docs: add readme

flake.lock

@@ -1,15 +1,12 @@
 {
   "nodes": {
     "flake-utils": {
-      "inputs": {
-        "systems": "systems"
-      },
       "locked": {
-        "lastModified": 1685518550,
+        "lastModified": 1659877975,
-        "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
         "type": "github"
       },
       "original": {
@@ -19,15 +16,12 @@
       }
     },
     "flake-utils_2": {
-      "inputs": {
-        "systems": "systems_2"
-      },
       "locked": {
-        "lastModified": 1685518550,
+        "lastModified": 1659877975,
-        "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
         "type": "github"
       },
       "original": {
@@ -38,27 +32,26 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1685533922,
+        "lastModified": 1662166109,
-        "narHash": "sha256-y4FCQpYafMQ42l1V+NUrMel9RtFtZo59PzdzflKR/lo=",
+        "narHash": "sha256-cmNWUeVDfSJC9y8nmX2O/7kuOXJU1ZVFJMYP87qrm/Y=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "3a70dd92993182f8e514700ccf5b1ae9fc8a3b8d",
+        "rev": "cb5a1a003dde9c16a1ae4b28cbe7bf0fab15da32",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-23.05",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1685580370,
+        "lastModified": 1662166109,
-        "narHash": "sha256-zTPVdZwLVQl/y0QTZEtYs9iNvZW6H9h+/MZsKdUinu8=",
+        "narHash": "sha256-cmNWUeVDfSJC9y8nmX2O/7kuOXJU1ZVFJMYP87qrm/Y=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "fabe2064486b607c2516296ce6108549de0649c4",
+        "rev": "cb5a1a003dde9c16a1ae4b28cbe7bf0fab15da32",
         "type": "github"
       },
       "original": {
@@ -73,11 +66,11 @@
         "nixpkgs": "nixpkgs_2"
       },
       "locked": {
-        "lastModified": 1685418143,
+        "lastModified": 1662044036,
-        "narHash": "sha256-q2ORekI8au0pGMtOLQI8WMCJBxjzWgYRHpiEOVSBq3w=",
+        "narHash": "sha256-+5YZPznhy1gEKPdWiZj7UcLoRaLbfvUDr8OzOY+75jM=",
         "owner": "nix-community",
         "repo": "poetry2nix",
-        "rev": "f11cc14e28078c701072f2d1fb34a6495c9376b1",
+        "rev": "efe5b281b51c22495c488480d23d7bb1426bf3ba",
         "type": "github"
       },
       "original": {
@@ -92,36 +85,6 @@
         "nixpkgs": "nixpkgs",
         "poetry2nix": "poetry2nix"
       }
-    },
-    "systems": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
-    "systems_2": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
     }
   },
   "root": "root",

flake.nix

@@ -2,53 +2,32 @@
   description = "Application packaged using poetry2nix";
 
   inputs.flake-utils.url = "github:numtide/flake-utils";
-  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs";
   inputs.poetry2nix.url = "github:nix-community/poetry2nix";
 
   outputs = { self, nixpkgs, flake-utils, poetry2nix }: {
     overlay = nixpkgs.lib.composeManyExtensions [
       poetry2nix.overlay
       (final: prev: {
-        frontpage = prev.poetry2nix.mkPoetryApplication
+        frontpage = prev.poetry2nix.mkPoetryApplication {
-          {
           python = prev.python39;
           projectDir = ./.;
-            overrides =
-              prev.poetry2nix.overrides.withDefaults (final_: prev_:
-                nixpkgs.lib.listToAttrs
-                  (builtins.map
-                    (name: {
-                      inherit name;
-                      value = prev_."${name}".overridePythonAttrs (old: {
-                        nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ final_.setuptools ];
-                      });
-                    })
-                    [ "beaker" "flask-pyoidc-oda" "oic" ]));
         };
       })
     ];
-
-    nixosModules = rec {
-      default = frontpage;
-      frontpage = import ./nixos;
-    };
   } // (flake-utils.lib.eachDefaultSystem (system:
     let pkgs = import nixpkgs { inherit system; overlays = [ self.overlay ]; }; in
     {
       apps = {
-        default = pkgs.frontpage;
         frontpage = pkgs.frontpage;
       };
 
+      defaultApp = pkgs.frontpage;
+
       devShell = (pkgs.poetry2nix.mkPoetryEnv {
         python = pkgs.python39;
         projectDir = ./.;
         extraPackages = ps: [ ps.python-lsp-server ];
       }).env;
-
-      packages = {
-        default = pkgs.frontpage;
-        frontpage = pkgs.frontpage;
-      };
     }));
 }

frontpage/routes.py

@@ -29,7 +29,7 @@ def register(auth: OIDCAuthentication, auth_provider: str) -> Blueprint:
         Renders the home route.
         """
         user_session = UserSession(flask.session)
-        groups: List[str] = user_session.userinfo.get("groups") or []
+        groups: List[str] = user_session.userinfo["groups"]
 
         config: Config = current_config()
         name = config.core.name

nixos/default.nix

@@ -1,76 +0,0 @@
-{ config, lib, pkgs, ... }:
-with lib;
-let
-  cfg = config.services.frontpage;
-
-  toml = pkgs.formats.toml { };
-  fullSettings = recursiveUpdate cfg.settings {
-    core.port = cfg.port;
-    oidc.client_secret = "@SECRET@";
-  };
-  settingsFile = toml.generate "config.toml" fullSettings;
-in
-{
-  options.services.frontpage = {
-    enable = mkEnableOption "frontpage";
-
-    package = mkPackageOption pkgs "frontpage" { };
-
-    user = mkOption {
-      type = types.str;
-      default = "frontpage";
-    };
-
-    group = mkOption {
-      type = types.str;
-      default = "frontpage";
-    };
-
-    port = mkOption {
-      type = types.port;
-      default = 32195;
-    };
-
-    oidcSecretFile = mkOption {
-      type = types.path;
-      description = ''
-        Path to a file containing the OIDC secret for the application.
-      '';
-    };
-
-    settings = mkOption {
-      type = with types; attrsOf anything;
-      default = { };
-      description = ''
-        Settings attribute set as described by the documentation.
-      '';
-    };
-  };
-  config = mkIf cfg.enable {
-    systemd.services.frontpage = {
-      description = "Web front page";
-      wantedBy = [ "multi-user.target" ];
-      preStart = ''
-        sed \
-          "s=@SECRET@=$(<${cfg.oidcSecretFile})=" \
-          ${settingsFile} \
-          > /run/frontpage/config.toml
-      '';
-
-      serviceConfig = {
-        Restart = "on-failure";
-        RestartSec = "2s";
-        ExecStart = "${cfg.package}/bin/frontpage -c /run/frontpage/config.toml";
-        RuntimeDirectory = [ "frontpage" ];
-        User = cfg.user;
-      };
-    };
-
-    users.users."${cfg.user}" = {
-      isSystemUser = true;
-      group = cfg.group;
-    };
-
-    users.groups."${cfg.group}" = { };
-  };
-}