refactor nixos dev setup

This commit is contained in:
tuxcoder 2023-12-17 14:47:38 +01:00
parent 0494fb336f
commit fbbe6e2c87
5 changed files with 121 additions and 31 deletions

View file

@ -99,11 +99,11 @@
]
},
"locked": {
"lastModified": 1702224561,
"narHash": "sha256-kA++rUce3EHqvW3SqLf4RdaP/guKD4/un5vjlr2rZCI=",
"lastModified": 1702764954,
"narHash": "sha256-+1z/0NJ/8c0d6Um1y9wpVO8CPXHd9/psOJF9GqFS/38=",
"ref": "refs/heads/master",
"rev": "b77ada84c29fc587b24b4ca838a0280272e654da",
"revCount": 8,
"rev": "dcea3067863899ee23950670e7fed2a4feccc20e",
"revCount": 13,
"type": "git",
"url": "ssh://git@git.o-g.at/nixpkg/tuxpkgs.git"
},

View file

@ -46,24 +46,75 @@
self.nixosModules.default
tuxpkgs.nixosModules.ory-hydra
"${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix"
({...}:{
({lib, ...}:{
security.acme.acceptTerms = true;
security.acme.defaults.email = "acme@example.com";
services.lenticular-cloud = {
enable = true;
domain = "example.com";
service_domain = "account.example.com";
settings.HYDRA_ADMIN_URL = "http://127.0.0.1:8081";
settings.HYDRA_PUBLIC_URL = "http://127.0.0.1:8082";
settings.PUBLIC_URL = "http://127.0.0.1:5000";
};
services.ory-hydra = {
enable = true;
admin_domain = "admin-hydra.local";
public_domain = "public-hydra.local";
extra_args = ["--dev"];
settings = {
dev = true;
urls.self = {
issuer = "http://127.0.0.1:8082";
public = "http://127.0.0.1:8082";
admin = "http://127.0.0.1:8081";
};
};
};
networking.hosts = {
"::1" = [ "admin-hydra.local" "public-hydra.local" "account.example.com" ];
};
networking.firewall.enable = false;
services.getty.autologinUser = "root";
virtualisation.qemu.options = ["-vga none"];
services.nginx.virtualHosts = {
"admin-hydra.local" = {
addSSL = lib.mkForce false;
enableACME = lib.mkForce false;
listen = [{
addr = "0.0.0.0";
port = 8081;
}];
locations."/" = {
extraConfig = ''
allow all;
'';
};
};
"public-hydra.local" = {
addSSL = lib.mkForce false;
enableACME = lib.mkForce false;
listen = [{
addr = "0.0.0.0";
port = 8082;
}];
};
};
virtualisation = {
forwardPorts = [ {
from = "host";
host.port = 8080;
guest.port = 80;
} {
from = "host";
host.port = 8081;
guest.port = 8081;
} {
from = "host";
host.port = 8082;
guest.port = 8082;
} ];
qemu.options = [ "-vga none" "-nographic" ];
};
})
];
};

View file

@ -12,13 +12,14 @@ SQLALCHEMY_TRACK_MODIFICATIONS = false
PKI_PATH = "../data/pki"
DOMAIN = 'example.com'
PUBLIC_URL = 'http://localhost:5000'
#SERVER_NAME = f'account.{ DOMAIN }:9090'
HYDRA_REQUEST_TIMEOUT_SECONDS = 3
HYDRA_ADMIN_URL = 'http://127.0.0.1:4445'
HYDRA_ADMIN_URL = 'http://127.0.0.1:8081'
HYDRA_ADMIN_USER = 'lenticluar_cloud'
HYDRA_ADMIN_PASSWORD = 'notSecure'
HYDRA_PUBLIC_URL = 'http://127.0.0.1:4444'
HYDRA_PUBLIC_URL = 'http://127.0.0.1:8082'
SUBJECT_PREFIX = 'something random'
OAUTH_ID = 'identiy_provider'

View file

@ -35,7 +35,7 @@ class HydraService:
break
if client is None:
domain = app.config['DOMAIN']
public_url = app.config['PUBLIC_URL']
client = OAuth20Client(
client_name="identiy_provider",
# client_id=client_id,
@ -43,7 +43,7 @@ class HydraService:
response_types=["code", "id_token"],
scope="openid profile manage",
grant_types=["authorization_code", "refresh_token"],
redirect_uris=[ f"https://{domain}/oauth/authorized" ],
redirect_uris=[ f"{public_url}/oauth/authorized" ],
token_endpoint_auth_method="client_secret_basic",
)
ret = create_o_auth_2_client.sync(json_body=client, _client=self.hydra_client)

View file

@ -1,9 +1,9 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.lenticular-cloud;
username = "lenticular_cloud";
data_folder = "/var/lib/${username}";
python = pkgs.python3;
format = pkgs.formats.json {};
types = lib.types;
in
{
options = with lib.options; {
@ -13,22 +13,57 @@ in
type = lib.types.str;
example = "example.com";
};
username = mkOption {
type = lib.types.str;
description = mdDoc "user to run the service";
example = "lenticular_cloud";
};
service_domain = mkOption {
type = lib.types.str;
example = "account.example.com";
};
settings = mkOption {
type = lib.types.attrs;
default = rec {
DOMAIN = cfg.domain;
DATA_FOLDER = data_folder;
PKI_PATH = "${DATA_FOLDER}/pki";
# SQLALCHEMY_DATABASE_URI = "sqlite:////${DATA_FOLDER}/db.sqlite";
SQLALCHEMY_DATABASE_URI = "postgresql://${username}@/${username}?host=/run/postgresql";
HYDRA_ADMIN_URL= "https://${config.services.ory-hydra.admin_domain}";
HYDRA_PUBLIC_URL= "https://${config.services.ory-hydra.public_domain}";
};
description = mdDoc ''
Lenticular cloud settings
'';
default = { };
type = types.submodule {
freeformType = format.type;
options = {
DOMAIN = mkOption {
type = types.str;
description = mdDoc "Top level Domain of the service";
default = cfg.domain;
};
PUBLIC_URL = mkOption {
type = types.str;
description = mdDoc "public service url";
default = "https://${cfg.service_domain}";
};
DATA_FOLDER = mkOption {
type = types.str;
default = "/var/lib/${cfg.username}";
};
PKI_PATH = mkOption {
type = types.str;
default = "${cfg.settings.DATA_FOLDER}/pki";
};
SQLALCHEMY_DATABASE_URI = mkOption {
type = types.str;
default = "postgresql://${username}@/${username}?host=/run/postgresql";
};
HYDRA_ADMIN_URL = mkOption {
type = types.str;
default = "https://${config.services.ory-hydra.admin_domain}";
};
HYDRA_PUBLIC_URL = mkOption {
type = types.str;
default = "https://${config.services.ory-hydra.public_domain}";
};
};
};
};
};
};
@ -44,7 +79,7 @@ in
};
users."${username}" = {
createHome = true;
home = data_folder;
home = "/var/lib/${username}";
description = "web server";
extraGroups = [
# "ory-hydra"
@ -60,15 +95,18 @@ in
ensureUsers = [
{
name = username;
ensurePermissions = {
"DATABASE ${username}" = "All PRIVILEGES";
};
ensureDBOwnership = true;
}
];
identMap = ''
# ArbitraryMapName systemUser DBUser
superuser_map ${username} ${username}
'';
};
services.ory-hydra.settings = {
urls = {
login = "${cfg.settings.PUBLIC_URL}/auth/login";
logout = "${cfg.settings.PUBLIC_URL}/auth/logout";
consent = "${cfg.settings.PUBLIC_URL}/auth/consent";
error = "${cfg.settings.PUBLIC_URL}/auth/error";
};
};
services.nginx.enable = true;
@ -94,7 +132,7 @@ in
python_path = with python.pkgs; makePythonPath [ pkgs.lenticular-cloud gevent setuptools ];
in {
# CONFIG_FILE = "/etc/lenticular_cloud/production.conf";
CONFIG_FILE = pkgs.writeText "lenticular-cloud.json" (builtins.toJSON cfg.settings);
CONFIG_FILE = format.generate "lenticular-cloud.json" cfg.settings;
PYTHONPATH = "${python_path}";
# PYTHONPATH = "${lenticular-pkg.pythonPath}:${lenticular-pkg}/lib/python3.10/site-packages:${python_path}";
};