diff --git a/machines/compute01/dgsi/default.nix b/machines/compute01/dgsi/default.nix index 9afc74e..22c31cb 100644 --- a/machines/compute01/dgsi/default.nix +++ b/machines/compute01/dgsi/default.nix @@ -2,6 +2,7 @@ config, lib, pkgs, + utils, sources, ... }: @@ -40,6 +41,7 @@ let # Local packages ps.django-allauth ps.django-allauth-cas + ps.django-browser-reload ps.django-bulma-forms ps.django-sass-processor ps.django-sass-processor-dart-sass @@ -101,12 +103,27 @@ in SECRET_KEY = config.age.secrets."dgsi-secret_key_file".path; KANIDM_AUTH_TOKEN = config.age.secrets."dgsi-kanidm_auth_token_file".path; KANIDM_SECRET = config.age.secrets."dgsi-kanidm_secret_file".path; + EMAIL_HOST_PASSWORD = config.age.secrets."dgsi-email_host_password_file".path; }; RuntimeDirectory = "django-apps/dgsi"; - StateDirectory = "django-dgsi"; + StateDirectory = "django-apps/dgsi"; UMask = "0027"; User = "dj-dgsi"; - WorkingDirectory = "${sources.dgsi}/src"; + Group = "django-apps"; + WorkingDirectory = sources.dgsi; + ExecReload = "${lib.getExe' pkgs.coreutils "kill"} -s HUP $MAINPID"; + KillMode = "mixed"; + Type = "notify"; + ExecStart = utils.escapeSystemdExecArgs [ + (lib.getExe' pythonEnv "gunicorn") + "--workers" + 4 + "--bind" + "unix:/run/django-apps/dgsi.sock" + "--pythonpath" + "src" + "app.wsgi" + ]; }; environment = { @@ -114,15 +131,27 @@ in "profil.dgnum.eu" "dgsi.dgnum.eu" ]; - DGSI_STATIC_ROOT = staticDrv; + DGSI_EMAIL_HOST_USER = "web-services@infra.dgnum.eu"; + DGSI_EMAIL_USE_SSL = builtins.toJSON true; + DGSI_FROM_EMAIL = "La Délégation Générale Numérique "; + DGSI_SERVER_EMAIL = "dgsi@infra.dgnum.eu"; + DGSI_KANIDM_CLIENT = "dgsi_test"; + DGSI_KANIDM_URI = "https://sso.dgnum.eu"; DGSI_MEDIA_ROOT = "/var/lib/django-apps/dgsi/media"; + DGSI_STATIC_ROOT = "${staticDrv}/static"; + DGSI_DATABASES = builtins.toJSON { + default = { + ENGINE = "django.db.backends.postgresql"; + NAME = "dj-dgsi"; + }; + }; + DJANGO_SETTINGS_MODULE = "app.settings"; }; path = [ pythonEnv ]; - script = '' - python3 manage.py migrate - gunicorn --pythonpath ${sources.dgsi}/src --bind unix:/run/django-apps/dgsi.sock --workers=4 app.wsgi + preStart = '' + python3 src/manage.py migrate --no-input ''; }; }; @@ -155,10 +184,10 @@ in services = { postgresql = { - ensureDatabases = [ "dgsi" ]; + ensureDatabases = [ "dj-dgsi" ]; ensureUsers = [ { - name = "dgsi"; + name = "dj-dgsi"; ensureDBOwnership = true; } ]; @@ -168,8 +197,6 @@ in enableACME = true; forceSSL = true; - serverAliases = [ "dgsi.dgnum.eu" ]; - locations = { "/".proxyPass = "http://unix:/run/django-apps/dgsi.sock"; "/static/".root = staticDrv; diff --git a/machines/compute01/secrets/dgsi-email_host_password_file b/machines/compute01/secrets/dgsi-email_host_password_file new file mode 100644 index 0000000..8452e75 --- /dev/null +++ b/machines/compute01/secrets/dgsi-email_host_password_file @@ -0,0 +1,28 @@ +age-encryption.org/v1 +-> ssh-ed25519 jIXfPA CQffZYaxexZ2f+HeNj+SHeSak0kzNPiq6ExW7tUyCBs +oJQhtMFD9KSnXSPGRb3zLwCB2/KEXo8cgxHN5ML83Qw +-> ssh-ed25519 QlRB9Q V1PnEYJvFCdBRzN4z3iDtIzHLxxCimejdkqRS4zMCG8 +bVc87bxPmhofmoscGFBgQ+ffRlo216RiRkkV1MNoQyY +-> ssh-ed25519 r+nK/Q YI+1MYnCvSq5/QfA2y01IQlJeMGF0AfNs91QlrVaVGs +HSB8Gai96mjRbM68G3iRmXNkI4kqyJAWTMxWc8UOPr8 +-> ssh-rsa krWCLQ +k2mssz4C9p8K+rJ6Jbbm+w7uLTqoUOiOKvlt2btEyw2Lup8PQNfyTNFSBvuBMmfj +re1zuAufH0HIw3B0xWYauBSD4pasc7EFTr/OLoM8BRFMEb11IM5ZKJrO+hnWy0Sk +eIs6cpkoBVi4GZmkRfbvaitk42i9JzjrKU0OeqLCWQbHmHkTb3acsGXCc6A6JSbF +AVb+Eaak6EIdX1dP4PWyCxU2PkcBtYBcLoGH74r1o0i3SzvmuzKvlBntx5IzsAvY ++QNGJLNZl0+NePafAkvVY8UOrlzxj+tCgfunAGXIXlZlVfNcjZX9Wv30sJOtwpbw +DdkJAqSrNkHianC5MEGgpA +-> ssh-ed25519 /vwQcQ yxGAMhwDcoDjw5MJudEE95PakhZvNpYfmfWiM6wbQBg +C1o3mNO2YFnBXamCcpAW0aQVGrNNcUpDtSn8+VLobmE +-> ssh-ed25519 0R97PA XRWbcwt3wXR3AYg0rhzc6OUuAA+blVTf3SHERYy3MkA +iCBd0E1NrV7tv3/0pD0FYWgUfGmB4M+VWfiixvVGv68 +-> ssh-ed25519 JGx7Ng R47xTx4IGC/qf/v6WOXvJTd20MbeTdZ/8ovAA6d0iyQ +uBxcQVztpW4QaAR5rKfEVgtmrPk6l51+tY3brNjsTV4 +-> ssh-ed25519 5SY7Kg LNtU+/1YlPX6T6gO2lb/wEei7hsy2oud8cTQXFQy0HY +xxPvBAIpFyCUqExjseerz6WlwWQEmw9fltzQBx51KI0 +-> ssh-ed25519 p/Mg4Q uWIz5shMnsLXsh160cCW8E6kh9v4LPunOonugjWdSEY +5aRrIB5gxIplVWDGeMQ6g09togku6LxWRxBP7FbRNU0 +-> ssh-ed25519 tDqJRg G8rNpeGY29czDVMvvt4LZ7nffZ/JAHDzxuIs7C/0SEM +HowgAvrQQcvUx93ZdK5q2bSsJDqaOxFf+x/lwTRss4I +--- ktcSPCC1TpguyYJ2ua7IuGcEw+Z9YuqjzcmH18abjo4 +»òûŒÕ øý…È©”Ï È9<1îA¶Ü™ÓÿpWJSWpsV/Ñ#ý³Ø9À{ÀßcHBëÙìeòœ5õ¶¬^§ \ No newline at end of file diff --git a/machines/compute01/secrets/secrets.nix b/machines/compute01/secrets/secrets.nix index 5f7da8d..f4737a6 100644 --- a/machines/compute01/secrets/secrets.nix +++ b/machines/compute01/secrets/secrets.nix @@ -6,6 +6,7 @@ in lib.setDefault { inherit publicKeys; } [ "arkheon-env_file" "bupstash-put_key" + "dgsi-email_host_password_file" "dgsi-kanidm_auth_token_file" "dgsi-kanidm_secret_file" "dgsi-secret_key_file" diff --git a/npins/sources.json b/npins/sources.json index 31dafa4..24a74b9 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -57,9 +57,9 @@ "url": "https://git.dgnum.eu/DGNum/dgsi.git" }, "branch": "main", - "revision": "8a46e4ddb522a145046d9a5bfc729a8e46d99f44", + "revision": "5381b0379b112778cee05f7fa5dc989da96a77ba", "url": null, - "hash": "1blyh1xcppcb6qjaww8aw00c4nh1dl50i64bf6ampj0idx0y93qh" + "hash": "0r7k9mp04qwffj5f1xnqzfiwls6higjcj1radr3gh53sslvp36ca" }, "disko": { "type": "GitRelease",