Add gn-auth to production genenetwork service.

* genenetwork/services/genenetwork.scm: Import gn-auth from (gn
packages genenetwork).
*
genenetwork/services/genenetwork.scm (<genenetwork-configuration>)[gn-auth,
gn-auth-port, gn-auth-secrets]: New fields.

* genenetwork/services/genenetwork.scm (genenetwork-gunicorn-apps):
Add gn-auth gunicorn app.

1 files changed, 43 insertions, 5 deletions

diff --git a/genenetwork/services/genenetwork.scm b/genenetwork/services/genenetwork.scm
index ce930c0..f5d1e01 100644
--- a/genenetwork/services/genenetwork.scm
+++ b/genenetwork/services/genenetwork.scm
@@ -18,7 +18,7 @@
 ;;; <https://www.gnu.org/licenses/>.
 
 (define-module (genenetwork services genenetwork)
-  #:use-module ((gn packages genenetwork) #:select (genenetwork2 genenetwork3))
+  #:use-module ((gn packages genenetwork) #:select (genenetwork2 genenetwork3 gn-auth))
   #:use-module ((gnu packages admin) #:select (shadow))
   #:use-module (gnu services)
   #:use-module (gnu services web)
@@ -57,12 +57,16 @@
                 (default genenetwork2))
   (genenetwork3 genenetwork-configuration-genenetwork3
                 (default genenetwork3))
+  (gn-auth genenetwork-configuration-gn-auth
+           (default gn-auth))
   (server-name genenetwork-configuration-server-name
                (default "genenetwork.org"))
   (gn2-port genenetwork-configuration-gn2-port
             (default 8082))
   (gn3-port genenetwork-configuration-gn3-port
             (default 8083))
+  (gn-auth-port genenetwork-configuration-gn-auth-port
+                (default 8084))
   (sql-uri genenetwork-configuration-sql-uri
            (default "mysql://username:password@localhost/database"))
   (auth-db genenetwork-configuration-auth-db
@@ -78,7 +82,9 @@
   (gn2-secrets genenetwork-configuration-gn2-secrets
                (default "/etc/genenetwork/gn2-secrets.py"))
   (gn3-secrets genenetwork-configuration-gn3-secrets
-               (default "/etc/genenetwork/gn3-secrets.py")))
+               (default "/etc/genenetwork/gn3-secrets.py"))
+  (gn-auth-secrets genenetwork-configuration-gn-auth-secrets
+                   (default "/etc/genenetwork/gn-auth-secrets.py")))
 
 (define %genenetwork-accounts
   (list (user-group
@@ -135,7 +141,7 @@ G-expressions or numbers."
 described by @var{config}, a @code{<genenetwork-configuration>}
 object."
   (match-record config <genenetwork-configuration>
-    (genenetwork2 genenetwork3 server-name gn2-port gn3-port sql-uri auth-db xapian-db genotype-files sparql-endpoint gn3-data-directory gn2-secrets gn3-secrets)
+    (genenetwork2 genenetwork3 gn-auth server-name gn2-port gn3-port gn-auth-port sql-uri auth-db xapian-db genotype-files sparql-endpoint gn3-data-directory gn2-secrets gn3-secrets gn-auth-secrets)
     ;; If we mapped only the mysqld.sock socket file, it would break
     ;; when the external mysqld server is restarted.
     (let* ((database-mapping (file-system-mapping
@@ -163,7 +169,11 @@ object."
                                        ("DATA_DIR" ,gn3-data-directory)
                                        ("SPARQL_ENDPOINT" ,sparql-endpoint)
                                        ("SQL_URI" ,sql-uri)
-                                       ("XAPIAN_DB_PATH" ,xapian-db))))))
+                                       ("XAPIAN_DB_PATH" ,xapian-db)))))
+           (gn-auth-conf (computed-file "gn-auth.conf"
+                                        (configuration-file-gexp
+                                         `(("AUTH_DB" ,auth-db)
+                                           ("GN_AUTH_SECRETS" ,gn-auth-secrets))))))
       (list (gunicorn-app
              (name "genenetwork2")
              (package genenetwork2)
@@ -231,7 +241,35 @@ object."
                              (file-system-mapping
                               (source auth-db)
                               (target source)
-                              (writable? #t)))))))))
+                              (writable? #t)))))
+            (gunicorn-app
+             (name "gn-auth")
+             (package gn-auth)
+             (sockets (list (forge-ip-socket
+                             (port gn-auth-port))))
+             (wsgi-app-module "gn_auth:create_app()")
+             (workers 20)
+             (environment-variables
+              (list (environment-variable
+                     (name "GN_AUTH_CONF")
+                     (value gn-auth-conf))
+                    (environment-variable
+                     (name "HOME")
+                     (value "/tmp"))
+                    (environment-variable
+                     (name "AUTHLIB_INSECURE_TRANSPORT")
+                     (value "true"))))
+             (mappings (list database-mapping
+                             (file-system-mapping
+                              (source gn-auth-conf)
+                              (target source))
+                             (file-system-mapping
+                              (source auth-db)
+                              (target source)
+                              (writable? #t))
+                             (file-system-mapping
+                              (source gn-auth-secrets)
+                              (target source)))))))))
 
 (define (genenetwork-nginx-server-block config)
   "Return an @code{<nginx-server-configuration>} record specifying