Compare commits
2 Commits
trunk
...
6969252a9c
Author | SHA1 | Date | |
---|---|---|---|
6969252a9c
|
|||
4e4f663e1b
|
67
flake.lock
generated
67
flake.lock
generated
@ -1,15 +1,12 @@
|
|||||||
{
|
{
|
||||||
"nodes": {
|
"nodes": {
|
||||||
"flake-utils": {
|
"flake-utils": {
|
||||||
"inputs": {
|
|
||||||
"systems": "systems"
|
|
||||||
},
|
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1685518550,
|
"lastModified": 1659877975,
|
||||||
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
|
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
|
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -19,15 +16,12 @@
|
|||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-utils_2": {
|
"flake-utils_2": {
|
||||||
"inputs": {
|
|
||||||
"systems": "systems_2"
|
|
||||||
},
|
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1685518550,
|
"lastModified": 1659877975,
|
||||||
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
|
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
|
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -38,27 +32,26 @@
|
|||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1685533922,
|
"lastModified": 1662166109,
|
||||||
"narHash": "sha256-y4FCQpYafMQ42l1V+NUrMel9RtFtZo59PzdzflKR/lo=",
|
"narHash": "sha256-cmNWUeVDfSJC9y8nmX2O/7kuOXJU1ZVFJMYP87qrm/Y=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "3a70dd92993182f8e514700ccf5b1ae9fc8a3b8d",
|
"rev": "cb5a1a003dde9c16a1ae4b28cbe7bf0fab15da32",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"ref": "nixos-23.05",
|
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1685580370,
|
"lastModified": 1662166109,
|
||||||
"narHash": "sha256-zTPVdZwLVQl/y0QTZEtYs9iNvZW6H9h+/MZsKdUinu8=",
|
"narHash": "sha256-cmNWUeVDfSJC9y8nmX2O/7kuOXJU1ZVFJMYP87qrm/Y=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "fabe2064486b607c2516296ce6108549de0649c4",
|
"rev": "cb5a1a003dde9c16a1ae4b28cbe7bf0fab15da32",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -73,11 +66,11 @@
|
|||||||
"nixpkgs": "nixpkgs_2"
|
"nixpkgs": "nixpkgs_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1685418143,
|
"lastModified": 1662044036,
|
||||||
"narHash": "sha256-q2ORekI8au0pGMtOLQI8WMCJBxjzWgYRHpiEOVSBq3w=",
|
"narHash": "sha256-+5YZPznhy1gEKPdWiZj7UcLoRaLbfvUDr8OzOY+75jM=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "poetry2nix",
|
"repo": "poetry2nix",
|
||||||
"rev": "f11cc14e28078c701072f2d1fb34a6495c9376b1",
|
"rev": "efe5b281b51c22495c488480d23d7bb1426bf3ba",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -92,36 +85,6 @@
|
|||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
"poetry2nix": "poetry2nix"
|
"poetry2nix": "poetry2nix"
|
||||||
}
|
}
|
||||||
},
|
|
||||||
"systems": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1681028828,
|
|
||||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
|
||||||
"owner": "nix-systems",
|
|
||||||
"repo": "default",
|
|
||||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nix-systems",
|
|
||||||
"repo": "default",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"systems_2": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1681028828,
|
|
||||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
|
||||||
"owner": "nix-systems",
|
|
||||||
"repo": "default",
|
|
||||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nix-systems",
|
|
||||||
"repo": "default",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"root": "root",
|
"root": "root",
|
||||||
|
29
flake.nix
29
flake.nix
@ -2,53 +2,32 @@
|
|||||||
description = "Application packaged using poetry2nix";
|
description = "Application packaged using poetry2nix";
|
||||||
|
|
||||||
inputs.flake-utils.url = "github:numtide/flake-utils";
|
inputs.flake-utils.url = "github:numtide/flake-utils";
|
||||||
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
|
inputs.nixpkgs.url = "github:NixOS/nixpkgs";
|
||||||
inputs.poetry2nix.url = "github:nix-community/poetry2nix";
|
inputs.poetry2nix.url = "github:nix-community/poetry2nix";
|
||||||
|
|
||||||
outputs = { self, nixpkgs, flake-utils, poetry2nix }: {
|
outputs = { self, nixpkgs, flake-utils, poetry2nix }: {
|
||||||
overlay = nixpkgs.lib.composeManyExtensions [
|
overlay = nixpkgs.lib.composeManyExtensions [
|
||||||
poetry2nix.overlay
|
poetry2nix.overlay
|
||||||
(final: prev: {
|
(final: prev: {
|
||||||
frontpage = prev.poetry2nix.mkPoetryApplication
|
frontpage = prev.poetry2nix.mkPoetryApplication {
|
||||||
{
|
|
||||||
python = prev.python39;
|
python = prev.python39;
|
||||||
projectDir = ./.;
|
projectDir = ./.;
|
||||||
overrides =
|
|
||||||
prev.poetry2nix.overrides.withDefaults (final_: prev_:
|
|
||||||
nixpkgs.lib.listToAttrs
|
|
||||||
(builtins.map
|
|
||||||
(name: {
|
|
||||||
inherit name;
|
|
||||||
value = prev_."${name}".overridePythonAttrs (old: {
|
|
||||||
nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ final_.setuptools ];
|
|
||||||
});
|
|
||||||
})
|
|
||||||
[ "beaker" "flask-pyoidc-oda" "oic" ]));
|
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
|
|
||||||
nixosModules = rec {
|
|
||||||
default = frontpage;
|
|
||||||
frontpage = import ./nixos;
|
|
||||||
};
|
|
||||||
} // (flake-utils.lib.eachDefaultSystem (system:
|
} // (flake-utils.lib.eachDefaultSystem (system:
|
||||||
let pkgs = import nixpkgs { inherit system; overlays = [ self.overlay ]; }; in
|
let pkgs = import nixpkgs { inherit system; overlays = [ self.overlay ]; }; in
|
||||||
{
|
{
|
||||||
apps = {
|
apps = {
|
||||||
default = pkgs.frontpage;
|
|
||||||
frontpage = pkgs.frontpage;
|
frontpage = pkgs.frontpage;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
defaultApp = pkgs.frontpage;
|
||||||
|
|
||||||
devShell = (pkgs.poetry2nix.mkPoetryEnv {
|
devShell = (pkgs.poetry2nix.mkPoetryEnv {
|
||||||
python = pkgs.python39;
|
python = pkgs.python39;
|
||||||
projectDir = ./.;
|
projectDir = ./.;
|
||||||
extraPackages = ps: [ ps.python-lsp-server ];
|
extraPackages = ps: [ ps.python-lsp-server ];
|
||||||
}).env;
|
}).env;
|
||||||
|
|
||||||
packages = {
|
|
||||||
default = pkgs.frontpage;
|
|
||||||
frontpage = pkgs.frontpage;
|
|
||||||
};
|
|
||||||
}));
|
}));
|
||||||
}
|
}
|
||||||
|
@ -29,7 +29,7 @@ def register(auth: OIDCAuthentication, auth_provider: str) -> Blueprint:
|
|||||||
Renders the home route.
|
Renders the home route.
|
||||||
"""
|
"""
|
||||||
user_session = UserSession(flask.session)
|
user_session = UserSession(flask.session)
|
||||||
groups: List[str] = user_session.userinfo.get("groups") or []
|
groups: List[str] = user_session.userinfo["groups"]
|
||||||
|
|
||||||
config: Config = current_config()
|
config: Config = current_config()
|
||||||
name = config.core.name
|
name = config.core.name
|
||||||
|
@ -1,76 +0,0 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
|
||||||
with lib;
|
|
||||||
let
|
|
||||||
cfg = config.services.frontpage;
|
|
||||||
|
|
||||||
toml = pkgs.formats.toml { };
|
|
||||||
fullSettings = recursiveUpdate cfg.settings {
|
|
||||||
core.port = cfg.port;
|
|
||||||
oidc.client_secret = "@SECRET@";
|
|
||||||
};
|
|
||||||
settingsFile = toml.generate "config.toml" fullSettings;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.services.frontpage = {
|
|
||||||
enable = mkEnableOption "frontpage";
|
|
||||||
|
|
||||||
package = mkPackageOption pkgs "frontpage" { };
|
|
||||||
|
|
||||||
user = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "frontpage";
|
|
||||||
};
|
|
||||||
|
|
||||||
group = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "frontpage";
|
|
||||||
};
|
|
||||||
|
|
||||||
port = mkOption {
|
|
||||||
type = types.port;
|
|
||||||
default = 32195;
|
|
||||||
};
|
|
||||||
|
|
||||||
oidcSecretFile = mkOption {
|
|
||||||
type = types.path;
|
|
||||||
description = ''
|
|
||||||
Path to a file containing the OIDC secret for the application.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
settings = mkOption {
|
|
||||||
type = with types; attrsOf anything;
|
|
||||||
default = { };
|
|
||||||
description = ''
|
|
||||||
Settings attribute set as described by the documentation.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
systemd.services.frontpage = {
|
|
||||||
description = "Web front page";
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
preStart = ''
|
|
||||||
sed \
|
|
||||||
"s=@SECRET@=$(<${cfg.oidcSecretFile})=" \
|
|
||||||
${settingsFile} \
|
|
||||||
> /run/frontpage/config.toml
|
|
||||||
'';
|
|
||||||
|
|
||||||
serviceConfig = {
|
|
||||||
Restart = "on-failure";
|
|
||||||
RestartSec = "2s";
|
|
||||||
ExecStart = "${cfg.package}/bin/frontpage -c /run/frontpage/config.toml";
|
|
||||||
RuntimeDirectory = [ "frontpage" ];
|
|
||||||
User = cfg.user;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
users.users."${cfg.user}" = {
|
|
||||||
isSystemUser = true;
|
|
||||||
group = cfg.group;
|
|
||||||
};
|
|
||||||
|
|
||||||
users.groups."${cfg.group}" = { };
|
|
||||||
};
|
|
||||||
}
|
|
Reference in New Issue
Block a user