feat(dgsi): Make it work

This commit is contained in:
Tom Hubrecht 2024-09-25 13:57:55 +02:00
parent 2b75890752
commit bdeb55f9ec
Signed by: thubrecht
SSH key fingerprint: SHA256:r+nK/SIcWlJ0zFZJGHtlAoRwq1Rm+WcKAm5ADYMoQPc
4 changed files with 68 additions and 12 deletions

View file

@ -2,6 +2,7 @@
config,
lib,
pkgs,
utils,
sources,
...
}:
@ -40,6 +41,7 @@ let
# Local packages
ps.django-allauth
ps.django-allauth-cas
ps.django-browser-reload
ps.django-bulma-forms
ps.django-sass-processor
ps.django-sass-processor-dart-sass
@ -101,12 +103,27 @@ in
SECRET_KEY = config.age.secrets."dgsi-secret_key_file".path;
KANIDM_AUTH_TOKEN = config.age.secrets."dgsi-kanidm_auth_token_file".path;
KANIDM_SECRET = config.age.secrets."dgsi-kanidm_secret_file".path;
EMAIL_HOST_PASSWORD = config.age.secrets."dgsi-email_host_password_file".path;
};
RuntimeDirectory = "django-apps/dgsi";
StateDirectory = "django-dgsi";
StateDirectory = "django-apps/dgsi";
UMask = "0027";
User = "dj-dgsi";
WorkingDirectory = "${sources.dgsi}/src";
Group = "django-apps";
WorkingDirectory = sources.dgsi;
ExecReload = "${lib.getExe' pkgs.coreutils "kill"} -s HUP $MAINPID";
KillMode = "mixed";
Type = "notify";
ExecStart = utils.escapeSystemdExecArgs [
(lib.getExe' pythonEnv "gunicorn")
"--workers"
4
"--bind"
"unix:/run/django-apps/dgsi.sock"
"--pythonpath"
"src"
"app.wsgi"
];
};
environment = {
@ -114,15 +131,27 @@ in
"profil.dgnum.eu"
"dgsi.dgnum.eu"
];
DGSI_STATIC_ROOT = staticDrv;
DGSI_EMAIL_HOST_USER = "web-services@infra.dgnum.eu";
DGSI_EMAIL_USE_SSL = builtins.toJSON true;
DGSI_FROM_EMAIL = "La Délégation Générale Numérique <dgsi@infra.dgnum.eu>";
DGSI_SERVER_EMAIL = "dgsi@infra.dgnum.eu";
DGSI_KANIDM_CLIENT = "dgsi_test";
DGSI_KANIDM_URI = "https://sso.dgnum.eu";
DGSI_MEDIA_ROOT = "/var/lib/django-apps/dgsi/media";
DGSI_STATIC_ROOT = "${staticDrv}/static";
DGSI_DATABASES = builtins.toJSON {
default = {
ENGINE = "django.db.backends.postgresql";
NAME = "dj-dgsi";
};
};
DJANGO_SETTINGS_MODULE = "app.settings";
};
path = [ pythonEnv ];
script = ''
python3 manage.py migrate
gunicorn --pythonpath ${sources.dgsi}/src --bind unix:/run/django-apps/dgsi.sock --workers=4 app.wsgi
preStart = ''
python3 src/manage.py migrate --no-input
'';
};
};
@ -155,10 +184,10 @@ in
services = {
postgresql = {
ensureDatabases = [ "dgsi" ];
ensureDatabases = [ "dj-dgsi" ];
ensureUsers = [
{
name = "dgsi";
name = "dj-dgsi";
ensureDBOwnership = true;
}
];
@ -168,8 +197,6 @@ in
enableACME = true;
forceSSL = true;
serverAliases = [ "dgsi.dgnum.eu" ];
locations = {
"/".proxyPass = "http://unix:/run/django-apps/dgsi.sock";
"/static/".root = staticDrv;

View file

@ -0,0 +1,28 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA CQffZYaxexZ2f+HeNj+SHeSak0kzNPiq6ExW7tUyCBs
oJQhtMFD9KSnXSPGRb3zLwCB2/KEXo8cgxHN5ML83Qw
-> ssh-ed25519 QlRB9Q V1PnEYJvFCdBRzN4z3iDtIzHLxxCimejdkqRS4zMCG8
bVc87bxPmhofmoscGFBgQ+ffRlo216RiRkkV1MNoQyY
-> ssh-ed25519 r+nK/Q YI+1MYnCvSq5/QfA2y01IQlJeMGF0AfNs91QlrVaVGs
HSB8Gai96mjRbM68G3iRmXNkI4kqyJAWTMxWc8UOPr8
-> ssh-rsa krWCLQ
k2mssz4C9p8K+rJ6Jbbm+w7uLTqoUOiOKvlt2btEyw2Lup8PQNfyTNFSBvuBMmfj
re1zuAufH0HIw3B0xWYauBSD4pasc7EFTr/OLoM8BRFMEb11IM5ZKJrO+hnWy0Sk
eIs6cpkoBVi4GZmkRfbvaitk42i9JzjrKU0OeqLCWQbHmHkTb3acsGXCc6A6JSbF
AVb+Eaak6EIdX1dP4PWyCxU2PkcBtYBcLoGH74r1o0i3SzvmuzKvlBntx5IzsAvY
+QNGJLNZl0+NePafAkvVY8UOrlzxj+tCgfunAGXIXlZlVfNcjZX9Wv30sJOtwpbw
DdkJAqSrNkHianC5MEGgpA
-> ssh-ed25519 /vwQcQ yxGAMhwDcoDjw5MJudEE95PakhZvNpYfmfWiM6wbQBg
C1o3mNO2YFnBXamCcpAW0aQVGrNNcUpDtSn8+VLobmE
-> ssh-ed25519 0R97PA XRWbcwt3wXR3AYg0rhzc6OUuAA+blVTf3SHERYy3MkA
iCBd0E1NrV7tv3/0pD0FYWgUfGmB4M+VWfiixvVGv68
-> ssh-ed25519 JGx7Ng R47xTx4IGC/qf/v6WOXvJTd20MbeTdZ/8ovAA6d0iyQ
uBxcQVztpW4QaAR5rKfEVgtmrPk6l51+tY3brNjsTV4
-> ssh-ed25519 5SY7Kg LNtU+/1YlPX6T6gO2lb/wEei7hsy2oud8cTQXFQy0HY
xxPvBAIpFyCUqExjseerz6WlwWQEmw9fltzQBx51KI0
-> ssh-ed25519 p/Mg4Q uWIz5shMnsLXsh160cCW8E6kh9v4LPunOonugjWdSEY
5aRrIB5gxIplVWDGeMQ6g09togku6LxWRxBP7FbRNU0
-> ssh-ed25519 tDqJRg G8rNpeGY29czDVMvvt4LZ7nffZ/JAHDzxuIs7C/0SEM
HowgAvrQQcvUx93ZdK5q2bSsJDqaOxFf+x/lwTRss4I
--- ktcSPCC1TpguyYJ2ua7IuGcEw+Z9YuqjzcmH18abjo4
<EFBFBD><20><>ゥ煩 ネ9<1猤カワ簒<EFBE9C>pWJSWpsV/ム#<23>ウリ9タ{タ゚cHB<><42><EFBFBD>5<EFBFBD>ャ^ァ

View file

@ -6,6 +6,7 @@ in
lib.setDefault { inherit publicKeys; } [
"arkheon-env_file"
"bupstash-put_key"
"dgsi-email_host_password_file"
"dgsi-kanidm_auth_token_file"
"dgsi-kanidm_secret_file"
"dgsi-secret_key_file"

View file

@ -57,9 +57,9 @@
"url": "https://git.dgnum.eu/DGNum/dgsi.git"
},
"branch": "main",
"revision": "8a46e4ddb522a145046d9a5bfc729a8e46d99f44",
"revision": "5381b0379b112778cee05f7fa5dc989da96a77ba",
"url": null,
"hash": "1blyh1xcppcb6qjaww8aw00c4nh1dl50i64bf6ampj0idx0y93qh"
"hash": "0r7k9mp04qwffj5f1xnqzfiwls6higjcj1radr3gh53sslvp36ca"
},
"disko": {
"type": "GitRelease",