DGNum/infrastructure
13
6
Fork 3
Code Issues 20 Pull requests 8 Projects 1 Releases Packages Wiki Activity Actions

feat(compute01): Deploy demarches simplifiees

Browse source
This commit is contained in:
Tom Hubrecht 2023-09-24 13:16:22 +02:00
parent eb329666ce
commit 9f24f1d98d
16 changed files with 5257 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
machines/compute01/_configuration.nix
View file

@ -13,6 +13,7 @@ let
# List of services to enable # List of services to enable
enabledServices = [ enabledServices = [
"ds-fr"
"kanidm" "kanidm"
"mastodon" "mastodon"
"nextcloud" "nextcloud"

77
machines/compute01/ds-fr/default.nix Normal file
View file

@ -0,0 +1,77 @@
{ config, lib, dgn-lib, ... }:
let
inherit (dgn-lib) setDefault;
host = "demarches.dgnum.eu";
in {
imports = [ ./module.nix ];
services.demarches-simplifiees = {
enable = true;
secretFile = config.age.secrets.ds_fr-secret_file.path;
initialDeploymentDate = "20230923";
settings = {
APP_HOST = host;
# TODO: use France Connect ?
FRANCE_CONNECT_ENABLED = "disabled";
FC_PARTICULIER_ID = "demarches_dgn";
FC_PARTICULIER_SECRET = "JD2MKKR3aMapqk1f27AcMZMy8sTW7ypRkqcegvf5TUy8bMRp";
FC_PARTICULIER_BASE_URL = "https://sso.dgnum.eu";
# S3 storage setup
ACTIVE_STORAGE_SERVICE = "garage";
S3_ENDPOINT = "https://s3.dgnum.eu";
S3_BUCKET = "demarches-dgnum";
S3_REGION = "garage";
S3_FORCE_PATH_STYLE = "true";
S3_ACCESS_KEY_ID = "GK4d244118eac2336ae0ab2dd9";
S3_SECRET_ACCESS_KEY = "61100261fb0a0c861371596f9ffcd1e83134301a6d0c665a077135af04ba18c3";
# SAML_IDP_ENABLED = "enabled";
# Optional settings
APPLICATION_NAME = ''"Démarches normaliennes"'';
APPLICATION_SHORTNAME = "d-s.dgnum.eu";
APPLICATION_BASE_URL = "https://${host}";
# Deactivate connexion methods
AGENT_CONNECT_ENABLED = "disabled";
# SMTP setup, TODO: Fix and stop using sendmail
CLASSIC_SMTP_ENABLED = "enabled";
SMTP_HOST = "kurisu.lahfa.xyz";
SMTP_PORT = "465";
SMTP_USER = "web-services@infra.dgnum.eu";
SMTP_TLS = "";
SMTP_SSL = "true";
SMTP_AUTHENTICATION = "plain";
SUPER_ADMIN_OTP_ENABLED = "disabled";
CONTACT_EMAIL = "demarches@infra.dgnum.eu";
EQUIPE_EMAIL = "equipe@infra.dgnum.eu";
TECH_EMAIL = "tech@infra.dgnum.eu";
NO_REPLY_EMAIL =
''"Ne pas répondre <@infra.dgnum.eu>"'';
OLD_CONTACT_EMAIL = "";
CONTACT_PHONE = "";
# Customization
# HEADER_LOGO_SRC = "logo_ens_psl_couleur.png";
# HEADER_LOGO_ALT = "Par la Recherche, pour la Recherche";
# PROCEDURE_DEFAULT_LOGO_SRC = "logo_ens_psl_couleur.png";
};
};
dgn-secrets.options = [
(setDefault { owner = "ds-fr"; }
(builtins.filter (lib.hasPrefix "ds_fr") config.dgn-secrets.names))
];
users.users.ds-fr.extraGroups = [ "sendmail" ];
}

396
machines/compute01/ds-fr/module.nix Normal file
View file

@ -0,0 +1,396 @@
# Copyright Tom Hubrecht, (2023)
#
# Tom Hubrecht <tom@hubrecht.ovh>
#
# This software is a computer program whose purpose is to configure
# machines and servers with NixOS.
#
# This software is governed by the CeCILL license under French law and
# abiding by the rules of distribution of free software. You can use,
# modify and/ or redistribute the software under the terms of the CeCILL
# license as circulated by CEA, CNRS and INRIA at the following URL
# "http://www.cecill.info".
#
# As a counterpart to the access to the source code and rights to copy,
# modify and redistribute granted by the license, users are provided only
# with a limited warranty and the software's author, the holder of the
# economic rights, and the successive licensors have only limited
# liability.
#
# In this respect, the user's attention is drawn to the risks associated
# with loading, using, modifying and/or developing or reproducing the
# software by the user in light of its specific status of free software,
# that may mean that it is complicated to manipulate, and that also
# therefore means that it is reserved for developers and experienced
# professionals having in-depth computer knowledge. Users are therefore
# encouraged to load and test the software's suitability as regards their
# requirements in conditions enabling the security of their systems and/or
# data to be ensured and, more generally, to use and operate it in the
# same conditions as regards security.
#
# The fact that you are presently reading this means that you have had
# knowledge of the CeCILL license and that you accept its terms.
{ config, lib, pkgs, ... }:
let
inherit (lib)
mdDoc mkDefault mkEnableOption mkIf mkOption
optional optionalString
types;
cfg = config.services.demarches-simplifiees;
settingsFormat = pkgs.formats.keyValue { };
env = settingsFormat.generate "ds-fr-env" cfg.settings;
ds-fr = pkgs.writeShellScriptBin "ds-fr" ''
set -a
cd ${cfg.package}
${optionalString (cfg.secretFile != null) "source ${cfg.secretFile}"}
source ${env}
BIN="$1"
shift
SUDO="exec"
if [[ $USER != ${cfg.user} ]]; then
SUDO='exec /run/wrappers/bin/sudo -u ${cfg.user} --preserve-env'
fi
$SUDO ${cfg.package}/bin/$BIN "$@"
'';
in {
options.services.demarches-simplifiees = {
enable = mkEnableOption "demarches-simplifiees.";
package = mkOption {
type = types.package;
default = pkgs.callPackage ./package {
inherit (cfg) initialDeploymentDate dataDir logDir;
};
};
user = mkOption {
type = types.str;
default = "ds-fr";
description = mdDoc "User account under which DS runs.";
};
group = mkOption {
type = types.str;
default = "ds-fr";
description = mdDoc "Group account under which DS runs.";
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/ds-fr";
};
logDir = mkOption {
type = types.str;
default = "/var/log/ds-fr";
};
secretFile = mkOption {
type = types.nullOr types.path;
default = null;
};
settings = mkOption { inherit (settingsFormat) type; };
initialDeploymentDate = mkOption {
type = types.nullOr types.str;
default = null;
};
};
config = mkIf cfg.enable {
services.demarches-simplifiees.settings =
(builtins.mapAttrs (_: mkDefault) {
RAILS_ENV = "production";
RAILS_ROOT = builtins.toString cfg.package;
# Application host name
#
# Examples:
# * For local development: localhost:3000
# * For preproduction: staging.ds.example.org
# * For production: ds.example.org
APP_HOST = "localhost:3000";
# Rails key for signing sensitive data
# See https://guides.rubyonrails.org/security.html
#
# For production you MUST generate a new key, and keep it secret.
# Secrets must be long and random. Use bin/rails secret to get new unique secrets.
# Secret key for One-Time-Password codes, used for 2-factors authentication
# OTP_SECRET_KEY = "";
# Protect access to the instance with a static login/password (useful for staging environments)
BASIC_AUTH_ENABLED = "disabled";
BASIC_AUTH_USERNAME = "";
BASIC_AUTH_PASSWORD = "";
# ActiveStorage service to use for attached files.
# Possible values:
# - "local": store files on the local filesystem
# - "amazon": store files remotely on an S3 storage service
# - "openstack": store files remotely on an OpenStack storage service
#
# (See config/storage.yml for the configuration of each service.)
ACTIVE_STORAGE_SERVICE = "local";
# Configuration for the OpenStack storage service (if enabled)
FOG_OPENSTACK_API_KEY = "";
FOG_OPENSTACK_USERNAME = "";
FOG_OPENSTACK_URL = "";
FOG_OPENSTACK_REGION = "";
DS_PROXY_URL = "";
# SAML
SAML_IDP_ENABLED = "disabled";
# External service: authentication through France Connect
FC_PARTICULIER_ID = "";
FC_PARTICULIER_SECRET = "";
FC_PARTICULIER_BASE_URL = "";
# External service: authentication through Agent Connect
AGENT_CONNECT_ID = "";
AGENT_CONNECT_SECRET = "";
AGENT_CONNECT_BASE_URL = "";
AGENT_CONNECT_JWKS = "";
AGENT_CONNECT_REDIRECT = "";
# External service: integration with HelpScout (optional)
HELPSCOUT_MAILBOX_ID = "";
HELPSCOUT_CLIENT_ID = "";
HELPSCOUT_CLIENT_SECRET = "";
HELPSCOUT_WEBHOOK_SECRET = "";
# External service: external supervision
SENTRY_ENABLED = "disabled";
SENTRY_CURRENT_ENV = "development";
SENTRY_DSN_RAILS = "";
SENTRY_DSN_JS = "";
# External service: Matomo web analytics
MATOMO_ENABLED = "disabled";
MATOMO_COOKIE_DOMAIN = "*.www.demarches-simplifiees.fr";
MATOMO_DOMAIN = "*.www.demarches-simplifiees.fr";
MATOMO_ID = "";
MATOMO_HOST = "matomo.example.org";
# Default SMTP Provider: Mailjet
MAILJET_API_KEY = "";
MAILJET_SECRET_KEY = "";
# Alternate SMTP Provider: SendInBlue/DoList
SENDINBLUE_CLIENT_KEY = "";
SENDINBLUE_SMTP_KEY = "";
SENDINBLUE_USER_NAME = "";
# SENDINBLUE_LOGIN_URL="https://app.sendinblue.com/account/saml/login/truc"
# Alternate SMTP Provider: Mailtrap (mail catcher for staging environments)
# When enabled, all emails will be sent using this provider
MAILTRAP_ENABLED = "disabled";
MAILTRAP_USERNAME = "";
MAILTRAP_PASSWORD = "";
# Alternative SMTP Provider: Mailcatcher (Catches mail and serves it through a dream.)
# When enabled, all emails will be sent using this provider
MAILCATCHER_ENABLED = "disabled";
MAILCATCHER_HOST = "";
MAILCATCHER_PORT = "";
# External service: live chat for admins (specific to démarches-simplifiées.fr)
CRISP_ENABLED = "disabled";
CRISP_CLIENT_KEY = "";
# API Entreprise credentials
# https://api.gouv.fr/api/api-entreprise.html
API_ENTREPRISE_KEY = "";
# External service: CRM for following admin accounts pipeline (specific to démarches-simplifiées.fr)
PIPEDRIVE_KEY = "";
# Networks bypassing the email login token that verifies new devices, and rack-attack throttling
TRUSTED_NETWORKS = "";
# External service: mesuring performance of the Rails app (specific to démarches-simplifiées.fr)
SKYLIGHT_AUTHENTICATION_KEY = "";
# "sXaot-fKhBlkI8qaSirQyuZbrpv5sVFoOturQ0pFEh0";
# Enable or disable Lograge logs
LOGRAGE_ENABLED = "disabled";
# Logs source for Lograge
#
# Examples:
# * For local development: tps_local
# * For preproduction: tps_staging
# * For production: tps_prod
LOGRAGE_SOURCE = "tps_prod";
# External service: timestamping a daily archive of dossiers status changes
UNIVERSIGN_API_URL = "https://ws.universign.eu/tsa/post/";
UNIVERSIGN_USERPWD = "";
# External service: API Geo / Adresse
API_ADRESSE_URL = "https://api-adresse.data.gouv.fr";
API_GEO_URL = "https://geo.api.gouv.fr";
# External service: API Education
API_EDUCATION_URL = "https://data.education.gouv.fr/api/records/1.0";
# Encryption key for sensitive columns in the database
ENCRYPTION_SERVICE_SALT = "";
# ActiveRecord encryption keys. Generate them with bin/rails db:encryption:init (you can omit deterministic_key)
AR_ENCRYPTION_PRIMARY_KEY = "";
AR_ENCRYPTION_KEY_DERIVATION_SALT = "";
# Salt for invisible_captcha session data.
# Must be the same value for all app instances behind a load-balancer.
INVISIBLE_CAPTCHA_SECRET = "kikooloool";
# Clamav antivirus usage
CLAMAV_ENABLED = "disabled";
# Siret number used for API Entreprise, by default we use SIRET from dinum
API_ENTREPRISE_DEFAULT_SIRET = "put_your_own_siret";
}) // {
# Database credentials
DB_DATABASE = "ds-fr";
DB_USERNAME = cfg.user;
DB_PASSWORD = "";
DB_HOST = "/run/postgresql";
DB_POOL = "";
# Log on stdout
RAILS_LOG_TO_STDOUT = true;
};
environment.systemPackages = [ ds-fr ];
systemd.tmpfiles.rules = [
"f '${cfg.logDir}/production.log' 0640 ${cfg.user} ${cfg.group} - -"
"f '${cfg.dataDir}/.env' 0600 ${cfg.user} ${cfg.group} - -"
"d '${cfg.dataDir}/tmp' 0700 ${cfg.user} ${cfg.group} 10d -"
];
systemd.services = {
ds-fr-setup = {
description = "Demarches Simplifiees setup";
wantedBy = [ "multi-user.target" ];
path = [ pkgs.bash ds-fr ];
after = [ "postgresql.service" ];
serviceConfig = {
Type = "oneshot";
User = cfg.user;
Group = cfg.group;
EnvironmentFile = [ env ]
++ (optional (cfg.secretFile != null) cfg.secretFile);
StateDirectory = mkIf (cfg.dataDir == "/var/lib/ds-fr") "ds-fr";
LogsDirectory = mkIf (cfg.logDir == "/var/log/ds-fr") "ds-fr";
};
script = ''
[[ ! -f ${cfg.dataDir}/.initial-migration ]] \
&& ds-fr rails db:environment:set \
&& ds-fr rails db:schema:load \
&& ds-fr rails db:seed \
&& touch ${cfg.dataDir}/.initial-migration
ds-fr rake db:migrate
ds-fr rake after_party:run
'';
};
ds-fr-work = {
description = "Demarches Simplifiees work service";
wantedBy = [ "multi-user.target" "ds-fr.service" ];
after = [ "network.target" "ds-fr-setup.service" ];
requires = [ "ds-fr-setup.service" ];
serviceConfig = {
ExecStart = "${ds-fr}/bin/ds-fr rails jobs:work";
EnvironmentFile = [ env ]
++ (optional (cfg.secretFile != null) cfg.secretFile);
User = cfg.user;
Group = cfg.group;
StateDirectory = mkIf (cfg.dataDir == "/var/lib/ds-fr") "ds-fr";
LogsDirectory = mkIf (cfg.logDir == "/var/log/ds-fr") "ds-fr";
};
};
ds-fr = {
description = "Demarches Simplifiees web service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "ds-fr-setup.service" ];
requires = [ "ds-fr-setup.service" ];
serviceConfig = {
ExecStart = "${ds-fr}/bin/ds-fr rails server";
Environment = [ "RAILS_QUEUE_ADAPTER=delayed_job" ];
EnvironmentFile = [ env ]
++ (optional (cfg.secretFile != null) cfg.secretFile);
User = cfg.user;
Group = cfg.group;
StateDirectory = mkIf (cfg.dataDir == "/var/lib/ds-fr") "ds-fr";
LogsDirectory = mkIf (cfg.logDir == "/var/log/ds-fr") "ds-fr";
};
};
};
services.postgresql = {
enable = true;
ensureDatabases = [ "ds-fr" ];
ensureUsers = optional (cfg.user == "ds-fr") {
name = "ds-fr";
ensurePermissions = { "DATABASE \"ds-fr\"" = "ALL PRIVILEGES"; };
};
extraPlugins = with config.services.postgresql.package.pkgs; [ postgis ];
};
users.users = mkIf (cfg.user == "ds-fr") {
ds-fr = {
inherit (cfg) group;
isSystemUser = true;
home = cfg.package;
};
};
users.groups.${cfg.group} = { };
services.nginx = {
enable = true;
virtualHosts.${cfg.settings.APP_HOST} = {
enableACME = true;
forceSSL = true;
root = "${cfg.package}/public/";
locations."/".tryFiles = "$uri @proxy";
locations."@proxy" = { proxyPass = "http://127.0.0.1:3000"; };
};
};
};
}

129
machines/compute01/ds-fr/package/default.nix Normal file
View file

@ -0,0 +1,129 @@
{ lib, stdenv, fetchFromGitHub, fetchYarnDeps, yarn, fixup_yarn_lock, nodejs, ruby_3_2
, bundlerEnv, logDir ? "/var/log/ds-fr", dataDir ? "/var/lib/ds-fr"
, initialDeploymentDate ? "17941030" }:
let
pname = "ds-fr";
version = "2023-09-21-01";
src = fetchFromGitHub {
owner = "demarches-simplifiees";
repo = "demarches-simplifiees.fr";
rev = "2023-09-21-01";
hash = "sha256-4HGnv3atCkftK4AbmlYSj2BwDfgZ0jRREYqd1WhJbv0=";
};
rubyEnv = bundlerEnv {
name = "env-${pname}";
gemdir = ./rubyEnv;
ruby = ruby_3_2;
gemset = (import ./rubyEnv/gemset.nix) // {
bundler = {
groups = [ "default" ];
platforms = [ ];
source = {
remotes = [ "https://rubygems.org" ];
sha256 = "deeQ3fNwcSiGSO/yeB2yoTniRq2gHW8WueprXoPX6Jk=";
type = "gem";
};
version = "2.3.11";
};
};
};
dsModules = stdenv.mkDerivation {
pname = "${pname}-modules";
inherit src version;
offlineCache = fetchYarnDeps {
yarnLock = "${src}/yarn.lock";
hash = "sha256-c2al1GBgSaUOT3veq5u3Wpj3Y+SfoiFxt97vppSD67s=";
};
buildInputs = [ rubyEnv ];
nativeBuildInputs = [ fixup_yarn_lock nodejs yarn rubyEnv.wrappedRuby ];
RAILS_ENV = "production";
NODE_ENV = "dev";
patches = [
# Disable functionnalities as we only precompile assets
./patches/build.patch
];
OTP_SECRET_KEY = "precompile_placeholder";
SECRET_KEY_BASE = "precompile_placeholder";
APP_HOST = "precompile_placeholder";
buildPhase = ''
export HOME=$(mktemp -d)
yarn config --offline set yarn-offline-mirror $offlineCache
fixup_yarn_lock yarn.lock
yarn install --offline --frozen-lockfile --ignore-platform --ignore-scripts --no-progress --non-interactive
patchShebangs node_modules/
patchShebangs bin/
bin/rake assets:precompile
yarn cache clean --offline
rm -rf node_modules/
'';
installPhase = ''
mkdir -p $out/public
cp -r public/* $out/public
'';
};
in stdenv.mkDerivation {
name = "demarches-simplifiees.fr-${version}";
inherit src;
buildInputs = [ rubyEnv ];
propagatedBuildInputs = [ rubyEnv.wrappedRuby ];
patches = [
./patches/replay_routing_engine_for_a_cloned_procedure.patch
./patches/smtp_settings.patch
./patches/garage.patch
./patches/secrets-fc.patch
];
buildPhase = ''
rm -rf public
ln -s ${dsModules}/public/ public
patchShebangs bin/
rm -rf log
ln -s ${logDir} log
ln -s ${dataDir}/tmp tmp
for f in $(ls lib/tasks/deployment/); do
[[ ! ${initialDeploymentDate} < $f ]] \
&& rm lib/tasks/deployment/$f;
done;
echo "Removed unused data migrations"
'';
installPhase = ''
mkdir -p $out
cp -r * $out/
'';
passthru = {
inherit rubyEnv;
ruby = rubyEnv.wrappedRuby;
};
meta = with lib; {
description = "Dématérialiser et simplifier les démarches administratives";
homepage =
"https://github.com/demarches-simplifiees/demarches-simplifiees.fr";
license = licenses.agpl3Only;
maintainers = with maintainers; [ thubrecht ];
};
}

64
machines/compute01/ds-fr/package/patches/build.patch Normal file
View file

@ -0,0 +1,64 @@
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 16d8c8e84..6262b8782 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -118,7 +118,7 @@ Rails.application.configure do
# the I18n.default_locale when a translation cannot be found).
config.i18n.fallbacks = true
- config.active_storage.service = ENV.fetch("ACTIVE_STORAGE_SERVICE").to_sym
+ config.active_storage.service = ENV.fetch("ACTIVE_STORAGE_SERVICE", 'local').to_sym
# Send deprecation notices to registered listeners.
config.active_support.deprecation = :notify
@@ -174,5 +174,5 @@ Rails.application.configure do
# The Content-Security-Policy is NOT in Report-Only mode
config.content_security_policy_report_only = false
- config.lograge.enabled = ENV['LOGRAGE_ENABLED'] == 'enabled'
+ config.lograge.enabled = ENV.fetch('LOGRAGE_ENABLED', 'disabled') == 'enabled'
end
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 135495216..4d4bcf8dc 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -23,7 +23,7 @@ Rails.application.config.content_security_policy do |policy|
connect_whitelist = ["wss://*.crisp.chat", "*.crisp.chat", "app.franceconnect.gouv.fr", "openmaptiles.geo.data.gouv.fr", "openmaptiles.github.io", "tiles.geo.api.gouv.fr", "wxs.ign.fr"]
connect_whitelist << ENV.fetch('APP_HOST')
connect_whitelist << "*.amazonaws.com" if Rails.configuration.active_storage.service == :amazon
- connect_whitelist += [URI(ENV["SENTRY_DSN_JS"]).host, URI(ENV["SENTRY_DSN_RAILS"]).host].compact.uniq
+ connect_whitelist += [URI(ENV.fetch("SENTRY_DSN_JS", '')).host, URI(ENV.fetch("SENTRY_DSN_RAILS", '')).host].compact.uniq
connect_whitelist << URI(DS_PROXY_URL).host if DS_PROXY_URL.present?
connect_whitelist << URI(API_ADRESSE_URL).host if API_ADRESSE_URL.present?
connect_whitelist << URI(API_EDUCATION_URL).host if API_EDUCATION_URL.present?
@@ -39,7 +39,7 @@ Rails.application.config.content_security_policy do |policy|
# Everything else: allow us
# Add the error source in the violation notification
default_whitelist = ["fonts.gstatic.com", "in-automate.sendinblue.com", "player.vimeo.com", "app.franceconnect.gouv.fr", "*.crisp.chat", "crisp.chat", "*.crisp.help", "*.sibautomation.com", "sibautomation.com", "data"]
- default_whitelist += [URI(ENV["SENTRY_DSN_JS"]).host, URI(ENV["SENTRY_DSN_RAILS"]).host].compact.uniq
+ default_whitelist += [URI(ENV.fetch("SENTRY_DSN_JS", '')).host, URI(ENV.fetch("SENTRY_DSN_RAILS", '')).host].compact.uniq
default_whitelist << URI(DS_PROXY_URL).host if DS_PROXY_URL.present?
policy.default_src(:self, :data, :blob, :report_sample, *default_whitelist)
diff --git a/config/initializers/mailcatcher.rb b/config/initializers/mailcatcher.rb
index 8b931f704..dbeceb4ec 100644
--- a/config/initializers/mailcatcher.rb
+++ b/config/initializers/mailcatcher.rb
@@ -1,4 +1,4 @@
-if ENV.fetch('MAILCATCHER_ENABLED') == 'enabled'
+if ENV.fetch('MAILCATCHER_ENABLED', 'disabled') == 'enabled'
ActiveSupport.on_load(:action_mailer) do
module Mailcatcher
class SMTP < ::Mail::SMTP; end
diff --git a/config/initializers/mailtrap.rb b/config/initializers/mailtrap.rb
index 6d1faa04b..658673ed1 100644
--- a/config/initializers/mailtrap.rb
+++ b/config/initializers/mailtrap.rb
@@ -1,4 +1,4 @@
-if ENV.fetch('MAILTRAP_ENABLED') == 'enabled'
+if ENV.fetch('MAILTRAP_ENABLED', 'disabled') == 'enabled'
ActiveSupport.on_load(:action_mailer) do
module Mailtrap
class SMTP < ::Mail::SMTP; end

16
machines/compute01/ds-fr/package/patches/garage.patch Normal file
View file

@ -0,0 +1,16 @@
diff --git a/config/storage.yml b/config/storage.yml
index d2b2d241f..1b2744504 100644
--- a/config/storage.yml
+++ b/config/storage.yml
@@ -19,3 +19,11 @@ amazon:
secret_access_key: <%= ENV.fetch("S3_SECRET_ACCESS_KEY", "") %>
region: <%= ENV.fetch("S3_REGION", "") %>
bucket: <%= ENV.fetch("S3_BUCKET", "") %>
+garage:
+ service: S3
+ access_key_id: <%= ENV.fetch("S3_ACCESS_KEY_ID", "") %>
+ secret_access_key: <%= ENV.fetch("S3_SECRET_ACCESS_KEY", "") %>
+ region: <%= ENV.fetch("S3_REGION", "garage") %>
+ bucket: <%= ENV.fetch("S3_BUCKET", "") %>
+ endpoint: <%= ENV.fetch("S3_ENDPOINT", "") %>
+ force_path_style: <%= ENV.fetch("S3_FORCE_PATH_STYLE", "").present? %>

35
machines/compute01/ds-fr/package/patches/replay_routing_engine_for_a_cloned_procedure.patch Normal file
View file

@ -0,0 +1,35 @@
diff --git a/lib/tasks/deployment/20230613114744_replay_routing_engine_for_a_cloned_procedure.rake b/lib/tasks/deployment/20230613114744_replay_routing_engine_for_a_cloned_procedure.rake
index 9d4f3a284..04d62a63b 100644
--- a/lib/tasks/deployment/20230613114744_replay_routing_engine_for_a_cloned_procedure.rake
+++ b/lib/tasks/deployment/20230613114744_replay_routing_engine_for_a_cloned_procedure.rake
@@ -4,18 +4,18 @@ namespace :after_party do
puts "Running deploy task 'replay_routing_engine_for_a_cloned_procedure'"
# Put your task implementation HERE.
- dossiers = Procedure
- .find(76266)
- .dossiers
- .en_construction
-
- progress = ProgressReport.new(dossiers.count)
-
- dossiers.find_each do |dossier|
- RoutingEngine.compute(dossier)
- progress.inc
- end
- progress.finish
+ # dossiers = Procedure
+ # .find(76266)
+ # .dossiers
+ # .en_construction
+ #
+ # progress = ProgressReport.new(dossiers.count)
+ #
+ # dossiers.find_each do |dossier|
+ # RoutingEngine.compute(dossier)
+ # progress.inc
+ # end
+ # progress.finish
# Update task as completed. If you remove the line below, the task will
# run with every deploy (or every time you call after_party:run).

39
machines/compute01/ds-fr/package/patches/secrets-fc.patch Normal file
View file

@ -0,0 +1,39 @@
diff --git a/config/secrets.yml b/config/secrets.yml
index 866fa6159..6fd49ee59 100644
--- a/config/secrets.yml
+++ b/config/secrets.yml
@@ -23,10 +23,10 @@ defaults: &defaults
identifier: <%= ENV['FC_PARTICULIER_ID'] %>
secret: <%= ENV['FC_PARTICULIER_SECRET'] %>
redirect_uri: https://<%= ENV['APP_HOST'] %>/france_connect/particulier/callback
- authorization_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/authorize
- token_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/token
- userinfo_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/userinfo
- logout_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/logout
+ authorization_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/ui/oauth2
+ token_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/oauth2/token
+ userinfo_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/oauth2/openid/demarches_dgn/userinfo
+ logout_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/oauth2/token/revoke
agent_connect:
identifier: <%= ENV['AGENT_CONNECT_ID'] %>
secret: <%= ENV['AGENT_CONNECT_SECRET'] %>
diff --git a/app/services/france_connect_service.rb b/app/services/france_connect_service.rb
index 31b2491c4..fd3d80530 100644
--- a/app/services/france_connect_service.rb
+++ b/app/services/france_connect_service.rb
@@ -23,11 +23,15 @@ class FranceConnectService
def self.retrieve_user_informations_particulier(code)
client = FranceConnectParticulierClient.new(code)
+ Rails.logger.fatal("Client: #{client.inspect}")
+ Rails.logger.fatal("Client token: #{client.access_token!(client_auth_method: :secret).userinfo!.inspect}")
user_info = client.access_token!(client_auth_method: :secret)
.userinfo!
.raw_attributes
+ Rails.logger.fatal("Info: #{user_info.inspect}")
+
FranceConnectInformation.new(
gender: user_info[:gender],
given_name: user_info[:given_name],

14
machines/compute01/ds-fr/package/patches/smtp_settings.patch Normal file
View file

@ -0,0 +1,14 @@
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 16d8c8e84..e0326d26d 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -86,7 +86,8 @@ Rails.application.configure do
user_name: ENV.fetch("SMTP_USER"),
password: ENV.fetch("SMTP_PASS"),
authentication: ENV.fetch("SMTP_AUTHENTICATION"),
- enable_starttls_auto: ENV.fetch("SMTP_TLS").present?
+ enable_starttls_auto: ENV.fetch("SMTP_TLS").present?,
+ ssl: ENV.fetch("SMTP_SSL").present?
}
elsif ENV['SENDMAIL_ENABLED'] == 'enabled'
config.action_mailer.delivery_method = :sendmail

144
machines/compute01/ds-fr/package/rubyEnv/Gemfile Normal file
View file

@ -0,0 +1,144 @@
source 'https://rubygems.org'
gem 'rails', '~> 7.0.5' # allows update to security fixes at any time
gem 'aasm'
gem 'acsv'
gem 'active_link_to' # Automatically set a class on active links
gem 'active_model_serializers'
gem 'activestorage-openstack'
gem 'active_storage_validations'
gem 'addressable'
gem 'administrate'
gem 'administrate-field-enum' # Allow using Field::Enum in administrate
gem 'after_party'
gem 'anchored'
gem "aws-sdk-s3", require: false
gem 'bcrypt'
gem 'bootsnap', '>= 1.4.4', require: false # Reduces boot times through caching; required in config/boot.rb
gem 'browser'
gem 'charlock_holmes'
gem 'chartkick'
gem 'chunky_png'
gem 'clamav-client', require: 'clamav/client'
gem 'daemons'
gem 'deep_cloneable' # Enable deep clone of active record models
gem 'delayed_cron_job' # Cron jobs
gem 'delayed_job_active_record'
gem 'delayed_job_web'
gem 'devise' # Gestion des comptes utilisateurs
gem 'devise-i18n'
gem 'devise-two-factor'
gem 'discard'
gem 'dotenv-rails', require: 'dotenv/rails-now' # dotenv should always be loaded before rails
gem 'dry-monads'
gem 'elastic-apm'
gem 'flipper'
gem 'flipper-active_record'
gem 'flipper-ui'
gem 'fugit'
gem 'geocoder'
gem 'geo_coord', require: "geo/coord"
gem 'gon'
gem 'graphql'
gem 'graphql-batch'
gem 'graphql-rails_logger'
gem 'groupdate'
gem 'haml-rails'
gem 'hashie'
gem 'http_accept_language'
gem 'i18n_data'
gem 'i18n-tasks', require: false
gem 'iban-tools'
gem 'image_processing'
gem 'invisible_captcha'
gem 'json_schemer'
gem 'jwt'
gem 'kaminari'
gem 'listen' # Required by ActiveSupport::EventedFileUpdateChecker
gem 'lograge'
gem 'logstash-event'
gem 'mailjet', require: false
gem 'matrix' # needed by prawn and not default in ruby 3.1
gem 'mini_magick'
gem 'net-imap', require: false # See https://github.com/mikel/mail/pull/1439
gem 'net-pop', require: false # same
gem 'net-smtp', require: false # same
gem 'openid_connect'
gem 'parsby'
gem 'pg'
gem 'phonelib'
gem 'prawn-rails' # PDF Generation
gem 'premailer-rails'
gem 'puma' # Use Puma as the app server
gem 'pundit'
gem 'rack-attack'
gem 'rails-i18n' # Locales par défaut
gem 'rake-progressbar', require: false
gem 'redcarpet'
gem 'redis'
gem 'rexml' # add missing gem due to ruby3 (https://github.com/Shopify/bootsnap/issues/325)
gem 'rqrcode'
gem 'saml_idp'
gem 'sassc-rails' # Use SCSS for stylesheets
gem 'sentry-delayed_job'
gem 'sentry-rails'
gem 'sentry-ruby'
gem 'sib-api-v3-sdk'
gem 'skylight'
gem 'spreadsheet_architect'
gem 'strong_migrations' # lint database migrations
gem 'turbo-rails'
gem 'typhoeus'
gem 'ulid-ruby', require: 'ulid'
gem 'view_component'
gem 'vite_rails'
gem 'warden'
gem 'zipline'
gem 'zxcvbn-ruby', require: 'zxcvbn'
group :test do
gem 'axe-core-rspec' # accessibility rspec matchers
gem 'capybara' # Integration testing
gem 'capybara-email' # Access emails during integration tests
gem 'capybara-screenshot' # Save a dump of the page when an integration test fails
gem 'factory_bot'
gem 'launchy'
gem 'rack_session_access'
gem 'rails-controller-testing'
gem 'rspec_junit_formatter'
gem 'rspec-retry'
gem 'selenium-devtools'
gem 'selenium-webdriver'
gem 'shoulda-matchers', require: false
gem 'timecop'
gem 'vcr'
gem 'webmock'
end
group :development do
gem 'brakeman', require: false
gem 'haml-lint'
gem 'letter_opener_web'
gem 'memory_profiler'
gem 'rack-mini-profiler'
gem 'rails-erd', require: false # generates `doc/database_models.pdf`
gem 'rubocop', require: false
gem 'rubocop-performance', require: false
gem 'rubocop-rails', require: false
gem 'rubocop-rspec', require: false
gem 'scss_lint', require: false
gem 'stackprof'
gem 'web-console'
end
group :development, :test do
gem 'graphql-schema_comparator'
gem 'mina', require: false # Deploy
gem 'pry-byebug' # Call 'byebug' anywhere in the code to stop execution and get a debugger console
gem 'pry-rails'
gem 'rspec-rails'
gem 'simple_xlsx_reader'
gem 'spring' # Spring speeds up development by keeping your application running in the background
gem 'spring-commands-rspec'
end

955
machines/compute01/ds-fr/package/rubyEnv/Gemfile.lock Normal file
View file

@ -0,0 +1,955 @@
GEM
remote: https://rubygems.org/
specs:
aasm (5.2.0)
concurrent-ruby (~> 1.0)
acsv (0.0.1)
actioncable (7.0.7.2)
actionpack (= 7.0.7.2)
activesupport (= 7.0.7.2)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
actionmailbox (7.0.7.2)
actionpack (= 7.0.7.2)
activejob (= 7.0.7.2)
activerecord (= 7.0.7.2)
activestorage (= 7.0.7.2)
activesupport (= 7.0.7.2)
mail (>= 2.7.1)
net-imap
net-pop
net-smtp
actionmailer (7.0.7.2)
actionpack (= 7.0.7.2)
actionview (= 7.0.7.2)
activejob (= 7.0.7.2)
activesupport (= 7.0.7.2)
mail (~> 2.5, >= 2.5.4)
net-imap
net-pop
net-smtp
rails-dom-testing (~> 2.0)
actionpack (7.0.7.2)
actionview (= 7.0.7.2)
activesupport (= 7.0.7.2)
rack (~> 2.0, >= 2.2.4)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.2.0)
actiontext (7.0.7.2)
actionpack (= 7.0.7.2)
activerecord (= 7.0.7.2)
activestorage (= 7.0.7.2)
activesupport (= 7.0.7.2)
globalid (>= 0.6.0)
nokogiri (>= 1.8.5)
actionview (7.0.7.2)
activesupport (= 7.0.7.2)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.1, >= 1.2.0)
active_link_to (1.0.5)
actionpack
addressable
active_model_serializers (0.10.13)
actionpack (>= 4.1, < 7.1)
activemodel (>= 4.1, < 7.1)
case_transform (>= 0.2)
jsonapi-renderer (>= 0.1.1.beta1, < 0.3)
active_storage_validations (0.9.6)
activejob (>= 5.2.0)
activemodel (>= 5.2.0)
activestorage (>= 5.2.0)
activesupport (>= 5.2.0)
activejob (7.0.7.2)
activesupport (= 7.0.7.2)
globalid (>= 0.3.6)
activemodel (7.0.7.2)
activesupport (= 7.0.7.2)
activerecord (7.0.7.2)
activemodel (= 7.0.7.2)
activesupport (= 7.0.7.2)
activestorage (7.0.7.2)
actionpack (= 7.0.7.2)
activejob (= 7.0.7.2)
activerecord (= 7.0.7.2)
activesupport (= 7.0.7.2)
marcel (~> 1.0)
mini_mime (>= 1.1.0)
activestorage-openstack (1.6.0)
fog-openstack (>= 1.0.9)
marcel
rails (>= 5.2.2)
activesupport (7.0.7.2)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2)
minitest (>= 5.1)
tzinfo (~> 2.0)
addressable (2.8.4)
public_suffix (>= 2.0.2, < 6.0)
administrate (0.18.0)
actionpack (>= 5.0)
actionview (>= 5.0)
activerecord (>= 5.0)
jquery-rails (>= 4.0)
kaminari (>= 1.0)
sassc-rails (~> 2.1)
selectize-rails (~> 0.6)
administrate-field-enum (0.0.9)
administrate (~> 0.12)
aes_key_wrap (1.1.0)
after_party (1.11.2)
anchored (1.1.0)
ast (2.4.2)
attr_required (1.0.1)
aws-eventstream (1.2.0)
aws-partitions (1.826.0)
aws-sdk-core (3.183.0)
aws-eventstream (~> 1, >= 1.0.2)
aws-partitions (~> 1, >= 1.651.0)
aws-sigv4 (~> 1.5)
jmespath (~> 1, >= 1.6.1)
aws-sdk-kms (1.71.0)
aws-sdk-core (~> 3, >= 3.177.0)
aws-sigv4 (~> 1.1)
aws-sdk-s3 (1.135.0)
aws-sdk-core (~> 3, >= 3.181.0)
aws-sdk-kms (~> 1)
aws-sigv4 (~> 1.6)
aws-sigv4 (1.6.0)
aws-eventstream (~> 1, >= 1.0.2)
axe-core-api (4.2.1)
capybara
dumb_delegator
selenium-webdriver
virtus
watir
axe-core-rspec (4.2.1)
axe-core-api
dumb_delegator
virtus
axiom-types (0.1.1)
descendants_tracker (~> 0.0.4)
ice_nine (~> 0.11.0)
thread_safe (~> 0.3, >= 0.3.1)
axlsx_styler (1.1.0)
activesupport (>= 3.1)
caxlsx (>= 2.0.2)
bcrypt (3.1.18)
better_html (1.0.16)
actionview (>= 4.0)
activesupport (>= 4.0)
ast (~> 2.0)
erubi (~> 1.4)
html_tokenizer (~> 0.0.6)
parser (>= 2.4)
smart_properties
bindata (2.4.10)
bindex (0.8.1)
bootsnap (1.9.3)
msgpack (~> 1.0)
brakeman (5.4.1)
browser (5.3.1)
builder (3.2.4)
byebug (11.1.3)
capybara (3.39.2)
addressable
matrix
mini_mime (>= 0.1.3)
nokogiri (~> 1.8)
rack (>= 1.6.0)
rack-test (>= 0.6.3)
regexp_parser (>= 1.5, < 3.0)
xpath (~> 3.2)
capybara-email (3.0.2)
capybara (>= 2.4, < 4.0)
mail
capybara-screenshot (1.0.26)
capybara (>= 1.0, < 4)
launchy
case_transform (0.2)
activesupport
caxlsx (3.1.0)
htmlentities (~> 4.3, >= 4.3.4)
marcel (~> 1.0)
nokogiri (~> 1.10, >= 1.10.4)
rubyzip (>= 1.3.0, < 3)
charlock_holmes (0.7.7)
chartkick (4.1.3)
choice (0.2.0)
chunky_png (1.4.0)
clamav-client (3.2.0)
coderay (1.1.3)
coercible (1.0.0)
descendants_tracker (~> 0.0.1)
concurrent-ruby (1.2.2)
connection_pool (2.4.1)
content_disposition (1.0.0)
crack (0.4.5)
rexml
crass (1.0.6)
css_parser (1.9.0)
addressable
daemons (1.3.1)
date (3.3.3)
deep_cloneable (3.2.0)
activerecord (>= 3.1.0, < 8)
delayed_cron_job (0.7.4)
delayed_job (>= 4.1)
delayed_job (4.1.11)
activesupport (>= 3.0, < 8.0)
delayed_job_active_record (4.1.7)
activerecord (>= 3.0, < 8.0)
delayed_job (>= 3.0, < 5)
delayed_job_web (1.4.4)
activerecord (> 3.0.0)
delayed_job (> 2.0.3)
rack-protection (>= 1.5.5)
sinatra (>= 1.4.4)
descendants_tracker (0.0.4)
thread_safe (~> 0.3, >= 0.3.1)
devise (4.9.2)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 4.1.0)
responders
warden (~> 1.2.3)
devise-i18n (1.9.2)
devise (>= 4.7.1)
devise-two-factor (5.0.0)
activesupport (~> 7.0)
devise (~> 4.0)
railties (~> 7.0)
rotp (~> 6.0)
diff-lcs (1.5.0)
discard (1.2.1)
activerecord (>= 4.2, < 8)
domain_name (0.5.20190701)
unf (>= 0.0.5, < 1.0.0)
dotenv (2.7.6)
dotenv-rails (2.7.6)
dotenv (= 2.7.6)
railties (>= 3.2)
dry-cli (1.0.0)
dry-core (1.0.0)
concurrent-ruby (~> 1.0)
zeitwerk (~> 2.6)
dry-inflector (0.2.0)
dry-monads (1.6.0)
concurrent-ruby (~> 1.0)
dry-core (~> 1.0, < 2)
zeitwerk (~> 2.6)
dumb_delegator (1.0.0)
ecma-re-validator (0.3.0)
regexp_parser (~> 2.0)
elastic-apm (4.6.0)
concurrent-ruby (~> 1.0)
http (>= 3.0)
ruby2_keywords
erubi (1.12.0)
et-orbi (1.2.4)
tzinfo
ethon (0.15.0)
ffi (>= 1.15.0)
excon (0.102.0)
factory_bot (6.1.0)
activesupport (>= 5.0.0)
ffi (1.15.5)
ffi-compiler (1.0.1)
ffi (>= 1.0.0)
rake
flipper (0.26.0)
concurrent-ruby (< 2)
flipper-active_record (0.26.0)
activerecord (>= 4.2, < 8)
flipper (~> 0.26.0)
flipper-ui (0.26.0)
erubi (>= 1.0.0, < 2.0.0)
flipper (~> 0.26.0)
rack (>= 1.4, < 3)
rack-protection (>= 1.5.3, <= 4.0.0)
sanitize (< 7)
fog-core (2.3.0)
builder
excon (~> 0.71)
formatador (>= 0.2, < 2.0)
mime-types
fog-json (1.2.0)
fog-core
multi_json (~> 1.10)
fog-openstack (1.1.0)
fog-core (~> 2.1)
fog-json (>= 1.0)
formatador (1.1.0)
fugit (1.4.2)
et-orbi (~> 1.1, >= 1.1.8)
raabro (~> 1.4)
geo_coord (0.2.0)
geocoder (1.6.5)
globalid (1.2.1)
activesupport (>= 6.1)
gon (6.4.0)
actionpack (>= 3.0.20)
i18n (>= 0.7)
multi_json
request_store (>= 1.0)
graphql (2.0.15)
graphql-batch (0.5.1)
graphql (>= 1.10, < 3)
promise.rb (~> 0.7.2)
graphql-rails_logger (1.2.3)
actionpack (> 5.0)
activesupport (> 5.0)
railties (> 5.0)
rouge (~> 3.0)
graphql-schema_comparator (1.1.2)
bundler (>= 1.14)
graphql (>= 1.10, < 3.0)
thor (>= 0.19, < 2.0)
groupdate (5.2.2)
activesupport (>= 5)
haml (6.0.5)
temple (>= 0.8.2)
thor
tilt
haml-lint (0.999.999)
haml_lint
haml-rails (2.1.0)
actionpack (>= 5.1)
activesupport (>= 5.1)
haml (>= 4.0.6)
railties (>= 5.1)
haml_lint (0.42.0)
haml (>= 4.0, < 6.1)
parallel (~> 1.10)
rainbow
rubocop (>= 0.50.0)
sysexits (~> 1.1)
hana (1.3.7)
hashdiff (1.0.1)
hashie (4.1.0)
highline (2.0.3)
html_tokenizer (0.0.7)
htmlentities (4.3.4)
http (5.1.1)
addressable (~> 2.8)
http-cookie (~> 1.0)
http-form_data (~> 2.2)
llhttp-ffi (~> 0.4.0)
http-accept (1.7.0)
http-cookie (1.0.3)
domain_name (~> 0.5)
http-form_data (2.3.0)
http_accept_language (2.1.1)
httpclient (2.8.3)
i18n (1.14.1)
concurrent-ruby (~> 1.0)
i18n-tasks (1.0.9)
activesupport (>= 4.0.2)
ast (>= 2.1.0)
better_html (~> 1.0)
erubi
highline (>= 2.0.0)
i18n
parser (>= 2.2.3.0)
rails-i18n
rainbow (>= 2.2.2, < 4.0)
terminal-table (>= 1.5.1)
i18n_data (0.13.0)
iban-tools (1.1.0)
ice_nine (0.11.2)
image_processing (1.12.2)
mini_magick (>= 4.9.5, < 5)
ruby-vips (>= 2.0.17, < 3)
invisible_captcha (2.0.0)
rails (>= 5.0)
jmespath (1.6.2)
jquery-rails (4.5.1)
rails-dom-testing (>= 1, < 3)
railties (>= 4.2.0)
thor (>= 0.14, < 2.0)
json (2.5.1)
json-jwt (1.13.0)
activesupport (>= 4.2)
aes_key_wrap
bindata
json_schemer (0.2.17)
ecma-re-validator (~> 0.3)
hana (~> 1.3)
regexp_parser (~> 2.0)
uri_template (~> 0.7)
jsonapi-renderer (0.2.2)
jwt (2.3.0)
kaminari (1.2.2)
activesupport (>= 4.1.0)
kaminari-actionview (= 1.2.2)
kaminari-activerecord (= 1.2.2)
kaminari-core (= 1.2.2)
kaminari-actionview (1.2.2)
actionview
kaminari-core (= 1.2.2)
kaminari-activerecord (1.2.2)
activerecord
kaminari-core (= 1.2.2)
kaminari-core (1.2.2)
launchy (2.5.0)
addressable (~> 2.7)
letter_opener (1.7.0)
launchy (~> 2.2)
letter_opener_web (1.4.0)
actionmailer (>= 3.2)
letter_opener (~> 1.0)
railties (>= 3.2)
listen (3.8.0)
rb-fsevent (~> 0.10, >= 0.10.3)
rb-inotify (~> 0.9, >= 0.9.10)
llhttp-ffi (0.4.0)
ffi-compiler (~> 1.0)
rake (~> 13.0)
lograge (0.11.2)
actionpack (>= 4)
activesupport (>= 4)
railties (>= 4)
request_store (~> 1.0)
logstash-event (1.2.02)
loofah (2.21.3)
crass (~> 1.0.2)
nokogiri (>= 1.12.0)
mail (2.8.1)
mini_mime (>= 0.1.1)
net-imap
net-pop
net-smtp
mailjet (1.6.0)
activesupport (>= 3.1.0)
rack (>= 1.4.0)
rest-client (>= 2.0.0)
marcel (1.0.2)
matrix (0.4.2)
memory_profiler (1.0.0)
method_source (1.0.0)
mime-types (3.5.1)
mime-types-data (~> 3.2015)
mime-types-data (3.2023.0808)
mina (1.2.4)
open4 (~> 1.3.4)
rake
mini_magick (4.11.0)
mini_mime (1.1.5)
mini_portile2 (2.8.4)
minitest (5.20.0)
msgpack (1.4.2)
multi_json (1.15.0)
mustermann (3.0.0)
ruby2_keywords (~> 0.0.1)
net-imap (0.3.7)
date
net-protocol
net-pop (0.1.2)
net-protocol
net-protocol (0.2.1)
timeout
net-smtp (0.3.3)
net-protocol
netrc (0.11.0)
nio4r (2.5.9)
nokogiri (1.15.4)
mini_portile2 (~> 2.8.2)
racc (~> 1.4)
open4 (1.3.4)
openid_connect (1.3.0)
activemodel
attr_required (>= 1.0.0)
json-jwt (>= 1.5.0)
rack-oauth2 (>= 1.6.1)
swd (>= 1.0.0)
tzinfo
validate_email
validate_url
webfinger (>= 1.0.1)
orm_adapter (0.5.0)
parallel (1.23.0)
parsby (1.1.1)
parser (3.2.2.0)
ast (~> 2.4.1)
pdf-core (0.9.0)
pg (1.4.6)
phonelib (0.6.53)
prawn (2.4.0)
pdf-core (~> 0.9.0)
ttfunk (~> 1.7)
prawn-rails (1.3.0)
prawn
prawn-table
rails (>= 3.1.0)
prawn-table (0.2.2)
prawn (>= 1.3.0, < 3.0.0)
premailer (1.14.2)
addressable
css_parser (>= 1.6.0)
htmlentities (>= 4.0.0)
premailer-rails (1.11.1)
actionmailer (>= 3)
premailer (~> 1.7, >= 1.7.9)
promise.rb (0.7.4)
pry (0.14.2)
coderay (~> 1.1)
method_source (~> 1.0)
pry-byebug (3.10.1)
byebug (~> 11.0)
pry (>= 0.13, < 0.15)
pry-rails (0.3.9)
pry (>= 0.10.4)
public_suffix (5.0.1)
puma (6.3.1)
nio4r (~> 2.0)
pundit (2.2.0)
activesupport (>= 3.0.0)
raabro (1.4.0)
racc (1.7.1)
rack (2.2.8)
rack-attack (6.5.0)
rack (>= 1.0, < 3)
rack-mini-profiler (3.0.0)
rack (>= 1.2.0)
rack-oauth2 (1.19.0)
activesupport
attr_required
httpclient
json-jwt (>= 1.11.0)
rack (>= 2.1.0)
rack-protection (3.0.5)
rack
rack-proxy (0.7.6)
rack
rack-test (2.1.0)
rack (>= 1.3)
rack_session_access (0.2.0)
builder (>= 2.0.0)
rack (>= 1.0.0)
rails (7.0.7.2)
actioncable (= 7.0.7.2)
actionmailbox (= 7.0.7.2)
actionmailer (= 7.0.7.2)
actionpack (= 7.0.7.2)
actiontext (= 7.0.7.2)
actionview (= 7.0.7.2)
activejob (= 7.0.7.2)
activemodel (= 7.0.7.2)
activerecord (= 7.0.7.2)
activestorage (= 7.0.7.2)
activesupport (= 7.0.7.2)
bundler (>= 1.15.0)
railties (= 7.0.7.2)
rails-controller-testing (1.0.5)
actionpack (>= 5.0.1.rc1)
actionview (>= 5.0.1.rc1)
activesupport (>= 5.0.1.rc1)
rails-dom-testing (2.2.0)
activesupport (>= 5.0.0)
minitest
nokogiri (>= 1.6)
rails-erd (1.6.1)
activerecord (>= 4.2)
activesupport (>= 4.2)
choice (~> 0.2.0)
ruby-graphviz (~> 1.2)
rails-html-sanitizer (1.6.0)
loofah (~> 2.21)
nokogiri (~> 1.14)
rails-i18n (7.0.3)
i18n (>= 0.7, < 2)
railties (>= 6.0.0, < 8)
railties (7.0.7.2)
actionpack (= 7.0.7.2)
activesupport (= 7.0.7.2)
method_source
rake (>= 12.2)
thor (~> 1.0)
zeitwerk (~> 2.5)
rainbow (3.1.1)
rake (13.0.6)
rake-progressbar (0.0.5)
rb-fsevent (0.11.2)
rb-inotify (0.10.1)
ffi (~> 1.0)
redcarpet (3.6.0)
redis (5.0.6)
redis-client (>= 0.9.0)
redis-client (0.14.1)
connection_pool
regexp_parser (2.8.1)
request_store (1.5.0)
rack (>= 1.4)
responders (3.1.0)
actionpack (>= 5.2)
railties (>= 5.2)
rest-client (2.1.0)
http-accept (>= 1.7.0, < 2.0)
http-cookie (>= 1.0.2, < 2.0)
mime-types (>= 1.16, < 4.0)
netrc (~> 0.8)
rexml (3.2.5)
rodf (1.1.1)
builder (>= 3.0)
dry-inflector (~> 0.1)
rubyzip (>= 1.0)
rotp (6.2.2)
rouge (3.30.0)
rqrcode (1.2.0)
chunky_png (~> 1.0)
rqrcode_core (~> 0.2)
rqrcode_core (0.2.0)
rspec-core (3.12.2)
rspec-support (~> 3.12.0)
rspec-expectations (3.12.3)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.12.0)
rspec-mocks (3.12.5)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.12.0)
rspec-rails (6.0.1)
actionpack (>= 6.1)
activesupport (>= 6.1)
railties (>= 6.1)
rspec-core (~> 3.11)
rspec-expectations (~> 3.11)
rspec-mocks (~> 3.11)
rspec-support (~> 3.11)
rspec-retry (0.6.2)
rspec-core (> 3.3)
rspec-support (3.12.0)
rspec_junit_formatter (0.4.1)
rspec-core (>= 2, < 4, != 2.12.0)
rubocop (1.50.2)
json (~> 2.3)
parallel (~> 1.10)
parser (>= 3.2.0.0)
rainbow (>= 2.2.2, < 4.0)
regexp_parser (>= 1.8, < 3.0)
rexml (>= 3.2.5, < 4.0)
rubocop-ast (>= 1.28.0, < 2.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 2.4.0, < 3.0)
rubocop-ast (1.28.0)
parser (>= 3.2.1.0)
rubocop-capybara (2.17.1)
rubocop (~> 1.41)
rubocop-performance (1.17.1)
rubocop (>= 1.7.0, < 2.0)
rubocop-ast (>= 0.4.0)
rubocop-rails (2.19.1)
activesupport (>= 4.2.0)
rack (>= 1.1)
rubocop (>= 1.33.0, < 2.0)
rubocop-rspec (2.20.0)
rubocop (~> 1.33)
rubocop-capybara (~> 2.17)
ruby-graphviz (1.2.5)
rexml
ruby-progressbar (1.13.0)
ruby-vips (2.1.4)
ffi (~> 1.12)
ruby2_keywords (0.0.5)
rubyzip (2.3.2)
saml_idp (0.14.0)
activesupport (>= 5.2)
builder (>= 3.0)
nokogiri (>= 1.6.2)
rexml
xmlenc (>= 0.7.1)
sanitize (6.0.2)
crass (~> 1.0.2)
nokogiri (>= 1.12.0)
sass (3.7.4)
sass-listen (~> 4.0.0)
sass-listen (4.0.0)
rb-fsevent (~> 0.9, >= 0.9.4)
rb-inotify (~> 0.9, >= 0.9.7)
sassc (2.4.0)
ffi (~> 1.9)
sassc-rails (2.1.2)
railties (>= 4.0.0)
sassc (>= 2.0)
sprockets (> 3.0)
sprockets-rails
tilt
scss_lint (0.59.0)
sass (~> 3.5, >= 3.5.5)
selectize-rails (0.12.6)
selenium-devtools (0.114.0)
selenium-webdriver (~> 4.2)
selenium-webdriver (4.10.0)
rexml (~> 3.2, >= 3.2.5)
rubyzip (>= 1.2.2, < 3.0)
websocket (~> 1.0)
sentry-delayed_job (5.9.0)
delayed_job (>= 4.0)
sentry-ruby (~> 5.9.0)
sentry-rails (5.9.0)
railties (>= 5.0)
sentry-ruby (~> 5.9.0)
sentry-ruby (5.9.0)
concurrent-ruby (~> 1.0, >= 1.0.2)
shoulda-matchers (4.5.1)
activesupport (>= 4.2.0)
sib-api-v3-sdk (7.4.0)
json (~> 2.1, >= 2.1.0)
typhoeus (~> 1.0, >= 1.0.1)
simple_xlsx_reader (1.0.4)
nokogiri
rubyzip
sinatra (3.0.5)
mustermann (~> 3.0)
rack (~> 2.2, >= 2.2.4)
rack-protection (= 3.0.5)
tilt (~> 2.0)
skylight (6.0.1)
activesupport (>= 5.2.0)
smart_properties (1.17.0)
spreadsheet_architect (4.1.0)
axlsx_styler (>= 1.0.0, < 2)
caxlsx (>= 2.0.2, < 4)
rodf (>= 1.0.0, < 2)
spring (4.1.1)
spring-commands-rspec (1.0.4)
spring (>= 0.9.1)
sprockets (4.2.0)
concurrent-ruby (~> 1.0)
rack (>= 2.2.4, < 4)
sprockets-rails (3.4.2)
actionpack (>= 5.2)
activesupport (>= 5.2)
sprockets (>= 3.0.0)
stackprof (0.2.21)
strong_migrations (0.8.0)
activerecord (>= 5.2)
swd (1.3.0)
activesupport (>= 3)
attr_required (>= 0.0.5)
httpclient (>= 2.4)
sysexits (1.2.0)
temple (0.8.2)
terminal-table (3.0.2)
unicode-display_width (>= 1.1.1, < 3)
thor (1.2.2)
thread_safe (0.3.6)
tilt (2.0.11)
timecop (0.9.4)
timeout (0.4.0)
ttfunk (1.7.0)
turbo-rails (1.3.2)
actionpack (>= 6.0.0)
activejob (>= 6.0.0)
railties (>= 6.0.0)
typhoeus (1.4.0)
ethon (>= 0.9.0)
tzinfo (2.0.6)
concurrent-ruby (~> 1.0)
ulid-ruby (1.0.2)
unf (0.1.4)
unf_ext
unf_ext (0.0.7.7)
unicode-display_width (2.4.2)
uri_template (0.7.0)
validate_email (0.1.6)
activemodel (>= 3.0)
mail (>= 2.2.5)
validate_url (1.0.13)
activemodel (>= 3.0.0)
public_suffix
vcr (6.1.0)
view_component (2.82.0)
activesupport (>= 5.2.0, < 8.0)
concurrent-ruby (~> 1.0)
method_source (~> 1.0)
virtus (2.0.0)
axiom-types (~> 0.1)
coercible (~> 1.0)
descendants_tracker (~> 0.0, >= 0.0.3)
vite_rails (3.0.14)
railties (>= 5.1, < 8)
vite_ruby (~> 3.0, >= 3.2.2)
vite_ruby (3.3.1)
dry-cli (>= 0.7, < 2)
rack-proxy (~> 0.6, >= 0.6.1)
zeitwerk (~> 2.2)
warden (1.2.9)
rack (>= 2.0.9)
watir (6.19.1)
regexp_parser (>= 1.2, < 3)
selenium-webdriver (>= 3.142.7)
web-console (4.1.0)
actionview (>= 6.0.0)
activemodel (>= 6.0.0)
bindex (>= 0.4.0)
railties (>= 6.0.0)
webfinger (1.2.0)
activesupport
httpclient (>= 2.4)
webmock (3.11.2)
addressable (>= 2.3.6)
crack (>= 0.3.2)
hashdiff (>= 0.4.0, < 2.0.0)
websocket (1.2.9)
websocket-driver (0.7.6)
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.5)
xmlenc (0.8.0)
activemodel (>= 3.0.0)
activesupport (>= 3.0.0)
nokogiri (>= 1.6.0, < 2.0.0)
xmlmapper (>= 0.7.3)
xmlmapper (0.8.1)
nokogiri (~> 1.11)
xpath (3.2.0)
nokogiri (~> 1.8)
zeitwerk (2.6.11)
zip_tricks (5.6.0)
zipline (1.4.1)
actionpack (>= 6.0, < 8.0)
content_disposition (~> 1.0)
zip_tricks (>= 4.2.1, < 6.0)
zxcvbn-ruby (1.2.0)
PLATFORMS
ruby
DEPENDENCIES
aasm
acsv
active_link_to
active_model_serializers
active_storage_validations
activestorage-openstack
addressable
administrate
administrate-field-enum
after_party
anchored
aws-sdk-s3
axe-core-rspec
bcrypt
bootsnap (>= 1.4.4)
brakeman
browser
capybara
capybara-email
capybara-screenshot
charlock_holmes
chartkick
chunky_png
clamav-client
daemons
deep_cloneable
delayed_cron_job
delayed_job_active_record
delayed_job_web
devise
devise-i18n
devise-two-factor
discard
dotenv-rails
dry-monads
elastic-apm
factory_bot
flipper
flipper-active_record
flipper-ui
fugit
geo_coord
geocoder
gon
graphql
graphql-batch
graphql-rails_logger
graphql-schema_comparator
groupdate
haml-lint
haml-rails
hashie
http_accept_language
i18n-tasks
i18n_data
iban-tools
image_processing
invisible_captcha
json_schemer
jwt
kaminari
launchy
letter_opener_web
listen
lograge
logstash-event
mailjet
matrix
memory_profiler
mina
mini_magick
net-imap
net-pop
net-smtp
openid_connect
parsby
pg
phonelib
prawn-rails
premailer-rails
pry-byebug
pry-rails
puma
pundit
rack-attack
rack-mini-profiler
rack_session_access
rails (~> 7.0.5)
rails-controller-testing
rails-erd
rails-i18n
rake-progressbar
redcarpet
redis
rexml
rqrcode
rspec-rails
rspec-retry
rspec_junit_formatter
rubocop
rubocop-performance
rubocop-rails
rubocop-rspec
saml_idp
sassc-rails
scss_lint
selenium-devtools
selenium-webdriver
sentry-delayed_job
sentry-rails
sentry-ruby
shoulda-matchers
sib-api-v3-sdk
simple_xlsx_reader
skylight
spreadsheet_architect
spring
spring-commands-rspec
stackprof
strong_migrations
timecop
turbo-rails
typhoeus
ulid-ruby
vcr
view_component
vite_rails
warden
web-console
webmock
zipline
zxcvbn-ruby
BUNDLED WITH
2.4.19

3338
machines/compute01/ds-fr/package/rubyEnv/gemset.nix Normal file
View file

File diff suppressed because it is too large Load diff

47
machines/compute01/ds-fr/package/update.sh Executable file
View file

@ -0,0 +1,47 @@
#!/usr/bin/env bash
version=
gitArgs=
while [ "$#" -gt 0 ]; do
i="$1"
shift 1
case "$i" in
--version|-v)
version="$1"
shift 1
;;
--git-args)
gitArgs="$gitArgs $1"
shift 1
;;
*)
echo "$0: unknown option \`$i'"
exit 1
;;
esac
done
# Create a working environment
CWD=$(pwd)
TMP=$(mktemp -d)
cd "$TMP"
# Fetch the latest source or the required version
gitUrl="https://github.com/demarches-simplifiees/demarches-simplifiees.fr.git"
if [ -n "$version" ]; then
git clone --depth 1 --branch $version $gitUrl .
else
git clone --depth 1 $gitUrl .
fi
# Generate gemset.nix
nix-shell -p bundix --run "bundix -l"
# Copy the new files
cp gemset.nix Gemfile Gemfile.lock "$CWD/rubyEnv/"
# Print the new source details
nix-shell -p nurl --run "nurl $gitUrl $version"

2
machines/compute01/kanidm/default.nix
View file

@ -5,7 +5,7 @@ let
cert = config.security.acme.certs.${domain}; cert = config.security.acme.certs.${domain};
allowedSubDomains = [ "cloud" "git" "videos" "social" ]; allowedSubDomains = [ "cloud" "git" "videos" "social" "demarches" ];
in { in {
services.kanidm = { services.kanidm = {
enableServer = true; enableServer = true;

BIN
machines/compute01/secrets/ds_fr-secret_file Normal file
View file

Binary file not shown.

1
machines/compute01/secrets/secrets.nix
View file

@ -4,6 +4,7 @@ let
in in
lib.setDefault { inherit publicKeys; } [ lib.setDefault { inherit publicKeys; } [
"ds_fr-secret_file"
"mastodon-extra_env_file" "mastodon-extra_env_file"
"nextcloud-adminpass_file" "nextcloud-adminpass_file"
"nextcloud-s3_secret_file" "nextcloud-s3_secret_file"