diff options
author | Arun Isaac | 2024-02-29 19:39:48 +0000 |
---|---|---|
committer | Arun Isaac | 2024-03-01 11:16:12 +0000 |
commit | c032c737b5d2d791d388618e3c79403d3a16fe21 (patch) | |
tree | 1c785464c7d80584453e5937eb0cf65ec08db684 /genenetwork/services | |
parent | bb39c3b5800953197cc6ffa3f99273b537d347a3 (diff) | |
download | gn-machines-c032c737b5d2d791d388618e3c79403d3a16fe21.tar.gz |
Add gn-auth to production genenetwork service.
* genenetwork/services/genenetwork.scm: Import gn-auth from (gn
packages genenetwork).
*
genenetwork/services/genenetwork.scm (<genenetwork-configuration>)[gn-auth,
gn-auth-port, gn-auth-secrets]: New fields.
* genenetwork/services/genenetwork.scm (genenetwork-gunicorn-apps):
Add gn-auth gunicorn app.
Diffstat (limited to 'genenetwork/services')
-rw-r--r-- | genenetwork/services/genenetwork.scm | 48 |
1 files changed, 43 insertions, 5 deletions
diff --git a/genenetwork/services/genenetwork.scm b/genenetwork/services/genenetwork.scm index ce930c0..f5d1e01 100644 --- a/genenetwork/services/genenetwork.scm +++ b/genenetwork/services/genenetwork.scm @@ -18,7 +18,7 @@ ;;; <https://www.gnu.org/licenses/>. (define-module (genenetwork services genenetwork) - #:use-module ((gn packages genenetwork) #:select (genenetwork2 genenetwork3)) + #:use-module ((gn packages genenetwork) #:select (genenetwork2 genenetwork3 gn-auth)) #:use-module ((gnu packages admin) #:select (shadow)) #:use-module (gnu services) #:use-module (gnu services web) @@ -57,12 +57,16 @@ (default genenetwork2)) (genenetwork3 genenetwork-configuration-genenetwork3 (default genenetwork3)) + (gn-auth genenetwork-configuration-gn-auth + (default gn-auth)) (server-name genenetwork-configuration-server-name (default "genenetwork.org")) (gn2-port genenetwork-configuration-gn2-port (default 8082)) (gn3-port genenetwork-configuration-gn3-port (default 8083)) + (gn-auth-port genenetwork-configuration-gn-auth-port + (default 8084)) (sql-uri genenetwork-configuration-sql-uri (default "mysql://username:password@localhost/database")) (auth-db genenetwork-configuration-auth-db @@ -78,7 +82,9 @@ (gn2-secrets genenetwork-configuration-gn2-secrets (default "/etc/genenetwork/gn2-secrets.py")) (gn3-secrets genenetwork-configuration-gn3-secrets - (default "/etc/genenetwork/gn3-secrets.py"))) + (default "/etc/genenetwork/gn3-secrets.py")) + (gn-auth-secrets genenetwork-configuration-gn-auth-secrets + (default "/etc/genenetwork/gn-auth-secrets.py"))) (define %genenetwork-accounts (list (user-group @@ -135,7 +141,7 @@ G-expressions or numbers." described by @var{config}, a @code{<genenetwork-configuration>} object." (match-record config <genenetwork-configuration> - (genenetwork2 genenetwork3 server-name gn2-port gn3-port sql-uri auth-db xapian-db genotype-files sparql-endpoint gn3-data-directory gn2-secrets gn3-secrets) + (genenetwork2 genenetwork3 gn-auth server-name gn2-port gn3-port gn-auth-port sql-uri auth-db xapian-db genotype-files sparql-endpoint gn3-data-directory gn2-secrets gn3-secrets gn-auth-secrets) ;; If we mapped only the mysqld.sock socket file, it would break ;; when the external mysqld server is restarted. (let* ((database-mapping (file-system-mapping @@ -163,7 +169,11 @@ object." ("DATA_DIR" ,gn3-data-directory) ("SPARQL_ENDPOINT" ,sparql-endpoint) ("SQL_URI" ,sql-uri) - ("XAPIAN_DB_PATH" ,xapian-db)))))) + ("XAPIAN_DB_PATH" ,xapian-db))))) + (gn-auth-conf (computed-file "gn-auth.conf" + (configuration-file-gexp + `(("AUTH_DB" ,auth-db) + ("GN_AUTH_SECRETS" ,gn-auth-secrets)))))) (list (gunicorn-app (name "genenetwork2") (package genenetwork2) @@ -231,7 +241,35 @@ object." (file-system-mapping (source auth-db) (target source) - (writable? #t))))))))) + (writable? #t))))) + (gunicorn-app + (name "gn-auth") + (package gn-auth) + (sockets (list (forge-ip-socket + (port gn-auth-port)))) + (wsgi-app-module "gn_auth:create_app()") + (workers 20) + (environment-variables + (list (environment-variable + (name "GN_AUTH_CONF") + (value gn-auth-conf)) + (environment-variable + (name "HOME") + (value "/tmp")) + (environment-variable + (name "AUTHLIB_INSECURE_TRANSPORT") + (value "true")))) + (mappings (list database-mapping + (file-system-mapping + (source gn-auth-conf) + (target source)) + (file-system-mapping + (source auth-db) + (target source) + (writable? #t)) + (file-system-mapping + (source gn-auth-secrets) + (target source))))))))) (define (genenetwork-nginx-server-block config) "Return an @code{<nginx-server-configuration>} record specifying |