add_hackens_orga
This commit is contained in:
parent
6f28af8576
commit
3851a66193
12 changed files with 203 additions and 0 deletions
|
@ -15,6 +15,7 @@
|
||||||
./nginx.nix
|
./nginx.nix
|
||||||
./dokuwiki.nix
|
./dokuwiki.nix
|
||||||
./matterbridge.nix
|
./matterbridge.nix
|
||||||
|
./orga
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.hostName = "hackens-org"; # Define your hostname.
|
networking.hostName = "hackens-org"; # Define your hostname.
|
||||||
|
|
12
hosts/org/orga/authens.nix
Normal file
12
hosts/org/orga/authens.nix
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
{ lib, pythoncas, django, ldap, buildPythonPackage }:
|
||||||
|
buildPythonPackage rec {
|
||||||
|
pname = "authens";
|
||||||
|
version = "v0.1b5";
|
||||||
|
doCheck = false;
|
||||||
|
src = builtins.fetchGit {
|
||||||
|
url = "https://git.eleves.ens.fr/klub-dev-ens/authens.git";
|
||||||
|
#rev = "master";
|
||||||
|
#sha256 = "sha256-R0Nw212/BOPHfpspT5wzxtji1vxZ/JOuwr00naklWE8=";
|
||||||
|
};
|
||||||
|
propagatedBuildInputs = [ django ldap pythoncas ];
|
||||||
|
}
|
42
hosts/org/orga/default.nix
Normal file
42
hosts/org/orga/default.nix
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
{ pkgs, lib, config, ... }:
|
||||||
|
let
|
||||||
|
assets = import ./mkAssets.nix {
|
||||||
|
inherit pkgs;
|
||||||
|
app = "hackens_orga";
|
||||||
|
settings = config.services.django.hackens_orga.settings;
|
||||||
|
source = pkgs.fetchgit {
|
||||||
|
url = "https://git.rz.ens.wtf/HackENS/hackens-orga.git";
|
||||||
|
rev = "1a7a2c00d7e2efd380cc63164e6b77542c465c2e";
|
||||||
|
hash = "sha256-tpRCy7kDqd129j882e2FtCKS/JgcckmTFaTPElLbcjg="; #lib.fakeSha256;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./module.nix
|
||||||
|
];
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
virtualHosts."new.hackens.org" = {
|
||||||
|
locations = {
|
||||||
|
"/orga" = {
|
||||||
|
proxyPass = "http://localhost:51666/orga";
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_set_header SCRIPT_NAME /orga;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"/static".root = assets.static-assets;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
services.django.hackens_orga = {
|
||||||
|
enable = true;
|
||||||
|
assets = assets;
|
||||||
|
settings = {
|
||||||
|
HACKENS_ORGA_DEBUG = "0";
|
||||||
|
HACKENS_ORGA_ALLOWED_HOSTS = [ "new.hackens.org" ];
|
||||||
|
HACKENS_ORGA_SECRET_KEY._file = config.age.secrets.django.path;
|
||||||
|
HACKENS_ORGA_DB_FILE = "/var/lib/hackens-orga/db.sqlite3";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
27
hosts/org/orga/mkAssets.nix
Normal file
27
hosts/org/orga/mkAssets.nix
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
{ pkgs, settings, source, app }:
|
||||||
|
let
|
||||||
|
manage-py-file = "${source}/${app}/manage.py";
|
||||||
|
python = import ./python.nix { inherit pkgs; };
|
||||||
|
static-assets = pkgs.callPackage ./static-assets.nix { inherit python source app; envPrefix = "HACKENS_ORGA_"; };
|
||||||
|
mkEnv = settings: let # make env file to source before using manage.py and other commands
|
||||||
|
lib = pkgs.lib;
|
||||||
|
mkVarVal = v: let
|
||||||
|
isHasAttr = s: lib.isAttrs v && lib.hasAttr s v;
|
||||||
|
in
|
||||||
|
if builtins.isString v then v
|
||||||
|
else if builtins.isList v && lib.any lib.strings.isCoercibleToString v then (lib.concatMapStringsSep "," toString v)
|
||||||
|
else if builtins.isInt v then toString v
|
||||||
|
else if builtins.isBool v then toString (if v then 1 else 0)
|
||||||
|
else if isHasAttr "_file" then "$(cat ${v._file} | xargs)"
|
||||||
|
else if isHasAttr "_raw" then v._raw
|
||||||
|
else abort "The django conf value ${lib.generators.toPretty {} v} can not be encoded.";
|
||||||
|
in lib.concatStringsSep "\n" (lib.mapAttrsToList (k: v: "export ${k}=${mkVarVal v}") settings);
|
||||||
|
envFile = pkgs.writeScript "django-${app}-env.sh" (mkEnv settings);
|
||||||
|
managePy = pkgs.writeScript "manage-${app}" ''
|
||||||
|
source ${envFile}
|
||||||
|
${python}/bin/python ${manage-py-file} $@
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
{
|
||||||
|
inherit managePy static-assets envFile source python;
|
||||||
|
}
|
65
hosts/org/orga/module.nix
Normal file
65
hosts/org/orga/module.nix
Normal file
|
@ -0,0 +1,65 @@
|
||||||
|
{ pkgs, lib, config, ... }:
|
||||||
|
let
|
||||||
|
app = "hackens_orga";
|
||||||
|
cfg = config.services.django.${app};
|
||||||
|
assets = cfg.assets;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
|
||||||
|
options = {
|
||||||
|
services.django.${app} = {
|
||||||
|
enable = lib.mkEnableOption (lib.mdDoc "Enable django ${app}");
|
||||||
|
settings = lib.mkOption {
|
||||||
|
type = lib.types.submodule {
|
||||||
|
freeformType = with lib.types; attrsOf anything;
|
||||||
|
options = {
|
||||||
|
HACKENS_ORGA_STATIC_ROOT = lib.mkOption {
|
||||||
|
type = lib.types.path;
|
||||||
|
default = builtins.toString assets.static-assets;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
assets = lib.mkOption {
|
||||||
|
type = lib.types.attrsOf lib.types.anything;
|
||||||
|
description = lib.mdDoc "Assets for django";
|
||||||
|
};
|
||||||
|
port = lib.mkOption {
|
||||||
|
type = lib.types.port;
|
||||||
|
default = 51666;
|
||||||
|
};
|
||||||
|
processes = lib.mkOption {
|
||||||
|
type = lib.types.int;
|
||||||
|
default = 2;
|
||||||
|
};
|
||||||
|
threads = lib.mkOption {
|
||||||
|
type = lib.types.int;
|
||||||
|
default = 2;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
systemd.services."django-${app}" = {
|
||||||
|
description = "${app} django service";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network.target" ];
|
||||||
|
serviceConfig = {
|
||||||
|
User = "django-${app}";
|
||||||
|
};
|
||||||
|
script = ''
|
||||||
|
source ${assets.envFile}
|
||||||
|
${assets.managePy} migrate
|
||||||
|
${assets.python}/bin/gunicorn ${app}.wsgi \
|
||||||
|
--pythonpath ${assets.source}/${app} \
|
||||||
|
-b 127.0.0.1:${toString cfg.port} \
|
||||||
|
--workers=${toString cfg.processes} \
|
||||||
|
--threads=${toString cfg.threads}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
users.users."django-${app}" = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "django-${app}";
|
||||||
|
};
|
||||||
|
users.groups."django-${app}" = {};
|
||||||
|
};
|
||||||
|
}
|
13
hosts/org/orga/python-cas.nix
Normal file
13
hosts/org/orga/python-cas.nix
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{ lib, requests, lxml, six, buildPythonPackage, fetchFromGitHub }:
|
||||||
|
buildPythonPackage rec {
|
||||||
|
pname = "python-cas";
|
||||||
|
version = "1.6.0";
|
||||||
|
doCheck = false;
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "python-cas";
|
||||||
|
repo = "python-cas";
|
||||||
|
rev = "v1.6.0";
|
||||||
|
sha512 = "sha512-qnYzgwELUij2EdqA6H17q8vnNUsfI7DkbZSI8CCIGfXOM+cZ7vsWe7CJxzsDUw73sBPB4+zzpLxvb7tpm/IDeg==";
|
||||||
|
};
|
||||||
|
propagatedBuildInputs = [ requests lxml six ];
|
||||||
|
}
|
20
hosts/org/orga/python.nix
Normal file
20
hosts/org/orga/python.nix
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
{ pkgs ? import ../nix { }, debug ? false }:
|
||||||
|
let
|
||||||
|
python = pkgs.python310.override {
|
||||||
|
packageOverrides = self: super: {
|
||||||
|
django = super.django_4;
|
||||||
|
authens = self.callPackage ./authens.nix { };
|
||||||
|
pythoncas = self.callPackage ./python-cas.nix { };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in
|
||||||
|
python.withPackages (ps: [
|
||||||
|
ps.django
|
||||||
|
ps.djangorestframework
|
||||||
|
ps.authens
|
||||||
|
ps.gunicorn
|
||||||
|
] ++ pkgs.lib.optionals debug [
|
||||||
|
ps.django-debug-toolbar
|
||||||
|
ps.black
|
||||||
|
ps.isort
|
||||||
|
])
|
6
hosts/org/orga/shell.nix
Normal file
6
hosts/org/orga/shell.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{ pkgs ? import ../nix { } }:
|
||||||
|
pkgs.mkShell {
|
||||||
|
buildInputs = [
|
||||||
|
(import ./python.nix { inherit pkgs; debug = true; })
|
||||||
|
];
|
||||||
|
}
|
10
hosts/org/orga/static-assets.nix
Normal file
10
hosts/org/orga/static-assets.nix
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
{ pkgs, python, source, app, envPrefix ? ""}:
|
||||||
|
pkgs.runCommand "django-static" { } ''
|
||||||
|
mkdir -p $out/static
|
||||||
|
export ${envPrefix}SECRET_KEY="collectstatic"
|
||||||
|
export ${envPrefix}STATIC_ROOT=$out/static
|
||||||
|
export ${envPrefix}DEBUG=0
|
||||||
|
export ${envPrefix}ALLOWED_HOSTS=
|
||||||
|
export ${envPrefix}DB_FILE=
|
||||||
|
${python}/bin/python ${source}/${app}/manage.py collectstatic
|
||||||
|
''
|
|
@ -4,6 +4,10 @@
|
||||||
file = ./wiki-openID.age;
|
file = ./wiki-openID.age;
|
||||||
owner = "dokuwiki";
|
owner = "dokuwiki";
|
||||||
};
|
};
|
||||||
|
age.secrets."django" = {
|
||||||
|
file = ./django.age;
|
||||||
|
owner = "django-hackens_orga";
|
||||||
|
};
|
||||||
age.secrets."matterbridge-env" = {
|
age.secrets."matterbridge-env" = {
|
||||||
file = ./matterbridge-env.age;
|
file = ./matterbridge-env.age;
|
||||||
owner = "matterbridge";
|
owner = "matterbridge";
|
||||||
|
|
BIN
secrets/django.age
Normal file
BIN
secrets/django.age
Normal file
Binary file not shown.
|
@ -11,4 +11,7 @@ in
|
||||||
"matterbridge-env.age".publicKeys = (readpubkeys "sinavir")
|
"matterbridge-env.age".publicKeys = (readpubkeys "sinavir")
|
||||||
++ (readpubkeys "hackens-host") ++ (readpubkeys "raito")
|
++ (readpubkeys "hackens-host") ++ (readpubkeys "raito")
|
||||||
++ (readpubkeys "gdd") ++ (readpubkeys "backslash");
|
++ (readpubkeys "gdd") ++ (readpubkeys "backslash");
|
||||||
|
"django.age".publicKeys = (readpubkeys "sinavir")
|
||||||
|
++ (readpubkeys "hackens-host") ++ (readpubkeys "raito")
|
||||||
|
++ (readpubkeys "gdd") ++ (readpubkeys "backslash");
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue