From 32f13adaad97afac92c50cde69f30bdd77cdd363 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 12 Nov 2024 10:39:28 +0100
Subject: [PATCH] feat(web03): Deploy interludes.webapps.dgnum.eu

---
 machines/web03/django-apps/default.nix        |  1 +
 machines/web03/django-apps/interludes.nix     | 59 +++++++++++++++++++
 .../dj_interludes-email_host_password_file    | 29 +++++++++
 .../secrets/dj_interludes-secret_key_file     | 29 +++++++++
 machines/web03/secrets/secrets.nix            |  2 +
 5 files changed, 120 insertions(+)
 create mode 100644 machines/web03/django-apps/interludes.nix
 create mode 100644 machines/web03/secrets/dj_interludes-email_host_password_file
 create mode 100644 machines/web03/secrets/dj_interludes-secret_key_file

diff --git a/machines/web03/django-apps/default.nix b/machines/web03/django-apps/default.nix
index b18c28d..7d1f349 100644
--- a/machines/web03/django-apps/default.nix
+++ b/machines/web03/django-apps/default.nix
@@ -3,6 +3,7 @@
     ./annuaire.nix
     ./bocal.nix
     ./gestiojeux.nix
+    ./interludes.nix
     ./wikiens.nix
   ];
 
diff --git a/machines/web03/django-apps/interludes.nix b/machines/web03/django-apps/interludes.nix
new file mode 100644
index 0000000..dd38fb5
--- /dev/null
+++ b/machines/web03/django-apps/interludes.nix
@@ -0,0 +1,59 @@
+{
+  config,
+  pkgs,
+  sources,
+  ...
+}:
+
+let
+  nix-pkgs = import sources.nix-pkgs { inherit pkgs; };
+in
+
+{
+  services.django-apps.sites.interludes = {
+    source = "https://git.eleves.ens.fr/dlesbre/site-interludes";
+    branch = "master";
+    domain = "interludes.webapps.dgnum.eu";
+
+    nginx = {
+      enableACME = true;
+      forceSSL = true;
+    };
+
+    webHookSecret = builtins.toFile "insecure-secret" "T5hNeDraMivRZLUkrekv&QeM";
+
+    application = {
+      type = "wsgi";
+      module = "interludes";
+    };
+
+    dbType = "sqlite";
+
+    python = pkgs.python3.override {
+      packageOverrides = _: _: { inherit (nix-pkgs) python-cas loadcredential; };
+    };
+
+    django = ps: ps.django_4;
+    dependencies = ps: [
+      ps.loadcredential
+      ps.python-ldap
+      ps.python-cas
+    ];
+
+    credentials = {
+      SECRET_KEY = config.age.secrets."dj_interludes-secret_key_file".path;
+      EMAIL_HOST_PASSWORD = config.age.secrets."dj_interludes-email_host_password_file".path;
+    };
+
+    environment = {
+      INTERLUDES_ALLOWED_HOSTS = [ "interludes.webapps.dgnum.eu" ];
+
+      # E-mail configuration
+      INTERLUDES_SERVER_EMAIL = "noreply-interludes-admin@ens.fr";
+      INTERLUDES_DEFAULT_FROM_EMAIL = "noreply-interludes@ens.fr";
+      INTERLUDES_EMAIL_HOST = "clipper.ens.fr";
+      INTERLUDES_EMAIL_PORT = 465;
+      INTERLUDES_EMAIL_HOST_USER = "interludes";
+    };
+  };
+}
diff --git a/machines/web03/secrets/dj_interludes-email_host_password_file b/machines/web03/secrets/dj_interludes-email_host_password_file
new file mode 100644
index 0000000..159318f
--- /dev/null
+++ b/machines/web03/secrets/dj_interludes-email_host_password_file
@@ -0,0 +1,29 @@
+age-encryption.org/v1
+-> ssh-ed25519 jIXfPA iJSzsbA8RiEhUIyhlKWCASQKoSQstjK4drMYl+PsChw
+8THrknrBu0WGFEb4xTZiJxEY26q7sW83rwViDjyTE24
+-> ssh-ed25519 QlRB9Q e7PRE212Ggt8nO6Bb+BabO85FOARsJGs9cPJmZNI9kg
+ubKIBxI1ZBXttA7TWj401siKNT1HyB+N2MsZ+ldkgb8
+-> ssh-ed25519 r+nK/Q EWV24Emm9hENa+yUAuQpkuJ0uJ0zIv+vRIbWpM4Wtg4
+J59wnHRytgNqpX4+5HaJ9KZ5GvhckgtRK6TzfX7Ci8Y
+-> ssh-rsa krWCLQ
+AvmrzShR+XTpUpKaScoqvgFQ40PTSqh8p383p98xjG5LIz5kqJoWBnxJK7JabBpq
+JkqVeq5XdH5RX4weobieG4KYUV8EDheLfOMXH5BrPgeJO4yhJ1rzH+oHBw4TwvFM
+UvEZEAVgi3G1/suPfJAkO7QRkZjE7fRppEo5RAI0gMlM43YyJavrfqVIqB40Uugk
+h0b0ybChUbKpXlZjqhYAAMN45jTAvW1emO0DMeIk6dbmnbZNdibul8f+NNdWKbI1
+9NN5iH2IzuqTdc6gkE4912hdDeUJ4NZ6x/Fxp1/u3d1z/Yg7daUQUXUIoDX0Hyvb
++01dH0D/7kzRhEdNLO2NXA
+-> ssh-ed25519 /vwQcQ GAsAj2i65KDQeFhe69YR2ycdGskop1wu3Lzrxp59sTg
+wCSUqEtWv0i6sNg1RVtHI/jZh3VeNX3qtnbagXoNGT4
+-> ssh-ed25519 0R97PA mFZ3q/3jd1guXl8bhRWyYjgsgE4JErJEels6vdmpfCs
+7oIAT0MTsaKxbf26PSDBk7KqfyFgcBq09FGJ9v/rXqE
+-> ssh-ed25519 JGx7Ng tpslfMWMJMUH46EGycbLiXotVdXlP4xmK0slb7XKYS8
+wLLfX4jX4mIxzI8zr2GBlpBcPztTrHqKngi/ON0TExg
+-> ssh-ed25519 bUjjig zLoniLfwKGH9Ctu34103WHBvjIyImtPyKx8O+5UMLUU
+sYsterVGvCg6JWA0z3AO5sSlj9DBfj8u5o5jH9K2xeA
+-> ssh-ed25519 VQSaNw oHzU9Lc/7p+MZAjVylzC63h586vOcffXkkpAi4XB8Q0
+7T8CREpaCxM58KMYW28FY2i+ELjrx3eC3K7xaBy7O6A
+-> (_o61>U-grease .P>ZRrj~ -=7S;N
+6vnQVKKZwp4JowIwVb4klrhaR6NZjwlZYnngVQ0wqVenMZPj9oyhIXthLRqE1Q6/
+k+sGxA
+--- +yT0o8oZJS+32MeUAl8T9zREh31rq77pSVsSoFjHO5A
+è™ñÎ—´ä!î^ûØÖ8Ô‚zøÑaÒÓÐàÔ@Ö¡s\ ˜_ÃÃúoÖöwõÖ¥Cr)¾€fû¿AÃ'•3D€â
\ No newline at end of file
diff --git a/machines/web03/secrets/dj_interludes-secret_key_file b/machines/web03/secrets/dj_interludes-secret_key_file
new file mode 100644
index 0000000..9c615bf
--- /dev/null
+++ b/machines/web03/secrets/dj_interludes-secret_key_file
@@ -0,0 +1,29 @@
+age-encryption.org/v1
+-> ssh-ed25519 jIXfPA 7v2qJ+2ZSp0tf4m6gcK2ShFF9ulNm/g3aHu3Wqe4Sxo
+ZyVqTqBCK51/U5yxtp23nywprQv46yL90zwx6+DqKRg
+-> ssh-ed25519 QlRB9Q IePmluoRImtaDplOoVqNiwfTQMKF1CuF4M6AzurXGRY
+JjtOeyvARlc9t5Q+LS2+TZwAUgV4Qn2L8SFkw9YLnaU
+-> ssh-ed25519 r+nK/Q LGPI7PmVPnZDQe6Su5MZQauxRHZkBKehyNbMq+BKlGQ
+3RvcfLAFKaScusYKf47zFNAtnot7wySvytuD81s6TwM
+-> ssh-rsa krWCLQ
+xGH7rl+r8L5HEp6JUlAm04ktn9rQsWfBBlSRp7UsOi6ojwCfjjIA91yUrYw8TYRs
+Ci60uoLS7cuMtSE/jQVU/FuVtR5kwjhOkWmQDHrC7rUWb6CufusxPIVJ0xanp3wo
+cc2t+EfSdpVyGIx5N8BEMhQ6sR2EfERHGfUrnKCpcL5hM5L8ZHnVh6CkRBtvZaq0
+Zy44Ob4pqH6fDz7EziM1hBkfg9myN+/Iqfvg5OUnfSrqooLZ8l0gDvGafS5fok91
+uqb0PGDiv6lwzpaj87jKUCaXAF3ag2KAa6j8sbZ4+fSsQeB/jhH7hTlWcAR/oEFW
+fuPQDFKxMucAsPjv1H1iaQ
+-> ssh-ed25519 /vwQcQ +5+xDNQyRwBWXT6c593S01OG9IemNul/81G4ie1hTVg
+Tzkq0toOCqdHOZNPiy/rUrO2eQXTDHi7g+jKbrWU/hU
+-> ssh-ed25519 0R97PA WEMs0phnuvw1kQaqeSkovwFUL6w7J6wh+V7D82NxfDs
+V5npmkeTPVcnaNwDtoy7PqBRllPTuQjvF9Qu14V59os
+-> ssh-ed25519 JGx7Ng 3bty0WCf+ElvPEFt7fSpgYf5MeFUPaZ4vVGWPUAjn0I
+ggl5CgXaUx4T6qbA9EG1oaF9NbfFYye4davm7lKqUvI
+-> ssh-ed25519 bUjjig zFlaOVzFEkPG+J3Yz7alPgSiCVbC/7u/hCTVIP8X/Ho
+3PBIRu9ZKfb9lkzijw6kKjX0ztXBkiwVaQUx8rxuYJc
+-> ssh-ed25519 VQSaNw btusrepFF5Jhl3x2YWs6wVrHwzb6qBXfDXESclQJAXo
+HwfOU3tyP9OsNjTkaMMmJnd4b+0ZfxJLkP6xe5jsAZE
+-> Tp-grease s03Py `u6"4 E|5 _
+3CvcQ6NEZKLY1F6y0cTMQPwV9mJvHB0T7dauvWJAYKkfb95TymqfDYGWwW1veND2
+n1XD/arAJHVwva95K7TaQdsNLPGo8/VePQGUnYqi
+--- qe75UTWqdDd0gGg0nm054SFZ2AgqVBw/bbycvcZSfQY
+ãñêÕ]¹¦zÂg©;Ê¡îñ˜öÓ´0éÅYëÀHãŒ!@ìp­ö¸T«?£iÞ‰áèÚ>I^ü‚l·o5”¯ë:{¬gJk£vø>€W8ði
\ No newline at end of file
diff --git a/machines/web03/secrets/secrets.nix b/machines/web03/secrets/secrets.nix
index a970876..b79c3b0 100644
--- a/machines/web03/secrets/secrets.nix
+++ b/machines/web03/secrets/secrets.nix
@@ -1,3 +1,5 @@
 (import ../../../keys).mkSecrets [ "web03" ] [
   # List of secrets for web03
+  "dj_interludes-email_host_password_file"
+  "dj_interludes-secret_key_file"
 ]