goapp frontend now works on corrino

added an overlay (which took quite some time, as I forgot to include the self parameter in the argument list...) that allows using the goapp on corrino. So now you can... ... use the template ... see the package status after it has been built using hydra ... build the package from the packages exposed by the flake ... use the package on machines including it using an overlay I'm actually quite satisfied with this and hope people find this helpful
author: Emile <git@emile.space> 2025-02-22 22:44:31 +0100
committer: Emile <git@emile.space> 2025-02-22 22:44:31 +0100
commit: 4100097801550fe86399453b7922875015f34ff9 (patch)
tree: 5c5103bf72b5b422278900a90c138e73a0bcfb65 /nix/hosts
parent: e220cd7ed1ff8b9a84e4660519ca0f74720f9e6e (diff)
6 files changed, 96 insertions, 32 deletions
diff --git a/nix/hosts/corrino/configuration.nix b/nix/hosts/corrino/configuration.nix
index d453b34..52e9ecf 100644
--- a/nix/hosts/corrino/configuration.nix
+++ b/nix/hosts/corrino/configuration.nix
@@ -27,6 +27,8 @@ in
     ./www/git
     ./www/nix-cache
 
+    ./www/goapp.emile.space.nix
+
     # screego
 
     # web
@@ -42,7 +44,7 @@ in
 
     ./www/photo
 
-    # ./www/tickets.emile.space.nix
+    ./www/tickets.emile.space.nix
     # ./www/talks.emile.space.nix
     # ./www/stream.emile.space.nix
     ./www/md.emile.space.nix
diff --git a/nix/hosts/corrino/ports.nix b/nix/hosts/corrino/ports.nix
index 10ae593..bb64934 100644
--- a/nix/hosts/corrino/ports.nix
+++ b/nix/hosts/corrino/ports.nix
@@ -24,6 +24,7 @@
     restic = 8002;
     nocodb = 8003;
     goatcounter = 8004;
+    goapp = 8005;
     r2wars-web = 8089;
     ctf = 8338;
     magic-hash = 8339;
diff --git a/nix/hosts/corrino/secrets/goapp_oidc_secret.age b/nix/hosts/corrino/secrets/goapp_oidc_secret.age
new file mode 100644
index 0000000..a842003
--- /dev/null
+++ b/nix/hosts/corrino/secrets/goapp_oidc_secret.age
Binary files differdiff --git a/nix/hosts/corrino/vm.nix b/nix/hosts/corrino/vm.nix
index 37d1356..78d818f 100644
--- a/nix/hosts/corrino/vm.nix
+++ b/nix/hosts/corrino/vm.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{  pkgs, ... }:
 
 {
   services.emile.libvirtnix = {
@@ -15,6 +15,19 @@
           uuid = "E34DE478-1402-45BB-B3FD-FC960549258E";
           genid = "CA1E2462-1E9D-404C-8DDB-19EEF9D9651B";
 
+          os = {
+            nvram = {
+              type = "network";
+              source = {
+                mirror = {
+                  abi = "copy";
+                  ready = "yes";
+                  type = "network";
+                };
+              };
+            };
+          };
+
           packages = {
             libvirt = pkgs.libvirt;
             qemu = pkgs.qemu;
diff --git a/nix/hosts/corrino/www/goapp.emile.space.nix b/nix/hosts/corrino/www/goapp.emile.space.nix
new file mode 100644
index 0000000..4a486aa
--- /dev/null
+++ b/nix/hosts/corrino/www/goapp.emile.space.nix
@@ -0,0 +1,78 @@
+{ config, pkgs, ... }:
+
+{
+  services.nginx.virtualHosts."goapp.emile.space" = {
+    forceSSL = true;
+    enableACME = true;
+
+    locations = {
+      "/" = {
+        proxyPass = "http://${config.services.emile.goapp-frontend.host}:${toString config.services.emile.goapp-frontend.port}";
+      };
+    };
+  };
+
+  services.authelia.instances.main.settings.identity_providers.oidc.clients = [
+    {
+      id = "goapp";
+
+      # ; nix run nixpkgs#authelia -- crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
+      secret = "$pbkdf2-sha512$310000$/Ht5DUFmIeu/7Ty2PWHXnw$.uJIN1vmZMyGjCAoA0PzUcVaTMIH36AK80KvOZAHVXgLr1Y9ZOrRjoiwK.srHAO29mrcw1BNpCjFTYdWOoympg";
+      public = false;
+      authorization_policy = "two_factor";
+      redirect_uris = [
+        # "http://localhost:8080/oauth2/callback"
+        "https://goapp.emile.space/oauth2/callback"
+      ];
+      scopes = [
+        "openid"
+        "email"
+        "profile"
+        "groups"
+      ];
+      grant_types = [
+        "refresh_token"
+        "authorization_code"
+      ];
+      response_types = [ "code" ];
+      response_modes = [
+        "form_post"
+        "query"
+        "fragment"
+      ];
+      token_endpoint_auth_method = "client_secret_post";
+    }
+  ];
+
+  environment.systemPackages = with pkgs; [ goapp-frontend ];
+
+  # deploy:
+  # - push code
+  # - build in order to get the new hash (nix build .#goapp-frontend-pkg)
+  # - update hash in the package (//nix/templates/goapp/frontent/default.nix)
+  # - deploy
+
+  # services.emile.goapp-frontend = {
+  #   enable = true;
+  #   package = pkgs.goapp-frontend;
+
+  #   host = "127.0.0.1";
+  #   port = config.emile.ports.goapp-frontend;
+  #   public-url = "https://goapp-frontend.emile.space/";
+
+  #   oidc = {
+  #     id = "goapp-frontend";
+  #     issuer = "https://sso.emile.space";
+  #     cookie-name = "oidc-client";
+  #     scopes = [ "openid" "profile" "email" "groups" ];
+  #     secret-path = "/run/goapp-frontend_oidc_secret";
+  #   };
+
+  #   # TODO(emile): change these when going live
+  #   session-key-path = config.age.secrets.goapp-frontend_oidc_secret.path;
+
+  #   logfile-path = "/var/log/goapp-frontend.log";
+  #   database-path = "/var/lib/goapp-frontend/main.db";
+  #   sessiondb-path = "/var/lib/goapp-frontend/session.db";
+  # };
+}
diff --git a/nix/hosts/corrino/www/templates/goapp/default.nix b/nix/hosts/corrino/www/templates/goapp/default.nix
deleted file mode 100644
index 716d6ab..0000000
--- a/nix/hosts/corrino/www/templates/goapp/default.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-
-{
-  services.authelia.instances.main.settings.identity_providers.oidc.clients = [
-    {
-      id = "goapp";
-
-      # ; nix run nixpkgs#authelia -- crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
-      secret = "$pbkdf2-sha512$310000$WUai4pp1ZVJDrJ8j6ICLiQ$NOMMaCZ3gt.x.a09MWatMkJWQIaH0QeWgRXSbuD2iWRwR.N6MWmJA6QO.LIKcxn6l.zHZN4bO1Ztsrbo9010Tw";
-      public = false;
-      authorization_policy = "two_factor";
-      redirect_uris = [ "https://127.0.0.1:8080/auth/oauth2/callback" ];
-      scopes = [
-        "openid"
-        "email"
-        "profile"
-      ];
-      grant_types = [
-        "refresh_token"
-        "authorization_code"
-      ];
-      response_types = [ "code" ];
-      response_modes = [
-        "form_post"
-        "query"
-        "fragment"
-      ];
-      token_endpoint_auth_method = "client_secret_post";
-    }
-  ];
-}
author	Emile <git@emile.space>	2025-02-22 22:44:31 +0100
committer	Emile <git@emile.space>	2025-02-22 22:44:31 +0100
commit	4100097801550fe86399453b7922875015f34ff9 (patch)
tree	5c5103bf72b5b422278900a90c138e73a0bcfb65 /nix/hosts
parent	e220cd7ed1ff8b9a84e4660519ca0f74720f9e6e (diff)