feat(compute01): Init satosa at 8.4.0

machines/compute01/satosa/default.nix

@@ -0,0 +1,9 @@
+{ lib, pkgs, ... }:
+
+let
+  package = import ./package { inherit lib pkgs; };
+
+  host = "saml.dgnum.eu";
+in {
+
+}

machines/compute01/satosa/package/cookies-samesite-compat.nix

@@ -0,0 +1,30 @@
+{ lib
+, python3
+, fetchPypi
+}:
+
+python3.pkgs.buildPythonPackage rec {
+  pname = "cookies-samesite-compat";
+  version = "0.0.1";
+  pyproject = true;
+
+  src = fetchPypi {
+    pname = "cookies_samesite_compat";
+    inherit version;
+    hash = "sha256-eC0rthOt3ahUUp+FD09guDag8MRQSRZ0lUkPxK8HOsA=";
+  };
+
+  nativeBuildInputs = with python3.pkgs; [
+    setuptools
+    wheel
+  ];
+
+  pythonImportsCheck = [ "cookies_samesite_compat" ];
+
+  meta = with lib; {
+    description = "WSGI Middleware to duplicate the configured cookies and remove the SameSite attribute";
+    homepage = "https://pypi.org/project/cookies-samesite-compat";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ ];
+  };
+}

machines/compute01/satosa/package/default.nix

@@ -0,0 +1,15 @@
+{ lib, pkgs, ... }:
+
+let
+  callPackage = lib.callPackageWith (pkgs // self);
+
+  self = {
+    cookies-samesite-compat = callPackage ./cookies-samesite-compat.nix { };
+    pyop = callPackage ./pyop.nix { };
+    oic = callPackage ./oic.nix { };
+    pydantic-settings = callPackage ./pydantic-settings.nix { };
+    pydantic = callPackage ./pydantic.nix { };
+    pydantic-core = callPackage ./pydantic-core.nix { };
+  };
+
+in callPackage ./satosa.nix { }

machines/compute01/satosa/package/oic.nix

@@ -0,0 +1,42 @@
+{ lib
+, python3
+, fetchPypi
+, pydantic-settings
+}:
+
+python3.pkgs.buildPythonPackage rec {
+  pname = "oic";
+  version = "1.6.1";
+  pyproject = true;
+
+  src = fetchPypi {
+    inherit pname version;
+    hash = "sha256-OFofZLtZUZ3x4jhAUwkhv0FnQCQPUF6m0WHjMdPTn60=";
+  };
+
+  nativeBuildInputs = [
+    python3.pkgs.setuptools
+    python3.pkgs.wheel
+  ];
+
+  propagatedBuildInputs = with python3.pkgs; [
+    cryptography
+    defusedxml
+    mako
+    pycryptodomex
+    pydantic-settings
+    pyjwkest
+    requests
+    typing-extensions
+  ];
+
+  pythonImportsCheck = [ "oic" ];
+
+  meta = with lib; {
+    description = "Python implementation of OAuth2 and OpenID Connect";
+    homepage = "https://pypi.org/project/oic/";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ ];
+    mainProgram = "oic";
+  };
+}

machines/compute01/satosa/package/pydantic-core.nix

@@ -0,0 +1,47 @@
+{ lib
+, python3
+, fetchPypi
+, cargo
+, rustPlatform
+, rustc
+}:
+
+python3.pkgs.buildPythonPackage rec {
+  pname = "pydantic-core";
+  version = "2.10.1";
+  pyproject = true;
+
+  src = fetchPypi {
+    pname = "pydantic_core";
+    inherit version;
+    hash = "sha256-D4aC290vZ/jh7d3L/8wp9gphgrSQHDZ/yMHEDTC7CoI=";
+  };
+
+  cargoDeps = rustPlatform.fetchCargoTarball {
+    inherit src;
+    name = "${pname}-${version}";
+    hash = "sha256-wHiIVM0x+xH0SpP6UmlGh6r7sg0rnnppGrIchHTVJcc=";
+  };
+
+  nativeBuildInputs = [
+    cargo
+    python3.pkgs.typing-extensions
+    rustPlatform.cargoSetupHook
+    rustPlatform.maturinBuildHook
+    rustc
+  ];
+
+  propagatedBuildInputs = with python3.pkgs; [
+    typing-extensions
+  ];
+
+  pythonImportsCheck = [ "pydantic_core" ];
+
+  meta = with lib; {
+    description = "";
+    homepage = "https://pypi.org/project/pydantic-core";
+    license = licenses.mit;
+    maintainers = with maintainers; [ ];
+    mainProgram = "pydantic-core";
+  };
+}

machines/compute01/satosa/package/pydantic-settings.nix

@@ -0,0 +1,36 @@
+{ lib
+, python3
+, fetchPypi
+, pydantic
+}:
+
+python3.pkgs.buildPythonPackage rec {
+  pname = "pydantic-settings";
+  version = "2.0.3";
+  pyproject = true;
+
+  src = fetchPypi {
+    pname = "pydantic_settings";
+    inherit version;
+    hash = "sha256-li3DZySVqtaulqQ5D6x+WTWR4URiXlES01n49n+3WUU=";
+  };
+
+  nativeBuildInputs = [
+    python3.pkgs.hatchling
+  ];
+
+  propagatedBuildInputs = with python3.pkgs; [
+    pydantic
+    python-dotenv
+  ];
+
+  pythonImportsCheck = [ "pydantic_settings" ];
+
+  meta = with lib; {
+    description = "Settings management using Pydantic";
+    homepage = "https://pypi.org/project/pydantic-settings/";
+    license = licenses.mit;
+    maintainers = with maintainers; [ ];
+    mainProgram = "pydantic-settings";
+  };
+}

machines/compute01/satosa/package/pydantic.nix

@@ -0,0 +1,43 @@
+{ lib
+, python3
+, fetchPypi
+, pydantic-core
+}:
+
+python3.pkgs.buildPythonPackage rec {
+  pname = "pydantic";
+  version = "2.4.1";
+  pyproject = true;
+
+  src = fetchPypi {
+    inherit pname version;
+    hash = "sha256-sXJQWIYCjkNWho1hfS0ad2168WJdExNFD9Ub3RnZ1h8=";
+  };
+
+  nativeBuildInputs = [
+    python3.pkgs.hatch-fancy-pypi-readme
+    python3.pkgs.hatchling
+  ];
+
+  propagatedBuildInputs = with python3.pkgs; [
+    annotated-types
+    pydantic-core
+    typing-extensions
+  ];
+
+  passthru.optional-dependencies = with python3.pkgs; {
+    email = [
+      email-validator
+    ];
+  };
+
+  pythonImportsCheck = [ "pydantic" ];
+
+  meta = with lib; {
+    description = "Data validation using Python type hints";
+    homepage = "https://pypi.org/project/pydantic";
+    license = licenses.mit;
+    maintainers = with maintainers; [ ];
+    mainProgram = "pydantic";
+  };
+}

machines/compute01/satosa/package/pyop.nix

@@ -0,0 +1,35 @@
+{ lib
+, python3
+, fetchPypi
+, oic
+}:
+
+python3.pkgs.buildPythonPackage rec {
+  pname = "pyop";
+  version = "3.4.0";
+  pyproject = true;
+
+  src = fetchPypi {
+    inherit pname version;
+    hash = "sha256-4Iq+TVNH7Pq1Q/Xkdeg8FTqLIjGF673qq0AV/4TjkvE=";
+  };
+
+  nativeBuildInputs = with python3.pkgs; [
+    setuptools
+    wheel
+  ];
+
+  propagatedBuildInputs = with python3.pkgs; [
+    oic
+    pycryptodomex
+  ];
+
+  pythonImportsCheck = [ "pyop" ];
+
+  meta = with lib; {
+    description = "OpenID Connect Provider (OP) library in Python";
+    homepage = "https://pypi.org/project/pyop";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ ];
+  };
+}

machines/compute01/satosa/package/satosa.nix

@@ -0,0 +1,59 @@
+{ lib
+, python3
+, fetchPypi
+, cookies-samesite-compat
+, pyop
+}:
+
+python3.pkgs.buildPythonPackage rec {
+  pname = "satosa";
+  version = "8.4.0";
+  pyproject = true;
+
+  src = fetchPypi {
+    pname = "SATOSA";
+    inherit version;
+    hash = "sha256-KREROjb157RJJVRr9YefzoR/eflR/U7ZmG6yOH5DjcU=";
+  };
+
+  nativeBuildInputs = [
+    python3.pkgs.setuptools
+    python3.pkgs.wheel
+  ];
+
+  propagatedBuildInputs = with python3.pkgs; [
+    chevron
+    click
+    cookies-samesite-compat
+    gunicorn
+    importlib-metadata
+    pycryptodomex
+    pyop
+    pysaml2
+    pyyaml
+    requests
+    werkzeug
+  ];
+
+  passthru.optional-dependencies = with python3.pkgs; {
+    ldap = [
+      ldap3
+    ];
+    pyop_mongo = [
+      pyop
+    ];
+    pyop_redis = [
+      pyop
+    ];
+  };
+
+  pythonImportsCheck = [ "satosa" ];
+
+  meta = with lib; {
+    description = "Protocol proxy (SAML/OIDC)";
+    homepage = "https://pypi.org/project/SATOSA";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ ];
+    mainProgram = "satosa";
+  };
+}