diff --git a/flake.lock b/flake.lock index 1faf3b7e87fde6d9ff02fddb0feba8c3f634460a..77321069de8933a2c744a5c58b47eb21088b7eab 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ { "nodes": { "nixpkgs": { "locked": { - "lastModified": 1758446476, - "narHash": "sha256-5rdAi7CTvM/kSs6fHe1bREIva5W3TbImsto+dxG4mBo=", + "lastModified": 1757746433, + "narHash": "sha256-fEvTiU4s9lWgW7mYEU/1QUPirgkn+odUBTaindgiziY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a1f79a1770d05af18111fbbe2a3ab2c42c0f6cd0", + "rev": "6d7ec06d6868ac6d94c371458fc2391ded9ff13d", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index e51eb08156e5f0aecd982b3d7487a867f267d159..6cef4dfe06a2a10af296eb83f17114f6b7239e12 100644 --- a/flake.nix +++ b/flake.nix @@ -14,7 +14,6 @@ ]; forAllSystems = f: nixpkgs.lib.genAttrs systems f; in { - packages = forAllSystems (system: import ./nix { pkgs = import nixpkgs { inherit system; }; }); devShells = forAllSystems ( system: let @@ -35,44 +34,6 @@ python-lsp-ruff pylsp-rope ]) ]; - }; - } - ); - nixosModules.default = import ./nix/module.nix; - nixosConfigurations.vm = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ./nix/vm.nix - { - virtualisation.vmVariant.virtualisation = { - cores = 2; - memorySize = 2048; - graphics = false; - forwardPorts = [ - { - from = "host"; - host.port = 6468; - guest.port = 6468; - } - ]; - }; - system.stateVersion = "23.11"; - } - ]; - }; - apps = forAllSystems ( - system: - let - pkgs = import nixpkgs { inherit system; }; - in - { - vm = { - type = "app"; - program = "${pkgs.writeShellScript "vm" '' - nixos-rebuild build-vm --flake .#vm - ./result/bin/run-nixos-vm - rm nixos.qcow2 - ''}"; }; } ); diff --git a/mint/settings.py b/mint/settings.py index a0f786dec3cd4b6c421952c79eba0afa50ca1df4..69fdc4ef6cb498d9d5cced5a9a333b5d95419e8f 100644 --- a/mint/settings.py +++ b/mint/settings.py @@ -11,7 +11,7 @@ SECRET_KEY = env.str("SECRET_KEY") DEBUG = env.bool("DEBUG", False) -ALLOWED_HOSTS = ["*"] +ALLOWED_HOSTS = ["localhost", "dev.jolheiser.com"] INSTALLED_APPS = [ "django.contrib.admin", @@ -45,7 +45,7 @@ "OPTIONS": { "context_processors": [ "django.template.context_processors.request", "django.contrib.auth.context_processors.auth", - "django.contrib.messages.context_processors.messages", + "django.contrib.messages.context_processors.messages" ], }, }, @@ -85,24 +85,20 @@ SESSION_COOKIE_NAME = "mint_sessionid" SESSION_COOKIE_SECURE = not DEBUG discovery_url = env.str("OIDC_CONFIG_URL") -resp: dict = {} -if discovery_url: - resp = requests.get(discovery_url).json() +resp = requests.get(discovery_url).json() OIDC_RP_CLIENT_ID = env.str("OIDC_CLIENT_ID") OIDC_RP_CLIENT_SECRET = env.str("OIDC_CLIENT_SECRET") OIDC_RP_SIGN_ALGO = "RS256" -OIDC_OP_AUTHORIZATION_ENDPOINT = resp.get("authorization_endpoint", "") -OIDC_OP_USER_ENDPOINT = resp.get("userinfo_endpoint", "") -OIDC_OP_TOKEN_ENDPOINT = resp.get("token_endpoint", "") -OIDC_OP_JWKS_ENDPOINT = resp.get("jwks_uri", "") +OIDC_OP_AUTHORIZATION_ENDPOINT = resp["authorization_endpoint"] +OIDC_OP_USER_ENDPOINT = resp["userinfo_endpoint"] +OIDC_OP_TOKEN_ENDPOINT = resp["token_endpoint"] +OIDC_OP_JWKS_ENDPOINT = resp["jwks_uri"] OIDC_RP_SCOPES = "openid email profile groups" if DEBUG: INTERNAL_IPS = ["127.0.0.1"] - TEMPLATES[0]["OPTIONS"]["context_processors"].append( - "django.template.context_processors.debug" - ) + TEMPLATES[0]["OPTIONS"]["context_processors"].append("django.template.context_processors.debug") try: import debug_toolbar diff --git a/nix/default.nix b/nix/default.nix deleted file mode 100644 index b3ed86732c83c49ef83f2fde5ca5fc6b3911ab39..0000000000000000000000000000000000000000 --- a/nix/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - pkgs ? import { }, -}: -let - pkg = pkgs.callPackage ./pkg.nix { inherit pkgs; }; -in -{ - mint = pkg; - default = pkg; -} diff --git a/nix/module.nix b/nix/module.nix deleted file mode 100644 index f89011a6e7493034d04eb6ced6a5cb3a83c9ddef..0000000000000000000000000000000000000000 --- a/nix/module.nix +++ /dev/null @@ -1,108 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: -let - cfg = config.services.mint; - pkg = pkgs.callPackage ./pkg.nix { inherit pkgs; }; -in -{ - options = - let - inherit (lib) mkEnableOption mkOption types; - in - { - services.mint = { - enable = mkEnableOption "Enable mint"; - - package = mkOption { - type = types.package; - description = "mint package to use"; - default = pkg; - }; - - address = mkOption { - type = types.str; - default = "localhost"; - description = "Web interface address"; - }; - - port = mkOption { - type = types.port; - default = 6468; - description = "Web interface port"; - }; - - user = mkOption { - type = types.str; - default = "mint"; - description = "User account under which mint runs"; - }; - - group = mkOption { - type = types.str; - default = "mint"; - description = "Group account under which mint runs"; - }; - - database = mkOption { - type = types.str; - default = "/var/lib/mint/mint.sqlite3"; - description = "Location for the SQLite3 database"; - }; - - settings = mkOption { - type = types.attrs; - default = { }; - description = "Non-secret environment settings"; - example = { - DEBUG = true; - }; - }; - - environmentFile = mkOption { - type = types.nullOr types.path; - default = null; - description = "File to use as systemd environmentfile, usually for secret settings"; - }; - }; - }; - config = lib.mkIf cfg.enable { - users.users."${cfg.user}" = { - home = "/var/lib/mint"; - createHome = true; - group = "${cfg.group}"; - isSystemUser = true; - isNormalUser = false; - description = "user for mint service"; - }; - users.groups."${cfg.group}" = { }; - - systemd.services.mint = { - enable = true; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - environment = { - PYTHONPATH = "${cfg.package.python.pkgs.makePythonPath cfg.package.propagatedBuildInputs}:${cfg.package}/lib/mint"; - GUNICORN_CMD_ARGS = "--bind=${cfg.address}:${toString cfg.port}"; - MINT_DATABASE = cfg.database; - } // (pkgs.lib.mapAttrs (_: toString) cfg.settings); - serviceConfig = { - User = cfg.user; - Group = cfg.group; - Restart = "always"; - RestartSec = "15"; - WorkingDirectory = "/var/lib/mint"; - EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile; - ExecStart = '' - ${cfg.package.python.pkgs.gunicorn}/bin/gunicorn mint.wsgi - ''; - }; - preStart = '' - ${cfg.package}/bin/mint migrate - ''; - }; - }; -} diff --git a/nix/pkg.nix b/nix/pkg.nix deleted file mode 100644 index 14d336ea373cfa61e1ae5ea1bc8629f5171672d6..0000000000000000000000000000000000000000 --- a/nix/pkg.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ - pkgs ? import { }, -}: -let - name = "mint"; - python = pkgs.python3Packages.python.override { - packageOverrides = self: super: { - django = super.django_5; - }; - }; -in -python.pkgs.buildPythonApplication rec { - pname = name; - version = "main"; - pyproject = true; - src = pkgs.nix-gitignore.gitignoreSource [ ] ( - builtins.path { - inherit name; - path = ../.; - } - ); - build-system = [ python.pkgs.pdm-backend ]; - nativeBuildInputs = [ - pkgs.makeBinaryWrapper - ]; - dependencies = with python.pkgs; [ - gunicorn - - setuptools - environs - requests - - django - django-debug-toolbar - mozilla-django-oidc - ]; - postInstall = '' - mkdir -p $out/lib - cp -r . $out/lib/mint - chmod +x $out/lib/mint/manage.py - makeWrapper $out/lib/mint/manage.py $out/bin/mint \ - --prefix PYTHONPATH : ${passthru.pythonPath}:$out/${python.sitePackages} - ''; - passthru = { - inherit python; - pythonPath = "${python.pkgs.makePythonPath dependencies}"; - }; - meta = { - description = "Budget tracking"; - homepage = "https://git.jolheiser.com/mint"; - mainProgram = "mint"; - }; -} diff --git a/nix/vm.env b/nix/vm.env deleted file mode 100644 index b54a247873cfa2359549b2bad2c1d9292d332e54..0000000000000000000000000000000000000000 --- a/nix/vm.env +++ /dev/null @@ -1,2 +0,0 @@ -MINT_SECRET_KEY=super-secret-key-do-not-use-me -MINT_OIDC_CLIENT_SECRET= diff --git a/nix/vm.nix b/nix/vm.nix deleted file mode 100644 index ca4bbf8b3d6c39ae735ae134ed1561a23007cae9..0000000000000000000000000000000000000000 --- a/nix/vm.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - imports = [ ./module.nix ]; - services.getty.autologinUser = "root"; - services.mint = { - enable = true; - address = "0.0.0.0"; - settings = { - MINT_OIDC_CONFIG_URL = ""; - MINT_OIDC_CLIENT_ID = ""; - }; - environmentFile = ./vm.env; - }; -} diff --git a/pyproject.toml b/pyproject.toml index 8b1ae04ce9fc9c9cb7472e5df0d6ec0afa75e1a6..b2bf441100100928451755d597f909444a652afe 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -9,12 +9,5 @@ "django>=5.2.6", "django-debug-toolbar>=6.0.0", "environs>=14.3.0", "mozilla-django-oidc>=4.0.1", - "requests>=2.32.4", + "requests>=2.32.5", ] -[build-system] -requires = ["pdm-backend"] -build-backend = "pdm.backend" - -[tool.setuptools] -packages = ["mint"] -package-dir = {"mint" = "mint"}