infrastructure/machines/web03/django-apps/annuaire.nix
sinavir aa154d1b1b
All checks were successful
Build all the nodes / bridge01 (push) Successful in 56s
Build all the nodes / geo02 (push) Successful in 57s
Build all the nodes / geo01 (push) Successful in 1m2s
Build all the nodes / storage01 (push) Successful in 1m11s
Build all the nodes / rescue01 (push) Successful in 1m13s
Build all the nodes / compute01 (push) Successful in 1m34s
Run pre-commit on all files / check (push) Successful in 24s
Build all the nodes / web02 (push) Successful in 1m0s
Build all the nodes / vault01 (push) Successful in 1m11s
Build all the nodes / web03 (push) Successful in 1m6s
Build all the nodes / web01 (push) Successful in 1m29s
fix(web03/dj-apps): Use secret tokens
2024-11-25 16:06:08 +01:00

57 lines
1.1 KiB
Nix

{
pkgs,
sources,
config,
...
}:
let
nix-pkgs = import sources.nix-pkgs { inherit pkgs; };
in
{
services.django-apps.sites.annuaire = {
source = "https://git.dgnum.eu/DGNum/annuaire-eleves";
branch = "main";
domain = "annuaire-ens.webapps.dgnum.eu";
nginx = {
enableACME = true;
forceSSL = true;
};
webHookSecret = config.age.secrets."webhook-annuaire_token".path;
python = pkgs.python3.override {
packageOverrides = _: _: { inherit (nix-pkgs) authens loadcredential; };
};
dependencies = ps: [
ps.django
ps.pillow
ps.loadcredential
ps.authens
ps.python-dateutil
];
credentials = {
SECRET_KEY = config.age.secrets."dj_annuaire-secret_key_file".path;
};
environment = {
ANNUAIRE_ALLOWED_HOSTS = [ "annuaire-ens.webapps.dgnum.eu" ];
ANNUAIRE_LDAP = {
SPI = {
PROTOCOL = "ldaps";
URL = "ldap.spi.ens.fr";
PORT = 636;
};
CRI = {
PROTOCOL = "ldaps";
URL = "annuaire.ens.fr";
PORT = 636;
};
};
};
};
}