tsuki/pgadmin: remove
This commit is contained in:
parent
358a668aa7
commit
3b736e4c61
|
@ -99,7 +99,6 @@
|
||||||
config.allowUnfree = true;
|
config.allowUnfree = true;
|
||||||
};
|
};
|
||||||
in [
|
in [
|
||||||
(self: super: { pgadmin4 = nonrecursive-unstable-pkgs.pgadmin4; })
|
|
||||||
# (self: super: { pcloud = nonrecursive-unstable-pkgs.pcloud; })
|
# (self: super: { pcloud = nonrecursive-unstable-pkgs.pcloud; })
|
||||||
osuchan.overlays.default
|
osuchan.overlays.default
|
||||||
(self: super: {
|
(self: super: {
|
||||||
|
|
|
@ -20,7 +20,6 @@
|
||||||
./services/navidrome.nix
|
./services/navidrome.nix
|
||||||
./services/nginx
|
./services/nginx
|
||||||
./services/osuchan.nix
|
./services/osuchan.nix
|
||||||
./services/pgadmin.nix
|
|
||||||
./services/plex.nix
|
./services/plex.nix
|
||||||
./services/postgres.nix
|
./services/postgres.nix
|
||||||
./services/samba.nix
|
./services/samba.nix
|
||||||
|
|
|
@ -53,7 +53,6 @@
|
||||||
"kanidm".servers."localhost:8300" = { };
|
"kanidm".servers."localhost:8300" = { };
|
||||||
"navidrome".servers."unix:${sa.navidrome.newSocketAddress}" = { };
|
"navidrome".servers."unix:${sa.navidrome.newSocketAddress}" = { };
|
||||||
"osuchan".servers."localhost:${s ports.osuchan}" = { };
|
"osuchan".servers."localhost:${s ports.osuchan}" = { };
|
||||||
"pgadmin".servers."unix:${srv.uwsgi.instance.vassals.pgadmin.socket}" = { };
|
|
||||||
"plex".servers."localhost:${s ports.plex}" = { };
|
"plex".servers."localhost:${s ports.plex}" = { };
|
||||||
"vaultwarden".servers."unix:${sa.vaultwarden.newSocketAddress}" = { };
|
"vaultwarden".servers."unix:${sa.vaultwarden.newSocketAddress}" = { };
|
||||||
};
|
};
|
||||||
|
@ -122,19 +121,6 @@
|
||||||
root = pkgs.writeTextDir "index.html" (lib.fileContents ./temp-website.html);
|
root = pkgs.writeTextDir "index.html" (lib.fileContents ./temp-website.html);
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
(host ["pg"] {
|
|
||||||
locations."/" = {
|
|
||||||
extraConfig = ''
|
|
||||||
include ${pkgs.nginx}/conf/uwsgi_params;
|
|
||||||
uwsgi_pass pgadmin;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
})
|
|
||||||
# (proxy ["pg"] "http://localhost:${s ports.pgadmin}" {
|
|
||||||
# extraConfig = ''
|
|
||||||
# proxy_set_header X-CSRF-Token $http_x_pga_csrftoken;
|
|
||||||
# '';
|
|
||||||
# })
|
|
||||||
# (proxy ["matrix"] "http://localhost:${s ports.matrix.listener}" {})
|
# (proxy ["matrix"] "http://localhost:${s ports.matrix.listener}" {})
|
||||||
(host ["matrix"] {
|
(host ["matrix"] {
|
||||||
enableACME = lib.mkForce false;
|
enableACME = lib.mkForce false;
|
||||||
|
|
|
@ -1,111 +0,0 @@
|
||||||
{ config, pkgs, lib, secrets, ... }: let
|
|
||||||
pgadmin-user = let
|
|
||||||
username = config.systemd.services.pgadmin.serviceConfig.User;
|
|
||||||
in config.users.users.${username};
|
|
||||||
in {
|
|
||||||
|
|
||||||
sops.secrets = {
|
|
||||||
"pgadmin/oauth2_secret" = rec {
|
|
||||||
restartUnits = [ "pgadmin.service" ];
|
|
||||||
owner = pgadmin-user.name;
|
|
||||||
group = pgadmin-user.group;
|
|
||||||
};
|
|
||||||
"pgadmin/initialPassword" = rec {
|
|
||||||
restartUnits = [ "pgadmin.service" ];
|
|
||||||
owner = pgadmin-user.name;
|
|
||||||
group = pgadmin-user.group;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.pgadmin = {
|
|
||||||
enable = true;
|
|
||||||
openFirewall = true;
|
|
||||||
initialEmail = "h7x4@nani.wtf";
|
|
||||||
initialPasswordFile = config.sops.secrets."pgadmin/initialPassword".path;
|
|
||||||
port = secrets.ports.pgadmin;
|
|
||||||
settings = let
|
|
||||||
authServerUrl = config.services.kanidm.serverSettings.origin;
|
|
||||||
in {
|
|
||||||
# FIXME: pgadmin does not work with NFS by default, because it uses
|
|
||||||
# some kind of metafiles in its data directory.
|
|
||||||
# DATA_DIR = "${config.machineVars.dataDrives.default}/var/pgadmin";
|
|
||||||
DATA_DIR = "/var/lib/pgadmin";
|
|
||||||
|
|
||||||
WTF_CSRF_HEADERS = [
|
|
||||||
"X-pgA-CSRFToken"
|
|
||||||
"X-CSRFToken"
|
|
||||||
"X-CSRF-Token"
|
|
||||||
];
|
|
||||||
|
|
||||||
PROXY_X_FOR_COUNT = 1;
|
|
||||||
PROXY_X_PROTO_COUNT = 1;
|
|
||||||
PROXY_X_HOST_COUNT = 1;
|
|
||||||
PROXY_X_PORT_COUNT = 1;
|
|
||||||
PROXY_X_PREFIX_COUNT = 1;
|
|
||||||
|
|
||||||
SESSION_COOKIE_HTTPONLY = false;
|
|
||||||
SESSION_COOKIE_SECURE = true;
|
|
||||||
|
|
||||||
AUTHENTICATION_SOURCES = [ "oauth2" ];
|
|
||||||
OAUTH2_AUTO_CREATE_USER = true;
|
|
||||||
OAUTH2_CONFIG = [ rec {
|
|
||||||
OAUTH2_NAME = "KaniDM";
|
|
||||||
OAUTH2_DISPLAY_NAME = "KaniDM";
|
|
||||||
OAUTH2_CLIENT_ID = "pgadmin";
|
|
||||||
OAUTH2_API_BASE_URL = "${authServerUrl}/oauth2";
|
|
||||||
OAUTH2_TOKEN_URL = "${authServerUrl}/oauth2/token";
|
|
||||||
OAUTH2_AUTHORIZATION_URL = "${authServerUrl}/ui/oauth2";
|
|
||||||
OAUTH2_USERINFO_ENDPOINT = "${authServerUrl}/oauth2/openid/${OAUTH2_CLIENT_ID}/userinfo";
|
|
||||||
OAUTH2_SERVER_METADATA_URL = "${authServerUrl}/oauth2/openid/${OAUTH2_CLIENT_ID}/.well-known/openid-configuration";
|
|
||||||
OAUTH2_SCOPE = "openid email profile";
|
|
||||||
OAUTH2_ICON = "fa-lock";
|
|
||||||
OAUTH2_BUTTON_COLOR = "#ff6600";
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.etc."pgadmin/config_system.py".text = let
|
|
||||||
in ''
|
|
||||||
with open("${config.sops.secrets."pgadmin/oauth2_secret".path}") as f:
|
|
||||||
OAUTH2_CONFIG[0]['OAUTH2_CLIENT_SECRET'] = f.read()
|
|
||||||
'';
|
|
||||||
|
|
||||||
systemd.services."pgadmin".enable = false;
|
|
||||||
|
|
||||||
users = {
|
|
||||||
users."pgadmin".uid = 985;
|
|
||||||
groups = {
|
|
||||||
"pgadmin" = {
|
|
||||||
gid = 984;
|
|
||||||
members = [
|
|
||||||
"nginx"
|
|
||||||
"uwsgi"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
"uwsgi".members = [ pgadmin-user.name ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.uwsgi = {
|
|
||||||
enable = false;
|
|
||||||
plugins = [ "python3" ];
|
|
||||||
instance = {
|
|
||||||
type = "emperor";
|
|
||||||
pidfile = "${config.services.uwsgi.runDir}/uwsgi.pid";
|
|
||||||
stats = "${config.services.uwsgi.runDir}/stats.sock";
|
|
||||||
vassals."pgadmin" = rec {
|
|
||||||
type = "normal";
|
|
||||||
pythonPackages = _: with pkgs; ([ pgadmin4 ] ++ pgadmin4.propagatedBuildInputs);
|
|
||||||
strict = true;
|
|
||||||
immediate-uid = pgadmin-user.name;
|
|
||||||
immediate-gid = pgadmin-user.group;
|
|
||||||
lazy-apps = true;
|
|
||||||
enable-threads = true;
|
|
||||||
# chdir = "${pkgs.pgadmin4}/lib/python3.10/site-packages/pgadmin4";
|
|
||||||
module = "pgAdmin4:app";
|
|
||||||
socket = "/run/user/${toString pgadmin-user.uid}/pgadmin.sock";
|
|
||||||
chmod-socket = 664;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -28,9 +28,6 @@ postgres:
|
||||||
headscale: ENC[AES256_GCM,data:UVPCZjcpm9j2dMwyAvrPfwOj84JJHrwoU5rs672FEeA=,iv:zq3J4mL/PB3EAl8LHxxC77Y4FMrZWT4QF+DOih+FIGk=,tag:UwfjKnjfJ3a6RwAWg/8BzQ==,type:str]
|
headscale: ENC[AES256_GCM,data:UVPCZjcpm9j2dMwyAvrPfwOj84JJHrwoU5rs672FEeA=,iv:zq3J4mL/PB3EAl8LHxxC77Y4FMrZWT4QF+DOih+FIGk=,tag:UwfjKnjfJ3a6RwAWg/8BzQ==,type:str]
|
||||||
grafana: ENC[AES256_GCM,data:bsxzS/xkNdSJvOSQfZY8RRK03ckfKAoYeiZlgrSxXVqTEQ==,iv:wb8bFITgGLToagEczdm7MwUmXl3tyYmrYqSZOblEz0I=,tag:ZboMGI4QdmOK+LVBDCl2Pg==,type:str]
|
grafana: ENC[AES256_GCM,data:bsxzS/xkNdSJvOSQfZY8RRK03ckfKAoYeiZlgrSxXVqTEQ==,iv:wb8bFITgGLToagEczdm7MwUmXl3tyYmrYqSZOblEz0I=,tag:ZboMGI4QdmOK+LVBDCl2Pg==,type:str]
|
||||||
matrix_synapse: ENC[AES256_GCM,data:hLlUeo6glgw1PIo4N9aE7KLg7JV88EcG4IYZwVhs97Y=,iv:c4g33QQ/r54KrBM/zUG/gS9rNQy1OUB4KPSAggkgNvo=,tag:WOezFIPE89+oHKGMrsMSgA==,type:str]
|
matrix_synapse: ENC[AES256_GCM,data:hLlUeo6glgw1PIo4N9aE7KLg7JV88EcG4IYZwVhs97Y=,iv:c4g33QQ/r54KrBM/zUG/gS9rNQy1OUB4KPSAggkgNvo=,tag:WOezFIPE89+oHKGMrsMSgA==,type:str]
|
||||||
pgadmin:
|
|
||||||
oauth2_secret: ENC[AES256_GCM,data:A1Upe1Ja76++ZdOx5YhuKjpaont4m5ChRzn/YVpJbnFzWy1tFlBkOr6UgBj7Wopg,iv:hY+b7AVSrSgHu/10reIjUjJ8+yR4FrZe2JgGiAowfGs=,tag:thy6O1Y3FGTWaQXqlU9aYg==,type:str]
|
|
||||||
initialPassword: ENC[AES256_GCM,data:y2ADMtiIO+jIjIQhGKZB43yKcJIouaWagZYe/0K9OoKEGUQq+wXXWA==,iv:oeSzHdaxPj5nN3T+WfCxOq1wkcEDPJCgeh7WOOqs3B0=,tag:r81rysqIjsiCOvyzHiAV6Q==,type:str]
|
|
||||||
paperless:
|
paperless:
|
||||||
password: ENC[AES256_GCM,data:8ut0DX8NajIy/WUwd3eBrFiGwsTMTYKWaPDy7kGytt8=,iv:q2hTmQsS4kBLZ4I7nRljstHlqELsGBYqf5yifFh3vNY=,tag:eJj+DXU898frl6+IoBsSPQ==,type:str]
|
password: ENC[AES256_GCM,data:8ut0DX8NajIy/WUwd3eBrFiGwsTMTYKWaPDy7kGytt8=,iv:q2hTmQsS4kBLZ4I7nRljstHlqELsGBYqf5yifFh3vNY=,tag:eJj+DXU898frl6+IoBsSPQ==,type:str]
|
||||||
matrix_synapse:
|
matrix_synapse:
|
||||||
|
@ -74,8 +71,8 @@ sops:
|
||||||
cElPYm5qK2lkTWZ1UGd6TU1NV2h4OTgK8Ecv58Ybnc6iYMjtSKTT1fYbNf4yyFgX
|
cElPYm5qK2lkTWZ1UGd6TU1NV2h4OTgK8Ecv58Ybnc6iYMjtSKTT1fYbNf4yyFgX
|
||||||
rjQ2sU8Rqc04MqixnAkF2zSDaaJ0vqwf22MvbO3bYhpqOHwiTMbRLg==
|
rjQ2sU8Rqc04MqixnAkF2zSDaaJ0vqwf22MvbO3bYhpqOHwiTMbRLg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-04-29T23:29:34Z"
|
lastmodified: "2024-06-09T13:31:53Z"
|
||||||
mac: ENC[AES256_GCM,data:LWQjZvheJai3q8ASsN4l3LlbKjWB8/4z4si74D/aly6UIoUEJ8ALsUvWCWb64UCGHOfUfXjFPs5NaoTXcbXpATrl3tN0/hur6fdrHc4n96TpFGTtEj5Dy+SsNg2+oMJV3r5XAMIPhlDD9ZhUb2kyhhema063V3oY1ni7e5d/Kxg=,iv:hzH/JDU5WN5haGpv41jnziPZuXS/CQyGFq4N6Zcg55I=,tag:Q9ujo2azvDyyyTHNnLHQgw==,type:str]
|
mac: ENC[AES256_GCM,data:8fdE/+Z0C7YSljHWtYaX4ceg+MJNKC1FZXnfEZhfMo5EB57OKc6CInMuVpxI1b9CP7Ka+3rr6bZQaa6djD0VAOjVOWaJPW79S8ee0iuxrm9a7ZI/tbM/7GFDF6j80ZkJW1+SUdjc6MneA4EKht6VwwO4RvAL94NwxbEfjFXo1wc=,iv:WDmESFjOr8uIiX//zDsQHDOB7cG7wmbmEhypIE/2hPM=,tag:0jGHxIr0f2iMfgrKBKStLQ==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2023-05-08T00:49:52Z"
|
- created_at: "2023-05-08T00:49:52Z"
|
||||||
enc: |
|
enc: |
|
||||||
|
|
Loading…
Reference in New Issue