From c65c2036e05c2457cb06abf5c2a8d78106b89ab4 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Sat, 11 Jan 2025 14:17:54 +0100 Subject: [PATCH] feat(web03/django-apps): Deploy gestiobds --- machines/nixos/web03/django-apps/default.nix | 1 + .../nixos/web03/django-apps/gestiobds.nix | 65 +++++++++++++++++++ .../secrets/dj_gestiobds-secret_key_file | 32 +++++++++ machines/nixos/web03/secrets/secrets.nix | 2 + .../web03/secrets/webhook-gestiobds_token | 30 +++++++++ 5 files changed, 130 insertions(+) create mode 100644 machines/nixos/web03/django-apps/gestiobds.nix create mode 100644 machines/nixos/web03/secrets/dj_gestiobds-secret_key_file create mode 100644 machines/nixos/web03/secrets/webhook-gestiobds_token diff --git a/machines/nixos/web03/django-apps/default.nix b/machines/nixos/web03/django-apps/default.nix index 55be1b0..18b5ee6 100644 --- a/machines/nixos/web03/django-apps/default.nix +++ b/machines/nixos/web03/django-apps/default.nix @@ -7,6 +7,7 @@ ./annuaire.nix ./bocal.nix ./ernestophone.nix + ./gestiobds.nix ./gestiojeux.nix ./interludes.nix ./wikiens.nix diff --git a/machines/nixos/web03/django-apps/gestiobds.nix b/machines/nixos/web03/django-apps/gestiobds.nix new file mode 100644 index 0000000..bd4f44c --- /dev/null +++ b/machines/nixos/web03/django-apps/gestiobds.nix @@ -0,0 +1,65 @@ +# SPDX-FileCopyrightText: 2024 Tom Hubrecht +# +# SPDX-License-Identifier: EUPL-1.2 + +{ + pkgs, + sources, + config, + ... +}: + +let + inherit (import "${sources.nix-pkgs}/overlay.nix") mkOverlay; +in + +{ + services.django-apps.sites.gestiobds = { + source = "https://git.dgnum.eu/DGNum/gestioCOF"; + branch = "django-apps"; + domain = "gestiobds.webapps.dgnum.eu"; + + nginx = { + enableACME = true; + forceSSL = true; + }; + + webHookSecret = config.age.secrets."webhook-gestiobds_token".path; + + python = pkgs.python3.override { + packageOverrides = mkOverlay { + folder = "python-modules"; + plist = [ + # Required packages + "authens" + "django-bootstrap-form" + "django-cas-ng" + "loadcredential" + + # Dependencies + "python-cas" + ]; + }; + }; + + dependencies = ps: [ + ps.authens + ps.django + ps.django-bootstrap-form + ps.django-autocomplete-light + ps.django-cas-ng + ps.django-widget-tweaks + ps.loadcredential + ps.pillow + ]; + + application = { + module = "gestioasso"; + settingsModule = "gestioasso.settings_bds"; + }; + + credentials = { + SECRET_KEY = config.age.secrets."dj_gestiobds-secret_key_file".path; + }; + }; +} diff --git a/machines/nixos/web03/secrets/dj_gestiobds-secret_key_file b/machines/nixos/web03/secrets/dj_gestiobds-secret_key_file new file mode 100644 index 0000000..337b9ee --- /dev/null +++ b/machines/nixos/web03/secrets/dj_gestiobds-secret_key_file @@ -0,0 +1,32 @@ +age-encryption.org/v1 +-> ssh-ed25519 jIXfPA nBhkwF18nxNOAVxLI8SpKJMFQlE2/uDBnriYXrkeej4 +5Mej1iDjUU6vv4SNXUPK0xa4UBK6Iw6B3oLvAIv3f0k +-> ssh-ed25519 QlRB9Q 5dzJ/KNc33da+dPK82/+245ud6mszVetdgzfUzWb7Vg +zHqSYs0Zu7sbiUZf3gaI/owKcbzMAVfqYJqXHt8N5es +-> ssh-ed25519 r+nK/Q cmtUXO2Oz3iBevQ+2fWLHvnG72mdeCWhICI2aK1APAo +QAGndnn/ruM2tG0fRW40mKd+XHDOeu6Hz++PmZdzPmA +-> ssh-rsa krWCLQ +rUHz8woQBawX6jx3N+vomDUT6qzqdhlR0jWi/oHLsRY7JfHhao17jd3sxGo5sXX2 ++BIIbZAUOQqpUnV0Bwy/KVmPC375woz65P1rLWJskDCjJ8lIJFwrLUpOIDRmiibI ++TTYObhv/9d5yTcvlwX5/hlcEEk8C8sS6nHioyqfMhvVBIZ0iq2X5FSHLJNsK4lN +e6xY7f4M7AIZWAc2yxKc0wKkfdbDcTHTXDZ38TYoUj3+4iqYITv03C1I/jlo4ucj +hWebFIioDLnVYptKrYCi0yRdC4JuDn2jO97KH5oUpicqM+iSB94Fd50t7Axn5FVG +3p9knihux5L+wFRpvykLIw +-> ssh-ed25519 /vwQcQ EhOK7UhIsklWHuKWO3amaDzsSHwsfiD8aUyLHu6zvSM +Q6G+LwgEsPfsjtWB4MuhXwiXszQyMU6BSoaPwbbltr4 +-> ssh-ed25519 0R97PA TwhCS7Hemb3tVk+ny1g2rncRTbu/Q0Q2iAvw/CkCq3I +k79gpN9iNzTe1W0QqEr2Ignk0Y65+qezxFaotRPcvLw +-> ssh-ed25519 JGx7Ng osmTbn6K6SFKep+oW2N5xx87WT8BZiGwxsPAyh9Tun8 +clygZBmI3JpHNAbRXxGB/03fj2HaYIPDHRV6nPTSghY +-> ssh-ed25519 bUjjig 1Edv602hQheiJBwZoGNv7kmJDNy0eHUhhddhCRTL3Tk +VN/BQPOxtIpWnHC/kCNcx4qiFLq1bjkWI0H+G/PmprU +-> ssh-ed25519 VQSaNw KohfvXVo8yu1X0OBB9hkGo1hJLsu8VN3fNC2N2R42AU +JznqAIwaf3i0UrvHYBMwqY8t82fi9PpqfShfYQOpSLE +-> ]Cʻ +o^2ؐJsуպݡ.nWaR]Ũ +; +|h \ No newline at end of file diff --git a/machines/nixos/web03/secrets/secrets.nix b/machines/nixos/web03/secrets/secrets.nix index 2bd599e..883ac2b 100644 --- a/machines/nixos/web03/secrets/secrets.nix +++ b/machines/nixos/web03/secrets/secrets.nix @@ -12,6 +12,7 @@ "dj_ernestophone-secret_key_file" "dj_ernestophone-password_file" "dj_ernestophone-admins_file" + "dj_gestiobds-secret_key_file" "dj_gestiojeux-secret_key_file" "dj_interludes-email_host_password_file" "dj_interludes-secret_key_file" @@ -19,6 +20,7 @@ "webhook-annuaire_token" "webhook-bocal_token" "webhook-ernestophone_token" + "webhook-gestiobds_token" "webhook-gestiojeux_token" "webhook-interludes_token" "webhook-wikiens_token" diff --git a/machines/nixos/web03/secrets/webhook-gestiobds_token b/machines/nixos/web03/secrets/webhook-gestiobds_token new file mode 100644 index 0000000..bf27c9b --- /dev/null +++ b/machines/nixos/web03/secrets/webhook-gestiobds_token @@ -0,0 +1,30 @@ +age-encryption.org/v1 +-> ssh-ed25519 jIXfPA j5KTZSTJhYuqANlf45FKm8fVexUngcwYmfaDREneU18 +gUu170rTeyd6DO/rSrQABkcSJBcuecT9OLgvGgMZVvk +-> ssh-ed25519 QlRB9Q QNgf3AzM/7GrZdV1Ddo+oHmTERg6yYVZCizlOYeAiBM +yZBVjXcDGuLXTMrCRNlm34slLgXyY15pPYhjLMpWVew +-> ssh-ed25519 r+nK/Q g6jpyRh0pREAyx5MFSup5ifFH2Da7Fz8bjjmM6gfR2Q +EqTZJkq51e/MfkuVf8C3/qfJtMn0CAFpE06Lut5pQy8 +-> ssh-rsa krWCLQ +r0RLtf6PlnKH3fQgGkxxga6PyQ7GdKQDchAnBCtwjcqxswlf1Hkg68sKomEeoRie +MABZnUP4cyngwoPIuSJrCYcuNgcZlsV61oen8H7PcM0YoAZhL1trcGSDCao9xDUf +tMr9375Q878OpyB60qgtLOH4reHU65oUtmkpltfEUW02JEaVwmWZa/TFAUr5iJMj +RBc4oPk7CPPoGUScnC/yGV7M6ChAd0MGwecuIr3+a2ks9D8AQ3x+jKsM+SQuvSsJ +Pflo+4TMYTRMIhiKUjj1e34Bv/MqmmM/IQs3nrOzGiJWP+JUZS7csf1EyTmNcLWR +OQCAEoL9Jdo8vtr4XY4kOA +-> ssh-ed25519 /vwQcQ Va6fcfoC6ptoHgRrvffC++Ndt6n2TGr424Yzw819ljg +xL8zQWeH9YxO4Notz4u8t6pz3v2uF335E2zSk6dK5do +-> ssh-ed25519 0R97PA zK2CeINzXIK1YTMxSm0byskOixfjQiFDijQmDq0TYSk +vQrV1p23mMiCwn+78rNDMMqyI785ytIzb099rBz6KSI +-> ssh-ed25519 JGx7Ng VkpZD+elO/7hPDdVdBgr95TQdwzySDuwZvBaUefMoSk +sdGwdOCPr9C4hGCJdzFQ20MdqCM8T0s8QdmxbtaJgvI +-> ssh-ed25519 bUjjig 82z70/5xB6fJmX8zmVbIOJNlo4LxlgTlr4HQkwnhEDI +u2kzpWEOObNzml0VwWsB7bSMFdz+9s7qEKG16YPgpY0 +-> ssh-ed25519 VQSaNw 6JMKcoU2q65WfwdExYBzSKAFnNWtxSJ8zm4fcNTAnFE +A3dm2BsGjCd3GH3PECZWtZ4UtOTlFaasbI1cbt3upwA +-> CgIi+6-grease ;MOsWn , FV8~T{ +i4/9oj10aXG0JNKsgx+01ZliHNDwky4vbtspyjMUPG7XCcs/Sge1gOsgCYW7V6B8 +waKJKkAki9cTR7BIJPX/mHy9+d2jUc86 +--- DMss8LdEGDccGoluvvSdH+kdC2gPCpN93ngELoV9BpM + w]}}yJɷpqNQҙRrSIPD HMW90 + \ No newline at end of file