forked from DGNum/infrastructure
feat(dgsi): Make it work
This commit is contained in:
parent
2b75890752
commit
bdeb55f9ec
4 changed files with 68 additions and 12 deletions
|
@ -2,6 +2,7 @@
|
|||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
utils,
|
||||
sources,
|
||||
...
|
||||
}:
|
||||
|
@ -40,6 +41,7 @@ let
|
|||
# Local packages
|
||||
ps.django-allauth
|
||||
ps.django-allauth-cas
|
||||
ps.django-browser-reload
|
||||
ps.django-bulma-forms
|
||||
ps.django-sass-processor
|
||||
ps.django-sass-processor-dart-sass
|
||||
|
@ -101,12 +103,27 @@ in
|
|||
SECRET_KEY = config.age.secrets."dgsi-secret_key_file".path;
|
||||
KANIDM_AUTH_TOKEN = config.age.secrets."dgsi-kanidm_auth_token_file".path;
|
||||
KANIDM_SECRET = config.age.secrets."dgsi-kanidm_secret_file".path;
|
||||
EMAIL_HOST_PASSWORD = config.age.secrets."dgsi-email_host_password_file".path;
|
||||
};
|
||||
RuntimeDirectory = "django-apps/dgsi";
|
||||
StateDirectory = "django-dgsi";
|
||||
StateDirectory = "django-apps/dgsi";
|
||||
UMask = "0027";
|
||||
User = "dj-dgsi";
|
||||
WorkingDirectory = "${sources.dgsi}/src";
|
||||
Group = "django-apps";
|
||||
WorkingDirectory = sources.dgsi;
|
||||
ExecReload = "${lib.getExe' pkgs.coreutils "kill"} -s HUP $MAINPID";
|
||||
KillMode = "mixed";
|
||||
Type = "notify";
|
||||
ExecStart = utils.escapeSystemdExecArgs [
|
||||
(lib.getExe' pythonEnv "gunicorn")
|
||||
"--workers"
|
||||
4
|
||||
"--bind"
|
||||
"unix:/run/django-apps/dgsi.sock"
|
||||
"--pythonpath"
|
||||
"src"
|
||||
"app.wsgi"
|
||||
];
|
||||
};
|
||||
|
||||
environment = {
|
||||
|
@ -114,15 +131,27 @@ in
|
|||
"profil.dgnum.eu"
|
||||
"dgsi.dgnum.eu"
|
||||
];
|
||||
DGSI_STATIC_ROOT = staticDrv;
|
||||
DGSI_EMAIL_HOST_USER = "web-services@infra.dgnum.eu";
|
||||
DGSI_EMAIL_USE_SSL = builtins.toJSON true;
|
||||
DGSI_FROM_EMAIL = "La Délégation Générale Numérique <dgsi@infra.dgnum.eu>";
|
||||
DGSI_SERVER_EMAIL = "dgsi@infra.dgnum.eu";
|
||||
DGSI_KANIDM_CLIENT = "dgsi_test";
|
||||
DGSI_KANIDM_URI = "https://sso.dgnum.eu";
|
||||
DGSI_MEDIA_ROOT = "/var/lib/django-apps/dgsi/media";
|
||||
DGSI_STATIC_ROOT = "${staticDrv}/static";
|
||||
DGSI_DATABASES = builtins.toJSON {
|
||||
default = {
|
||||
ENGINE = "django.db.backends.postgresql";
|
||||
NAME = "dj-dgsi";
|
||||
};
|
||||
};
|
||||
DJANGO_SETTINGS_MODULE = "app.settings";
|
||||
};
|
||||
|
||||
path = [ pythonEnv ];
|
||||
|
||||
script = ''
|
||||
python3 manage.py migrate
|
||||
gunicorn --pythonpath ${sources.dgsi}/src --bind unix:/run/django-apps/dgsi.sock --workers=4 app.wsgi
|
||||
preStart = ''
|
||||
python3 src/manage.py migrate --no-input
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
@ -155,10 +184,10 @@ in
|
|||
|
||||
services = {
|
||||
postgresql = {
|
||||
ensureDatabases = [ "dgsi" ];
|
||||
ensureDatabases = [ "dj-dgsi" ];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "dgsi";
|
||||
name = "dj-dgsi";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
|
@ -168,8 +197,6 @@ in
|
|||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
serverAliases = [ "dgsi.dgnum.eu" ];
|
||||
|
||||
locations = {
|
||||
"/".proxyPass = "http://unix:/run/django-apps/dgsi.sock";
|
||||
"/static/".root = staticDrv;
|
||||
|
|
28
machines/compute01/secrets/dgsi-email_host_password_file
Normal file
28
machines/compute01/secrets/dgsi-email_host_password_file
Normal file
|
@ -0,0 +1,28 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 jIXfPA CQffZYaxexZ2f+HeNj+SHeSak0kzNPiq6ExW7tUyCBs
|
||||
oJQhtMFD9KSnXSPGRb3zLwCB2/KEXo8cgxHN5ML83Qw
|
||||
-> ssh-ed25519 QlRB9Q V1PnEYJvFCdBRzN4z3iDtIzHLxxCimejdkqRS4zMCG8
|
||||
bVc87bxPmhofmoscGFBgQ+ffRlo216RiRkkV1MNoQyY
|
||||
-> ssh-ed25519 r+nK/Q YI+1MYnCvSq5/QfA2y01IQlJeMGF0AfNs91QlrVaVGs
|
||||
HSB8Gai96mjRbM68G3iRmXNkI4kqyJAWTMxWc8UOPr8
|
||||
-> ssh-rsa krWCLQ
|
||||
k2mssz4C9p8K+rJ6Jbbm+w7uLTqoUOiOKvlt2btEyw2Lup8PQNfyTNFSBvuBMmfj
|
||||
re1zuAufH0HIw3B0xWYauBSD4pasc7EFTr/OLoM8BRFMEb11IM5ZKJrO+hnWy0Sk
|
||||
eIs6cpkoBVi4GZmkRfbvaitk42i9JzjrKU0OeqLCWQbHmHkTb3acsGXCc6A6JSbF
|
||||
AVb+Eaak6EIdX1dP4PWyCxU2PkcBtYBcLoGH74r1o0i3SzvmuzKvlBntx5IzsAvY
|
||||
+QNGJLNZl0+NePafAkvVY8UOrlzxj+tCgfunAGXIXlZlVfNcjZX9Wv30sJOtwpbw
|
||||
DdkJAqSrNkHianC5MEGgpA
|
||||
-> ssh-ed25519 /vwQcQ yxGAMhwDcoDjw5MJudEE95PakhZvNpYfmfWiM6wbQBg
|
||||
C1o3mNO2YFnBXamCcpAW0aQVGrNNcUpDtSn8+VLobmE
|
||||
-> ssh-ed25519 0R97PA XRWbcwt3wXR3AYg0rhzc6OUuAA+blVTf3SHERYy3MkA
|
||||
iCBd0E1NrV7tv3/0pD0FYWgUfGmB4M+VWfiixvVGv68
|
||||
-> ssh-ed25519 JGx7Ng R47xTx4IGC/qf/v6WOXvJTd20MbeTdZ/8ovAA6d0iyQ
|
||||
uBxcQVztpW4QaAR5rKfEVgtmrPk6l51+tY3brNjsTV4
|
||||
-> ssh-ed25519 5SY7Kg LNtU+/1YlPX6T6gO2lb/wEei7hsy2oud8cTQXFQy0HY
|
||||
xxPvBAIpFyCUqExjseerz6WlwWQEmw9fltzQBx51KI0
|
||||
-> ssh-ed25519 p/Mg4Q uWIz5shMnsLXsh160cCW8E6kh9v4LPunOonugjWdSEY
|
||||
5aRrIB5gxIplVWDGeMQ6g09togku6LxWRxBP7FbRNU0
|
||||
-> ssh-ed25519 tDqJRg G8rNpeGY29czDVMvvt4LZ7nffZ/JAHDzxuIs7C/0SEM
|
||||
HowgAvrQQcvUx93ZdK5q2bSsJDqaOxFf+x/lwTRss4I
|
||||
--- ktcSPCC1TpguyYJ2ua7IuGcEw+Z9YuqjzcmH18abjo4
|
||||
サ<EFBFBD>虎 <20><>ゥ煩 ネ9<1猤カワ簒<EFBE9C>pWJSWpsV/ム#<23>ウリ9タ{タ゚cHB<><42><EFBFBD>5<EFBFBD>ャ^ァ
|
|
@ -6,6 +6,7 @@ in
|
|||
lib.setDefault { inherit publicKeys; } [
|
||||
"arkheon-env_file"
|
||||
"bupstash-put_key"
|
||||
"dgsi-email_host_password_file"
|
||||
"dgsi-kanidm_auth_token_file"
|
||||
"dgsi-kanidm_secret_file"
|
||||
"dgsi-secret_key_file"
|
||||
|
|
|
@ -57,9 +57,9 @@
|
|||
"url": "https://git.dgnum.eu/DGNum/dgsi.git"
|
||||
},
|
||||
"branch": "main",
|
||||
"revision": "8a46e4ddb522a145046d9a5bfc729a8e46d99f44",
|
||||
"revision": "5381b0379b112778cee05f7fa5dc989da96a77ba",
|
||||
"url": null,
|
||||
"hash": "1blyh1xcppcb6qjaww8aw00c4nh1dl50i64bf6ampj0idx0y93qh"
|
||||
"hash": "0r7k9mp04qwffj5f1xnqzfiwls6higjcj1radr3gh53sslvp36ca"
|
||||
},
|
||||
"disko": {
|
||||
"type": "GitRelease",
|
||||
|
|
Loading…
Reference in a new issue