mirror of
https://gitlab.crans.org/bde/nk20
synced 2025-07-22 00:49:11 +02:00
Compare commits
6 Commits
196ac12c62
...
f6b679c44b
| Author | SHA1 | Date | |
|---|---|---|---|
| f6b679c44b | |||
| 1567bc6ce5 | |||
| c411197af3 | |||
| cdc6f0a3f8 | |||
| dde1baa25c | |||
| 7a7ee47e0b |
@ -21,3 +21,6 @@ EMAIL_PASSWORD=CHANGE_ME
|
|||||||
# Wiki configuration
|
# Wiki configuration
|
||||||
WIKI_USER=NoteKfet2020
|
WIKI_USER=NoteKfet2020
|
||||||
WIKI_PASSWORD=
|
WIKI_PASSWORD=
|
||||||
|
|
||||||
|
# OIDC
|
||||||
|
OIDC_RSA_PRIVATE_KEY=CHANGE_ME
|
||||||
|
|||||||
1
.gitignore
vendored
1
.gitignore
vendored
@ -48,7 +48,6 @@ backups/
|
|||||||
env/
|
env/
|
||||||
venv/
|
venv/
|
||||||
db.sqlite3
|
db.sqlite3
|
||||||
shell.nix
|
|
||||||
|
|
||||||
# ansibles customs host
|
# ansibles customs host
|
||||||
ansible/host_vars/*.yaml
|
ansible/host_vars/*.yaml
|
||||||
|
|||||||
@ -61,8 +61,8 @@ Bien que cela permette de créer une instance sur toutes les distributions,
|
|||||||
6. (Optionnel) **Création d'une clé privée OpenID Connect**
|
6. (Optionnel) **Création d'une clé privée OpenID Connect**
|
||||||
|
|
||||||
Pour activer le support d'OpenID Connect, il faut générer une clé privée, par
|
Pour activer le support d'OpenID Connect, il faut générer une clé privée, par
|
||||||
exemple avec openssl (`openssl genrsa -out oidc.key 4096`), et renseigner son
|
exemple avec openssl (`openssl genrsa -out oidc.key 4096`), et copier la clé dans .env dans le champ
|
||||||
emplacement dans `OIDC_RSA_PRIVATE_KEY` (par défaut `/var/secrets/oidc.key`).
|
`OIDC_RSA_PRIVATE_KEY`.
|
||||||
|
|
||||||
7. Enjoy :
|
7. Enjoy :
|
||||||
|
|
||||||
@ -237,8 +237,8 @@ Sinon vous pouvez suivre les étapes décrites ci-dessous.
|
|||||||
7. **Création d'une clé privée OpenID Connect**
|
7. **Création d'une clé privée OpenID Connect**
|
||||||
|
|
||||||
Pour activer le support d'OpenID Connect, il faut générer une clé privée, par
|
Pour activer le support d'OpenID Connect, il faut générer une clé privée, par
|
||||||
exemple avec openssl (`openssl genrsa -out oidc.key 4096`), et renseigner son
|
exemple avec openssl (`openssl genrsa -out oidc.key 4096`), et renseigner le champ
|
||||||
emplacement dans `OIDC_RSA_PRIVATE_KEY` (par défaut `/var/secrets/oidc.key`).
|
`OIDC_RSA_PRIVATE_KEY` dans le .env (par défaut `/var/secrets/oidc.key`).
|
||||||
|
|
||||||
8. *Enjoy \o/*
|
8. *Enjoy \o/*
|
||||||
|
|
||||||
|
|||||||
@ -270,7 +270,7 @@ OAUTH2_PROVIDER = {
|
|||||||
'PKCE_REQUIRED': False, # PKCE (fix a breaking change of django-oauth-toolkit 2.0.0)
|
'PKCE_REQUIRED': False, # PKCE (fix a breaking change of django-oauth-toolkit 2.0.0)
|
||||||
'OIDC_ENABLED': True,
|
'OIDC_ENABLED': True,
|
||||||
'OIDC_RSA_PRIVATE_KEY':
|
'OIDC_RSA_PRIVATE_KEY':
|
||||||
os.getenv('OIDC_RSA_PRIVATE_KEY', '/var/secrets/oidc.key'),
|
os.getenv('OIDC_RSA_PRIVATE_KEY', 'CHANGE_ME_IN_ENV_SETTINGS').replace('\\n', '\n'), # for multilines
|
||||||
'SCOPES': { 'openid': "OpenID Connect scope" },
|
'SCOPES': { 'openid': "OpenID Connect scope" },
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
34
shell-static.nix
Executable file
34
shell-static.nix
Executable file
@ -0,0 +1,34 @@
|
|||||||
|
# This is a workaround meant for use with the nix package manager. If you don't know what it is or don't use it, please ignore this file.
|
||||||
|
#
|
||||||
|
# The nk20 javascript static location are hardcoded for imperative system.
|
||||||
|
# This make ./manage.py collectstatic hard to use with nixos.
|
||||||
|
#
|
||||||
|
# A workaround is to enter a FHSUserEnv with the static placed under /share/javascript/<static>.
|
||||||
|
# This emulate a debian like system and enable collecting static normally with ./manage.py collectstatics.
|
||||||
|
# The regular shell.nix should be enough for other configurations.
|
||||||
|
#
|
||||||
|
# Warning, you are still supposed to use pip package with a venv !
|
||||||
|
{ pkgs ? import <nixpkgs> {} }:
|
||||||
|
(pkgs.buildFHSUserEnv {
|
||||||
|
name = "pipzone";
|
||||||
|
targetPkgs = pkgs: (with pkgs;
|
||||||
|
let
|
||||||
|
fhs-static = stdenv.mkDerivation {
|
||||||
|
name = "fhs-static";
|
||||||
|
buildCommand = ''
|
||||||
|
mkdir -p $out/share/javascript/bootstrap4
|
||||||
|
mkdir -p $out/share/javascript/jquery
|
||||||
|
ln -s ${python39Packages.xstatic-bootstrap}/lib/python3.9/site-packages/xstatic/pkg/bootstrap/data/* $out/share/javascript/bootstrap4
|
||||||
|
ln -s ${python39Packages.xstatic-jquery}/lib/python3.9/site-packages/xstatic/pkg/jquery/data/* $out/share/javascript/jquery
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
in [
|
||||||
|
fhs-static
|
||||||
|
python39
|
||||||
|
gettext
|
||||||
|
python39Packages.pip
|
||||||
|
python39Packages.virtualenv
|
||||||
|
python39Packages.setuptools
|
||||||
|
]);
|
||||||
|
runScript = "bash";
|
||||||
|
}).env
|
||||||
23
shell.nix
Executable file
23
shell.nix
Executable file
@ -0,0 +1,23 @@
|
|||||||
|
# This is meant for use with the nix package manager. If you don't know what it is or don't use it, please ignore this file.
|
||||||
|
#
|
||||||
|
# This shell.nix contains all dependencies require to create a venv and pip install -r requirements.txt.
|
||||||
|
#
|
||||||
|
# Please check shell-static.nix for running ./manage.py collectstatics.
|
||||||
|
{ pkgs ? import <nixpkgs> {} }:
|
||||||
|
pkgs.mkShell {
|
||||||
|
buildInputs = with pkgs; [
|
||||||
|
python39
|
||||||
|
python39Packages.pip
|
||||||
|
python39Packages.setuptools
|
||||||
|
gettext
|
||||||
|
|
||||||
|
];
|
||||||
|
shellHook = ''
|
||||||
|
# Tells pip to put packages into $PIP_PREFIX instead of the usual locations.
|
||||||
|
# See https://pip.pypa.io/en/stable/user_guide/#environment-variables.
|
||||||
|
export PIP_PREFIX=$(pwd)/_build/pip_packages
|
||||||
|
export PYTHONPATH="$PIP_PREFIX/${pkgs.python39.sitePackages}:$PYTHONPATH"
|
||||||
|
export PATH="$PIP_PREFIX/bin:$PATH"
|
||||||
|
unset SOURCE_DATE_EPOCH
|
||||||
|
'';
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user