Tom Hubrecht
88d9b8c3e3
Some checks failed
Check meta / check_dns (pull_request) Successful in 19s
Check meta / check_meta (pull_request) Successful in 20s
Check workflows / check_workflows (pull_request) Successful in 24s
Build all the nodes / ap01 (pull_request) Successful in 1m15s
Build all the nodes / bridge01 (pull_request) Successful in 1m53s
Build all the nodes / geo01 (pull_request) Successful in 1m55s
Build all the nodes / geo02 (pull_request) Successful in 1m53s
Build all the nodes / compute01 (pull_request) Successful in 2m33s
Build all the nodes / rescue01 (pull_request) Successful in 2m13s
Build all the nodes / storage01 (pull_request) Successful in 1m57s
Run pre-commit on all files / check (pull_request) Successful in 30s
Build all the nodes / web02 (pull_request) Successful in 1m47s
Build all the nodes / vault01 (pull_request) Successful in 2m21s
Build all the nodes / web03 (pull_request) Successful in 1m40s
Build all the nodes / web01 (pull_request) Successful in 2m54s
Check meta / check_dns (push) Successful in 20s
Check meta / check_meta (push) Successful in 19s
Check workflows / check_workflows (push) Successful in 25s
Build all the nodes / ap01 (push) Successful in 1m16s
Build all the nodes / bridge01 (push) Successful in 1m41s
Build all the nodes / geo02 (push) Successful in 1m44s
Build all the nodes / geo01 (push) Successful in 1m53s
Build all the nodes / compute01 (push) Successful in 2m20s
Build all the nodes / rescue01 (push) Successful in 1m49s
Build all the nodes / storage01 (push) Successful in 1m46s
Build all the nodes / vault01 (push) Successful in 1m45s
Run pre-commit on all files / check (push) Successful in 30s
Build all the nodes / web02 (push) Has been cancelled
Build all the nodes / web01 (push) Has been cancelled
Build all the nodes / web03 (push) Has been cancelled
Signed-off-by: Tom Hubrecht <tom.hubrecht@dgnum.eu> Acked-by: Ryan Lahfa <ryan.lahfa@dgnum.eu> Acked-by: Maurice Debray <maurice.debray@dgnum.eu> Acked-by: Lubin Bailly <lubin.bailly@dgnum.eu> Acked-by: Jean-Marc Gailis <jean-marc.gailis@dgnum.eu> as the legal authority, at the time of writing, in DGNum. Acked-by: Elias Coppens <elias.coppens@dgnum.eu> as a member, at the time of writing, of the DGNum executive counsel.
156 lines
3.4 KiB
Nix
156 lines
3.4 KiB
Nix
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
|
|
#
|
|
# SPDX-License-Identifier: EUPL-1.2
|
|
|
|
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
sources,
|
|
...
|
|
}:
|
|
|
|
let
|
|
inherit (lib) mapAttrsToList;
|
|
|
|
host = "cas.eleves.ens.fr";
|
|
port = 9889;
|
|
|
|
python3 =
|
|
let
|
|
nix-pkgs = import sources.nix-pkgs {
|
|
inherit pkgs;
|
|
python3 = pkgs.python312;
|
|
};
|
|
in
|
|
pkgs.python312.override {
|
|
packageOverrides = _: _: {
|
|
inherit (nix-pkgs) django-browser-reload django-bulma-forms loadcredential;
|
|
|
|
django-cas-server = nix-pkgs.django-cas-server.overridePythonAttrs (_: {
|
|
patches = [ ./01-pytest-cas.patch ];
|
|
});
|
|
};
|
|
};
|
|
|
|
pythonEnv = python3.withPackages (ps: [
|
|
ps.django
|
|
ps.ldap3
|
|
ps.gunicorn
|
|
ps.psycopg
|
|
|
|
# Local packages
|
|
ps.django-browser-reload
|
|
ps.django-bulma-forms
|
|
ps.django-cas-server
|
|
ps.loadcredential
|
|
]);
|
|
|
|
staticDrv = pkgs.stdenv.mkDerivation {
|
|
name = "cas_eleves-static";
|
|
|
|
src = sources.cas-eleves;
|
|
|
|
nativeBuildInputs = [ pythonEnv ];
|
|
|
|
configurePhase = ''
|
|
export CE_STATIC_ROOT=$out/static
|
|
export CE_DEBUG=true
|
|
export CREDENTIALS_DIRECTORY=$(pwd)/.credentials
|
|
'';
|
|
|
|
doBuild = false;
|
|
|
|
installPhase = ''
|
|
mkdir -p $out/static
|
|
python3 manage.py collectstatic
|
|
'';
|
|
};
|
|
in
|
|
|
|
{
|
|
systemd.services = {
|
|
django-cas-eleves = {
|
|
description = "ENS CAS server";
|
|
wantedBy = [ "multi-user.target" ];
|
|
after = [
|
|
"network.target"
|
|
"postgresql.service"
|
|
];
|
|
|
|
serviceConfig = {
|
|
DynamicUser = true;
|
|
LoadCredential = mapAttrsToList (name: value: "${name}:${value}") {
|
|
SECRET_KEY = config.age.secrets."cas_eleves-secret_key_file".path;
|
|
};
|
|
StateDirectory = "django-cas-eleves";
|
|
User = "cas_server";
|
|
WorkingDirectory = sources.cas-eleves;
|
|
};
|
|
|
|
environment = {
|
|
CE_ALLOWED_HOSTS = builtins.toJSON [
|
|
"cas-eleves.dgnum.eu"
|
|
"cas.eleves.ens.fr"
|
|
];
|
|
CE_STATIC_ROOT = staticDrv;
|
|
};
|
|
|
|
path = [ pythonEnv ];
|
|
|
|
script = ''
|
|
python3 manage.py loaddata patterns
|
|
python3 manage.py migrate
|
|
gunicorn app.wsgi --pythonpath ${sources.cas-eleves} -b 127.0.0.1:${builtins.toString port} --workers=2 --threads=4
|
|
'';
|
|
};
|
|
|
|
cas-eleves-cleanup = {
|
|
description = "Periodic cleanup of cas_server database";
|
|
|
|
startAt = "daily";
|
|
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
|
|
LoadCredential = mapAttrsToList (name: value: "${name}:${value}") {
|
|
SECRET_KEY = config.age.secrets."cas_eleves-secret_key_file".path;
|
|
};
|
|
StateDirectory = "django-cas-eleves";
|
|
User = "cas_server";
|
|
WorkingDirectory = sources.cas-eleves;
|
|
};
|
|
|
|
path = [ pythonEnv ];
|
|
|
|
script = ''
|
|
python3 manage.py clearsessions
|
|
python3 manage.py cas_clean_sessions
|
|
python3 manage.py cas_clean_tickets
|
|
'';
|
|
};
|
|
};
|
|
|
|
dgn-redirections.permanent."cas-eleves.dgnum.eu" = "cas.eleves.ens.fr";
|
|
|
|
dgn-web.simpleProxies.cas-eleves = {
|
|
inherit host port;
|
|
vhostConfig = {
|
|
serverAliases = [ "cas-eleves.dgnum.eu" ];
|
|
locations = {
|
|
"/static/".root = staticDrv;
|
|
"= /robots.txt".root = "${staticDrv}/static";
|
|
};
|
|
};
|
|
};
|
|
|
|
services.postgresql = {
|
|
ensureDatabases = [ "cas_server" ];
|
|
ensureUsers = [
|
|
{
|
|
name = "cas_server";
|
|
ensureDBOwnership = true;
|
|
}
|
|
];
|
|
};
|
|
}
|