From 6fedaed0f95e902b22bda5b35c607145d0e036f7 Mon Sep 17 00:00:00 2001 From: eyjhb Date: Sat, 19 Apr 2025 13:05:56 +0200 Subject: [PATCH 1/2] bumped sources - ssh boot - removed /32, otherwise we got error `can't parse IP address "xx.xx.xx.xx/32"` - wger - cleaned up, because of deprecated errors --- machines/gerd.nix | 2 +- .../gerd/services/wger/wgerpkg/default.nix | 89 +++++++++++++------ .../gerd/services/wger/wgerpkg/module.nix | 4 +- shared/sources/sources.json | 12 +-- 4 files changed, 72 insertions(+), 35 deletions(-) diff --git a/machines/gerd.nix b/machines/gerd.nix index 434eb25..00678c2 100644 --- a/machines/gerd.nix +++ b/machines/gerd.nix @@ -62,7 +62,7 @@ platforms.hetzner = { enable = true; network.address = [ - "65.108.221.240/32" + "65.108.221.240" "2a01:4f9:c012:743e::1/64" ]; }; diff --git a/machines/gerd/services/wger/wgerpkg/default.nix b/machines/gerd/services/wger/wgerpkg/default.nix index 43ae1a1..2b7dabe 100644 --- a/machines/gerd/services/wger/wgerpkg/default.nix +++ b/machines/gerd/services/wger/wgerpkg/default.nix @@ -1,15 +1,57 @@ { - lib, - python3, - fetchFromGitHub, - callPackage, - writeText, - fetchpatch, + lib +, python +, fetchFromGitHub +, buildPythonPackage +, callPackage +, writeText +, fetchpatch +# build systems +, hatchling +# deps +, bleach +, celery +, django-crispy-bootstrap5 +, django +, django-activity-stream ? callPackage ./django-activity-stream.nix {} +, django-axes +, django-compressor +, django-cors-headers +, django-crispy-forms +, django-email-verification ? callPackage ./django-email-verification.nix {} +, django-environ +, django-filter +, django-formtools +, django-prometheus +, django-recaptcha ? callPackage ./django-recaptcha.nix {} +, django-simple-history +, django-sortedm2m ? callPackage ./django-sortedm2m.nix {} +, django-storages +, djangorestframework +, djangorestframework-simplejwt +, drf-spectacular +, easy-thumbnails +, flower +, fontawesomefree +, icalendar +, invoke +, openfoodfacts ? callPackage ./openfoodfacts.nix {} +, pillow +, reportlab +, requests +, tqdm +, tzdata +# extra deps +, redis +, django-redis +, drf-spectacular-sidecar +, django-bootstrap-breadcrumbs ? callPackage ./django-bootstrap-breadcrumbs.nix {} +, psycopg2 }: let frontend = callPackage ./frontend.nix {}; -in python3.pkgs.buildPythonPackage rec { +in buildPythonPackage rec { pname = "wger"; version = "2.3"; pyproject = true; @@ -22,7 +64,7 @@ in python3.pkgs.buildPythonPackage rec { }; build-system = [ - python3.pkgs.hatchling + hatchling ]; patches = [ @@ -38,28 +80,24 @@ in python3.pkgs.buildPythonPackage rec { ]; # dependencies = with python3.pkgs; [ - propagatedBuildInputs = with python3.pkgs; [ + propagatedBuildInputs = [ bleach celery django-crispy-bootstrap5 django - # django-activity-stream - (python3.pkgs.callPackage ./django-activity-stream.nix {}) + django-activity-stream django-axes django-compressor django-cors-headers django-crispy-forms - # django-email-verification - (python3.pkgs.callPackage ./django-email-verification.nix {}) + django-email-verification django-environ django-filter django-formtools django-prometheus - # django-recaptcha - (python3.pkgs.callPackage ./django-recaptcha.nix {}) + django-recaptcha django-simple-history - # django-sortedm2m - (python3.pkgs.callPackage ./django-sortedm2m.nix {}) + django-sortedm2m django-storages djangorestframework djangorestframework-simplejwt @@ -69,8 +107,7 @@ in python3.pkgs.buildPythonPackage rec { fontawesomefree icalendar invoke - # openfoodfacts - (python3.pkgs.callPackage ./openfoodfacts.nix {}) + openfoodfacts pillow reportlab requests @@ -81,7 +118,7 @@ in python3.pkgs.buildPythonPackage rec { redis django-redis drf-spectacular-sidecar - (python3.pkgs.callPackage ./django-bootstrap-breadcrumbs.nix {}) + django-bootstrap-breadcrumbs psycopg2 ]; @@ -102,7 +139,7 @@ in python3.pkgs.buildPythonPackage rec { ''; in '' # copy over static yarn things - # cp -a ${frontend}/static/yarn $out/${python3.sitePackages}/wger/core/static + # cp -a ${frontend}/static/yarn $out/${python.sitePackages}/wger/core/static cp -a ${frontend}/static/yarn wger/core/static python3 -m wger create-settings -s $PWD/tmp_settings.py @@ -110,18 +147,18 @@ in python3.pkgs.buildPythonPackage rec { mkdir tmpstatic pushd tmpstatic - static=. WGER_SETTINGS=../tmp_settings.py python3 ../manage.py collectstatic --no-input - static=. WGER_SETTINGS=../tmp_settings.py python3 ../manage.py compress --force + static=. WGER_SETTINGS=../tmp_settings.py python ../manage.py collectstatic --no-input + static=. WGER_SETTINGS=../tmp_settings.py python ../manage.py compress --force popd ''; postInstall = '' - rm -rf $out/${python3.sitePackages}/wger/core/static - cp -a tmpstatic $out/${python3.sitePackages}/wger/core/static + rm -rf $out/${python.sitePackages}/wger/core/static + cp -a tmpstatic $out/${python.sitePackages}/wger/core/static mkdir $out/share - cp -a $out/${python3.sitePackages}/wger/core/static $out/share + cp -a $out/${python.sitePackages}/wger/core/static $out/share ''; pythonImportsCheck = [ diff --git a/machines/gerd/services/wger/wgerpkg/module.nix b/machines/gerd/services/wger/wgerpkg/module.nix index d7bcd85..c0c418e 100644 --- a/machines/gerd/services/wger/wgerpkg/module.nix +++ b/machines/gerd/services/wger/wgerpkg/module.nix @@ -7,7 +7,7 @@ let defaultUser = "wger"; - wgerpkgs = pkgs.callPackage ./default.nix {}; + wgerpkgs = pkgs.python3Packages.callPackage ./default.nix {}; # generate settings files settingsFormat = pkgs.formats.json {}; @@ -210,7 +210,7 @@ in pythonEnv = pkgs.python3.withPackages (ps: with ps; [ gunicorn # TODO: fix this, it should work with cfg.package - (pkgs.python3Packages.callPackage ./default.nix {}) + (ps.callPackage ./default.nix {}) ]); in '' # initial setup diff --git a/shared/sources/sources.json b/shared/sources/sources.json index abdf907..7701c85 100644 --- a/shared/sources/sources.json +++ b/shared/sources/sources.json @@ -17,10 +17,10 @@ "homepage": "", "owner": "nix-community", "repo": "disko", - "rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940", - "sha256": "0rlzjdw5l0gcjmh34san0qb25a3xxfcwdh75ppr343nzfrj8zbsq", + "rev": "51d33bbb7f1e74ba5f9d9a77357735149da99081", + "sha256": "0fg2ym4kc1pcayfg4jka742512r8nackwl8w1syxvg82yasixnjc", "type": "tarball", - "url": "https://github.com/nix-community/disko/archive/19c1140419c4f1cdf88ad4c1cfb6605597628940.tar.gz", + "url": "https://github.com/nix-community/disko/archive/51d33bbb7f1e74ba5f9d9a77357735149da99081.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "drasl": { @@ -60,10 +60,10 @@ "homepage": null, "owner": "NixOS", "repo": "nixpkgs", - "rev": "6313551cd05425cd5b3e63fe47dbc324eabb15e4", - "sha256": "0fxw15gia9cc72spsqf1870bggp8gx694cr2g8hspm3jbj87xr0g", + "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", + "sha256": "09dahi81cn02gnzsc8a00n945dxc18656ar0ffx5vgxjj1nhgsvy", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/6313551cd05425cd5b3e63fe47dbc324eabb15e4.tar.gz", + "url": "https://github.com/NixOS/nixpkgs/archive/b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef.tar.gz", "url_template": "https://github.com///archive/.tar.gz" } } From 076d676c414799c1e93dab5435491270c52f7b98 Mon Sep 17 00:00:00 2001 From: eyjhb Date: Sat, 19 Apr 2025 15:14:01 +0200 Subject: [PATCH 2/2] wger: updated auth proxy header branch --- machines/gerd/services/wger/default.nix | 30 ++++++++++++++++--- .../gerd/services/wger/wgerpkg/default.nix | 21 ++++++------- .../gerd/services/wger/wgerpkg/module.nix | 2 +- 3 files changed, 38 insertions(+), 15 deletions(-) diff --git a/machines/gerd/services/wger/default.nix b/machines/gerd/services/wger/default.nix index 8187ba9..1f8b5e7 100644 --- a/machines/gerd/services/wger/default.nix +++ b/machines/gerd/services/wger/default.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, lib, ... }: let svc_domain = "wger.${config.mine.shared.settings.domain}"; @@ -20,19 +20,26 @@ in { wgerSettings = { EMAIL_FROM = "wger Workout Manager "; - # use authelia for authentication (disable guest users + regisration) - AUTH_PROXY_HEADER = config.mine.shared.lib.authelia.protectedHeaders.username; ALLOW_GUEST_USERS = false; ALLOW_REGISTRATION = false; }; # django specific settings - djangoSettings = rec { + djangoSettings = let + headerToDjangoHeader = v: "HTTP_" + (lib.toUpper ((lib.replaceStrings [ "-" ] [ "_" ] v))); + in rec { # setup site stuff SITE_URL = "https://${svc_domain}"; CSRF_TRUSTED_ORIGINS = [ "https://${svc_domain}" ]; ALLOWED_HOSTS = [ svc_domain ]; + # proxy auth + AUTH_PROXY_HEADER = headerToDjangoHeader config.mine.shared.lib.authelia.protectedHeaders.username; + AUTH_PROXY_USER_EMAIL_HEADER = headerToDjangoHeader config.mine.shared.lib.authelia.protectedHeaders.email; + AUTH_PROXY_USER_NAME_HEADER = headerToDjangoHeader config.mine.shared.lib.authelia.protectedHeaders.name; + AUTH_PROXY_TRUSTED_IPS = [ "127.0.0.1" ]; + AUTH_PROXY_CREATE_UNKNOWN_USER = true; + # setup email EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"; EMAIL_HOST = config.mine.shared.settings.mail.domain_smtp; @@ -42,6 +49,21 @@ in { EMAIL_HOST_PASSWORD = "file:${config.age.secrets.wger-ldap-pass.path}"; EMAIL_FROM_ADDRESS = config.services.wger.wgerSettings.EMAIL_FROM; EMAIL_PAGE_DOMAIN = SITE_URL; + + # LOGGING = { + # version = 1; + # disable_existing_loggers = false; + # formatters.simple.format = "%(levelname)s %(asctime)s %(module)s %(message)s"; + # handlers.console = { + # level = "DEBUG"; + # class = "logging.StreamHandler"; + # formatter = "simple"; + # }; + # loggers."" = { + # handlers = ["console"]; + # level = "DEBUG"; + # }; + # }; }; }; diff --git a/machines/gerd/services/wger/wgerpkg/default.nix b/machines/gerd/services/wger/wgerpkg/default.nix index 2b7dabe..ab9652f 100644 --- a/machines/gerd/services/wger/wgerpkg/default.nix +++ b/machines/gerd/services/wger/wgerpkg/default.nix @@ -56,12 +56,20 @@ in buildPythonPackage rec { version = "2.3"; pyproject = true; + # src = fetchFromGitHub { + # owner = "wger-project"; + # repo = "wger"; + # rev = version; + # hash = "sha256-riJyVl0/GwAGkcHVzkJc666owPk1E4ca8DV5qTjEbjk="; + # }; + # TMP: until it's merged src = fetchFromGitHub { - owner = "wger-project"; + owner = "eyJhb"; repo = "wger"; - rev = version; - hash = "sha256-riJyVl0/GwAGkcHVzkJc666owPk1E4ca8DV5qTjEbjk="; + rev = "proxyauthheaderv2"; + hash = "sha256-9GMU7CSMKcgBFYrUh6m9LFiJQ7XLkhaJ8EPt+FSZFqY="; }; + # src = /tmp/wger; build-system = [ hatchling @@ -71,15 +79,8 @@ in buildPythonPackage rec { ./patches/pyproject.patch ./patches/manage.patch ./patches/exercises-no-gifs.patch - - # adds support for proxy auth header - (fetchpatch { - url = "https://github.com/wger-project/wger/pull/1859/commits/331b2d5d2d520411a7b75193823bbc175802e547.patch"; - sha256 = "sha256-5OuuInEO8e7OuWaI311HeHp5Pl6bZmix6wLDn8bEgR4="; - }) ]; - # dependencies = with python3.pkgs; [ propagatedBuildInputs = [ bleach celery diff --git a/machines/gerd/services/wger/wgerpkg/module.nix b/machines/gerd/services/wger/wgerpkg/module.nix index c0c418e..819547d 100644 --- a/machines/gerd/services/wger/wgerpkg/module.nix +++ b/machines/gerd/services/wger/wgerpkg/module.nix @@ -220,7 +220,7 @@ in # run server # ${cfg.package}/bin/wger start -s ${settingsFile} - PYTHONPATH="${pythonEnv}/${pkgs.python3.sitePackages}:${settingsFileDir}" ${pythonEnv}/bin/gunicorn wger.wsgi:application --reload --bind ${cfg.address}:${builtins.toString cfg.port} + PYTHONPATH="${pythonEnv}/${pkgs.python3.sitePackages}:${settingsFileDir}" ${pythonEnv}/bin/gunicorn wger.wsgi:application --bind ${cfg.address}:${builtins.toString cfg.port} ''; serviceConfig = {