forked from DGNum/infrastructure
feat(django-apps): Init ernestophone website
This commit is contained in:
parent
4622da188c
commit
7c6c753c67
9 changed files with 204 additions and 4 deletions
|
@ -6,6 +6,7 @@
|
|||
imports = [
|
||||
./annuaire.nix
|
||||
./bocal.nix
|
||||
./ernestophone.nix
|
||||
./gestiojeux.nix
|
||||
./interludes.nix
|
||||
./wikiens.nix
|
||||
|
|
65
machines/nixos/web03/django-apps/ernestophone.nix
Normal file
65
machines/nixos/web03/django-apps/ernestophone.nix
Normal file
|
@ -0,0 +1,65 @@
|
|||
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
|
||||
#
|
||||
# SPDX-License-Identifier: EUPL-1.2
|
||||
|
||||
{
|
||||
pkgs,
|
||||
sources,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
nix-pkgs = import sources.nix-pkgs { inherit pkgs; };
|
||||
in
|
||||
|
||||
{
|
||||
services.django-apps.sites.ernestophone = {
|
||||
source = "https://git.dgnum.eu/DGNum/ernestophone.ens.fr";
|
||||
branch = "update";
|
||||
domain = "beta.ernestophone.fr";
|
||||
|
||||
nginx = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = {
|
||||
"/media/trombonoscope/".root = "/run/django-apps/ernestophone/";
|
||||
};
|
||||
};
|
||||
|
||||
serveMedia = false;
|
||||
|
||||
webHookSecret = config.age.secrets."webhook-ernestophone_token".path;
|
||||
|
||||
python = pkgs.python3.override {
|
||||
packageOverrides = _: _: {
|
||||
inherit (nix-pkgs)
|
||||
django-avatar
|
||||
django-cas-ng
|
||||
django-solo
|
||||
loadcredential
|
||||
;
|
||||
};
|
||||
};
|
||||
|
||||
dependencies = ps: [
|
||||
ps.django
|
||||
ps.django-avatar
|
||||
ps.django-colorful
|
||||
ps.gunicorn
|
||||
ps.pillow
|
||||
ps.loadcredential
|
||||
];
|
||||
|
||||
application.module = "Ernestophone";
|
||||
|
||||
credentials = {
|
||||
SECRET_KEY = config.age.secrets."dj_ernestophone-secret_key_file".path;
|
||||
};
|
||||
|
||||
environment = {
|
||||
DJANGO_SETTINGS_MODULE = "Ernestophone.settings";
|
||||
ERNESTOPHONE_ALLOWED_HOSTS = [ "beta.ernestophone.fr" ];
|
||||
};
|
||||
};
|
||||
}
|
31
machines/nixos/web03/secrets/dj_ernestophone-admins_file
Normal file
31
machines/nixos/web03/secrets/dj_ernestophone-admins_file
Normal file
|
@ -0,0 +1,31 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 jIXfPA 9RRZxLF9tCD5U+9qMdPjANj+uL/8klzK3MV+YW6fhEc
|
||||
gd8gQtbKWfOmN1mDRszw7vEnSg8pPHpHU5JDo9bM/ek
|
||||
-> ssh-ed25519 QlRB9Q hArXwJSPPrZySgU8/YBJwsVfXMhgMy7N72jFcslb1xo
|
||||
H3ifulIpmYpllXTsXh5TYit6JTxZwUs33Rey1qtvQnM
|
||||
-> ssh-ed25519 r+nK/Q jh3gdHmJMBCQbMQdYdko4Igwt0y62eIZaTlNsO/nw1Y
|
||||
NgflhTMQOIbyl1udyCuvRsIDxIkOK+QZbVRHLNThDJs
|
||||
-> ssh-rsa krWCLQ
|
||||
kOodyo51tOrDsqKSyN/WyJXq7Kot54eb66WBfHVVuYqAafQZnaUvSgXInc4Ba8M9
|
||||
+pdwX37zff47gGr/obadKkAGf42xnu7nB8c6T68u/TNwKlQoIUuebEFEdqqp+dFe
|
||||
KY3DlM9LPyMMLO+Tk0t3djE9lp1FkbUeeDOk06rEgQyCs0HATKoa2k/c6/pim6vZ
|
||||
wvu/YxkJAdIIOdkunkKs1kiuCIbeqIQfb2vz/hpBUNI8e8T4S2W7zIVMocRDfYoq
|
||||
dPYj4kHRbnqeyWcobymCuXNdtGnhsT50oS3UGEvr4flaRpREQ+babp1g9uApnU6s
|
||||
oPbmlrwTB50FJA9mxp9rSw
|
||||
-> ssh-ed25519 /vwQcQ SVB+hkmtVwrsNShWD7agmjuZs64+pah596YIFZH/Eww
|
||||
SyRzjAkoKTfNcOMf5OiIVU/wHiPi+rDuXQ0qns9vhf0
|
||||
-> ssh-ed25519 0R97PA mrJuOmOhgGEbRMC/VYvJ++e1RGTTAZl7dzAJPT+6jUo
|
||||
Rn4+0P0spe1Xjn+3twu/cCdKBmsj5y327bESx8FkqJk
|
||||
-> ssh-ed25519 JGx7Ng VXVauDsi3WOxQ2G90ElTdGMueEtVxlQsbUHsceFJTB0
|
||||
AZNRGSyxTZn+L9e9eggyGlINvDSg5hQowBtv0hX954Q
|
||||
-> ssh-ed25519 bUjjig OBwPeegYOacrZxLrlxdVpOkshBCUIYOOgyF6LdOVTjw
|
||||
MJAv6ieAneoAe3//A6b3dBvJCze9uxFVRqlQnkm+rAY
|
||||
-> ssh-ed25519 VQSaNw ldI3O8GyoxhxvrE3okoVvPTrFYnUKNA0See4buKO7GA
|
||||
wcpmfgUNs0MyVcm/VGmwBpkZ++UGkTNDCiqqpYL2XXw
|
||||
-> n>[M-grease _ D--b ? [8U|"=~
|
||||
YZ1c1yZ4273rUu4v+APm/eBy8HQyish8t2zkTvjYFd8/pdA9uRkHogQGIBnlAi3h
|
||||
tq6/02nnT/QgZPcccQCD3SlwzkU0U2qdXIAdGtgzCo0FZsIYdkeU+VyoJDfcVt1o
|
||||
qXc
|
||||
--- lzSSWa0AAP8vhy6RfNChbM71Apmn7b6pLT1CtYFVrpQ
|
||||
<04>Ôï\÷/Áºß£íÄ*‰ŒÿÙi"ºÅåÝa/[Rr
|
||||
O)u^½Ÿ,Ù"%Km£¥<C2A3>zµkÝ°3)›Ù¡‰ø)ÌbS{^§<13>!y°ÅLÉERñ˜Ç
‚Q»uÅE‹EË;Êä´¤VÐ-¶?[ù<>uÑñÏ`Fvè%+$Ú§{¯xŦüg–Qºëiôy°<79>»#.^ìŒÓÎùÈ_*¤=íò×1êîÜCõ ê
~¸
|
28
machines/nixos/web03/secrets/dj_ernestophone-password_file
Normal file
28
machines/nixos/web03/secrets/dj_ernestophone-password_file
Normal file
|
@ -0,0 +1,28 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 jIXfPA kBFUMktUZ09T8ujSXHRIo4OIWxIiwysmRv+UTiH+02M
|
||||
TvefF7CMKZIASBYaVQA22PzLr2rgZ3i7Q8ENBOmpQmI
|
||||
-> ssh-ed25519 QlRB9Q 0R2BthIX790DAiL36WPOemUa04tOnN0Drpg6u72j7UE
|
||||
nFGbwKZvSXo0SpO8AMfAGcZkphcXhX+GoFxYwadNzwQ
|
||||
-> ssh-ed25519 r+nK/Q cs+vGq5RzK/AogpcGjRG3KZjl4fp2Ghhv2ngHjTdvlE
|
||||
AyXbgDlQbe3HurX7lodUrMZyRSWADSFWmTndnHjh0dY
|
||||
-> ssh-rsa krWCLQ
|
||||
AnU8JBZXw8xIHA3L+220wCHwddC51Fx+sQx58tYsFg7eVH1NM2PKUr57a7+0KlxH
|
||||
TkIDMUuBotY4QPA0tzv212wnWaTw9ddV+T+Xe+l7JNyurCQRj1g1gWP3NLYIyYFC
|
||||
i/eXHg3XxByQG1BfBSL2nnUEiy6eJ2bLMFsJ9P6baB6hpdEnoFIuGdV4Bg3k/KGl
|
||||
Zp+Q1a7Ov0l/G7sRCw4WLQtq59otI2lxeKRSonCqSNOmDXyZBr82GMr/BmhebtK4
|
||||
h19K+EXU+Ze57lUf2kDCe0b4RSHbSGU1T1fSEMNcXFV0952r6zO9YClTsQeKl+ev
|
||||
1O7xqUhcRXgFUbDYRjTsLw
|
||||
-> ssh-ed25519 /vwQcQ AtEImZ61sgC2OzZvDldY7ttRf9I5+zmL2I7hZkmBoTY
|
||||
zQiLX4L6t+jZqzAJmN7iuRTeadD1jbs3E/NZZj/25UA
|
||||
-> ssh-ed25519 0R97PA JVheI/2kfdkqgM5Jf/py32lyYLtWjpmcx4zkHYMZl3g
|
||||
z/+qXmvziQo8yZ6f+2y5XVDv6d/uAghCVDQ9tpLXt54
|
||||
-> ssh-ed25519 JGx7Ng 41ZgklG6LmM5Mk6BkGWAf8N3j1safWPBKBAHKN2EQG0
|
||||
yOiGIHkyoMFI6NQMLCZavCaz+qxAy9jhf+vctWQ2z4k
|
||||
-> ssh-ed25519 bUjjig 0o9QkwuPZPOl/db1sQ9YL50DL1uyZqQ6ICxMEIupQ20
|
||||
FwFbAYzLUNwoAQNcbcwWckhqRSEicQTe4O4BMK7wHyg
|
||||
-> ssh-ed25519 VQSaNw iaWBGmaWmBxMJILFyob6CyVXyY24edPtT2itTQGP7xM
|
||||
EGmCuYElC5EgwqXtcXLAy7nNFt75Hl/gAehvfh+0sgg
|
||||
-> /Wa)P<iw-grease (;ag_e g#LM+oA Y n(M-1K+.
|
||||
lWfOmA
|
||||
--- k01yU9ZR8KIyG0JEfcYoP4iBlvqq7J676oPfDLpbvfs
|
||||
ÎD—èŒ<C3A8>Ptáçø4Õ•?6”N|ÐïZƒ³åM/œqo¨[ÄNä
|
29
machines/nixos/web03/secrets/dj_ernestophone-secret_key_file
Normal file
29
machines/nixos/web03/secrets/dj_ernestophone-secret_key_file
Normal file
|
@ -0,0 +1,29 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 jIXfPA hAdsxHTIT08JvDQGzY0Vz+Jxd48Kw3XNpf6TEjiGiTc
|
||||
hZgLRBDGwpfIFMhTRExY6JJ0poJ+nqrBK8Fy3ukINFI
|
||||
-> ssh-ed25519 QlRB9Q AyfmPVVcb9WVzrbyh2KdPQMwPypQ0uq3q6kkPFcMyjw
|
||||
S2h//+6MMnUiBWrznI/1+qS83Gw1vpFmU8Hlma40bdA
|
||||
-> ssh-ed25519 r+nK/Q 741XzH0HZf/y8HR1AQIn+qgn0+L+2kcdPsepRcXx7w8
|
||||
5aNoPnRTYHB5FTXipQV+8C/s8t1s5/ZF9PwnJfYy8bM
|
||||
-> ssh-rsa krWCLQ
|
||||
HhSOliN7XQZngyyrJ++S2JMBytkPjSt/dEUlJNbJP5n6HY5H7QKqd9rsc4LLu/Hz
|
||||
BXKC9T3IVeuabMPNOBhE6SiOUejGv/txbMHPMdPTCju6JL4wP/2gqIK696kP62pL
|
||||
CAS/cOZXrHS8etEFkpqSuEVquNIXbivXNHEwFMH/GkNut0SCpafvQHrN1wZdveH5
|
||||
rp60R9ULzTzS3ztjEomAt9gWN6s7CtqZEozCMExPTXSW+OmBJprY+/Ae/uxeKZMS
|
||||
x6pscBbZSEazZ476sZCWKTpeej7iFlSrIvLfkwYn9PtKqmaInoM/0F2thkqpVPkZ
|
||||
/pcg11dUQpXJdaIiPEowlg
|
||||
-> ssh-ed25519 /vwQcQ m01BxY0nPTfcW0D/iFRbCNbFFp+lE/XLW315aPyNbTM
|
||||
hiKCfZH9k5GcUAkCJ/+x5V20SCeql8031lOge0Y9WXk
|
||||
-> ssh-ed25519 0R97PA oGfUKErY65Jd0ZlcVox/HXA3itOI5KImRqDwH+UR6XI
|
||||
32BtXjqImmG6TjUKoDU2QaJiMxldZdZoAP9SKPfGuHA
|
||||
-> ssh-ed25519 JGx7Ng FJCtkG+Ig5dC+ftTClgrKtIt/D8s9Dr97eWObbNEZDs
|
||||
i6tf7p5FDsdTZMJuBNmcTgVnL6eQDZFkjjH7AaBakqE
|
||||
-> ssh-ed25519 bUjjig mOfri52IdeSNAawjBR5rhvL2eZNlVOwYK6u1uHv98xw
|
||||
nx0Ko3omL+OVq3JHuCIacYfjn96kb78IgyvECEGq0G4
|
||||
-> ssh-ed25519 VQSaNw gEQeKOEwwR8QlykdFlo7iqrsmhemiS02v8Kfx2ER9Xc
|
||||
jpAEZx64/AXpA8HahtJq9OdcZYbqIFti5mxaPztvul8
|
||||
-> $5-grease (y&6%5f<
|
||||
YSrHrNaXa7b7Ivv1yVP3idg8t4iIdu5NX3hzczFp64bY7Bjp/g7jK+bWnDG26ryd
|
||||
G+fhmUbFuDj8ZtXg6yk
|
||||
--- YmnVS7kPp6h4pC9u28A32/xh67NwhIXwB1dxolI1DCg
|
||||
.¼Zs‡…n}®ì,èémõR€ÏêeÞ)¾bOª¶<C2AA>îնܷ†m8¼z£RyúìT/¦@¿CÜÝôW™¨F5ˆ?<ð.[Ö†r¡Ó[°M
|
|
@ -6,12 +6,16 @@
|
|||
# List of secrets for web03
|
||||
"dj_annuaire-secret_key_file"
|
||||
"dj_bocal-secret_key_file"
|
||||
"dj_ernestophone-secret_key_file"
|
||||
"dj_ernestophone-password_file"
|
||||
"dj_ernestophone-admins_file"
|
||||
"dj_gestiojeux-secret_key_file"
|
||||
"dj_interludes-email_host_password_file"
|
||||
"dj_interludes-secret_key_file"
|
||||
"dj_wikiens-secret_key_file"
|
||||
"webhook-annuaire_token"
|
||||
"webhook-bocal_token"
|
||||
"webhook-ernestophone_token"
|
||||
"webhook-gestiojeux_token"
|
||||
"webhook-interludes_token"
|
||||
"webhook-wikiens_token"
|
||||
|
|
30
machines/nixos/web03/secrets/webhook-ernestophone_token
Normal file
30
machines/nixos/web03/secrets/webhook-ernestophone_token
Normal file
|
@ -0,0 +1,30 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 jIXfPA Ifc4K8jusXCbeMSYeAL+3jdvmDK1ojYiSzHJO/uefzk
|
||||
h5ewdTYV3o8+tPCzVWvLtqEM3WxVjtOqTRnrFAwKnes
|
||||
-> ssh-ed25519 QlRB9Q djvVFcR5y+WI5+rED8ztIQZuLfCj2z8wHx3WIutlfjk
|
||||
nsTUZEQRJAAZfNXw2YbzwV+RUJEx6Dmi0ujswMBqIro
|
||||
-> ssh-ed25519 r+nK/Q Ryx2iuVCefSFFMEyRjVbKFxTqaX6D+Ty4B1+6mRLSCg
|
||||
s7YjJa6NESaNZ9wzurlrsovu5ecJNnWLOhD80RnFqV4
|
||||
-> ssh-rsa krWCLQ
|
||||
utXBcdyAmbl463xcacn1+K9UyG78vKG9LW1vJ/q40ltqEsuxktP2C5YgBL2Whcld
|
||||
UYTsNFa3b02HP1wp0fPP4eVyk0NNKqO1rairMAvLJmQk15s0OVCk7LvjZe+Q31m1
|
||||
gYxBSuN4oy7gljtOlIfrHtcRqDMC5IToYSt91pwt/0wgkHDH1OcLap8jaQIuPdc1
|
||||
pQqd6iUTF96kvvp1P6XbvOHH3nVLNw/bITR5BUSqm/YBocJBrDNIL2wXcq27bBMs
|
||||
YqF2nykztoSss+YM40XnHx14wNU0WeocbSYuPKabKvtgV0ry62w+EW5t453TfMng
|
||||
y0dYmBdXVTKgCyL2v/onlA
|
||||
-> ssh-ed25519 /vwQcQ tax06kUoYtjoUZ8k0+2L0cBr9CTpZpWd5Ev1qRh4dWM
|
||||
x2RYQ+53UJnBXz8plzYrpga9JCWgm+WvkjpGg+CpG8M
|
||||
-> ssh-ed25519 0R97PA DoPbx9NVAHTe6NRxT50nwdStoUJRnATQDEKgIyq2hhA
|
||||
6DUg7uQ9L80KzaMJi6h/Nm5EgtLlAI+R01Mke9GpyzQ
|
||||
-> ssh-ed25519 JGx7Ng AG1PM5MB2TlfZoiF29gu01LqhcQ+rEQRQZHFVxdHYG8
|
||||
ePz8kT+axuMZe8MKi1Yj+ZOCITIYjVAuRE2iTScgpyY
|
||||
-> ssh-ed25519 bUjjig SgZgUi5qfE8wK54Mj8P/FJ4QPNs4HUV5qPc9jJTskmY
|
||||
n/fedObFehvhLwd3uhkhfBamFpjZDVK7M1J67BucoPI
|
||||
-> ssh-ed25519 VQSaNw a+SLVFR9PqKgyHfAPTjH4SGkp4XXjz6xz6uMjZgYOg0
|
||||
hv5F5ENsfpU27opx8OT4mvL0waGO+AieG/VXvHNi2hg
|
||||
-> g**u4-grease Fb|HQ E
|
||||
FcQESlzpmCxDtrbCZhddPdNjVROYKj2XsOppqa2GPZsWqQH8cFfKzxjwlNlE7WNF
|
||||
Q3xupVqn8H1Cg98i
|
||||
--- lYBZVJ4DEtBmKhenHOOkQpuPT7TrGGgN1OmTrfCTtY4
|
||||
Žy[§—‘ÀÒh{`Z³öNŠx/ùºóSyFú£–ç
|
||||
+‚¨Õr:¶úÀcJ¸L˜b¿M‹ô™w<E284A2>n+™õœ"§¢—|w¼¯¬kµ*
|
|
@ -38,6 +38,7 @@ let
|
|||
inherit (lib.types)
|
||||
attrs
|
||||
attrsOf
|
||||
bool
|
||||
enum
|
||||
functionTo
|
||||
ints
|
||||
|
@ -129,6 +130,12 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
serveMedia = mkOption {
|
||||
type = bool;
|
||||
default = true;
|
||||
description = "Wther to serve the MEDIA_ROOT directory with nginx.";
|
||||
};
|
||||
|
||||
env_prefix = mkOption {
|
||||
type = str;
|
||||
default = toUpper name;
|
||||
|
@ -473,13 +480,18 @@ in
|
|||
{
|
||||
virtualHosts = mapAttrs' (
|
||||
name:
|
||||
{ domain, nginx, ... }:
|
||||
{
|
||||
domain,
|
||||
nginx,
|
||||
serveMedia,
|
||||
...
|
||||
}:
|
||||
nameValuePair domain (
|
||||
recursiveUpdate {
|
||||
locations = {
|
||||
"/".proxyPass = "http://unix:/run/django-apps/${name}.sock";
|
||||
"/static/".root = "/run/django-apps/${name}";
|
||||
"/media/".root = "/run/django-apps/${name}";
|
||||
"/media/".root = mkIf serveMedia "/run/django-apps/${name}";
|
||||
};
|
||||
} nginx
|
||||
)
|
||||
|
|
|
@ -262,9 +262,9 @@
|
|||
"url": "https://git.hubrecht.ovh/hubrecht/nix-pkgs"
|
||||
},
|
||||
"branch": "main",
|
||||
"revision": "476e657d9c285d91638b2a7c2bbbd9e6f9d0cfd4",
|
||||
"revision": "cc01e1c2a6ecb1e38fde35ee54995a6a639fb057",
|
||||
"url": null,
|
||||
"hash": "1i1a46q2v465zfa8rcfk1xisb7ywd4as18q6n2842ncnm69fxqns"
|
||||
"hash": "17a9vlwrk9365ccyl7a5xspqsn9wizcpwdpvr3qdimvq4fpwhjal"
|
||||
},
|
||||
"nix-reuse": {
|
||||
"type": "GitRelease",
|
||||
|
|
Loading…
Reference in a new issue