fricloud/server-configs
2
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: fricloud:c1772d69fc6349ee7ee19d0e0c465335554180dc
Branches Tags
fricloud:main
fricloud:rememberme
fricloud:proxy_images
fricloud:element
...
compare: fricloud:076d676c414799c1e93dab5435491270c52f7b98
Branches Tags
fricloud:main
fricloud:rememberme
fricloud:proxy_images
fricloud:element

2 commits
c1772d69fc ... 076d676c41

Author SHA1 Message Date
eyjhb
076d676c41
wger: updated auth proxy header branch 2025-04-19 15:14:01 +02:00
eyjhb
6fedaed0f9
bumped sources 
- ssh boot - removed /32, otherwise we got error
  `can't parse IP address "xx.xx.xx.xx/32"`
- wger - cleaned up, because of deprecated errors
 2025-04-19 13:05:56 +02:00
5 changed files with 110 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

2
machines/gerd.nix
View file

@ -62,7 +62,7 @@
platforms.hetzner = { platforms.hetzner = {
enable = true; enable = true;
network.address = [ network.address = [
"65.108.221.240/32" "65.108.221.240"
"2a01:4f9:c012:743e::1/64" "2a01:4f9:c012:743e::1/64"
]; ];
}; };

30
machines/gerd/services/wger/default.nix
View file

@ -1,4 +1,4 @@
{ config, ... }: { config, lib, ... }:
let let
svc_domain = "wger.${config.mine.shared.settings.domain}"; svc_domain = "wger.${config.mine.shared.settings.domain}";
@ -20,19 +20,26 @@ in {
wgerSettings = { wgerSettings = {
EMAIL_FROM = "wger Workout Manager <wger@${config.mine.shared.settings.domain}>"; EMAIL_FROM = "wger Workout Manager <wger@${config.mine.shared.settings.domain}>";
# use authelia for authentication (disable guest users + regisration)
AUTH_PROXY_HEADER = config.mine.shared.lib.authelia.protectedHeaders.username;
ALLOW_GUEST_USERS = false; ALLOW_GUEST_USERS = false;
ALLOW_REGISTRATION = false; ALLOW_REGISTRATION = false;
}; };
# django specific settings # django specific settings
djangoSettings = rec { djangoSettings = let
headerToDjangoHeader = v: "HTTP_" + (lib.toUpper ((lib.replaceStrings [ "-" ] [ "_" ] v)));
in rec {
# setup site stuff # setup site stuff
SITE_URL = "https://${svc_domain}"; SITE_URL = "https://${svc_domain}";
CSRF_TRUSTED_ORIGINS = [ "https://${svc_domain}" ]; CSRF_TRUSTED_ORIGINS = [ "https://${svc_domain}" ];
ALLOWED_HOSTS = [ svc_domain ]; ALLOWED_HOSTS = [ svc_domain ];
# proxy auth
AUTH_PROXY_HEADER = headerToDjangoHeader config.mine.shared.lib.authelia.protectedHeaders.username;
AUTH_PROXY_USER_EMAIL_HEADER = headerToDjangoHeader config.mine.shared.lib.authelia.protectedHeaders.email;
AUTH_PROXY_USER_NAME_HEADER = headerToDjangoHeader config.mine.shared.lib.authelia.protectedHeaders.name;
AUTH_PROXY_TRUSTED_IPS = [ "127.0.0.1" ];
AUTH_PROXY_CREATE_UNKNOWN_USER = true;
# setup email # setup email
EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"; EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend";
EMAIL_HOST = config.mine.shared.settings.mail.domain_smtp; EMAIL_HOST = config.mine.shared.settings.mail.domain_smtp;
@ -42,6 +49,21 @@ in {
EMAIL_HOST_PASSWORD = "file:${config.age.secrets.wger-ldap-pass.path}"; EMAIL_HOST_PASSWORD = "file:${config.age.secrets.wger-ldap-pass.path}";
EMAIL_FROM_ADDRESS = config.services.wger.wgerSettings.EMAIL_FROM; EMAIL_FROM_ADDRESS = config.services.wger.wgerSettings.EMAIL_FROM;
EMAIL_PAGE_DOMAIN = SITE_URL; EMAIL_PAGE_DOMAIN = SITE_URL;
# LOGGING = {
# version = 1;
# disable_existing_loggers = false;
# formatters.simple.format = "%(levelname)s %(asctime)s %(module)s %(message)s";
# handlers.console = {
# level = "DEBUG";
# class = "logging.StreamHandler";
# formatter = "simple";
# };
# loggers."" = {
# handlers = ["console"];
# level = "DEBUG";
# };
# };
}; };
}; };

110
machines/gerd/services/wger/wgerpkg/default.nix
View file

@ -1,65 +1,104 @@
{ {
lib, lib
python3, , python
fetchFromGitHub, , fetchFromGitHub
callPackage, , buildPythonPackage
writeText, , callPackage
fetchpatch, , writeText
, fetchpatch
# build systems
, hatchling
# deps
, bleach
, celery
, django-crispy-bootstrap5
, django
, django-activity-stream ? callPackage ./django-activity-stream.nix {}
, django-axes
, django-compressor
, django-cors-headers
, django-crispy-forms
, django-email-verification ? callPackage ./django-email-verification.nix {}
, django-environ
, django-filter
, django-formtools
, django-prometheus
, django-recaptcha ? callPackage ./django-recaptcha.nix {}
, django-simple-history
, django-sortedm2m ? callPackage ./django-sortedm2m.nix {}
, django-storages
, djangorestframework
, djangorestframework-simplejwt
, drf-spectacular
, easy-thumbnails
, flower
, fontawesomefree
, icalendar
, invoke
, openfoodfacts ? callPackage ./openfoodfacts.nix {}
, pillow
, reportlab
, requests
, tqdm
, tzdata
# extra deps
, redis
, django-redis
, drf-spectacular-sidecar
, django-bootstrap-breadcrumbs ? callPackage ./django-bootstrap-breadcrumbs.nix {}
, psycopg2
}: }:
let let
frontend = callPackage ./frontend.nix {}; frontend = callPackage ./frontend.nix {};
in python3.pkgs.buildPythonPackage rec { in buildPythonPackage rec {
pname = "wger"; pname = "wger";
version = "2.3"; version = "2.3";
pyproject = true; pyproject = true;
# src = fetchFromGitHub {
# owner = "wger-project";
# repo = "wger";
# rev = version;
# hash = "sha256-riJyVl0/GwAGkcHVzkJc666owPk1E4ca8DV5qTjEbjk=";
# };
# TMP: until it's merged
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "wger-project"; owner = "eyJhb";
repo = "wger"; repo = "wger";
rev = version; rev = "proxyauthheaderv2";
hash = "sha256-riJyVl0/GwAGkcHVzkJc666owPk1E4ca8DV5qTjEbjk="; hash = "sha256-9GMU7CSMKcgBFYrUh6m9LFiJQ7XLkhaJ8EPt+FSZFqY=";
}; };
# src = /tmp/wger;
build-system = [ build-system = [
python3.pkgs.hatchling hatchling
]; ];
patches = [ patches = [
./patches/pyproject.patch ./patches/pyproject.patch
./patches/manage.patch ./patches/manage.patch
./patches/exercises-no-gifs.patch ./patches/exercises-no-gifs.patch
# adds support for proxy auth header
(fetchpatch {
url = "https://github.com/wger-project/wger/pull/1859/commits/331b2d5d2d520411a7b75193823bbc175802e547.patch";
sha256 = "sha256-5OuuInEO8e7OuWaI311HeHp5Pl6bZmix6wLDn8bEgR4=";
})
]; ];
# dependencies = with python3.pkgs; [ propagatedBuildInputs = [
propagatedBuildInputs = with python3.pkgs; [
bleach bleach
celery celery
django-crispy-bootstrap5 django-crispy-bootstrap5
django django
# django-activity-stream django-activity-stream
(python3.pkgs.callPackage ./django-activity-stream.nix {})
django-axes django-axes
django-compressor django-compressor
django-cors-headers django-cors-headers
django-crispy-forms django-crispy-forms
# django-email-verification django-email-verification
(python3.pkgs.callPackage ./django-email-verification.nix {})
django-environ django-environ
django-filter django-filter
django-formtools django-formtools
django-prometheus django-prometheus
# django-recaptcha django-recaptcha
(python3.pkgs.callPackage ./django-recaptcha.nix {})
django-simple-history django-simple-history
# django-sortedm2m django-sortedm2m
(python3.pkgs.callPackage ./django-sortedm2m.nix {})
django-storages django-storages
djangorestframework djangorestframework
djangorestframework-simplejwt djangorestframework-simplejwt
@ -69,8 +108,7 @@ in python3.pkgs.buildPythonPackage rec {
fontawesomefree fontawesomefree
icalendar icalendar
invoke invoke
# openfoodfacts openfoodfacts
(python3.pkgs.callPackage ./openfoodfacts.nix {})
pillow pillow
reportlab reportlab
requests requests
@ -81,7 +119,7 @@ in python3.pkgs.buildPythonPackage rec {
redis redis
django-redis django-redis
drf-spectacular-sidecar drf-spectacular-sidecar
(python3.pkgs.callPackage ./django-bootstrap-breadcrumbs.nix {}) django-bootstrap-breadcrumbs
psycopg2 psycopg2
]; ];
@ -102,7 +140,7 @@ in python3.pkgs.buildPythonPackage rec {
''; '';
in '' in ''
# copy over static yarn things # copy over static yarn things
# cp -a ${frontend}/static/yarn $out/${python3.sitePackages}/wger/core/static # cp -a ${frontend}/static/yarn $out/${python.sitePackages}/wger/core/static
cp -a ${frontend}/static/yarn wger/core/static cp -a ${frontend}/static/yarn wger/core/static
python3 -m wger create-settings -s $PWD/tmp_settings.py python3 -m wger create-settings -s $PWD/tmp_settings.py
@ -110,18 +148,18 @@ in python3.pkgs.buildPythonPackage rec {
mkdir tmpstatic mkdir tmpstatic
pushd tmpstatic pushd tmpstatic
static=. WGER_SETTINGS=../tmp_settings.py python3 ../manage.py collectstatic --no-input static=. WGER_SETTINGS=../tmp_settings.py python ../manage.py collectstatic --no-input
static=. WGER_SETTINGS=../tmp_settings.py python3 ../manage.py compress --force static=. WGER_SETTINGS=../tmp_settings.py python ../manage.py compress --force
popd popd
''; '';
postInstall = '' postInstall = ''
rm -rf $out/${python3.sitePackages}/wger/core/static rm -rf $out/${python.sitePackages}/wger/core/static
cp -a tmpstatic $out/${python3.sitePackages}/wger/core/static cp -a tmpstatic $out/${python.sitePackages}/wger/core/static
mkdir $out/share mkdir $out/share
cp -a $out/${python3.sitePackages}/wger/core/static $out/share cp -a $out/${python.sitePackages}/wger/core/static $out/share
''; '';
pythonImportsCheck = [ pythonImportsCheck = [

6
machines/gerd/services/wger/wgerpkg/module.nix
View file

@ -7,7 +7,7 @@ let
defaultUser = "wger"; defaultUser = "wger";
wgerpkgs = pkgs.callPackage ./default.nix {}; wgerpkgs = pkgs.python3Packages.callPackage ./default.nix {};
# generate settings files # generate settings files
settingsFormat = pkgs.formats.json {}; settingsFormat = pkgs.formats.json {};
@ -210,7 +210,7 @@ in
pythonEnv = pkgs.python3.withPackages (ps: with ps; [ pythonEnv = pkgs.python3.withPackages (ps: with ps; [
gunicorn gunicorn
# TODO: fix this, it should work with cfg.package # TODO: fix this, it should work with cfg.package
(pkgs.python3Packages.callPackage ./default.nix {}) (ps.callPackage ./default.nix {})
]); ]);
in '' in ''
# initial setup # initial setup
@ -220,7 +220,7 @@ in
# run server # run server
# ${cfg.package}/bin/wger start -s ${settingsFile} # ${cfg.package}/bin/wger start -s ${settingsFile}
PYTHONPATH="${pythonEnv}/${pkgs.python3.sitePackages}:${settingsFileDir}" ${pythonEnv}/bin/gunicorn wger.wsgi:application --reload --bind ${cfg.address}:${builtins.toString cfg.port} PYTHONPATH="${pythonEnv}/${pkgs.python3.sitePackages}:${settingsFileDir}" ${pythonEnv}/bin/gunicorn wger.wsgi:application --bind ${cfg.address}:${builtins.toString cfg.port}
''; '';
serviceConfig = { serviceConfig = {

12
shared/sources/sources.json
View file

@ -17,10 +17,10 @@
"homepage": "", "homepage": "",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940", "rev": "51d33bbb7f1e74ba5f9d9a77357735149da99081",
"sha256": "0rlzjdw5l0gcjmh34san0qb25a3xxfcwdh75ppr343nzfrj8zbsq", "sha256": "0fg2ym4kc1pcayfg4jka742512r8nackwl8w1syxvg82yasixnjc",
"type": "tarball", "type": "tarball",
"url": "https://github.com/nix-community/disko/archive/19c1140419c4f1cdf88ad4c1cfb6605597628940.tar.gz", "url": "https://github.com/nix-community/disko/archive/51d33bbb7f1e74ba5f9d9a77357735149da99081.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"drasl": { "drasl": {
@ -60,10 +60,10 @@
"homepage": null, "homepage": null,
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6313551cd05425cd5b3e63fe47dbc324eabb15e4", "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef",
"sha256": "0fxw15gia9cc72spsqf1870bggp8gx694cr2g8hspm3jbj87xr0g", "sha256": "09dahi81cn02gnzsc8a00n945dxc18656ar0ffx5vgxjj1nhgsvy",
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/6313551cd05425cd5b3e63fe47dbc324eabb15e4.tar.gz", "url": "https://github.com/NixOS/nixpkgs/archive/b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
} }
} }