refactor nixos dev setup
This commit is contained in:
parent
0494fb336f
commit
fbbe6e2c87
|
@ -99,11 +99,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1702224561,
|
||||
"narHash": "sha256-kA++rUce3EHqvW3SqLf4RdaP/guKD4/un5vjlr2rZCI=",
|
||||
"lastModified": 1702764954,
|
||||
"narHash": "sha256-+1z/0NJ/8c0d6Um1y9wpVO8CPXHd9/psOJF9GqFS/38=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "b77ada84c29fc587b24b4ca838a0280272e654da",
|
||||
"revCount": 8,
|
||||
"rev": "dcea3067863899ee23950670e7fed2a4feccc20e",
|
||||
"revCount": 13,
|
||||
"type": "git",
|
||||
"url": "ssh://git@git.o-g.at/nixpkg/tuxpkgs.git"
|
||||
},
|
||||
|
|
55
flake.nix
55
flake.nix
|
@ -46,24 +46,75 @@
|
|||
self.nixosModules.default
|
||||
tuxpkgs.nixosModules.ory-hydra
|
||||
"${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix"
|
||||
({...}:{
|
||||
({lib, ...}:{
|
||||
security.acme.acceptTerms = true;
|
||||
security.acme.defaults.email = "acme@example.com";
|
||||
services.lenticular-cloud = {
|
||||
enable = true;
|
||||
domain = "example.com";
|
||||
service_domain = "account.example.com";
|
||||
settings.HYDRA_ADMIN_URL = "http://127.0.0.1:8081";
|
||||
settings.HYDRA_PUBLIC_URL = "http://127.0.0.1:8082";
|
||||
settings.PUBLIC_URL = "http://127.0.0.1:5000";
|
||||
};
|
||||
services.ory-hydra = {
|
||||
enable = true;
|
||||
admin_domain = "admin-hydra.local";
|
||||
public_domain = "public-hydra.local";
|
||||
extra_args = ["--dev"];
|
||||
settings = {
|
||||
dev = true;
|
||||
urls.self = {
|
||||
issuer = "http://127.0.0.1:8082";
|
||||
public = "http://127.0.0.1:8082";
|
||||
admin = "http://127.0.0.1:8081";
|
||||
};
|
||||
};
|
||||
};
|
||||
networking.hosts = {
|
||||
"::1" = [ "admin-hydra.local" "public-hydra.local" "account.example.com" ];
|
||||
};
|
||||
networking.firewall.enable = false;
|
||||
services.getty.autologinUser = "root";
|
||||
virtualisation.qemu.options = ["-vga none"];
|
||||
services.nginx.virtualHosts = {
|
||||
"admin-hydra.local" = {
|
||||
addSSL = lib.mkForce false;
|
||||
enableACME = lib.mkForce false;
|
||||
listen = [{
|
||||
addr = "0.0.0.0";
|
||||
port = 8081;
|
||||
}];
|
||||
locations."/" = {
|
||||
extraConfig = ''
|
||||
allow all;
|
||||
'';
|
||||
};
|
||||
};
|
||||
"public-hydra.local" = {
|
||||
addSSL = lib.mkForce false;
|
||||
enableACME = lib.mkForce false;
|
||||
listen = [{
|
||||
addr = "0.0.0.0";
|
||||
port = 8082;
|
||||
}];
|
||||
};
|
||||
};
|
||||
virtualisation = {
|
||||
forwardPorts = [ {
|
||||
from = "host";
|
||||
host.port = 8080;
|
||||
guest.port = 80;
|
||||
} {
|
||||
from = "host";
|
||||
host.port = 8081;
|
||||
guest.port = 8081;
|
||||
} {
|
||||
from = "host";
|
||||
host.port = 8082;
|
||||
guest.port = 8082;
|
||||
} ];
|
||||
qemu.options = [ "-vga none" "-nographic" ];
|
||||
};
|
||||
})
|
||||
];
|
||||
};
|
||||
|
|
|
@ -12,13 +12,14 @@ SQLALCHEMY_TRACK_MODIFICATIONS = false
|
|||
|
||||
PKI_PATH = "../data/pki"
|
||||
DOMAIN = 'example.com'
|
||||
PUBLIC_URL = 'http://localhost:5000'
|
||||
#SERVER_NAME = f'account.{ DOMAIN }:9090'
|
||||
|
||||
HYDRA_REQUEST_TIMEOUT_SECONDS = 3
|
||||
HYDRA_ADMIN_URL = 'http://127.0.0.1:4445'
|
||||
HYDRA_ADMIN_URL = 'http://127.0.0.1:8081'
|
||||
HYDRA_ADMIN_USER = 'lenticluar_cloud'
|
||||
HYDRA_ADMIN_PASSWORD = 'notSecure'
|
||||
HYDRA_PUBLIC_URL = 'http://127.0.0.1:4444'
|
||||
HYDRA_PUBLIC_URL = 'http://127.0.0.1:8082'
|
||||
SUBJECT_PREFIX = 'something random'
|
||||
|
||||
OAUTH_ID = 'identiy_provider'
|
||||
|
|
|
@ -35,7 +35,7 @@ class HydraService:
|
|||
break
|
||||
|
||||
if client is None:
|
||||
domain = app.config['DOMAIN']
|
||||
public_url = app.config['PUBLIC_URL']
|
||||
client = OAuth20Client(
|
||||
client_name="identiy_provider",
|
||||
# client_id=client_id,
|
||||
|
@ -43,7 +43,7 @@ class HydraService:
|
|||
response_types=["code", "id_token"],
|
||||
scope="openid profile manage",
|
||||
grant_types=["authorization_code", "refresh_token"],
|
||||
redirect_uris=[ f"https://{domain}/oauth/authorized" ],
|
||||
redirect_uris=[ f"{public_url}/oauth/authorized" ],
|
||||
token_endpoint_auth_method="client_secret_basic",
|
||||
)
|
||||
ret = create_o_auth_2_client.sync(json_body=client, _client=self.hydra_client)
|
||||
|
|
80
module.nix
80
module.nix
|
@ -1,9 +1,9 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
cfg = config.services.lenticular-cloud;
|
||||
username = "lenticular_cloud";
|
||||
data_folder = "/var/lib/${username}";
|
||||
python = pkgs.python3;
|
||||
format = pkgs.formats.json {};
|
||||
types = lib.types;
|
||||
in
|
||||
{
|
||||
options = with lib.options; {
|
||||
|
@ -13,22 +13,57 @@ in
|
|||
type = lib.types.str;
|
||||
example = "example.com";
|
||||
};
|
||||
username = mkOption {
|
||||
type = lib.types.str;
|
||||
description = mdDoc "user to run the service";
|
||||
example = "lenticular_cloud";
|
||||
};
|
||||
service_domain = mkOption {
|
||||
type = lib.types.str;
|
||||
example = "account.example.com";
|
||||
};
|
||||
settings = mkOption {
|
||||
type = lib.types.attrs;
|
||||
default = rec {
|
||||
DOMAIN = cfg.domain;
|
||||
DATA_FOLDER = data_folder;
|
||||
PKI_PATH = "${DATA_FOLDER}/pki";
|
||||
# SQLALCHEMY_DATABASE_URI = "sqlite:////${DATA_FOLDER}/db.sqlite";
|
||||
SQLALCHEMY_DATABASE_URI = "postgresql://${username}@/${username}?host=/run/postgresql";
|
||||
HYDRA_ADMIN_URL= "https://${config.services.ory-hydra.admin_domain}";
|
||||
HYDRA_PUBLIC_URL= "https://${config.services.ory-hydra.public_domain}";
|
||||
};
|
||||
description = mdDoc ''
|
||||
Lenticular cloud settings
|
||||
'';
|
||||
|
||||
default = { };
|
||||
|
||||
type = types.submodule {
|
||||
freeformType = format.type;
|
||||
options = {
|
||||
DOMAIN = mkOption {
|
||||
type = types.str;
|
||||
description = mdDoc "Top level Domain of the service";
|
||||
default = cfg.domain;
|
||||
};
|
||||
PUBLIC_URL = mkOption {
|
||||
type = types.str;
|
||||
description = mdDoc "public service url";
|
||||
default = "https://${cfg.service_domain}";
|
||||
};
|
||||
DATA_FOLDER = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/${cfg.username}";
|
||||
};
|
||||
PKI_PATH = mkOption {
|
||||
type = types.str;
|
||||
default = "${cfg.settings.DATA_FOLDER}/pki";
|
||||
};
|
||||
SQLALCHEMY_DATABASE_URI = mkOption {
|
||||
type = types.str;
|
||||
default = "postgresql://${username}@/${username}?host=/run/postgresql";
|
||||
};
|
||||
HYDRA_ADMIN_URL = mkOption {
|
||||
type = types.str;
|
||||
default = "https://${config.services.ory-hydra.admin_domain}";
|
||||
};
|
||||
HYDRA_PUBLIC_URL = mkOption {
|
||||
type = types.str;
|
||||
default = "https://${config.services.ory-hydra.public_domain}";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -44,7 +79,7 @@ in
|
|||
};
|
||||
users."${username}" = {
|
||||
createHome = true;
|
||||
home = data_folder;
|
||||
home = "/var/lib/${username}";
|
||||
description = "web server";
|
||||
extraGroups = [
|
||||
# "ory-hydra"
|
||||
|
@ -60,15 +95,18 @@ in
|
|||
ensureUsers = [
|
||||
{
|
||||
name = username;
|
||||
ensurePermissions = {
|
||||
"DATABASE ${username}" = "All PRIVILEGES";
|
||||
};
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
identMap = ''
|
||||
# ArbitraryMapName systemUser DBUser
|
||||
superuser_map ${username} ${username}
|
||||
'';
|
||||
};
|
||||
|
||||
services.ory-hydra.settings = {
|
||||
urls = {
|
||||
login = "${cfg.settings.PUBLIC_URL}/auth/login";
|
||||
logout = "${cfg.settings.PUBLIC_URL}/auth/logout";
|
||||
consent = "${cfg.settings.PUBLIC_URL}/auth/consent";
|
||||
error = "${cfg.settings.PUBLIC_URL}/auth/error";
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.enable = true;
|
||||
|
@ -94,7 +132,7 @@ in
|
|||
python_path = with python.pkgs; makePythonPath [ pkgs.lenticular-cloud gevent setuptools ];
|
||||
in {
|
||||
# CONFIG_FILE = "/etc/lenticular_cloud/production.conf";
|
||||
CONFIG_FILE = pkgs.writeText "lenticular-cloud.json" (builtins.toJSON cfg.settings);
|
||||
CONFIG_FILE = format.generate "lenticular-cloud.json" cfg.settings;
|
||||
PYTHONPATH = "${python_path}";
|
||||
# PYTHONPATH = "${lenticular-pkg.pythonPath}:${lenticular-pkg}/lib/python3.10/site-packages:${python_path}";
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue