Compare commits

..

No commits in common. "main" and "hypervisors" have entirely different histories.

24 changed files with 232 additions and 621 deletions

View file

@ -20,7 +20,7 @@ precedence = "closest"
[[annotations]]
SPDX-FileCopyrightText = "2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>"
SPDX-License-Identifier = "EUPL-1.2"
path = ["machines/nixos/compute01/ds-fr/01-smtp-tls.patch", "machines/nixos/compute01/librenms/kanidm.patch", "machines/nixos/compute01/stirling-pdf/*.patch", "machines/nixos/vault01/k-radius/packages/01-python_path.patch", "machines/nixos/web01/crabfit/*.patch", "machines/nixos/web02/cas-eleves/01-pytest-cas.patch", "patches/lix/01-disable-installChecks.patch", "patches/nixpkgs/03-crabfit-karla.patch", "patches/nixpkgs/05-netbird-relay.patch"]
path = ["machines/nixos/compute01/librenms/kanidm.patch", "machines/nixos/compute01/stirling-pdf/*.patch", "machines/nixos/vault01/k-radius/packages/01-python_path.patch", "machines/nixos/web01/crabfit/*.patch", "machines/nixos/web02/cas-eleves/01-pytest-cas.patch", "patches/lix/01-disable-installChecks.patch", "patches/nixpkgs/03-crabfit-karla.patch", "patches/nixpkgs/05-netbird-relay.patch"]
precedence = "closest"
[[annotations]]

View file

@ -85,7 +85,6 @@ let
# Patches
{
path = [
"machines/nixos/compute01/ds-fr/01-smtp-tls.patch"
"machines/nixos/compute01/librenms/kanidm.patch"
"machines/nixos/compute01/stirling-pdf/*.patch"
"machines/nixos/vault01/k-radius/packages/01-python_path.patch"

View file

@ -1,63 +0,0 @@
From de5e8237e4bd8f3e325473c789fb542d01557f27 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom@hubrecht.ovh>
Date: Fri, 22 Sep 2023 17:26:27 +0200
Subject: [PATCH 1/2] fix(smtp): Allow specifying SSL settings
---
config/environments/production.rb | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/config/environments/production.rb b/config/environments/production.rb
index cf942cd6c70..39692890213 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -105,7 +105,8 @@
user_name: ENV.fetch("SMTP_USER"),
password: ENV.fetch("SMTP_PASS"),
authentication: ENV.fetch("SMTP_AUTHENTICATION"),
- enable_starttls_auto: ENV.fetch("SMTP_TLS").present?
+ enable_starttls_auto: ENV.fetch("SMTP_TLS").present?,
+ ssl: ENV.fetch("SMTP_SSL").present?
}
elsif ENV['SENDMAIL_ENABLED'] == 'enabled'
config.action_mailer.delivery_method = :sendmail
From a406428ee761231c3e82dd5c8f5154d04474a238 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom@hubrecht.ovh>
Date: Mon, 25 Sep 2023 10:17:37 +0200
Subject: [PATCH 2/2] fix(smtp): Disambiguate configuration options for SMTP
---
config/env.example.optional | 3 ++-
config/environments/production.rb | 4 ++--
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/config/env.example.optional b/config/env.example.optional
index 050e5d49bec..25bea8328fb 100644
--- a/config/env.example.optional
+++ b/config/env.example.optional
@@ -206,7 +206,8 @@ SMTP_HOST=""
SMTP_PORT=""
SMTP_USER=""
SMTP_PASS=""
-SMTP_TLS=""
+SMTP_STARTTLS="enabled" # Use any non-blank value to enable starttls
+SMTP_TLS="" # Use any non-blank value to enable TLS
SMTP_AUTHENTICATION="plain"
# Sendmail
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 39692890213..bc203bbbaab 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -105,8 +105,8 @@
user_name: ENV.fetch("SMTP_USER"),
password: ENV.fetch("SMTP_PASS"),
authentication: ENV.fetch("SMTP_AUTHENTICATION"),
- enable_starttls_auto: ENV.fetch("SMTP_TLS").present?,
- ssl: ENV.fetch("SMTP_SSL").present?
+ enable_starttls_auto: ENV.fetch("SMTP_STARTTLS", "enabled").present?,
+ tls: ENV.fetch("SMTP_TLS", "").present?
}
elsif ENV['SENDMAIL_ENABLED'] == 'enabled'
config.action_mailer.delivery_method = :sendmail

View file

@ -11,49 +11,41 @@
let
host = "demarches.dgnum.eu";
port = 3000;
dgn-id = "8dfdc60d1aa66e7206461ed7a49199f624a66b4e";
patch = pkgs.fetchurl {
url = "https://git.dgnum.eu/DGNum/demarches-normaliennes/commit/${dgn-id}.patch";
hash = "sha256-6JdbUf2fc79E5F1wtYFnP1JLGJffhGbjaxysRFr8xN4=";
};
dgn-id = "1fbe81d211b18dae7b9c1727362997c62636f24a";
in
{
imports = [ ./module.nix ];
dgn-web.internalPorts.ds-fr = port;
dgn-web.internalPorts.ds-fr = 3000;
services.demarches-simplifiees = {
enable = true;
package = (import sources.nix-pkgs { inherit pkgs; }).demarches-simplifiees.overrideAttrs (old: {
dsModules = old.dsModules.overrideAttrs {
prePatch = ''
${pkgs.lib.getExe pkgs.git} apply -p1 < ${patch}
'';
};
package =
((import sources.nix-pkgs { inherit pkgs; }).demarches-simplifiees.override {
initialDeploymentDate = "20230923";
}).overrideAttrs
(old: {
dsModules = old.dsModules.overrideAttrs {
prePatch = ''
${pkgs.lib.getExe pkgs.git} apply -p1 < ${
pkgs.fetchurl {
url = "https://git.dgnum.eu/DGNum/demarches-normaliennes/commit/${dgn-id}.patch";
hash = "sha256-aCq/WkV4+PUSIzXgznwm2sAcaz12Y1zmUbh7QoXoMsM=";
}
}
'';
};
});
patches = (old.patches or [ ]) ++ [ ./01-smtp-tls.patch ];
prePatch = ''
${pkgs.lib.getExe pkgs.git} apply -p1 < ${patch}
'';
postPatch = ''
rm -f lib/tasks/deployment/20240830192553_backfill_hide_instructeurs_email.rake
rm -f lib/tasks/deployment/20240912151317_clean_virtual_column_from_procedure_presentation.rake
rm -f lib/tasks/deployment/20240920130741_migrate_procedure_presentation_to_columns.rake
'';
});
inherit host port;
environmentFile = config.age.secrets."ds-fr-secret_file".path;
secretFile = config.age.secrets."ds-fr-secret_file".path;
initialDeploymentDate = "20230923";
environment = {
settings = {
APP_HOST = host;
# Disable France Connect and Agent Connect
FRANCE_CONNECT_ENABLED = "disabled";
AGENT_CONNECT_ENABLED = "disabled";
@ -73,8 +65,8 @@ in
SMTP_HOST = "kurisu.lahfa.xyz";
SMTP_PORT = "465";
SMTP_USER = "web-services@infra.dgnum.eu";
SMTP_STARTTLS = "";
SMTP_TLS = "true";
SMTP_TLS = "";
SMTP_SSL = "true";
SMTP_AUTHENTICATION = "plain";
SUPER_ADMIN_OTP_ENABLED = "disabled";
@ -95,10 +87,18 @@ in
RUBY_YJIT_ENABLE = "1";
STRICT_EMAIL_VALIDATION_STARTS_ON = "2024-12-18";
STRICT_EMAIL_VALIDATION_STARTS_ON = "2024-02-23";
WEASYPRINT_URL = "http://127.0.0.1:5000/pdf";
# Customization
# HEADER_LOGO_SRC = "logo_ens_psl_couleur.png";
# HEADER_LOGO_ALT = "Par la Recherche, pour la Recherche";
# PROCEDURE_DEFAULT_LOGO_SRC = "logo_ens_psl_couleur.png";
};
};
# dgn-backups.jobs.ds-fr.settings.paths = [ "/var/lib/private/demarches-simplifiees/" ];
age-secrets.autoMatch = [ "ds-fr" ];
dgn-backups.jobs.ds-fr.settings.paths = [ "/var/lib/ds-fr" ];
dgn-backups.postgresDatabases = [ "ds-fr" ];
}

View file

@ -1,4 +1,5 @@
# SPDX-FileCopyrightText: 2023-2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
# Copyright Tom Hubrecht, (2023)
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
@ -6,290 +7,192 @@
config,
lib,
pkgs,
utils,
...
}:
let
inherit (lib)
getExe
getExe'
mapAttrs
mkDefault
mkEnableOption
mkIf
mkOption
mkPackageOption
optional
;
optionalString
inherit (lib.types)
attrsOf
nullOr
oneOf
package
path
port
str
types
;
inherit (utils) escapeSystemdExecArgs;
cfg = config.services.demarches-simplifiees;
weasyprintEnv = pkgs.python3.withPackages (ps: [
ps.flask
ps.sentry-sdk
ps.weasyprint
]);
settingsFormat = pkgs.formats.keyValue { };
env = settingsFormat.generate "ds-fr-env" cfg.settings;
ds-fr = pkgs.writeShellScriptBin "ds-fr" ''
set -a
cd ${cfg.package}
${optionalString (cfg.secretFile != null) "source ${cfg.secretFile}"}
source ${env}
BIN="$1"
shift
SUDO="exec"
if [[ $USER != ${cfg.user} ]]; then
SUDO='exec /run/wrappers/bin/sudo -u ${cfg.user} --preserve-env'
fi
$SUDO ${cfg.package}/bin/$BIN "$@"
'';
in
{
options.services.demarches-simplifiees = {
enable = mkEnableOption "Démarches Simplifiées";
enable = mkEnableOption "demarches-simplifiees.";
package = mkPackageOption pkgs "demarches-simplifiees" { };
finalPackage = mkOption {
type = package;
default = cfg.package.override { inherit (cfg) initialDeploymentDate; };
package = mkOption {
type = types.package;
default = pkgs.callPackage ./package { inherit (cfg) initialDeploymentDate dataDir logDir; };
};
host = mkOption {
type = str;
description = ''
Hostname of the web server.
'';
user = mkOption {
type = types.str;
default = "ds-fr";
description = "User account under which DS runs.";
};
port = mkOption {
type = port;
default = 3000;
description = ''
Listening port for the web server.
'';
group = mkOption {
type = types.str;
default = "ds-fr";
description = "Group account under which DS runs.";
};
weasyprintPort = mkOption {
type = port;
default = 5000;
description = ''
Port of the weasyprint server.
'';
dataDir = mkOption {
type = types.str;
default = "/var/lib/ds-fr";
};
environment = mkOption {
type = attrsOf (
nullOr (oneOf [
package
path
str
])
);
description = ''
Evironment variables available to Démarches Simplifiées.
'';
logDir = mkOption {
type = types.str;
default = "/var/log/ds-fr";
};
environmentFile = mkOption {
type = nullOr path;
secretFile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Path to a file containing environment variables.
Required secrets are `SECRET_KEY_BASE` and `OTP_SECRET_KEY`,
which can be generated using `rails secret`.
'';
};
settings = mkOption { inherit (settingsFormat) type; };
initialDeploymentDate = mkOption {
type = nullOr str;
type = types.nullOr types.str;
default = null;
description = ''
Initial deployment date, used to ignore some migrations,
which are known to be buggy and are supposed to change old production data.
'';
};
interactScript = mkOption {
type = package;
default = pkgs.writeShellApplication {
name = "ds-fr";
runtimeInputs = [
cfg.finalPackage
config.systemd.package
pkgs.util-linux
];
text = ''
MainPID=$(systemctl show -p MainPID --value demarches-simplifiees.service)
nsenter -e -a -w -t "$MainPID" -G follow -S follow "$@"
'';
};
description = ''
Script to run ds-fr tasks.
'';
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.interactScript ];
environment.systemPackages = [ ds-fr ];
systemd.tmpfiles.rules = [
"f '${cfg.logDir}/production.log' 0640 ${cfg.user} ${cfg.group} - -"
"f '${cfg.dataDir}/.env' 0600 ${cfg.user} ${cfg.group} - -"
"d '${cfg.dataDir}/tmp' 0700 ${cfg.user} ${cfg.group} 10d -"
"d '${cfg.dataDir}/storage' 0700 ${cfg.user} ${cfg.group} - -"
];
systemd.services = {
ds-fr-setup = {
description = "Demarches Simplifiees setup";
wantedBy = [ "multi-user.target" ];
path = [
pkgs.bash
ds-fr
];
after = [ "postgresql.service" ];
systemd.services =
let
serviceConfig = {
User = "ds-fr";
DynamicUser = true;
EnvironmentFile = optional (cfg.environmentFile != null) cfg.environmentFile;
CacheDirectory = "demarches-simplifiees";
LogsDirectory = "demarches-simplifiees";
RuntimeDirectory = "demarches-simplifiees";
StateDirectory = "demarches-simplifiees";
WorkingDirectory = cfg.finalPackage;
};
in
{
demarches-simplifiees = {
description = "Démarches Simplifiées";
inherit (cfg) environment;
path = [
cfg.finalPackage
pkgs.imagemagick
];
after = [
"network.target"
"postgresql.target"
];
wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -p "$STATE_DIRECTORY/storage"
if [[ ! -f "$STATE_DIRECTORY/.version" ]]; then
# Run initial setup
rails db:environment:set
rails db:schema:load
rails db:seed
rails jobs:schedule
touch "$STATE_DIRECTORY/.version"
fi
if [[ $(cat "$STATE_DIRECTORY/.version") != "$__DS_VERSION" ]]; then
# Run migrations on version change
rake db:migrate
rake after_party:run
echo "$__DS_VERSION" > "$STATE_DIRECTORY/.version"
fi
'';
serviceConfig = serviceConfig // {
ExecStart = escapeSystemdExecArgs [
(getExe' cfg.finalPackage "rails")
"server"
"-b"
"127.0.0.1"
"-p"
cfg.port
];
};
Type = "oneshot";
User = cfg.user;
Group = cfg.group;
EnvironmentFile = [ env ] ++ (optional (cfg.secretFile != null) cfg.secretFile);
StateDirectory = mkIf (cfg.dataDir == "/var/lib/ds-fr") "ds-fr";
LogsDirectory = mkIf (cfg.logDir == "/var/log/ds-fr") "ds-fr";
};
demarches-simplifiees-work = {
description = "Démarches Simplifiées work service";
script = ''
[[ ! -f ${cfg.dataDir}/.initial-migration ]] \
&& ds-fr rails db:environment:set \
&& ds-fr rails db:schema:load \
&& ds-fr rails db:seed \
&& touch ${cfg.dataDir}/.initial-migration
inherit (cfg) environment;
ds-fr rake db:migrate
ds-fr rake after_party:run
'';
};
after = [ "demarches-simplifiees.service" ];
wantedBy = [ "multi-user.target" ];
bindsTo = [ "demarches-simplifiees.service" ];
partOf = [ "demarches-simplifiees.service" ];
ds-fr-work = {
description = "Demarches Simplifiees work service";
serviceConfig = serviceConfig // {
ExecStart = escapeSystemdExecArgs [
(getExe' cfg.finalPackage "rails")
"jobs:work"
];
};
};
wantedBy = [
"multi-user.target"
"ds-fr.service"
];
after = [
"network.target"
"ds-fr-setup.service"
];
requires = [ "ds-fr-setup.service" ];
weasyprint-server = {
description = "Weasyprint server";
wantedBy = [ "multi-user.target" ];
environment = {
BASE_URL = "https://${cfg.host}";
LOG_DIR = "/var/log/weasyprint";
UWSGI_PYTHONPATH = weasyprintEnv;
UWSGI_MODULE = "wgsi:app";
};
serviceConfig = {
DynamicUser = true;
Type = "notify";
WorkingDirectory = cfg.finalPackage.weasyprint_server;
LogsDirectory = "weasyprint";
ExecStart = escapeSystemdExecArgs [
(getExe (pkgs.uwsgi.override { plugins = [ "python3" ]; }))
"--http-socket"
"127.0.0.1:${builtins.toString cfg.weasyprintPort}"
"--processes=4"
"--enable-threads"
];
NotifyAccess = "all";
KillSignal = "SIGQUIT";
ExecReload = "${getExe' pkgs.coreutils "kill"} -HUP $MainPID";
ExecStop = "${getExe' pkgs.coreutils "kill"} -INT $MainPID";
ProtectSystem = "full";
ProtectHome = true;
NoNewPrivileges = true;
PrivateDevices = true;
};
serviceConfig = {
ExecStart = "${ds-fr}/bin/ds-fr rails jobs:work";
EnvironmentFile = [ env ] ++ (optional (cfg.secretFile != null) cfg.secretFile);
User = cfg.user;
Group = cfg.group;
StateDirectory = mkIf (cfg.dataDir == "/var/lib/ds-fr") "ds-fr";
LogsDirectory = mkIf (cfg.logDir == "/var/log/ds-fr") "ds-fr";
};
};
ds-fr = {
description = "Demarches Simplifiees web service";
wantedBy = [ "multi-user.target" ];
after = [
"network.target"
"ds-fr-setup.service"
];
requires = [ "ds-fr-setup.service" ];
path = [ pkgs.imagemagick ];
serviceConfig = {
ExecStart = "${ds-fr}/bin/ds-fr rails server";
Environment = [ "RAILS_QUEUE_ADAPTER=delayed_job" ];
EnvironmentFile = [ env ] ++ (optional (cfg.secretFile != null) cfg.secretFile);
User = cfg.user;
Group = cfg.group;
StateDirectory = mkIf (cfg.dataDir == "/var/lib/ds-fr") "ds-fr";
LogsDirectory = mkIf (cfg.logDir == "/var/log/ds-fr") "ds-fr";
};
};
};
services = {
demarches-simplifiees.environment =
# Hardcoded values
{
demarches-simplifiees.settings =
(builtins.mapAttrs (_: mkDefault) {
RAILS_ENV = "production";
RAILS_ROOT = builtins.toString cfg.package;
# Application host name
#
# Examples:
# * For local development: localhost:3000
# * For preproduction: staging.ds.example.org
# * For production: ds.example.org
APP_HOST = cfg.host;
# Database credentials
DB_DATABASE = "ds-fr";
DB_USERNAME = "ds-fr";
DB_HOST = "/run/postgresql";
DB_PORT = "5432";
# The variables must be present even if empty...
DB_PASSWORD = "";
DB_POOL = "";
# Jobs configuration
RAILS_QUEUE_ADAPTER = "delayed_job";
# Log on stdout
RAILS_LOG_TO_STDOUT = "true";
# Package version
__DS_VERSION = cfg.finalPackage.version;
# Weasyprint endpoint generating attestations v2
# See https://github.com/demarches-simplifiees/weasyprint_server
WEASYPRINT_URL = "http://127.0.0.1:${builtins.toString cfg.weasyprintPort}/pdf";
}
// (mapAttrs (_: mkDefault) {
RAILS_ENV = "production";
RAILS_ROOT = builtins.toString cfg.finalPackage;
APP_HOST = "localhost:3000";
# Rails key for signing sensitive data
# See https://guides.rubyonrails.org/security.html
@ -324,6 +227,18 @@ in
# SAML
SAML_IDP_ENABLED = "disabled";
# External service: authentication through France Connect
FC_PARTICULIER_ID = "";
FC_PARTICULIER_SECRET = "";
FC_PARTICULIER_BASE_URL = "";
# External service: authentication through Agent Connect
AGENT_CONNECT_ID = "";
AGENT_CONNECT_SECRET = "";
AGENT_CONNECT_BASE_URL = "";
AGENT_CONNECT_JWKS = "";
AGENT_CONNECT_REDIRECT = "";
# External service: integration with HelpScout (optional)
HELPSCOUT_MAILBOX_ID = "";
HELPSCOUT_CLIENT_ID = "";
@ -373,6 +288,9 @@ in
# https://api.gouv.fr/api/api-entreprise.html
API_ENTREPRISE_KEY = "";
# External service: CRM for following admin accounts pipeline (specific to démarches-simplifiées.fr)
PIPEDRIVE_KEY = "";
# Networks bypassing the email login token that verifies new devices, and rack-attack throttling
TRUSTED_NETWORKS = "";
@ -381,7 +299,7 @@ in
# "sXaot-fKhBlkI8qaSirQyuZbrpv5sVFoOturQ0pFEh0";
# Enable or disable Lograge logs
LOGRAGE_ENABLED = "enabled";
LOGRAGE_ENABLED = "disabled";
# Logs source for Lograge
#
@ -418,42 +336,57 @@ in
# Siret number used for API Entreprise, by default we use SIRET from dinum
API_ENTREPRISE_DEFAULT_SIRET = "put_your_own_siret";
})
// {
# Database credentials
DB_DATABASE = "ds-fr";
DB_USERNAME = cfg.user;
DB_PASSWORD = "";
DB_HOST = "/run/postgresql";
DB_POOL = "";
# Date from which email validation requires a TLD in email adresses.
# This change had been introduced by : cc53946d221d6f64c365ad6c6c4c544802eb94b4
# Records (users, …) created before this date won't be affected. See #9978
# To set a date, we recommend using *the day after* you have deployed this commit,
# so existing records won't be invalid.
STRICT_EMAIL_VALIDATION_STARTS_ON = "2024-02-19";
});
# Log on stdout
RAILS_LOG_TO_STDOUT = true;
};
postgresql = {
enable = true;
ensureDatabases = [ "ds-fr" ];
ensureUsers = [
{
name = "ds-fr";
ensureDBOwnership = true;
}
];
ensureUsers = optional (cfg.user == "ds-fr") {
name = "ds-fr";
ensureDBOwnership = true;
};
extensions = [ config.services.postgresql.package.pkgs.postgis ];
extraPlugins = with config.services.postgresql.package.pkgs; [ postgis ];
};
nginx = {
enable = true;
virtualHosts.${cfg.host} = {
virtualHosts.${cfg.settings.APP_HOST} = {
enableACME = true;
forceSSL = true;
root = "${cfg.finalPackage}/public/";
root = "${cfg.package}/public/";
locations."/".tryFiles = "$uri @proxy";
locations."@proxy".proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}";
locations."@proxy" = {
proxyPass = "http://127.0.0.1:3000";
};
};
};
};
users.users = mkIf (cfg.user == "ds-fr") {
ds-fr = {
inherit (cfg) group;
isSystemUser = true;
home = cfg.package;
};
};
users.groups.${cfg.group} = { };
};
}

View file

@ -25,7 +25,6 @@ let
"boussole-sante.normalesup.eu"
"lanuit.ens.fr"
"simi.normalesup.eu"
"pub.dgnum.eu"
];
buckets = [
@ -36,7 +35,6 @@ let
"hackens-website"
"nuit-website"
"peertube-videos-dgnum"
"landing-website"
] ++ domains;
mkHosted = host: builtins.map (b: "${b}.${host}");

View file

@ -35,9 +35,9 @@ in
"www.interq.ens.fr" = "interq.ens.fr";
};
temporary =
{
};
temporary = {
"pub.dgnum.eu".to = "https://www.instagram.com/dgnum_eu/";
};
retired = mkSubs {
"ens.fr" = [

View file

@ -135,9 +135,12 @@ in
dgn-web.simpleProxies.cas-eleves = {
inherit host port;
vhostConfig.locations = {
"/static/".root = staticDrv;
"= /robots.txt".root = "${staticDrv}/static";
vhostConfig = {
serverAliases = [ "cas-eleves.dgnum.eu" ];
locations = {
"/static/".root = staticDrv;
"= /robots.txt".root = "${staticDrv}/static";
};
};
};

View file

@ -13,7 +13,6 @@ lib.extra.mkConfig {
enabledServices = [
# List of services to enable
"django-apps"
"redirections"
];
extraConfig = {

View file

@ -6,7 +6,6 @@
imports = [
./annuaire.nix
./bocal.nix
./ernestophone.nix
./gestiojeux.nix
./interludes.nix
./wikiens.nix

View file

@ -1,65 +0,0 @@
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{
pkgs,
sources,
config,
...
}:
let
nix-pkgs = import sources.nix-pkgs { inherit pkgs; };
in
{
services.django-apps.sites.ernestophone = {
source = "https://git.dgnum.eu/DGNum/ernestophone.ens.fr";
branch = "update";
domain = "ernestophone.ens.fr";
nginx = {
enableACME = true;
forceSSL = true;
locations = {
"/media/trombonoscope/".root = "/run/django-apps/ernestophone/";
};
};
serveMedia = false;
webHookSecret = config.age.secrets."webhook-ernestophone_token".path;
python = pkgs.python3.override {
packageOverrides = _: _: {
inherit (nix-pkgs)
django-avatar
django-cas-ng
django-solo
loadcredential
;
};
};
dependencies = ps: [
ps.django
ps.django-avatar
ps.django-colorful
ps.gunicorn
ps.pillow
ps.loadcredential
];
application.module = "Ernestophone";
credentials = {
SECRET_KEY = config.age.secrets."dj_ernestophone-secret_key_file".path;
};
environment = {
DJANGO_SETTINGS_MODULE = "Ernestophone.settings";
ERNESTOPHONE_ALLOWED_HOSTS = [ "ernestophone.ens.fr" ];
};
};
}

View file

@ -1,11 +0,0 @@
# SPDX-FileCopyrightText: 2024 Maurice Debray <maurice.debray@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{
dgn-redirections = {
permanent = {
"www.ernestophone.ens.fr" = "ernestophone.ens.fr";
};
};
}

View file

@ -1,31 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA 9RRZxLF9tCD5U+9qMdPjANj+uL/8klzK3MV+YW6fhEc
gd8gQtbKWfOmN1mDRszw7vEnSg8pPHpHU5JDo9bM/ek
-> ssh-ed25519 QlRB9Q hArXwJSPPrZySgU8/YBJwsVfXMhgMy7N72jFcslb1xo
H3ifulIpmYpllXTsXh5TYit6JTxZwUs33Rey1qtvQnM
-> ssh-ed25519 r+nK/Q jh3gdHmJMBCQbMQdYdko4Igwt0y62eIZaTlNsO/nw1Y
NgflhTMQOIbyl1udyCuvRsIDxIkOK+QZbVRHLNThDJs
-> ssh-rsa krWCLQ
kOodyo51tOrDsqKSyN/WyJXq7Kot54eb66WBfHVVuYqAafQZnaUvSgXInc4Ba8M9
+pdwX37zff47gGr/obadKkAGf42xnu7nB8c6T68u/TNwKlQoIUuebEFEdqqp+dFe
KY3DlM9LPyMMLO+Tk0t3djE9lp1FkbUeeDOk06rEgQyCs0HATKoa2k/c6/pim6vZ
wvu/YxkJAdIIOdkunkKs1kiuCIbeqIQfb2vz/hpBUNI8e8T4S2W7zIVMocRDfYoq
dPYj4kHRbnqeyWcobymCuXNdtGnhsT50oS3UGEvr4flaRpREQ+babp1g9uApnU6s
oPbmlrwTB50FJA9mxp9rSw
-> ssh-ed25519 /vwQcQ SVB+hkmtVwrsNShWD7agmjuZs64+pah596YIFZH/Eww
SyRzjAkoKTfNcOMf5OiIVU/wHiPi+rDuXQ0qns9vhf0
-> ssh-ed25519 0R97PA mrJuOmOhgGEbRMC/VYvJ++e1RGTTAZl7dzAJPT+6jUo
Rn4+0P0spe1Xjn+3twu/cCdKBmsj5y327bESx8FkqJk
-> ssh-ed25519 JGx7Ng VXVauDsi3WOxQ2G90ElTdGMueEtVxlQsbUHsceFJTB0
AZNRGSyxTZn+L9e9eggyGlINvDSg5hQowBtv0hX954Q
-> ssh-ed25519 bUjjig OBwPeegYOacrZxLrlxdVpOkshBCUIYOOgyF6LdOVTjw
MJAv6ieAneoAe3//A6b3dBvJCze9uxFVRqlQnkm+rAY
-> ssh-ed25519 VQSaNw ldI3O8GyoxhxvrE3okoVvPTrFYnUKNA0See4buKO7GA
wcpmfgUNs0MyVcm/VGmwBpkZ++UGkTNDCiqqpYL2XXw
-> n>[M-grease _ D--b ? [8U|"=~
YZ1c1yZ4273rUu4v+APm/eBy8HQyish8t2zkTvjYFd8/pdA9uRkHogQGIBnlAi3h
tq6/02nnT/QgZPcccQCD3SlwzkU0U2qdXIAdGtgzCo0FZsIYdkeU+VyoJDfcVt1o
qXc
--- lzSSWa0AAP8vhy6RfNChbM71Apmn7b6pLT1CtYFVrpQ
<04>Ôï\÷/Áºß£íÄ*‰ŒÿÙi"ºÅåÝa/[Rr
O)u^½Ÿ,Ù"%Km£¥<C2A3>zµkÝ°3)›Ù¡‰ø)ÌbS{^§<13>!y°ÅLÉ ERñ˜Ç Q»uÅEEË;Êä´¤VÐ-¶?[ù<>uÑñÏ`Fvè%+$Ú§{¯xŦügQºëiôy°<79>»#.^ìŒÓÎùÈ_*¤=íò×1êîÜC õ ê ~¸

View file

@ -1,28 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA kBFUMktUZ09T8ujSXHRIo4OIWxIiwysmRv+UTiH+02M
TvefF7CMKZIASBYaVQA22PzLr2rgZ3i7Q8ENBOmpQmI
-> ssh-ed25519 QlRB9Q 0R2BthIX790DAiL36WPOemUa04tOnN0Drpg6u72j7UE
nFGbwKZvSXo0SpO8AMfAGcZkphcXhX+GoFxYwadNzwQ
-> ssh-ed25519 r+nK/Q cs+vGq5RzK/AogpcGjRG3KZjl4fp2Ghhv2ngHjTdvlE
AyXbgDlQbe3HurX7lodUrMZyRSWADSFWmTndnHjh0dY
-> ssh-rsa krWCLQ
AnU8JBZXw8xIHA3L+220wCHwddC51Fx+sQx58tYsFg7eVH1NM2PKUr57a7+0KlxH
TkIDMUuBotY4QPA0tzv212wnWaTw9ddV+T+Xe+l7JNyurCQRj1g1gWP3NLYIyYFC
i/eXHg3XxByQG1BfBSL2nnUEiy6eJ2bLMFsJ9P6baB6hpdEnoFIuGdV4Bg3k/KGl
Zp+Q1a7Ov0l/G7sRCw4WLQtq59otI2lxeKRSonCqSNOmDXyZBr82GMr/BmhebtK4
h19K+EXU+Ze57lUf2kDCe0b4RSHbSGU1T1fSEMNcXFV0952r6zO9YClTsQeKl+ev
1O7xqUhcRXgFUbDYRjTsLw
-> ssh-ed25519 /vwQcQ AtEImZ61sgC2OzZvDldY7ttRf9I5+zmL2I7hZkmBoTY
zQiLX4L6t+jZqzAJmN7iuRTeadD1jbs3E/NZZj/25UA
-> ssh-ed25519 0R97PA JVheI/2kfdkqgM5Jf/py32lyYLtWjpmcx4zkHYMZl3g
z/+qXmvziQo8yZ6f+2y5XVDv6d/uAghCVDQ9tpLXt54
-> ssh-ed25519 JGx7Ng 41ZgklG6LmM5Mk6BkGWAf8N3j1safWPBKBAHKN2EQG0
yOiGIHkyoMFI6NQMLCZavCaz+qxAy9jhf+vctWQ2z4k
-> ssh-ed25519 bUjjig 0o9QkwuPZPOl/db1sQ9YL50DL1uyZqQ6ICxMEIupQ20
FwFbAYzLUNwoAQNcbcwWckhqRSEicQTe4O4BMK7wHyg
-> ssh-ed25519 VQSaNw iaWBGmaWmBxMJILFyob6CyVXyY24edPtT2itTQGP7xM
EGmCuYElC5EgwqXtcXLAy7nNFt75Hl/gAehvfh+0sgg
-> /Wa)P<iw-grease (;ag_e g#LM+oA Y n(M-1K+.
lWfOmA
--- k01yU9ZR8KIyG0JEfcYoP4iBlvqq7J676oPfDLpbvfs
ÎD—èŒ<C3A8>Ptáçø4Õ•?6”N|ÐïZƒ³åM/œqo¨[ÄNä

View file

@ -1,29 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA hAdsxHTIT08JvDQGzY0Vz+Jxd48Kw3XNpf6TEjiGiTc
hZgLRBDGwpfIFMhTRExY6JJ0poJ+nqrBK8Fy3ukINFI
-> ssh-ed25519 QlRB9Q AyfmPVVcb9WVzrbyh2KdPQMwPypQ0uq3q6kkPFcMyjw
S2h//+6MMnUiBWrznI/1+qS83Gw1vpFmU8Hlma40bdA
-> ssh-ed25519 r+nK/Q 741XzH0HZf/y8HR1AQIn+qgn0+L+2kcdPsepRcXx7w8
5aNoPnRTYHB5FTXipQV+8C/s8t1s5/ZF9PwnJfYy8bM
-> ssh-rsa krWCLQ
HhSOliN7XQZngyyrJ++S2JMBytkPjSt/dEUlJNbJP5n6HY5H7QKqd9rsc4LLu/Hz
BXKC9T3IVeuabMPNOBhE6SiOUejGv/txbMHPMdPTCju6JL4wP/2gqIK696kP62pL
CAS/cOZXrHS8etEFkpqSuEVquNIXbivXNHEwFMH/GkNut0SCpafvQHrN1wZdveH5
rp60R9ULzTzS3ztjEomAt9gWN6s7CtqZEozCMExPTXSW+OmBJprY+/Ae/uxeKZMS
x6pscBbZSEazZ476sZCWKTpeej7iFlSrIvLfkwYn9PtKqmaInoM/0F2thkqpVPkZ
/pcg11dUQpXJdaIiPEowlg
-> ssh-ed25519 /vwQcQ m01BxY0nPTfcW0D/iFRbCNbFFp+lE/XLW315aPyNbTM
hiKCfZH9k5GcUAkCJ/+x5V20SCeql8031lOge0Y9WXk
-> ssh-ed25519 0R97PA oGfUKErY65Jd0ZlcVox/HXA3itOI5KImRqDwH+UR6XI
32BtXjqImmG6TjUKoDU2QaJiMxldZdZoAP9SKPfGuHA
-> ssh-ed25519 JGx7Ng FJCtkG+Ig5dC+ftTClgrKtIt/D8s9Dr97eWObbNEZDs
i6tf7p5FDsdTZMJuBNmcTgVnL6eQDZFkjjH7AaBakqE
-> ssh-ed25519 bUjjig mOfri52IdeSNAawjBR5rhvL2eZNlVOwYK6u1uHv98xw
nx0Ko3omL+OVq3JHuCIacYfjn96kb78IgyvECEGq0G4
-> ssh-ed25519 VQSaNw gEQeKOEwwR8QlykdFlo7iqrsmhemiS02v8Kfx2ER9Xc
jpAEZx64/AXpA8HahtJq9OdcZYbqIFti5mxaPztvul8
-> $5-grease (y&6%5f<
YSrHrNaXa7b7Ivv1yVP3idg8t4iIdu5NX3hzczFp64bY7Bjp/g7jK+bWnDG26ryd
G+fhmUbFuDj8ZtXg6yk
--- YmnVS7kPp6h4pC9u28A32/xh67NwhIXwB1dxolI1DCg
.¼Zs‡…n} ®ì,èémõR€ÏêeÞ)¾bOª¶<C2AA>îնܷ†m8¼z£RyúìT/¦@¿CÜÝôW™¨F5ˆ?<ð.[Ö†r¡Ó[°M

View file

@ -4,19 +4,14 @@
(import ../../../../keys).mkSecrets [ "web03" ] [
# List of secrets for web03
"bupstash-put_key"
"dj_annuaire-secret_key_file"
"dj_bocal-secret_key_file"
"dj_ernestophone-secret_key_file"
"dj_ernestophone-password_file"
"dj_ernestophone-admins_file"
"dj_gestiojeux-secret_key_file"
"dj_interludes-email_host_password_file"
"dj_interludes-secret_key_file"
"dj_wikiens-secret_key_file"
"webhook-annuaire_token"
"webhook-bocal_token"
"webhook-ernestophone_token"
"webhook-gestiojeux_token"
"webhook-interludes_token"
"webhook-wikiens_token"

View file

@ -1,30 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA Ifc4K8jusXCbeMSYeAL+3jdvmDK1ojYiSzHJO/uefzk
h5ewdTYV3o8+tPCzVWvLtqEM3WxVjtOqTRnrFAwKnes
-> ssh-ed25519 QlRB9Q djvVFcR5y+WI5+rED8ztIQZuLfCj2z8wHx3WIutlfjk
nsTUZEQRJAAZfNXw2YbzwV+RUJEx6Dmi0ujswMBqIro
-> ssh-ed25519 r+nK/Q Ryx2iuVCefSFFMEyRjVbKFxTqaX6D+Ty4B1+6mRLSCg
s7YjJa6NESaNZ9wzurlrsovu5ecJNnWLOhD80RnFqV4
-> ssh-rsa krWCLQ
utXBcdyAmbl463xcacn1+K9UyG78vKG9LW1vJ/q40ltqEsuxktP2C5YgBL2Whcld
UYTsNFa3b02HP1wp0fPP4eVyk0NNKqO1rairMAvLJmQk15s0OVCk7LvjZe+Q31m1
gYxBSuN4oy7gljtOlIfrHtcRqDMC5IToYSt91pwt/0wgkHDH1OcLap8jaQIuPdc1
pQqd6iUTF96kvvp1P6XbvOHH3nVLNw/bITR5BUSqm/YBocJBrDNIL2wXcq27bBMs
YqF2nykztoSss+YM40XnHx14wNU0WeocbSYuPKabKvtgV0ry62w+EW5t453TfMng
y0dYmBdXVTKgCyL2v/onlA
-> ssh-ed25519 /vwQcQ tax06kUoYtjoUZ8k0+2L0cBr9CTpZpWd5Ev1qRh4dWM
x2RYQ+53UJnBXz8plzYrpga9JCWgm+WvkjpGg+CpG8M
-> ssh-ed25519 0R97PA DoPbx9NVAHTe6NRxT50nwdStoUJRnATQDEKgIyq2hhA
6DUg7uQ9L80KzaMJi6h/Nm5EgtLlAI+R01Mke9GpyzQ
-> ssh-ed25519 JGx7Ng AG1PM5MB2TlfZoiF29gu01LqhcQ+rEQRQZHFVxdHYG8
ePz8kT+axuMZe8MKi1Yj+ZOCITIYjVAuRE2iTScgpyY
-> ssh-ed25519 bUjjig SgZgUi5qfE8wK54Mj8P/FJ4QPNs4HUV5qPc9jJTskmY
n/fedObFehvhLwd3uhkhfBamFpjZDVK7M1J67BucoPI
-> ssh-ed25519 VQSaNw a+SLVFR9PqKgyHfAPTjH4SGkp4XXjz6xz6uMjZgYOg0
hv5F5ENsfpU27opx8OT4mvL0waGO+AieG/VXvHNi2hg
-> g**u4-grease Fb|HQ E
FcQESlzpmCxDtrbCZhddPdNjVROYKj2XsOppqa2GPZsWqQH8cFfKzxjwlNlE7WNF
Q3xupVqn8H1Cg98i
--- lYBZVJ4DEtBmKhenHOOkQpuPT7TrGGgN1OmTrfCTtY4
Žy[§—ÀÒh{`Z³öNŠx/ùºóSyFú£ç
+¨Õr: ¶úÀ cJ¸L˜b¿Mô™w<E284A2>n+™õœ"§¢—|w¼¯¬kµ*

View file

@ -99,7 +99,6 @@ let
"prometheus" # Prometheus
"victoria-metrics" # Victoria Metrics
"videos" # Peertube
"pub"
# Garage S3
"*.cdn"
@ -124,6 +123,7 @@ let
"netbox" # Netbox
"podcasts" # Castopod
"push" # Ntfy.sh
"pub" # Url de promotion (qrcodes etc...)
# Static websites
"eleves"

View file

@ -11,12 +11,7 @@
}:
let
inherit (lib)
getExe'
mkEnableOption
mkOption
remove
;
inherit (lib) mkEnableOption mkOption remove;
inherit (lib.types)
attrs
@ -39,7 +34,6 @@ let
compute01 = "*-*-* *:38:00";
storage01 = "*-*-* *:21:00";
web01 = "*-*-* *:47:00";
web03 = "*-*-* *:13:00";
};
mkJobs = builtins.mapAttrs (
@ -99,7 +93,7 @@ in
"${db}-db".settings = {
user = "postgres";
command = [
(getExe' config.services.postgresql.package "pg_dump")
"${lib.getExe' config.services.postgresql.package "pg_dump"}"
db
];
};
@ -119,8 +113,6 @@ in
"storage01"
"vault01"
"web01"
"web02"
"web03"
];
allowed = [ "put" ];
}

View file

@ -6,5 +6,4 @@
"compute01.key"
"storage01.key"
"web01.key"
"web03.key"
]

View file

@ -1,28 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA CuALmA0MhxnWOn91YhtxAyn1h3xkoiuRoo4Ew1Eu32Q
TRZxY9rF3NM9ulaA6s6SUetVcLT0He9yGaDZ38T9F6A
-> ssh-ed25519 QlRB9Q TNA65R5tFs+KXJklNgfPPF12W52Fk6w7epstVzk9Ojw
SD3IW1+ngBUkbBJz+53zDFVhne6b5rfVi2ym0UjTwLM
-> ssh-ed25519 r+nK/Q b67auhVkYiVwthLGP3z719Ql/kHZQbxuJJgL7NzZiVc
kl0ML0yd+QqBm9VZwMcMrZ8uuQkbJySaa9kI4RQFOak
-> ssh-rsa krWCLQ
NfHVOPshS0CR3ATrPcYAAiX/kAbgqw6mEVhxdTnvbWa8cPpblUpO/gm4UqW2vP0Q
XUfvOCgH6ur3joLf/NylqwZ0UkQhmNj2hu8cOtjC4KgTohkMkZZmHlFKM9e3PuSS
ZMx0GraugdTUD/ViCplwVxFPBUUblLcAuYx/BcV1hTb0ctbN9afi8DVzuSxoalDj
Jy1UakJU0OwguB+ctv9kZcyLyV7zjchiq+dAoIDvkw0Z9bTCz7xhQ6uXAE7ahp3H
rvycD/ZkK7h6yhg78x2lIBHP3sPaY3DFMFW9bDLtHYox22RVcm6/7oPbv0hTQ8ob
n4Q7MWPF4vL1Xz9zyksetQ
-> ssh-ed25519 /vwQcQ YvQmf/qYc6DVQT0gFPGuakvgDg/A76tor3f0+nTjbH4
lMQoOb/kimcsSmNnUsUW7XmVdhLMee/s4NACiKi0Xls
-> ssh-ed25519 0R97PA LzA+wuKlE3cEOpvGEW29/rx3qCU1X32F8HwJNic2Glg
VOBmCcrtGrUk3ERWJL4QszdDtJrfoI/f1xA+X+a+PQk
-> ssh-ed25519 JGx7Ng MIxNmk0eTtCUMHiWzklS2zNWdf16EHeOtere8cRoNSk
X+gf1Ts9n2U+h6a0herR+WuiRXFS5BhicGKxpHQtQzM
-> ssh-ed25519 bUjjig uSweFovyFxnz7Pqc/MCEE5/ZKgEblqs8xb1Ni+qrhS0
AUhBDt7YN4x6k34g7mERYbn7rPVPZMmVvmZD668blRs
-> m-grease \ %<B.PbZ ^G= >nhHA<}
KhUslr0J28p4r62y0bCKOg2jGOx6M7deQ9Y8gfQ9oi7WYiEygoMghWdUP0lnzh3i
a+rpJNPtRCIFScDWMazSvnmN6y5Y7W3dmOgLH8aN
--- +/Cw6vq7b3Kn4D3/ogaSPxfxHBF0YxLXTxiskuD0vHg
ðÎN½UÉÏôbÈ!­D~Ò<>¬‰æ¿Aൟ¥1¯,ÙÍòe;y)NNøO­]9C_l{ œÎ„'Ù-÷<È°¢:¯ÊMÕ¯Á%ïq Œ¸Œ™í®“‰"Ûªð¦˜A­®ÜMhè,iì<69>¦<EFBFBD>S9šÜyp&r /ŒÜÃlÙîÂ!.oƒ…ô¥ èAº‰µ{#ƒt<08>úé4eA-ÆFš­ßÔ9+ˆ—"¿e¥7»pÏüN”¢BÚ×˶¾Úþ•OÝŸæOIÊ­ kDèŒæ‹ˆZ=Pq—ðšQ üGB²OÅj×ÒhHû+¡ëX<C3AB>¿‰Lά¶ÎP™ 4ÿÐX$¢Áy©÷ßÀxoÞáÄÍ <09>Æ܈]â»_µ³ \¼M<C2BC>7m.ByŽºlCr†-ŽH M¤“ãuªùu…+X}¦oÛgg.ÌŠG/$¯LXözÁBâ…¾¿¹sÔá©DÉÈK„Ç>þeü~2‡+WÂÿ©¹ƒÏq<C38F>Ï¢òPßSÕîRÆIñD {"jD¡ƒÉŸ9 åÈ<C3A5>¥= ¬SüÒ=<3D>®—HtHÕêbs¬Ÿµ£+èTÑãà0OŒ £}˜mÓp«©ž
ƒǧ±÷žmSå™8èïa±ípë2ÝÞ”° d°ÈÍÕSùròz½²í v#ÇÎœsñíÎÕ‰ 0æMù¿ÂÎfÚA%Ó ™Ö³ïçD…뉆P<E280A0>drŠ£ÌXIW±HôG©¾\IÑ8_ª„Lœ8Š Ù 1MÚÚíôµMêz)ö$ì{ªM{S|b=ÙêÏkô*ïO ”{Úêz•ª2:6}#>_¨Ë-$ǪÈÑV‰ãp¨²(" Wé«U[>>¤žÌ0Qh°-‰ê]¤§ªÞ†r;d&T¡£vÝ-i†Å]šû$ó°$<24>½aè™E94žéé`žçÐ<>í=!p©Æ[£ºqÖϦ?U•/ÏkÀ… ÍwÓ^¥ZµÚIJèG¬lœiÇâè…€ö4C÷áb…Ñ´ªà+!Ót<C393>\¶t1ôc¡ ¯îSÇ~ž€+Ò‘Ñ·[5­¡jùû g6†&©¯o¼´˜±ôÃ

View file

@ -38,7 +38,6 @@ let
inherit (lib.types)
attrs
attrsOf
bool
enum
functionTo
ints
@ -130,12 +129,6 @@ in
'';
};
serveMedia = mkOption {
type = bool;
default = true;
description = "Wther to serve the MEDIA_ROOT directory with nginx.";
};
env_prefix = mkOption {
type = str;
default = toUpper name;
@ -480,18 +473,13 @@ in
{
virtualHosts = mapAttrs' (
name:
{
domain,
nginx,
serveMedia,
...
}:
{ domain, nginx, ... }:
nameValuePair domain (
recursiveUpdate {
locations = {
"/".proxyPass = "http://unix:/run/django-apps/${name}.sock";
"/static/".root = "/run/django-apps/${name}";
"/media/".root = mkIf serveMedia "/run/django-apps/${name}";
"/media/".root = "/run/django-apps/${name}";
};
} nginx
)
@ -732,14 +720,5 @@ in
) config.extraServices)
) cfg.sites);
};
dgn-backups = {
# jobs = mapAttrs' (
# name: _: nameValuePair "dj-${name}" { settings.paths = [ "/var/lib/private/django-apps/${name}" ]; }
# ) cfg.sites;
postgresDatabases = builtins.map (name: "dj-${name}") (
attrNames (filterAttrs (_: { dbType, ... }: dbType == "postgresql") cfg.sites)
);
};
};
}

View file

@ -262,9 +262,9 @@
"url": "https://git.hubrecht.ovh/hubrecht/nix-pkgs"
},
"branch": "main",
"revision": "cc01e1c2a6ecb1e38fde35ee54995a6a639fb057",
"revision": "e8494b9d6110a97e2225b2fe43d29efa34cd9451",
"url": null,
"hash": "17a9vlwrk9365ccyl7a5xspqsn9wizcpwdpvr3qdimvq4fpwhjal"
"hash": "1r2g3jdr311cn8y0cxvawc6qyp58lbydscp5hxadya2vl810vpln"
},
"nix-reuse": {
"type": "GitRelease",
@ -346,9 +346,9 @@
"url": "https://git.dgnum.eu/mdebray/stateless-uptime-kuma"
},
"branch": "master",
"revision": "d378d1ce00c676fa22ef0808cf73f3e1c34e0191",
"revision": "880f444ff7862d6127b051cf1a993ad1585b1652",
"url": null,
"hash": "00k5i3n1g869g4070ryfdwqnk3k78fan1s8pqmnbq2m7m29hmb8f"
"hash": "166057469hhxnyqbpd7jjlccdmigzch51616n1d5r617xg0y1mwp"
},
"wp4nix": {
"type": "Git",