wger: updated auth proxy header branch

machines/gerd/services/wger/default.nix

@@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, lib, ... }:
 
 let
   svc_domain = "wger.${config.mine.shared.settings.domain}";
@@ -20,19 +20,26 @@ in {
     wgerSettings = {
       EMAIL_FROM = "wger Workout Manager <wger@${config.mine.shared.settings.domain}>";
 
-      # use authelia for authentication (disable guest users + regisration)
-      AUTH_PROXY_HEADER = config.mine.shared.lib.authelia.protectedHeaders.username;
       ALLOW_GUEST_USERS = false;
       ALLOW_REGISTRATION = false;
     };
 
     # django specific settings
-    djangoSettings = rec {
+    djangoSettings = let
+      headerToDjangoHeader = v: "HTTP_" + (lib.toUpper ((lib.replaceStrings [ "-" ] [ "_" ] v)));
+    in rec {
       # setup site stuff
       SITE_URL = "https://${svc_domain}";
       CSRF_TRUSTED_ORIGINS = [ "https://${svc_domain}" ];
       ALLOWED_HOSTS = [ svc_domain ];
 
+      # proxy auth
+      AUTH_PROXY_HEADER = headerToDjangoHeader config.mine.shared.lib.authelia.protectedHeaders.username;
+      AUTH_PROXY_USER_EMAIL_HEADER = headerToDjangoHeader config.mine.shared.lib.authelia.protectedHeaders.email;
+      AUTH_PROXY_USER_NAME_HEADER = headerToDjangoHeader config.mine.shared.lib.authelia.protectedHeaders.name;
+      AUTH_PROXY_TRUSTED_IPS = [ "127.0.0.1" ];
+      AUTH_PROXY_CREATE_UNKNOWN_USER = true;
+
       # setup email
       EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend";
       EMAIL_HOST = config.mine.shared.settings.mail.domain_smtp;
@@ -42,6 +49,21 @@ in {
       EMAIL_HOST_PASSWORD = "file:${config.age.secrets.wger-ldap-pass.path}";
       EMAIL_FROM_ADDRESS = config.services.wger.wgerSettings.EMAIL_FROM;
       EMAIL_PAGE_DOMAIN = SITE_URL;
+
+      # LOGGING = {
+      #   version = 1;
+      #   disable_existing_loggers = false;
+      #   formatters.simple.format = "%(levelname)s %(asctime)s %(module)s %(message)s";
+      #   handlers.console = {
+      #     level = "DEBUG";
+      #     class = "logging.StreamHandler";
+      #     formatter = "simple";
+      #   };
+      #   loggers."" = {
+      #     handlers = ["console"];
+      #     level = "DEBUG";
+      #   };
+      # };
     };
   };
 

machines/gerd/services/wger/wgerpkg/default.nix

@@ -56,12 +56,20 @@ in buildPythonPackage rec {
   version = "2.3";
   pyproject = true;
 
+  # src = fetchFromGitHub {
+  #   owner = "wger-project";
+  #   repo = "wger";
+  #   rev = version;
+  #   hash = "sha256-riJyVl0/GwAGkcHVzkJc666owPk1E4ca8DV5qTjEbjk=";
+  # };
+  # TMP: until it's merged
   src = fetchFromGitHub {
-    owner = "wger-project";
+    owner = "eyJhb";
     repo = "wger";
-    rev = version;
+    rev = "proxyauthheaderv2";
-    hash = "sha256-riJyVl0/GwAGkcHVzkJc666owPk1E4ca8DV5qTjEbjk=";
+    hash = "sha256-9GMU7CSMKcgBFYrUh6m9LFiJQ7XLkhaJ8EPt+FSZFqY=";
   };
+  # src = /tmp/wger;
 
   build-system = [
     hatchling
@@ -71,15 +79,8 @@ in buildPythonPackage rec {
     ./patches/pyproject.patch
     ./patches/manage.patch
     ./patches/exercises-no-gifs.patch
-
-    # adds support for proxy auth header
-    (fetchpatch {
-      url = "https://github.com/wger-project/wger/pull/1859/commits/331b2d5d2d520411a7b75193823bbc175802e547.patch";
-      sha256 = "sha256-5OuuInEO8e7OuWaI311HeHp5Pl6bZmix6wLDn8bEgR4=";
-    })
   ];
 
-  # dependencies = with python3.pkgs; [
   propagatedBuildInputs = [
     bleach
     celery

machines/gerd/services/wger/wgerpkg/module.nix

@@ -220,7 +220,7 @@ in
   
         # run server
         # ${cfg.package}/bin/wger start -s ${settingsFile}
-        PYTHONPATH="${pythonEnv}/${pkgs.python3.sitePackages}:${settingsFileDir}" ${pythonEnv}/bin/gunicorn wger.wsgi:application --reload --bind ${cfg.address}:${builtins.toString cfg.port}
+        PYTHONPATH="${pythonEnv}/${pkgs.python3.sitePackages}:${settingsFileDir}" ${pythonEnv}/bin/gunicorn wger.wsgi:application --bind ${cfg.address}:${builtins.toString cfg.port}
       '';
   
       serviceConfig = {