AUTH_TOKEN = config.age.secrets."dgsi-kanidm_auth_token_file".path;
KANIDM_SECRET = config.age.secrets."dgsi-kanidm_secret_file".path;
EMAIL_HOST_PASSWORD = config.age.secrets."dgsi-email_host_password_file".path;
};
LoadCredential = map (name: "${name}:${config.age.secrets."dgsi-${toLower name}_file".path}") [
"EMAIL_HOST_PASSWORD"
"KANIDM_AUTH_TOKEN"
"KANIDM_SECRET"
"SECRET_KEY"
"X509_CERT"
"X509_KEY"
];
RuntimeDirectory = "django-apps/dgsi";
StateDirectory = "django-apps/dgsi";
UMask = "0027";

Binary file not shown.

Binary file not shown.

View file

@ -10,6 +10,8 @@ lib.setDefault { inherit publicKeys; } [
"dgsi-kanidm_auth_token_file"
"dgsi-kanidm_secret_file"
"dgsi-secret_key_file"
"dgsi-x509_cert_file"
"dgsi-x509_key_file"
"ds-fr-secret_file"
"grafana-oauth_client_secret_file"
"grafana-smtp_password_file"

View file

@ -45,9 +45,9 @@
"url": "https://git.dgnum.eu/DGNum/dgsi.git"
},
"branch": "main",
"revision": "a88d31541cfd836ba2bd4bb3c8ec8142e4cd8aa2",
"revision": "9c4413faa1610167d65b5c6110cdbc714eb14887",
"url": null,
"hash": "0z31ib1xjdyzpwdnbj4j7r9nb5baiab3nbx0wg55dh2ifkxp2vqb"
"hash": "0pn684dc1s5v3nqiy6jpxpr26mv5z6pq1i5cvza9d2hi7lddp3wb"
},
"disko": {
"type": "GitRelease",