Milliways/lenticular_cloud2
4
0
Fork 0
Code Issues 1 Pull requests Packages Projects Releases Wiki Activity

refactor nixos dev setup

Browse source
This commit is contained in:
tuxcoder 2023-12-17 14:47:38 +01:00
parent 0494fb336f
commit fbbe6e2c87
5 changed files with 121 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
flake.lock
View file

@ -99,11 +99,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1702224561, "lastModified": 1702764954,
"narHash": "sha256-kA++rUce3EHqvW3SqLf4RdaP/guKD4/un5vjlr2rZCI=", "narHash": "sha256-+1z/0NJ/8c0d6Um1y9wpVO8CPXHd9/psOJF9GqFS/38=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "b77ada84c29fc587b24b4ca838a0280272e654da", "rev": "dcea3067863899ee23950670e7fed2a4feccc20e",
"revCount": 8, "revCount": 13,
"type": "git", "type": "git",
"url": "ssh://git@git.o-g.at/nixpkg/tuxpkgs.git" "url": "ssh://git@git.o-g.at/nixpkg/tuxpkgs.git"
}, },

55
flake.nix
View file

@ -46,24 +46,75 @@
self.nixosModules.default self.nixosModules.default
tuxpkgs.nixosModules.ory-hydra tuxpkgs.nixosModules.ory-hydra
"${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix" "${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix"
({...}:{ ({lib, ...}:{
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
security.acme.defaults.email = "acme@example.com"; security.acme.defaults.email = "acme@example.com";
services.lenticular-cloud = { services.lenticular-cloud = {
enable = true; enable = true;
domain = "example.com"; domain = "example.com";
service_domain = "account.example.com"; service_domain = "account.example.com";
settings.HYDRA_ADMIN_URL = "http://127.0.0.1:8081";
settings.HYDRA_PUBLIC_URL = "http://127.0.0.1:8082";
settings.PUBLIC_URL = "http://127.0.0.1:5000";
}; };
services.ory-hydra = { services.ory-hydra = {
enable = true; enable = true;
admin_domain = "admin-hydra.local"; admin_domain = "admin-hydra.local";
public_domain = "public-hydra.local"; public_domain = "public-hydra.local";
extra_args = ["--dev"];
settings = {
dev = true;
urls.self = {
issuer = "http://127.0.0.1:8082";
public = "http://127.0.0.1:8082";
admin = "http://127.0.0.1:8081";
};
};
}; };
networking.hosts = { networking.hosts = {
"::1" = [ "admin-hydra.local" "public-hydra.local" "account.example.com" ]; "::1" = [ "admin-hydra.local" "public-hydra.local" "account.example.com" ];
}; };
networking.firewall.enable = false;
services.getty.autologinUser = "root"; services.getty.autologinUser = "root";
virtualisation.qemu.options = ["-vga none"]; services.nginx.virtualHosts = {
"admin-hydra.local" = {
addSSL = lib.mkForce false;
enableACME = lib.mkForce false;
listen = [{
addr = "0.0.0.0";
port = 8081;
}];
locations."/" = {
extraConfig = ''
allow all;
'';
};
};
"public-hydra.local" = {
addSSL = lib.mkForce false;
enableACME = lib.mkForce false;
listen = [{
addr = "0.0.0.0";
port = 8082;
}];
};
};
virtualisation = {
forwardPorts = [ {
from = "host";
host.port = 8080;
guest.port = 80;
} {
from = "host";
host.port = 8081;
guest.port = 8081;
} {
from = "host";
host.port = 8082;
guest.port = 8082;
} ];
qemu.options = [ "-vga none" "-nographic" ];
};
}) })
]; ];
}; };

5
lenticular_cloud/config_development.toml
View file

@ -12,13 +12,14 @@ SQLALCHEMY_TRACK_MODIFICATIONS = false
PKI_PATH = "../data/pki" PKI_PATH = "../data/pki"
DOMAIN = 'example.com' DOMAIN = 'example.com'
PUBLIC_URL = 'http://localhost:5000'
#SERVER_NAME = f'account.{ DOMAIN }:9090' #SERVER_NAME = f'account.{ DOMAIN }:9090'
HYDRA_REQUEST_TIMEOUT_SECONDS = 3 HYDRA_REQUEST_TIMEOUT_SECONDS = 3
HYDRA_ADMIN_URL = 'http://127.0.0.1:4445' HYDRA_ADMIN_URL = 'http://127.0.0.1:8081'
HYDRA_ADMIN_USER = 'lenticluar_cloud' HYDRA_ADMIN_USER = 'lenticluar_cloud'
HYDRA_ADMIN_PASSWORD = 'notSecure' HYDRA_ADMIN_PASSWORD = 'notSecure'
HYDRA_PUBLIC_URL = 'http://127.0.0.1:4444' HYDRA_PUBLIC_URL = 'http://127.0.0.1:8082'
SUBJECT_PREFIX = 'something random' SUBJECT_PREFIX = 'something random'
OAUTH_ID = 'identiy_provider' OAUTH_ID = 'identiy_provider'

4
lenticular_cloud/hydra.py
View file

@ -35,7 +35,7 @@ class HydraService:
break break
if client is None: if client is None:
domain = app.config['DOMAIN'] public_url = app.config['PUBLIC_URL']
client = OAuth20Client( client = OAuth20Client(
client_name="identiy_provider", client_name="identiy_provider",
# client_id=client_id, # client_id=client_id,
@ -43,7 +43,7 @@ class HydraService:
response_types=["code", "id_token"], response_types=["code", "id_token"],
scope="openid profile manage", scope="openid profile manage",
grant_types=["authorization_code", "refresh_token"], grant_types=["authorization_code", "refresh_token"],
redirect_uris=[ f"https://{domain}/oauth/authorized" ], redirect_uris=[ f"{public_url}/oauth/authorized" ],
token_endpoint_auth_method="client_secret_basic", token_endpoint_auth_method="client_secret_basic",
) )
ret = create_o_auth_2_client.sync(json_body=client, _client=self.hydra_client) ret = create_o_auth_2_client.sync(json_body=client, _client=self.hydra_client)

80
module.nix
View file

@ -1,9 +1,9 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
cfg = config.services.lenticular-cloud; cfg = config.services.lenticular-cloud;
username = "lenticular_cloud";
data_folder = "/var/lib/${username}";
python = pkgs.python3; python = pkgs.python3;
format = pkgs.formats.json {};
types = lib.types;
in in
{ {
options = with lib.options; { options = with lib.options; {
@ -13,22 +13,57 @@ in
type = lib.types.str; type = lib.types.str;
example = "example.com"; example = "example.com";
}; };
username = mkOption {
type = lib.types.str;
description = mdDoc "user to run the service";
example = "lenticular_cloud";
};
service_domain = mkOption { service_domain = mkOption {
type = lib.types.str; type = lib.types.str;
example = "account.example.com"; example = "account.example.com";
}; };
settings = mkOption { settings = mkOption {
type = lib.types.attrs; description = mdDoc ''
default = rec { Lenticular cloud settings
DOMAIN = cfg.domain; '';
DATA_FOLDER = data_folder;
PKI_PATH = "${DATA_FOLDER}/pki";
# SQLALCHEMY_DATABASE_URI = "sqlite:////${DATA_FOLDER}/db.sqlite";
SQLALCHEMY_DATABASE_URI = "postgresql://${username}@/${username}?host=/run/postgresql";
HYDRA_ADMIN_URL= "https://${config.services.ory-hydra.admin_domain}";
HYDRA_PUBLIC_URL= "https://${config.services.ory-hydra.public_domain}";
};
default = { };
type = types.submodule {
freeformType = format.type;
options = {
DOMAIN = mkOption {
type = types.str;
description = mdDoc "Top level Domain of the service";
default = cfg.domain;
};
PUBLIC_URL = mkOption {
type = types.str;
description = mdDoc "public service url";
default = "https://${cfg.service_domain}";
};
DATA_FOLDER = mkOption {
type = types.str;
default = "/var/lib/${cfg.username}";
};
PKI_PATH = mkOption {
type = types.str;
default = "${cfg.settings.DATA_FOLDER}/pki";
};
SQLALCHEMY_DATABASE_URI = mkOption {
type = types.str;
default = "postgresql://${username}@/${username}?host=/run/postgresql";
};
HYDRA_ADMIN_URL = mkOption {
type = types.str;
default = "https://${config.services.ory-hydra.admin_domain}";
};
HYDRA_PUBLIC_URL = mkOption {
type = types.str;
default = "https://${config.services.ory-hydra.public_domain}";
};
};
};
}; };
}; };
}; };
@ -44,7 +79,7 @@ in
}; };
users."${username}" = { users."${username}" = {
createHome = true; createHome = true;
home = data_folder; home = "/var/lib/${username}";
description = "web server"; description = "web server";
extraGroups = [ extraGroups = [
# "ory-hydra" # "ory-hydra"
@ -60,15 +95,18 @@ in
ensureUsers = [ ensureUsers = [
{ {
name = username; name = username;
ensurePermissions = { ensureDBOwnership = true;
"DATABASE ${username}" = "All PRIVILEGES";
};
} }
]; ];
identMap = '' };
# ArbitraryMapName systemUser DBUser
superuser_map ${username} ${username} services.ory-hydra.settings = {
''; urls = {
login = "${cfg.settings.PUBLIC_URL}/auth/login";
logout = "${cfg.settings.PUBLIC_URL}/auth/logout";
consent = "${cfg.settings.PUBLIC_URL}/auth/consent";
error = "${cfg.settings.PUBLIC_URL}/auth/error";
};
}; };
services.nginx.enable = true; services.nginx.enable = true;
@ -94,7 +132,7 @@ in
python_path = with python.pkgs; makePythonPath [ pkgs.lenticular-cloud gevent setuptools ]; python_path = with python.pkgs; makePythonPath [ pkgs.lenticular-cloud gevent setuptools ];
in { in {
# CONFIG_FILE = "/etc/lenticular_cloud/production.conf"; # CONFIG_FILE = "/etc/lenticular_cloud/production.conf";
CONFIG_FILE = pkgs.writeText "lenticular-cloud.json" (builtins.toJSON cfg.settings); CONFIG_FILE = format.generate "lenticular-cloud.json" cfg.settings;
PYTHONPATH = "${python_path}"; PYTHONPATH = "${python_path}";
# PYTHONPATH = "${lenticular-pkg.pythonPath}:${lenticular-pkg}/lib/python3.10/site-packages:${python_path}"; # PYTHONPATH = "${lenticular-pkg.pythonPath}:${lenticular-pkg}/lib/python3.10/site-packages:${python_path}";
}; };