DGNum/infrastructure
12
6
Fork 3
Code Issues 17 Pull requests 30 Projects 1 Releases Packages Wiki Activity Actions
infrastructure/machines/nixos/web02/cas-eleves/default.nix
Tom Hubrecht 54f2057dfc
All checks were successful
Check meta / check_meta (push) Successful in 18s
Details
Check meta / check_dns (push) Successful in 19s
Details
Check meta / check_dns (pull_request) Successful in 20s
Details
Check meta / check_meta (pull_request) Successful in 20s
Details
Check workflows / check_workflows (pull_request) Successful in 28s
Details
Build all the nodes / ap01 (pull_request) Successful in 1m24s
Details
Build all the nodes / bridge01 (pull_request) Successful in 1m54s
Details
Build all the nodes / geo02 (pull_request) Successful in 1m44s
Details
Build all the nodes / geo01 (pull_request) Successful in 2m0s
Details
Build all the nodes / compute01 (pull_request) Successful in 2m19s
Details
Build all the nodes / netcore02 (pull_request) Successful in 37s
Details
Build all the nodes / hypervisor01 (pull_request) Successful in 1m32s
Details
Build all the nodes / hypervisor02 (pull_request) Successful in 1m34s
Details
Build all the nodes / hypervisor03 (pull_request) Successful in 1m45s
Details
Build all the nodes / rescue01 (pull_request) Successful in 2m1s
Details
Build all the nodes / storage01 (pull_request) Successful in 2m2s
Details
Build all the nodes / vault01 (pull_request) Successful in 1m55s
Details
Build all the nodes / web02 (pull_request) Successful in 1m33s
Details
Run pre-commit on all files / pre-commit (pull_request) Successful in 35s
Details
Build all the nodes / web01 (pull_request) Successful in 2m13s
Details
Build all the nodes / web03 (pull_request) Successful in 1m35s
Details
Build all the nodes / ap01 (push) Successful in 1m36s
Details
Build all the nodes / bridge01 (push) Successful in 2m15s
Details
Build all the nodes / hypervisor01 (push) Successful in 2m27s
Details
Build all the nodes / geo02 (push) Successful in 2m27s
Details
Build all the nodes / geo01 (push) Successful in 2m28s
Details
Build all the nodes / compute01 (push) Successful in 2m59s
Details
Build all the nodes / netcore02 (push) Successful in 41s
Details
Build all the nodes / hypervisor02 (push) Successful in 1m40s
Details
Build all the nodes / hypervisor03 (push) Successful in 1m43s
Details
Build all the nodes / rescue01 (push) Successful in 2m13s
Details
Build all the nodes / storage01 (push) Successful in 1m58s
Details
Build all the nodes / vault01 (push) Successful in 2m10s
Details
Run pre-commit on all files / pre-commit (push) Successful in 38s
Details
Build all the nodes / web02 (push) Successful in 1m44s
Details
Build all the nodes / web01 (push) Successful in 2m38s
Details
Build all the nodes / web03 (push) Successful in 1m36s
Details
chore(cas-eleves): Remove server alias as we have a permanent redirection in place
2024-12-17 20:06:13 +01:00

153 lines
3.4 KiB
Nix
Raw Blame History

# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{
config,
lib,
pkgs,
sources,
...
}:
let
inherit (lib) mapAttrsToList;
host = "cas.eleves.ens.fr";
port = 9889;
python3 =
let
nix-pkgs = import sources.nix-pkgs {
inherit pkgs;
python3 = pkgs.python312;
};
in
pkgs.python312.override {
packageOverrides = _: _: {
inherit (nix-pkgs) django-browser-reload django-bulma-forms loadcredential;
django-cas-server = nix-pkgs.django-cas-server.overridePythonAttrs (_: {
patches = [ ./01-pytest-cas.patch ];
});
};
};
pythonEnv = python3.withPackages (ps: [
ps.django
ps.ldap3
ps.gunicorn
ps.psycopg
# Local packages
ps.django-browser-reload
ps.django-bulma-forms
ps.django-cas-server
ps.loadcredential
]);
staticDrv = pkgs.stdenv.mkDerivation {
name = "cas_eleves-static";
src = sources.cas-eleves;
nativeBuildInputs = [ pythonEnv ];
configurePhase = ''
export CE_STATIC_ROOT=$out/static
export CE_DEBUG=true
export CREDENTIALS_DIRECTORY=$(pwd)/.credentials
'';
doBuild = false;
installPhase = ''
mkdir -p $out/static
python3 manage.py collectstatic
'';
};
in
{
systemd.services = {
django-cas-eleves = {
description = "ENS CAS server";
wantedBy = [ "multi-user.target" ];
after = [
"network.target"
"postgresql.service"
];
serviceConfig = {
DynamicUser = true;
LoadCredential = mapAttrsToList (name: value: "${name}:${value}") {
SECRET_KEY = config.age.secrets."cas_eleves-secret_key_file".path;
};
StateDirectory = "django-cas-eleves";
User = "cas_server";
WorkingDirectory = sources.cas-eleves;
};
environment = {
CE_ALLOWED_HOSTS = builtins.toJSON [
"cas-eleves.dgnum.eu"
"cas.eleves.ens.fr"
];
CE_STATIC_ROOT = staticDrv;
};
path = [ pythonEnv ];
script = ''
python3 manage.py loaddata patterns
python3 manage.py migrate
gunicorn app.wsgi --pythonpath ${sources.cas-eleves} -b 127.0.0.1:${builtins.toString port} --workers=2 --threads=4
'';
};
cas-eleves-cleanup = {
description = "Periodic cleanup of cas_server database";
startAt = "daily";
serviceConfig = {
Type = "oneshot";
LoadCredential = mapAttrsToList (name: value: "${name}:${value}") {
SECRET_KEY = config.age.secrets."cas_eleves-secret_key_file".path;
};
StateDirectory = "django-cas-eleves";
User = "cas_server";
WorkingDirectory = sources.cas-eleves;
};
path = [ pythonEnv ];
script = ''
python3 manage.py clearsessions
python3 manage.py cas_clean_sessions
python3 manage.py cas_clean_tickets
'';
};
};
dgn-redirections.permanent."cas-eleves.dgnum.eu" = "cas.eleves.ens.fr";
dgn-web.simpleProxies.cas-eleves = {
inherit host port;
vhostConfig.locations = {
"/static/".root = staticDrv;
"= /robots.txt".root = "${staticDrv}/static";
};
};
services.postgresql = {
ensureDatabases = [ "cas_server" ];
ensureUsers = [
{
name = "cas_server";
ensureDBOwnership = true;
}
];
};
}
Reference in a new issue View git blame Copy permalink