diff --git a/machines/gerd.nix b/machines/gerd.nix index 00678c2..434eb25 100644 --- a/machines/gerd.nix +++ b/machines/gerd.nix @@ -62,7 +62,7 @@ platforms.hetzner = { enable = true; network.address = [ - "65.108.221.240" + "65.108.221.240/32" "2a01:4f9:c012:743e::1/64" ]; }; diff --git a/machines/gerd/services/wger/default.nix b/machines/gerd/services/wger/default.nix index 1f8b5e7..8187ba9 100644 --- a/machines/gerd/services/wger/default.nix +++ b/machines/gerd/services/wger/default.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, ... }: let svc_domain = "wger.${config.mine.shared.settings.domain}"; @@ -20,26 +20,19 @@ in { wgerSettings = { EMAIL_FROM = "wger Workout Manager "; + # use authelia for authentication (disable guest users + regisration) + AUTH_PROXY_HEADER = config.mine.shared.lib.authelia.protectedHeaders.username; ALLOW_GUEST_USERS = false; ALLOW_REGISTRATION = false; }; # django specific settings - djangoSettings = let - headerToDjangoHeader = v: "HTTP_" + (lib.toUpper ((lib.replaceStrings [ "-" ] [ "_" ] v))); - in rec { + djangoSettings = rec { # setup site stuff SITE_URL = "https://${svc_domain}"; CSRF_TRUSTED_ORIGINS = [ "https://${svc_domain}" ]; ALLOWED_HOSTS = [ svc_domain ]; - # proxy auth - AUTH_PROXY_HEADER = headerToDjangoHeader config.mine.shared.lib.authelia.protectedHeaders.username; - AUTH_PROXY_USER_EMAIL_HEADER = headerToDjangoHeader config.mine.shared.lib.authelia.protectedHeaders.email; - AUTH_PROXY_USER_NAME_HEADER = headerToDjangoHeader config.mine.shared.lib.authelia.protectedHeaders.name; - AUTH_PROXY_TRUSTED_IPS = [ "127.0.0.1" ]; - AUTH_PROXY_CREATE_UNKNOWN_USER = true; - # setup email EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"; EMAIL_HOST = config.mine.shared.settings.mail.domain_smtp; @@ -49,21 +42,6 @@ in { EMAIL_HOST_PASSWORD = "file:${config.age.secrets.wger-ldap-pass.path}"; EMAIL_FROM_ADDRESS = config.services.wger.wgerSettings.EMAIL_FROM; EMAIL_PAGE_DOMAIN = SITE_URL; - - # LOGGING = { - # version = 1; - # disable_existing_loggers = false; - # formatters.simple.format = "%(levelname)s %(asctime)s %(module)s %(message)s"; - # handlers.console = { - # level = "DEBUG"; - # class = "logging.StreamHandler"; - # formatter = "simple"; - # }; - # loggers."" = { - # handlers = ["console"]; - # level = "DEBUG"; - # }; - # }; }; }; diff --git a/machines/gerd/services/wger/wgerpkg/default.nix b/machines/gerd/services/wger/wgerpkg/default.nix index ab9652f..43ae1a1 100644 --- a/machines/gerd/services/wger/wgerpkg/default.nix +++ b/machines/gerd/services/wger/wgerpkg/default.nix @@ -1,104 +1,65 @@ { - lib -, python -, fetchFromGitHub -, buildPythonPackage -, callPackage -, writeText -, fetchpatch -# build systems -, hatchling -# deps -, bleach -, celery -, django-crispy-bootstrap5 -, django -, django-activity-stream ? callPackage ./django-activity-stream.nix {} -, django-axes -, django-compressor -, django-cors-headers -, django-crispy-forms -, django-email-verification ? callPackage ./django-email-verification.nix {} -, django-environ -, django-filter -, django-formtools -, django-prometheus -, django-recaptcha ? callPackage ./django-recaptcha.nix {} -, django-simple-history -, django-sortedm2m ? callPackage ./django-sortedm2m.nix {} -, django-storages -, djangorestframework -, djangorestframework-simplejwt -, drf-spectacular -, easy-thumbnails -, flower -, fontawesomefree -, icalendar -, invoke -, openfoodfacts ? callPackage ./openfoodfacts.nix {} -, pillow -, reportlab -, requests -, tqdm -, tzdata -# extra deps -, redis -, django-redis -, drf-spectacular-sidecar -, django-bootstrap-breadcrumbs ? callPackage ./django-bootstrap-breadcrumbs.nix {} -, psycopg2 + lib, + python3, + fetchFromGitHub, + callPackage, + writeText, + fetchpatch, }: let frontend = callPackage ./frontend.nix {}; -in buildPythonPackage rec { +in python3.pkgs.buildPythonPackage rec { pname = "wger"; version = "2.3"; pyproject = true; - # src = fetchFromGitHub { - # owner = "wger-project"; - # repo = "wger"; - # rev = version; - # hash = "sha256-riJyVl0/GwAGkcHVzkJc666owPk1E4ca8DV5qTjEbjk="; - # }; - # TMP: until it's merged src = fetchFromGitHub { - owner = "eyJhb"; + owner = "wger-project"; repo = "wger"; - rev = "proxyauthheaderv2"; - hash = "sha256-9GMU7CSMKcgBFYrUh6m9LFiJQ7XLkhaJ8EPt+FSZFqY="; + rev = version; + hash = "sha256-riJyVl0/GwAGkcHVzkJc666owPk1E4ca8DV5qTjEbjk="; }; - # src = /tmp/wger; build-system = [ - hatchling + python3.pkgs.hatchling ]; patches = [ ./patches/pyproject.patch ./patches/manage.patch ./patches/exercises-no-gifs.patch + + # adds support for proxy auth header + (fetchpatch { + url = "https://github.com/wger-project/wger/pull/1859/commits/331b2d5d2d520411a7b75193823bbc175802e547.patch"; + sha256 = "sha256-5OuuInEO8e7OuWaI311HeHp5Pl6bZmix6wLDn8bEgR4="; + }) ]; - propagatedBuildInputs = [ + # dependencies = with python3.pkgs; [ + propagatedBuildInputs = with python3.pkgs; [ bleach celery django-crispy-bootstrap5 django - django-activity-stream + # django-activity-stream + (python3.pkgs.callPackage ./django-activity-stream.nix {}) django-axes django-compressor django-cors-headers django-crispy-forms - django-email-verification + # django-email-verification + (python3.pkgs.callPackage ./django-email-verification.nix {}) django-environ django-filter django-formtools django-prometheus - django-recaptcha + # django-recaptcha + (python3.pkgs.callPackage ./django-recaptcha.nix {}) django-simple-history - django-sortedm2m + # django-sortedm2m + (python3.pkgs.callPackage ./django-sortedm2m.nix {}) django-storages djangorestframework djangorestframework-simplejwt @@ -108,7 +69,8 @@ in buildPythonPackage rec { fontawesomefree icalendar invoke - openfoodfacts + # openfoodfacts + (python3.pkgs.callPackage ./openfoodfacts.nix {}) pillow reportlab requests @@ -119,7 +81,7 @@ in buildPythonPackage rec { redis django-redis drf-spectacular-sidecar - django-bootstrap-breadcrumbs + (python3.pkgs.callPackage ./django-bootstrap-breadcrumbs.nix {}) psycopg2 ]; @@ -140,7 +102,7 @@ in buildPythonPackage rec { ''; in '' # copy over static yarn things - # cp -a ${frontend}/static/yarn $out/${python.sitePackages}/wger/core/static + # cp -a ${frontend}/static/yarn $out/${python3.sitePackages}/wger/core/static cp -a ${frontend}/static/yarn wger/core/static python3 -m wger create-settings -s $PWD/tmp_settings.py @@ -148,18 +110,18 @@ in buildPythonPackage rec { mkdir tmpstatic pushd tmpstatic - static=. WGER_SETTINGS=../tmp_settings.py python ../manage.py collectstatic --no-input - static=. WGER_SETTINGS=../tmp_settings.py python ../manage.py compress --force + static=. WGER_SETTINGS=../tmp_settings.py python3 ../manage.py collectstatic --no-input + static=. WGER_SETTINGS=../tmp_settings.py python3 ../manage.py compress --force popd ''; postInstall = '' - rm -rf $out/${python.sitePackages}/wger/core/static - cp -a tmpstatic $out/${python.sitePackages}/wger/core/static + rm -rf $out/${python3.sitePackages}/wger/core/static + cp -a tmpstatic $out/${python3.sitePackages}/wger/core/static mkdir $out/share - cp -a $out/${python.sitePackages}/wger/core/static $out/share + cp -a $out/${python3.sitePackages}/wger/core/static $out/share ''; pythonImportsCheck = [ diff --git a/machines/gerd/services/wger/wgerpkg/module.nix b/machines/gerd/services/wger/wgerpkg/module.nix index 819547d..d7bcd85 100644 --- a/machines/gerd/services/wger/wgerpkg/module.nix +++ b/machines/gerd/services/wger/wgerpkg/module.nix @@ -7,7 +7,7 @@ let defaultUser = "wger"; - wgerpkgs = pkgs.python3Packages.callPackage ./default.nix {}; + wgerpkgs = pkgs.callPackage ./default.nix {}; # generate settings files settingsFormat = pkgs.formats.json {}; @@ -210,7 +210,7 @@ in pythonEnv = pkgs.python3.withPackages (ps: with ps; [ gunicorn # TODO: fix this, it should work with cfg.package - (ps.callPackage ./default.nix {}) + (pkgs.python3Packages.callPackage ./default.nix {}) ]); in '' # initial setup @@ -220,7 +220,7 @@ in # run server # ${cfg.package}/bin/wger start -s ${settingsFile} - PYTHONPATH="${pythonEnv}/${pkgs.python3.sitePackages}:${settingsFileDir}" ${pythonEnv}/bin/gunicorn wger.wsgi:application --bind ${cfg.address}:${builtins.toString cfg.port} + PYTHONPATH="${pythonEnv}/${pkgs.python3.sitePackages}:${settingsFileDir}" ${pythonEnv}/bin/gunicorn wger.wsgi:application --reload --bind ${cfg.address}:${builtins.toString cfg.port} ''; serviceConfig = { diff --git a/shared/sources/sources.json b/shared/sources/sources.json index 7701c85..abdf907 100644 --- a/shared/sources/sources.json +++ b/shared/sources/sources.json @@ -17,10 +17,10 @@ "homepage": "", "owner": "nix-community", "repo": "disko", - "rev": "51d33bbb7f1e74ba5f9d9a77357735149da99081", - "sha256": "0fg2ym4kc1pcayfg4jka742512r8nackwl8w1syxvg82yasixnjc", + "rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940", + "sha256": "0rlzjdw5l0gcjmh34san0qb25a3xxfcwdh75ppr343nzfrj8zbsq", "type": "tarball", - "url": "https://github.com/nix-community/disko/archive/51d33bbb7f1e74ba5f9d9a77357735149da99081.tar.gz", + "url": "https://github.com/nix-community/disko/archive/19c1140419c4f1cdf88ad4c1cfb6605597628940.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "drasl": { @@ -60,10 +60,10 @@ "homepage": null, "owner": "NixOS", "repo": "nixpkgs", - "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", - "sha256": "09dahi81cn02gnzsc8a00n945dxc18656ar0ffx5vgxjj1nhgsvy", + "rev": "6313551cd05425cd5b3e63fe47dbc324eabb15e4", + "sha256": "0fxw15gia9cc72spsqf1870bggp8gx694cr2g8hspm3jbj87xr0g", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef.tar.gz", + "url": "https://github.com/NixOS/nixpkgs/archive/6313551cd05425cd5b3e63fe47dbc324eabb15e4.tar.gz", "url_template": "https://github.com///archive/.tar.gz" } }