diff --git a/flake.nix b/flake.nix index d970532..af509e3 100644 --- a/flake.nix +++ b/flake.nix @@ -63,7 +63,6 @@ public_domain = "public-hydra.local"; extra_args = ["--dev"]; settings = { - dev = true; urls.self = { issuer = "http://127.0.0.1:8082"; public = "http://127.0.0.1:8082"; diff --git a/lenticular_cloud/config_development.toml b/lenticular_cloud/config_development.toml index d3e3c02..2b9e941 100644 --- a/lenticular_cloud/config_development.toml +++ b/lenticular_cloud/config_development.toml @@ -23,6 +23,7 @@ HYDRA_PUBLIC_URL = 'http://127.0.0.1:8082' SUBJECT_PREFIX = 'something random' OAUTH_ID = 'identiy_provider' +OAUTH_SECRET = 'thisIsNotSecure' [LENTICULAR_CLOUD_SERVICES.jabber] diff --git a/lenticular_cloud/hydra.py b/lenticular_cloud/hydra.py index 2fdaead..be6a31a 100644 --- a/lenticular_cloud/hydra.py +++ b/lenticular_cloud/hydra.py @@ -23,7 +23,7 @@ class HydraService: self.set_hydra_client(Client(base_url=app.config['HYDRA_ADMIN_URL'])) client_name = app.config['OAUTH_ID'] - client_secret = token_hex(16) + client_secret = app.config['OAUTH_SECRET'] clients = list_o_auth_2_clients.sync_detailed(_client=self.hydra_client).parsed if clients is None: @@ -48,12 +48,12 @@ class HydraService: ) ret = create_o_auth_2_client.sync(json_body=client, _client=self.hydra_client) if ret is None: - raise RuntimeError("could not crate account") + raise RuntimeError("could not create account") else: client.client_secret = client_secret - ret = set_o_auth_2_client.sync(id=client.client_id,json_body=client, _client=self.hydra_client) + ret = set_o_auth_2_client.sync(id=client.client_id, json_body=client, _client=self.hydra_client) if ret is None: - raise RuntimeError("could not crate account") + raise RuntimeError("could not update account") if type(client.client_id) is not str: raise RuntimeError("could not parse client_id from ory-hydra") self.client_id = client.client_id diff --git a/module.nix b/module.nix index 90026d6..de49f57 100644 --- a/module.nix +++ b/module.nix @@ -4,6 +4,7 @@ let python = pkgs.python3; format = pkgs.formats.json {}; types = lib.types; + config_oauth_secret = "${cfg.settings.DATA_FOLDER}/lenticular_oauth_secret.toml"; in { options = with lib.options; { @@ -130,16 +131,19 @@ in environment = let python_path = with python.pkgs; makePythonPath [ pkgs.lenticular-cloud gevent setuptools ]; + config_file = format.generate "lenticular-cloud.json" cfg.settings; in { # CONFIG_FILE = "/etc/lenticular_cloud/production.conf"; - CONFIG_FILE = format.generate "lenticular-cloud.json" cfg.settings; + CONFIG_FILE = "${config_file}:${config_oauth_secret}"; PYTHONPATH = "${python_path}"; # PYTHONPATH = "${lenticular-pkg.pythonPath}:${lenticular-pkg}/lib/python3.10/site-packages:${python_path}"; }; preStart = '' - #cat > ${cfg.settings.DATA_FOLDER}/foobar.conf < ${config_oauth_secret} + echo "oauth secreted generated" + fi ${pkgs.lenticular-cloud}/bin/lenticular_cloud-cli db_upgrade ''; @@ -148,7 +152,7 @@ in WorkingDirectory = cfg.settings.DATA_FOLDER; User = cfg.username; ExecStart = ''${python.pkgs.gunicorn}/bin/gunicorn lenticular_cloud.wsgi --name lenticular_cloud \ - --workers 1 --log-level=info \ + --workers 2 --log-level=info \ --bind=unix:/run/${cfg.username}/web.sock \ -k gevent''; Restart = "on-failure";