add_hackens_orga

hosts/org/configuration.nix

@@ -15,6 +15,7 @@
       ./nginx.nix
       ./dokuwiki.nix
       ./matterbridge.nix
+      ./orga
     ];
 
   networking.hostName = "hackens-org"; # Define your hostname.

hosts/org/orga/authens.nix

@@ -0,0 +1,12 @@
+{ lib, pythoncas, django, ldap, buildPythonPackage }:
+buildPythonPackage rec {
+  pname = "authens";
+  version = "v0.1b5";
+  doCheck = false;
+  src = builtins.fetchGit {
+    url = "https://git.eleves.ens.fr/klub-dev-ens/authens.git";
+    #rev = "master";
+    #sha256 = "sha256-R0Nw212/BOPHfpspT5wzxtji1vxZ/JOuwr00naklWE8=";
+  };
+  propagatedBuildInputs = [ django ldap pythoncas ];
+}

hosts/org/orga/default.nix

@@ -0,0 +1,42 @@
+{ pkgs, lib, config, ... }:
+let
+  assets = import ./mkAssets.nix {
+    inherit pkgs;
+    app = "hackens_orga";
+    settings = config.services.django.hackens_orga.settings;
+    source = pkgs.fetchgit {
+      url = "https://git.rz.ens.wtf/HackENS/hackens-orga.git";
+      rev = "1a7a2c00d7e2efd380cc63164e6b77542c465c2e";
+      hash = "sha256-tpRCy7kDqd129j882e2FtCKS/JgcckmTFaTPElLbcjg="; #lib.fakeSha256;
+    };
+  };
+in
+{
+  imports = [
+    ./module.nix
+  ];
+  services.nginx = {
+    enable = true;
+    virtualHosts."new.hackens.org" = {
+      locations = {
+        "/orga" = {
+          proxyPass = "http://localhost:51666/orga";
+          extraConfig = ''
+            proxy_set_header SCRIPT_NAME /orga;
+          '';
+        };
+        "/static".root = assets.static-assets;
+      };
+    };
+  };
+  services.django.hackens_orga = {
+    enable = true;
+    assets = assets;
+    settings = {
+      HACKENS_ORGA_DEBUG = "0";
+      HACKENS_ORGA_ALLOWED_HOSTS = [ "new.hackens.org" ];
+      HACKENS_ORGA_SECRET_KEY._file = config.age.secrets.django.path;
+      HACKENS_ORGA_DB_FILE = "/var/lib/hackens-orga/db.sqlite3";
+    };
+  };
+}

hosts/org/orga/mkAssets.nix

@@ -0,0 +1,27 @@
+{ pkgs, settings, source, app }:
+let
+  manage-py-file = "${source}/${app}/manage.py";
+  python = import ./python.nix { inherit pkgs; };
+  static-assets = pkgs.callPackage ./static-assets.nix { inherit python source app; envPrefix = "HACKENS_ORGA_"; };
+  mkEnv = settings: let # make env file to source before using manage.py and other commands
+    lib = pkgs.lib;
+    mkVarVal = v: let
+      isHasAttr = s: lib.isAttrs v && lib.hasAttr s v;
+    in
+    if builtins.isString v then v
+    else if builtins.isList v && lib.any lib.strings.isCoercibleToString v then (lib.concatMapStringsSep "," toString v)
+    else if builtins.isInt v then toString v
+    else if builtins.isBool v then toString (if v then 1 else 0)
+    else if isHasAttr "_file" then "$(cat ${v._file} | xargs)"
+    else if isHasAttr "_raw" then v._raw
+    else abort "The django conf value ${lib.generators.toPretty {} v} can not be encoded.";
+  in lib.concatStringsSep "\n" (lib.mapAttrsToList (k: v: "export ${k}=${mkVarVal v}") settings);
+  envFile = pkgs.writeScript "django-${app}-env.sh" (mkEnv settings);
+  managePy = pkgs.writeScript "manage-${app}" ''
+    source ${envFile}
+    ${python}/bin/python ${manage-py-file} $@
+  '';
+in
+{
+  inherit managePy static-assets envFile source python;
+}

hosts/org/orga/module.nix

@@ -0,0 +1,65 @@
+{ pkgs, lib, config, ... }:
+let
+  app = "hackens_orga";
+  cfg = config.services.django.${app};
+  assets = cfg.assets;
+in
+{
+
+  options = {
+    services.django.${app} = {
+      enable = lib.mkEnableOption (lib.mdDoc "Enable django ${app}");
+      settings = lib.mkOption {
+        type = lib.types.submodule {
+          freeformType = with lib.types; attrsOf anything;
+          options = {
+            HACKENS_ORGA_STATIC_ROOT = lib.mkOption {
+              type = lib.types.path;
+              default = builtins.toString assets.static-assets;
+            };
+          };
+        };
+      };
+      assets = lib.mkOption {
+        type = lib.types.attrsOf lib.types.anything;
+        description = lib.mdDoc "Assets for django";
+      };
+      port = lib.mkOption {
+        type = lib.types.port;
+        default = 51666;
+      };
+      processes = lib.mkOption {
+        type = lib.types.int;
+        default = 2;
+      };
+      threads = lib.mkOption {
+        type = lib.types.int;
+        default = 2;
+      };
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    systemd.services."django-${app}" = {
+      description = "${app} django service";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      serviceConfig = {
+        User = "django-${app}";
+      };
+      script = ''
+        source ${assets.envFile}
+        ${assets.managePy} migrate
+        ${assets.python}/bin/gunicorn ${app}.wsgi \
+            --pythonpath ${assets.source}/${app} \
+            -b 127.0.0.1:${toString cfg.port} \
+            --workers=${toString cfg.processes} \
+            --threads=${toString cfg.threads}
+      '';
+    };
+    users.users."django-${app}" = {
+      isSystemUser = true;
+      group = "django-${app}";
+    };
+    users.groups."django-${app}" = {};
+  };
+}

hosts/org/orga/python-cas.nix

@@ -0,0 +1,13 @@
+{ lib, requests, lxml, six, buildPythonPackage, fetchFromGitHub }:
+buildPythonPackage rec {
+  pname = "python-cas";
+  version = "1.6.0";
+  doCheck = false;
+  src = fetchFromGitHub {
+    owner = "python-cas";
+    repo = "python-cas";
+    rev = "v1.6.0";
+    sha512 = "sha512-qnYzgwELUij2EdqA6H17q8vnNUsfI7DkbZSI8CCIGfXOM+cZ7vsWe7CJxzsDUw73sBPB4+zzpLxvb7tpm/IDeg==";
+  };
+  propagatedBuildInputs = [ requests lxml six ];
+}

hosts/org/orga/python.nix

@@ -0,0 +1,20 @@
+{ pkgs ? import ../nix { }, debug ? false }:
+let
+  python = pkgs.python310.override {
+    packageOverrides = self: super: {
+      django = super.django_4;
+      authens = self.callPackage ./authens.nix { };
+      pythoncas = self.callPackage ./python-cas.nix { };
+    };
+  };
+in
+python.withPackages (ps: [
+  ps.django
+  ps.djangorestframework
+  ps.authens
+  ps.gunicorn
+] ++ pkgs.lib.optionals debug [
+  ps.django-debug-toolbar
+  ps.black
+  ps.isort
+])

hosts/org/orga/shell.nix

@@ -0,0 +1,6 @@
+{ pkgs ? import ../nix { } }:
+pkgs.mkShell {
+  buildInputs = [
+    (import ./python.nix { inherit pkgs; debug = true; })
+  ];
+}

hosts/org/orga/static-assets.nix

@@ -0,0 +1,10 @@
+{ pkgs, python, source, app, envPrefix ? ""}:
+pkgs.runCommand "django-static" { } ''
+  mkdir -p $out/static
+  export ${envPrefix}SECRET_KEY="collectstatic"
+  export ${envPrefix}STATIC_ROOT=$out/static
+  export ${envPrefix}DEBUG=0
+  export ${envPrefix}ALLOWED_HOSTS=
+  export ${envPrefix}DB_FILE=
+  ${python}/bin/python ${source}/${app}/manage.py collectstatic
+''

secrets/default.nix

@@ -4,6 +4,10 @@
     file = ./wiki-openID.age;
     owner = "dokuwiki";
   };
+  age.secrets."django" = {
+    file = ./django.age;
+    owner = "django-hackens_orga";
+  };
   age.secrets."matterbridge-env" = {
     file = ./matterbridge-env.age;
     owner = "matterbridge";

secrets/secrets.nix

@@ -11,4 +11,7 @@ in
   "matterbridge-env.age".publicKeys = (readpubkeys "sinavir")
     ++ (readpubkeys "hackens-host") ++ (readpubkeys "raito")
     ++ (readpubkeys "gdd") ++ (readpubkeys "backslash");
+  "django.age".publicKeys = (readpubkeys "sinavir")
+    ++ (readpubkeys "hackens-host") ++ (readpubkeys "raito")
+    ++ (readpubkeys "gdd") ++ (readpubkeys "backslash");
 }