diff options
author | Emile <git@emile.space> | 2025-02-22 22:44:31 +0100 |
---|---|---|
committer | Emile <git@emile.space> | 2025-02-22 22:44:31 +0100 |
commit | 4100097801550fe86399453b7922875015f34ff9 (patch) | |
tree | 5c5103bf72b5b422278900a90c138e73a0bcfb65 /nix/hosts/corrino | |
parent | e220cd7ed1ff8b9a84e4660519ca0f74720f9e6e (diff) |
goapp frontend now works on corrino
added an overlay (which took quite some time, as I forgot to include the self parameter in the argument list...) that allows using the goapp on corrino. So now you can... ... use the template ... see the package status after it has been built using hydra ... build the package from the packages exposed by the flake ... use the package on machines including it using an overlay I'm actually quite satisfied with this and hope people find this helpful
Diffstat (limited to 'nix/hosts/corrino')
-rw-r--r-- | nix/hosts/corrino/configuration.nix | 4 | ||||
-rw-r--r-- | nix/hosts/corrino/ports.nix | 1 | ||||
-rw-r--r-- | nix/hosts/corrino/secrets/goapp_oidc_secret.age | bin | 0 -> 395 bytes | |||
-rw-r--r-- | nix/hosts/corrino/vm.nix | 15 | ||||
-rw-r--r-- | nix/hosts/corrino/www/goapp.emile.space.nix | 78 | ||||
-rw-r--r-- | nix/hosts/corrino/www/templates/goapp/default.nix | 30 |
6 files changed, 96 insertions, 32 deletions
diff --git a/nix/hosts/corrino/configuration.nix b/nix/hosts/corrino/configuration.nix index d453b34..52e9ecf 100644 --- a/nix/hosts/corrino/configuration.nix +++ b/nix/hosts/corrino/configuration.nix @@ -27,6 +27,8 @@ in ./www/git ./www/nix-cache + ./www/goapp.emile.space.nix + # screego # web @@ -42,7 +44,7 @@ in ./www/photo - # ./www/tickets.emile.space.nix + ./www/tickets.emile.space.nix # ./www/talks.emile.space.nix # ./www/stream.emile.space.nix ./www/md.emile.space.nix diff --git a/nix/hosts/corrino/ports.nix b/nix/hosts/corrino/ports.nix index 10ae593..bb64934 100644 --- a/nix/hosts/corrino/ports.nix +++ b/nix/hosts/corrino/ports.nix @@ -24,6 +24,7 @@ restic = 8002; nocodb = 8003; goatcounter = 8004; + goapp = 8005; r2wars-web = 8089; ctf = 8338; magic-hash = 8339; diff --git a/nix/hosts/corrino/secrets/goapp_oidc_secret.age b/nix/hosts/corrino/secrets/goapp_oidc_secret.age new file mode 100644 index 0000000..a842003 --- /dev/null +++ b/nix/hosts/corrino/secrets/goapp_oidc_secret.age Binary files differdiff --git a/nix/hosts/corrino/vm.nix b/nix/hosts/corrino/vm.nix index 37d1356..78d818f 100644 --- a/nix/hosts/corrino/vm.nix +++ b/nix/hosts/corrino/vm.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, ... }: { services.emile.libvirtnix = { @@ -15,6 +15,19 @@ uuid = "E34DE478-1402-45BB-B3FD-FC960549258E"; genid = "CA1E2462-1E9D-404C-8DDB-19EEF9D9651B"; + os = { + nvram = { + type = "network"; + source = { + mirror = { + abi = "copy"; + ready = "yes"; + type = "network"; + }; + }; + }; + }; + packages = { libvirt = pkgs.libvirt; qemu = pkgs.qemu; diff --git a/nix/hosts/corrino/www/goapp.emile.space.nix b/nix/hosts/corrino/www/goapp.emile.space.nix new file mode 100644 index 0000000..4a486aa --- /dev/null +++ b/nix/hosts/corrino/www/goapp.emile.space.nix @@ -0,0 +1,78 @@ +{ config, pkgs, ... }: + +{ + services.nginx.virtualHosts."goapp.emile.space" = { + forceSSL = true; + enableACME = true; + + locations = { + "/" = { + proxyPass = "http://${config.services.emile.goapp-frontend.host}:${toString config.services.emile.goapp-frontend.port}"; + }; + }; + }; + + services.authelia.instances.main.settings.identity_providers.oidc.clients = [ + { + id = "goapp"; + + # ; nix run nixpkgs#authelia -- crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986 + secret = "$pbkdf2-sha512$310000$/Ht5DUFmIeu/7Ty2PWHXnw$.uJIN1vmZMyGjCAoA0PzUcVaTMIH36AK80KvOZAHVXgLr1Y9ZOrRjoiwK.srHAO29mrcw1BNpCjFTYdWOoympg"; + public = false; + authorization_policy = "two_factor"; + redirect_uris = [ + # "http://localhost:8080/oauth2/callback" + "https://goapp.emile.space/oauth2/callback" + ]; + scopes = [ + "openid" + "email" + "profile" + "groups" + ]; + grant_types = [ + "refresh_token" + "authorization_code" + ]; + response_types = [ "code" ]; + response_modes = [ + "form_post" + "query" + "fragment" + ]; + token_endpoint_auth_method = "client_secret_post"; + } + ]; + + environment.systemPackages = with pkgs; [ goapp-frontend ]; + + # deploy: + # - push code + # - build in order to get the new hash (nix build .#goapp-frontend-pkg) + # - update hash in the package (//nix/templates/goapp/frontent/default.nix) + # - deploy + + # services.emile.goapp-frontend = { + # enable = true; + # package = pkgs.goapp-frontend; + + # host = "127.0.0.1"; + # port = config.emile.ports.goapp-frontend; + # public-url = "https://goapp-frontend.emile.space/"; + + # oidc = { + # id = "goapp-frontend"; + # issuer = "https://sso.emile.space"; + # cookie-name = "oidc-client"; + # scopes = [ "openid" "profile" "email" "groups" ]; + # secret-path = "/run/goapp-frontend_oidc_secret"; + # }; + + # # TODO(emile): change these when going live + # session-key-path = config.age.secrets.goapp-frontend_oidc_secret.path; + + # logfile-path = "/var/log/goapp-frontend.log"; + # database-path = "/var/lib/goapp-frontend/main.db"; + # sessiondb-path = "/var/lib/goapp-frontend/session.db"; + # }; +} diff --git a/nix/hosts/corrino/www/templates/goapp/default.nix b/nix/hosts/corrino/www/templates/goapp/default.nix deleted file mode 100644 index 716d6ab..0000000 --- a/nix/hosts/corrino/www/templates/goapp/default.nix +++ /dev/null @@ -1,30 +0,0 @@ - -{ - services.authelia.instances.main.settings.identity_providers.oidc.clients = [ - { - id = "goapp"; - - # ; nix run nixpkgs#authelia -- crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986 - secret = "$pbkdf2-sha512$310000$WUai4pp1ZVJDrJ8j6ICLiQ$NOMMaCZ3gt.x.a09MWatMkJWQIaH0QeWgRXSbuD2iWRwR.N6MWmJA6QO.LIKcxn6l.zHZN4bO1Ztsrbo9010Tw"; - public = false; - authorization_policy = "two_factor"; - redirect_uris = [ "https://127.0.0.1:8080/auth/oauth2/callback" ]; - scopes = [ - "openid" - "email" - "profile" - ]; - grant_types = [ - "refresh_token" - "authorization_code" - ]; - response_types = [ "code" ]; - response_modes = [ - "form_post" - "query" - "fragment" - ]; - token_endpoint_auth_method = "client_secret_post"; - } - ]; -} |