diff --git a/machines/nixos/web03/django-apps/default.nix b/machines/nixos/web03/django-apps/default.nix index 18b5ee6..6798e48 100644 --- a/machines/nixos/web03/django-apps/default.nix +++ b/machines/nixos/web03/django-apps/default.nix @@ -8,6 +8,7 @@ ./bocal.nix ./ernestophone.nix ./gestiobds.nix + ./gestiocof.nix ./gestiojeux.nix ./interludes.nix ./wikiens.nix diff --git a/machines/nixos/web03/django-apps/gestiocof.nix b/machines/nixos/web03/django-apps/gestiocof.nix new file mode 100644 index 0000000..67c1c20 --- /dev/null +++ b/machines/nixos/web03/django-apps/gestiocof.nix @@ -0,0 +1,93 @@ +# SPDX-FileCopyrightText: 2024 Tom Hubrecht +# +# SPDX-License-Identifier: EUPL-1.2 + +{ + pkgs, + sources, + config, + ... +}: + +let + inherit (import "${sources.nix-pkgs}/overlay.nix") mkOverlay; +in + +{ + services.django-apps.sites.gestiocof = { + source = "https://git.dgnum.eu/DGNum/gestioCOF"; + branch = "django-apps"; + domain = "gestiocof.webapps.dgnum.eu"; + + nginx = { + enableACME = true; + forceSSL = true; + }; + + webHookSecret = config.age.secrets."webhook-gestiocof_token".path; + + python = pkgs.python3.override { + packageOverrides = + self: super: + ( + (mkOverlay { + folder = "python-modules"; + plist = [ + # Required packages + "authens" + "django-bootstrap-form" + "django-cas-ng" + "loadcredential" + + # Dependencies + "python-cas" + ]; + }) + self + super + ) + // (super.lib.genAttrs [ + "django-djconfig" + "django-hCaptcha" + "wagtail-modeltranslation" + "wagtailmenus" + "django-cogwheels" + ] (name: self.callPackage "${sources.kat-pkgs}/python-pkgs/${name}.nix" { })); + }; + + dependencies = ps: [ + ps.authens + ps.channels + ps.configparser + ps.django + ps.django-autocomplete-light + ps.django-bootstrap-form + ps.django-cas-ng + ps.django-cors-headers + ps.django-djconfig + ps.django-hCaptcha + ps.django-js-reverse + ps.django-widget-tweaks + ps.icalendar + ps.loadcredential + ps.pillow + ps.python-dateutil + ps.statistics + ps.wagtail + ps.wagtail-modeltranslation + ps.wagtailmenus + ]; + + application = { + module = "gestioasso"; + settingsModule = "gestioasso.settings_cof"; + }; + + credentials = { + SECRET_KEY = config.age.secrets."dj_gestiocof-secret_key_file".path; + HCAPTCHA_SECRET = config.age.secrets."dj_gestiocof-hcaptcha_secret_file".path; + HCAPTCHA_SITEKEY = config.age.secrets."dj_gestiocof-hcaptcha_sitekey_file".path; + KFETOPEN_TOKEN = config.age.secrets."dj_gestiocof-kfetopen_token_file".path; + }; + }; +} diff --git a/machines/nixos/web03/secrets/dj_gestiocof-hcaptcha_secret_file b/machines/nixos/web03/secrets/dj_gestiocof-hcaptcha_secret_file new file mode 100644 index 0000000..32a2e39 --- /dev/null +++ b/machines/nixos/web03/secrets/dj_gestiocof-hcaptcha_secret_file @@ -0,0 +1,28 @@ +age-encryption.org/v1 +-> ssh-ed25519 jIXfPA VBCHEBE9YkosDntw4AzwbaFHbELym9LJ+oxQObZBzzk +vAdwHKywgVzWDupA1PmzQUOmlbaIWK1BnFk3geQ4FKM +-> ssh-ed25519 QlRB9Q AJ/c/fKpFY3JMC340o2hyseh/j1LY1+Dt+XzIc3MqVQ +LBfTk6L3lZxqScbdczn7JpadvnhgCMJm5ngodRTLhNE +-> ssh-ed25519 r+nK/Q +4i0mhlT3xpV5YZB67djkWyejam8GkZWfOtktuuCalY +AodcJXApJz2IiJlisepnNrZPQfLiGdfczNjFttadatA +-> ssh-rsa krWCLQ +jy6jHhW4KzttqdsaB/hF03ROMYygraudW7Pya2OzBRdi2NceNOK4lYBUwHFa4fGj +ztPP2htJkKXeQlZnnZQFcI1pL26HSJ3wf+aRq3wJqM+QVLzHsJbmWTxnsHyjQQhZ +2D36inLoJaXlHeScpivyC+zphXhfwRqNqoMF+vHHErNaejcd9HSjIT5m8+2BKukX +QCXHHUktR4m6Rvb8ruPyz/amxFOCUCqJBFtgXJu5YiQ+Ddse536JTT/so2ej+uw5 +91yDAevF7A5mh5FN61CQUth1GG/zI5augw2CZnHnZ+v7Om/k/eLStfoOZNEkK40j +9TxqJEwCq/GXm5TT7P0ggA +-> ssh-ed25519 /vwQcQ RQ7rg384QaVj5MVNicokltcQHq+TAcptHSCcXYttvTQ +tOW+gjt+v15v7Wm+6t5KUE5Dyt/rBBOI2/iZTKe2y6E +-> ssh-ed25519 0R97PA BtTIq2S+RzVdlCiwgfq/EbTvnyMQB4lpvrhGVYYzvBM +7be7fOant5YeXECI03wCHs3fCoffewtiAFccj3gLvkQ +-> ssh-ed25519 JGx7Ng vDty3aWPomDC8RxsDtqMDJjov/rmVXq8keag5vbkZ2A +dPcVXs6FWyzB4Hu/kOhU3covn9WX0X3xSvZb2Qs1Dns +-> ssh-ed25519 bUjjig 07l6L0AumSs+4aPeL5t7xcf/WNPmVpmjYBlJOdNGczY +sh34ZcXDL1R8NxhHWpOrMhgItWFSLFrLkH1Wu6EuXJU +-> ssh-ed25519 VQSaNw 4e9ahu+KLQmjpQ5iPtpCN1GnYfq8VgxfYUiFJvNe9W0 +eRcbLfNLoFcQhKj1AEfsNKhV+cNz9sCH5iEON2eSWLg +-> :-grease |_6] 8 ik7' Ih'Sm1z( +BL/IA5FVNaAa+cgAj5DAI4GjPvAI2J4E/yqfSx1Sifal3QdClazL86cmhKg +--- xvetQPUwoScpbK37DKgs4Z4C1D2nwW4ArN3kvLG+h1s +K4FdG`%iWZw:G/YPXkr+ zzr=t04Y^J {I \ No newline at end of file diff --git a/machines/nixos/web03/secrets/dj_gestiocof-hcaptcha_sitekey_file b/machines/nixos/web03/secrets/dj_gestiocof-hcaptcha_sitekey_file new file mode 100644 index 0000000..7728f11 Binary files /dev/null and b/machines/nixos/web03/secrets/dj_gestiocof-hcaptcha_sitekey_file differ diff --git a/machines/nixos/web03/secrets/dj_gestiocof-kfetopen_token_file b/machines/nixos/web03/secrets/dj_gestiocof-kfetopen_token_file new file mode 100644 index 0000000..f4c991d --- /dev/null +++ b/machines/nixos/web03/secrets/dj_gestiocof-kfetopen_token_file @@ -0,0 +1,29 @@ +age-encryption.org/v1 +-> ssh-ed25519 jIXfPA sm/tSFwOmGkQpURqhy9wfXdREiyrlzbAdqIjYWwEW0A +flk7NB7VQpTuBAc57Vt5gqF9ZT6y9EguRYyvbrLjCis +-> ssh-ed25519 QlRB9Q mJByrZUZ0XXzP9MAYy8BYjmn7ryXIOnh4MPjovuql3w +F4hd1PJc9un5Fy1s2B4LJRKHYif3ijGCpbNjAT2ZQ7A +-> ssh-ed25519 r+nK/Q FUNJ5xSccM/p87zWZkPgV9/EtbxvXMUXxrhFB3tgSCs +WpQUc4gGWYCQqzlINHJngZQfzm9SbZix15Shg9PvEzk +-> ssh-rsa krWCLQ +aXm5L4n3CyT29X03h7FIJm2HgWO566FvmiHu4FK1v/MDk+Zc54Z6MKUwZ9R79/gA +0qtfaWyJPIR/PBPNNSs+ohCuWjq9rcwXK1VG4hryGmPBYn/tJ72esH2IOcfKi+qx +15NM1QG/zAAVk81z4YgEK+tM0EFPb+rhFwCYP/6LHGm9Q3DR00GnvogQ4xtqib0c +v4MObUycsLwT13EfyQ+BUEUYtnvR7uiqLeR6cK8zuv6oZuGkNymMNxM4VfekRiqt +FLW9I0uksyUQ3wHCgy4HaNvOyyMbZGu94bPKswQSpw4b9p17sr2IbisMqt1ATUtC +lGD/IfxG4RQekRlb4zbUlQ +-> ssh-ed25519 /vwQcQ nST2EGjIu9dZBkZtAVuwDlaE6PVminESMe8Yl3KpaRQ +GCaGkuXws9IKVzyBRKdY/AYQbjnHjFLoBkTZ0OYG8tA +-> ssh-ed25519 0R97PA wPo6NKiibzu/JtTsb0UuYzcLSNZwSX5HxuqaVZq+YRo +WBDggGViZZE7SdCdhSNPnt+Br4SuwzYH2e4MOxC8JPw +-> ssh-ed25519 JGx7Ng XElqI8fmr/W4l0EBfJz9ocs9A7rqdC9goHfJcn2mByM +VUczeT0WgKJ8bj/PSJgYky33K5fNNtVRoRzas+GGfHw +-> ssh-ed25519 bUjjig 3XJ81o40O3UzmBn/ID1FJ+iF4GoJDgtrVNHKyYwNNSs +T97H8FT7G5SB/aQfojLt/j6i8sCVJkbpL8Nd1f4V7ks +-> ssh-ed25519 VQSaNw go/NCCzU0IzLgH0xEJP8SNeJ3i8C7PImiaSdY2KsyQg +W6FaBHUNkwqj8xKUOtBfUfUgVliD1NZmG+bAOWwv+bY +-> _-grease 1X_* 'y +qYXfi/2Gr/JQ4B05upJ4KSBwGKEg7xxnG82JR51QtzWwT4zX9r0MgLand/y/DEUF +jdyrCSlbbL/DFFCGXcv+C0BStLqnrUlUK03s8bU +--- ghr3+3NT3IvaUcDErgYNgaNqJTW7vTb39QcTuXZvjSI +/y%x9ydr3}eNHl䴁-I^gƗ \ No newline at end of file diff --git a/machines/nixos/web03/secrets/dj_gestiocof-secret_key_file b/machines/nixos/web03/secrets/dj_gestiocof-secret_key_file new file mode 100644 index 0000000..1f208cc --- /dev/null +++ b/machines/nixos/web03/secrets/dj_gestiocof-secret_key_file @@ -0,0 +1,29 @@ +age-encryption.org/v1 +-> ssh-ed25519 jIXfPA Ya0ezvnwZBJMO6K3WhawZnbNG4P2CYejb1WtpPhXvwY +NuGAvK7fLUR9IhiWI6KTph0uhtvgNe5BWWFHDOT9XBs +-> ssh-ed25519 QlRB9Q kNcid7FBFyrYMsoEAVHcmo9KYKkhpM6U1+DX3bqutFQ +WMg/YJ4bkkztenjYWODhO+vkcKGaSYnI7TsZ9lkuYkk +-> ssh-ed25519 r+nK/Q qbnmIjKpxW/M35IS+kQBpiPsJpxdAacWr1oUKKHAXlE +xGdpIOy7LfTSJ+5ZZPCS7I3n6onHca7w4tDnIKYIMNU +-> ssh-rsa krWCLQ +0rYhCERlMqhTgQeB+9sb/MhAYL0Y7EI8tAcEvGqfHNzNxTcMCyP19zhBKRzTeEss +gtkeYZ75DtxzzNtgHve0dyfNHuA8/jiOVd02hcqjUbuxBM7DF1hlYWWycc8ZPcNa +odR5GdfdfoB8DmWz43zeVHK123/KfBKS1wvhoFuQWdfqBS0t541ywyCeCJ3frrx/ +ZszFYBW81ABKcIvNoh41EHz6izCpiFiG3jAbgC94v4nQZEKb7Z4ReiZc2/1BbDNO +HzDepXvX0AHmbNJovjHe73AfmSaCM8ZkXoftOHri3bKKbI6i7SGWQsYRKTki5nuX +PO5OdT8CcxD5BR+jRw1A1g +-> ssh-ed25519 /vwQcQ EZ3gzL6oDYEwvvd1IIgRlXZjSqndHHN1NDy+OKJ2hls +FJtGY9jPWh1mIVbHcE7pT7iKHBxFPj3nZWayONkMyGQ +-> ssh-ed25519 0R97PA VrmvX63CtSSMr0REOz2KsEob18GlGzy+c8Fhzqce5mI +aaVG2dPvP1j4Ovy0KajAMOL4+POOkFckOUKK/JhDFAU +-> ssh-ed25519 JGx7Ng 33tYHZbrAewMIIGH2P+MNc5XgFBTqDUu02YCQDbHT1Y +5TUDTw4qTC+sL9t/WIGIAZvW2cFLnq3CGrT3rjS+aII +-> ssh-ed25519 bUjjig 7gzyEL8mZX0lblumEu3WDJ293m7T5Fl0f117qBFIwmY +qgppZdyZQpCU51///+sbsIEscG8RIHWEOvxYB6xf3C4 +-> ssh-ed25519 VQSaNw sSsmV8dovqEWBcJ9zhRj4PbGTy3u6C3UFBIxXoALolA +wdXzdDiOet65BeWO9b5XoV5HDKW9HJrImXxoIOUVlpY +-> 1-grease ){ *) $*f +47XqkHGvz6t7tlrZf2Eg8X3Dep1UypCHdf5j+t3wlv7CQEiJ6WY8H7fmbdrCmX/a +6hUldJj/WjY +--- nwZIzSDPV8Hne6CHgkwic5kcQdNhilGsJwqBv+axmDc +əx Sn>q~v=F9= [ L3"ӣ CXɢ_Nonz¸Z* \ No newline at end of file diff --git a/machines/nixos/web03/secrets/secrets.nix b/machines/nixos/web03/secrets/secrets.nix index 883ac2b..36db49f 100644 --- a/machines/nixos/web03/secrets/secrets.nix +++ b/machines/nixos/web03/secrets/secrets.nix @@ -13,6 +13,10 @@ "dj_ernestophone-password_file" "dj_ernestophone-admins_file" "dj_gestiobds-secret_key_file" + "dj_gestiocof-secret_key_file" + "dj_gestiocof-hcaptcha_secret_file" + "dj_gestiocof-hcaptcha_sitekey_file" + "dj_gestiocof-kfetopen_token_file" "dj_gestiojeux-secret_key_file" "dj_interludes-email_host_password_file" "dj_interludes-secret_key_file" @@ -21,6 +25,7 @@ "webhook-bocal_token" "webhook-ernestophone_token" "webhook-gestiobds_token" + "webhook-gestiocof_token" "webhook-gestiojeux_token" "webhook-interludes_token" "webhook-wikiens_token" diff --git a/machines/nixos/web03/secrets/webhook-gestiocof_token b/machines/nixos/web03/secrets/webhook-gestiocof_token new file mode 100644 index 0000000..e62276f --- /dev/null +++ b/machines/nixos/web03/secrets/webhook-gestiocof_token @@ -0,0 +1,29 @@ +age-encryption.org/v1 +-> ssh-ed25519 jIXfPA KrKFEp6rV9xfBHAj9NeHKI0eIECjogKMyeClTaBipG0 +1fxm8PtMPXJTMM7NDiTKuoFp2J+tBQxI85MgifdISho +-> ssh-ed25519 QlRB9Q 97pPLWOIzOee8ZAjZil29PvzCM3dUXobZErfN4/gzX0 +UEL1QdbywRgxnMZo78/olkvV4658ezc4yG6MuISGUbY +-> ssh-ed25519 r+nK/Q DbBaSui7qk1+umFZpaLXp7BRxncPqz4z8ClFQc7m11o +DwqwK/5pCUN/mFH9wK/lv5AFWyoMmAUUntNpGu14UEI +-> ssh-rsa krWCLQ +0DqUVAzJiRi9UyttiwNWBU/bJ2j0CEn4iYa8+k+WFqtHZEPnVPKivmHSsafaaVul +uZRdx8HsBCXQW7O5YGXGtkedmJhwDGM8JV/PaeQhr3yYQj/x+3oiEiwqOHiXKxHf +K/MGXtaUlzy88bfVmVXUbxVlUXcjANS19ofvzsUa80ru45iQnjPDAxrVBdmu3AvK +1yxmQqu0fwnfQEuBQcQq3ORlqhUlRNgcQbS/WMiB9iEavtMj0ZP8aqG39RaFlL1D +jfRqrliV9ihhGfa846lv/Py3NQ7pY2DFilLwYG7DUSLqDrDFuABRl9uGbsZeNNGm +iB5IXoTfd1NwzKWlo9oAag +-> ssh-ed25519 /vwQcQ +Bi7L49XCBFV07IXoNh5bjqg40J3rxTw8HXNDyOyPUI +4ZnfgVVKZa2LLXPgD/Aokg/CYa3Ekv9r+F1HEefGJ+c +-> ssh-ed25519 0R97PA BD4To9vKcK9/N+SsNR47XRAEGgYtQpLjxB9uHx3upmw +KCXt2U0wbt+YAkMbyg8IiqxSEb4PqYqcF/Eyccp+/Ss +-> ssh-ed25519 JGx7Ng jMBazI26/KI/SnoaW9RenfkfaaXVoC7fAzOE5ag5yik +V5roh9mLqwu8U7xa8uDjE5FvJ0f9oGBZvcc8Sq95c/g +-> ssh-ed25519 bUjjig c+j4yAZbc79z8PY2mh3YKBb1Ufx5o+6mEZfBKFqx3BY +b70Yqth6WlEHCE5IayJdIOjw0LwvKRKtOAtqKKWsbcs +-> ssh-ed25519 VQSaNw qKlh7tiMBtr+nSEBk6WeZoJ7Dzh6VHO5gN4hBf4muRM +Aq2c0Gi5eAlwL5RKrmrygtZdRYk2aY2vjG9s3k7p9hQ +-> kO[(ddID-grease qq^m ? +JNVmowjDLasojkFmvRnZ7sxMi7/SpsSan0VXIj8qxqoBo5flLWhvD7mSblGHzegP +/degDQCvLlok9w6XDizZGN7nRAk +--- skSDFui7qsitmkHgiWfNf1zkXOfGM6wrL/RwgVpyoL4 +qAWxFBΟܟ{(I?Z IXc4; Ĥ9ח}(I ˆ!٬| S \ No newline at end of file diff --git a/npins/sources.json b/npins/sources.json index ad534e2..4e76fdd 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -136,6 +136,17 @@ "url": null, "hash": "0jypfqgjbwc1i27fyhnsx18diwpz9kpxj7mgmb8xcnixrkh1am61" }, + "kat-pkgs": { + "type": "Git", + "repository": { + "type": "Git", + "url": "https://git.dgnum.eu/lbailly/kat-pkgs" + }, + "branch": "master", + "revision": "c84586e8f5dc0f755781148d115a94021b56b80e", + "url": null, + "hash": "0mjbbjqi80dmnljpccf2535x8i62y1gvcwb1xv27xl2b6mzn3f3j" + }, "liminix": { "type": "Git", "repository": {