feat(dgsi): Make it work

machines/compute01/dgsi/default.nix

@@ -2,6 +2,7 @@
   config,
   lib,
   pkgs,
+  utils,
   sources,
   ...
 }:
@@ -40,6 +41,7 @@ let
     # Local packages
     ps.django-allauth
     ps.django-allauth-cas
+    ps.django-browser-reload
     ps.django-bulma-forms
     ps.django-sass-processor
     ps.django-sass-processor-dart-sass
@@ -101,12 +103,27 @@ in
             SECRET_KEY = config.age.secrets."dgsi-secret_key_file".path;
             KANIDM_AUTH_TOKEN = config.age.secrets."dgsi-kanidm_auth_token_file".path;
             KANIDM_SECRET = config.age.secrets."dgsi-kanidm_secret_file".path;
+            EMAIL_HOST_PASSWORD = config.age.secrets."dgsi-email_host_password_file".path;
           };
           RuntimeDirectory = "django-apps/dgsi";
-          StateDirectory = "django-dgsi";
+          StateDirectory = "django-apps/dgsi";
           UMask = "0027";
           User = "dj-dgsi";
-          WorkingDirectory = "${sources.dgsi}/src";
+          Group = "django-apps";
+          WorkingDirectory = sources.dgsi;
+          ExecReload = "${lib.getExe' pkgs.coreutils "kill"} -s HUP $MAINPID";
+          KillMode = "mixed";
+          Type = "notify";
+          ExecStart = utils.escapeSystemdExecArgs [
+            (lib.getExe' pythonEnv "gunicorn")
+            "--workers"
+            4
+            "--bind"
+            "unix:/run/django-apps/dgsi.sock"
+            "--pythonpath"
+            "src"
+            "app.wsgi"
+          ];
         };
 
         environment = {
@@ -114,15 +131,27 @@ in
             "profil.dgnum.eu"
             "dgsi.dgnum.eu"
           ];
-          DGSI_STATIC_ROOT = staticDrv;
+          DGSI_EMAIL_HOST_USER = "web-services@infra.dgnum.eu";
+          DGSI_EMAIL_USE_SSL = builtins.toJSON true;
+          DGSI_FROM_EMAIL = "La Délégation Générale Numérique <dgsi@infra.dgnum.eu>";
+          DGSI_SERVER_EMAIL = "dgsi@infra.dgnum.eu";
+          DGSI_KANIDM_CLIENT = "dgsi_test";
+          DGSI_KANIDM_URI = "https://sso.dgnum.eu";
           DGSI_MEDIA_ROOT = "/var/lib/django-apps/dgsi/media";
+          DGSI_STATIC_ROOT = "${staticDrv}/static";
+          DGSI_DATABASES = builtins.toJSON {
+            default = {
+              ENGINE = "django.db.backends.postgresql";
+              NAME = "dj-dgsi";
+            };
+          };
+          DJANGO_SETTINGS_MODULE = "app.settings";
         };
 
         path = [ pythonEnv ];
 
-        script = ''
+        preStart = ''
-          python3 manage.py migrate
+          python3 src/manage.py migrate --no-input
-          gunicorn --pythonpath ${sources.dgsi}/src --bind unix:/run/django-apps/dgsi.sock --workers=4 app.wsgi
         '';
       };
     };
@@ -155,10 +184,10 @@ in
 
   services = {
     postgresql = {
-      ensureDatabases = [ "dgsi" ];
+      ensureDatabases = [ "dj-dgsi" ];
       ensureUsers = [
         {
-          name = "dgsi";
+          name = "dj-dgsi";
           ensureDBOwnership = true;
         }
       ];
@@ -168,8 +197,6 @@ in
       enableACME = true;
       forceSSL = true;
 
-      serverAliases = [ "dgsi.dgnum.eu" ];
-
       locations = {
         "/".proxyPass = "http://unix:/run/django-apps/dgsi.sock";
         "/static/".root = staticDrv;

machines/compute01/secrets/dgsi-email_host_password_file

@@ -0,0 +1,28 @@
+age-encryption.org/v1
+-> ssh-ed25519 jIXfPA CQffZYaxexZ2f+HeNj+SHeSak0kzNPiq6ExW7tUyCBs
+oJQhtMFD9KSnXSPGRb3zLwCB2/KEXo8cgxHN5ML83Qw
+-> ssh-ed25519 QlRB9Q V1PnEYJvFCdBRzN4z3iDtIzHLxxCimejdkqRS4zMCG8
+bVc87bxPmhofmoscGFBgQ+ffRlo216RiRkkV1MNoQyY
+-> ssh-ed25519 r+nK/Q YI+1MYnCvSq5/QfA2y01IQlJeMGF0AfNs91QlrVaVGs
+HSB8Gai96mjRbM68G3iRmXNkI4kqyJAWTMxWc8UOPr8
+-> ssh-rsa krWCLQ
+k2mssz4C9p8K+rJ6Jbbm+w7uLTqoUOiOKvlt2btEyw2Lup8PQNfyTNFSBvuBMmfj
+re1zuAufH0HIw3B0xWYauBSD4pasc7EFTr/OLoM8BRFMEb11IM5ZKJrO+hnWy0Sk
+eIs6cpkoBVi4GZmkRfbvaitk42i9JzjrKU0OeqLCWQbHmHkTb3acsGXCc6A6JSbF
+AVb+Eaak6EIdX1dP4PWyCxU2PkcBtYBcLoGH74r1o0i3SzvmuzKvlBntx5IzsAvY
++QNGJLNZl0+NePafAkvVY8UOrlzxj+tCgfunAGXIXlZlVfNcjZX9Wv30sJOtwpbw
+DdkJAqSrNkHianC5MEGgpA
+-> ssh-ed25519 /vwQcQ yxGAMhwDcoDjw5MJudEE95PakhZvNpYfmfWiM6wbQBg
+C1o3mNO2YFnBXamCcpAW0aQVGrNNcUpDtSn8+VLobmE
+-> ssh-ed25519 0R97PA XRWbcwt3wXR3AYg0rhzc6OUuAA+blVTf3SHERYy3MkA
+iCBd0E1NrV7tv3/0pD0FYWgUfGmB4M+VWfiixvVGv68
+-> ssh-ed25519 JGx7Ng R47xTx4IGC/qf/v6WOXvJTd20MbeTdZ/8ovAA6d0iyQ
+uBxcQVztpW4QaAR5rKfEVgtmrPk6l51+tY3brNjsTV4
+-> ssh-ed25519 5SY7Kg LNtU+/1YlPX6T6gO2lb/wEei7hsy2oud8cTQXFQy0HY
+xxPvBAIpFyCUqExjseerz6WlwWQEmw9fltzQBx51KI0
+-> ssh-ed25519 p/Mg4Q uWIz5shMnsLXsh160cCW8E6kh9v4LPunOonugjWdSEY
+5aRrIB5gxIplVWDGeMQ6g09togku6LxWRxBP7FbRNU0
+-> ssh-ed25519 tDqJRg G8rNpeGY29czDVMvvt4LZ7nffZ/JAHDzxuIs7C/0SEM
+HowgAvrQQcvUx93ZdK5q2bSsJDqaOxFf+x/lwTRss4I
+--- ktcSPCC1TpguyYJ2ua7IuGcEw+Z9YuqjzcmH18abjo4
+ｻ<EFBFBD>虎 <20><>ｩ煩	ﾈ9<1猤ｶﾜ簒<EFBE9C>pWJSWpsV/ﾑ#<23>ｳﾘ9ﾀ{ﾀﾟcHB<><42><EFBFBD>5<EFBFBD>ｬ^ｧ

machines/compute01/secrets/secrets.nix

@@ -6,6 +6,7 @@ in
 lib.setDefault { inherit publicKeys; } [
   "arkheon-env_file"
   "bupstash-put_key"
+  "dgsi-email_host_password_file"
   "dgsi-kanidm_auth_token_file"
   "dgsi-kanidm_secret_file"
   "dgsi-secret_key_file"

npins/sources.json

@@ -57,9 +57,9 @@
         "url": "https://git.dgnum.eu/DGNum/dgsi.git"
       },
       "branch": "main",
-      "revision": "8a46e4ddb522a145046d9a5bfc729a8e46d99f44",
+      "revision": "5381b0379b112778cee05f7fa5dc989da96a77ba",
       "url": null,
-      "hash": "1blyh1xcppcb6qjaww8aw00c4nh1dl50i64bf6ampj0idx0y93qh"
+      "hash": "0r7k9mp04qwffj5f1xnqzfiwls6higjcj1radr3gh53sslvp36ca"
     },
     "disko": {
       "type": "GitRelease",