Age | Commit message (Collapse) | Author |
|
Define the `REQUESTS_CA_BUNDLE` for all applications that make use of
python's requests library. The library needs to know the location of
valid CA certificates in order to work as expected.
Expose the CA certificates bundles by adding them to the applications'
environments using the mappings objects.
|
|
GeneNetwork3 should not have direct access to the authorisation
database file.
* genenetwork/services/genenetwork.scm (genenetwork-gunicorn-apps):
Do not mount auth-db into genenetwork3 gunicorn app container.
Signed-off-by: Arun Isaac <arunisaac@systemreboot.net>
|
|
*
genenetwork/services/genenetwork.scm (<genenetwork-configuration>)[llm-db-path]:
New field.
(genenetwork-gunicorn-apps): Set LLM_DB_PATH in gn3.conf. Mount LLM
database into the container.
Signed-off-by: Arun Isaac <arunisaac@systemreboot.net>
|
|
* genenetwork/services/genenetwork.scm (genenetwork-gunicorn-apps):
Remove SSL_PRIVATE_KEY and AUTH_SERVER_SSL_PUBLIC_KEY.
Signed-off-by: Arun Isaac <arunisaac@systemreboot.net>
|
|
* genenetwork/services/genenetwork.scm (genenetwork-gunicorn-apps):
Set AI_SEARCH_ENABLED to True in gn3.conf.
Signed-off-by: Arun Isaac <arunisaac@systemreboot.net>
|
|
*
genenetwork/services/genenetwork.scm (<genenetwork-configuration>)[gn3-alias-server-port]:
New field.
(genenetwork-nginx-server-blocks): Rewrite URLs for the GN3 alias
server.
Signed-off-by: Arun Isaac <arunisaac@systemreboot.net>
|
|
* genenetwork/services/genenetwork.scm: Import (guix diagnostics)
and (guix i18n).
(sanitize-log-level): New function.
(<genenetwork-configuration>)[log-level]: Use sanitize-log-level as
the sanitizer.
(<gn-uploader-configuration>)[log-level]: Use sanitize-log-level as
the sanitizer.
|
|
*
genenetwork/services/genenetwork.scm (<gn-uploader-configuration>)[log-level]:
Change default to the symbol 'warning.
* genenetwork/services/genenetwork.scm (gn-uploader-gunicorn-app):
Pass --log-level to gunicorn.
|
|
* genenetwork/services/genenetwork.scm (<genenetwork-configuration>,
<gn-uploader-configuration>, build-xapian-index-cron-gexp): Re-format
and re-indent.
|
|
*
genenetwork/services/genenetwork.scm (<gn-uploader-configuration>)[auth-server-url,
gn2-server-url, log-level]: Regularize getter function names.
|
|
*
genenetwork/services/genenetwork.scm (<genenetwork-configuration>)[log-level]:
New field.
* genenetwork/services/genenetwork.scm (genenetwork-gunicorn-apps):
Pass --log-level to gunicorn.
Signed-off-by: Arun Isaac <arunisaac@systemreboot.net>
|
|
* genenetwork/services/genenetwork.scm (genenetwork-gunicorn-apps):
Set REAPER_COMMAND in gn3.conf.
Signed-off-by: Arun Isaac <arunisaac@systemreboot.net>
|
|
* genenetwork/services/genenetwork.scm (genenetwork-gunicorn-apps):
Set GENOTYPE_FILES in gn3.conf.
Signed-off-by: Arun Isaac <arunisaac@systemreboot.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Fix the service activation code to make the gn-uploader data
directory, and all its children belong to the app user.
|
|
Add the scheduled indexer service to the
genenetwork-service-type. This will run the indexer script every hour.
|
|
Pass in the configuration to the gexp building function to make the
builder function work across environments.
|
|
|
|
|
|
Directories need the execute bit set to actually be accessible to the
owner.
|
|
|
|
|
|
|
|
The profile path is necessary for use retrieving the included
bootstrap content.
|
|
* genenetwork/services/genenetwork.scm: Import nginx from (gnu
packages web), python from (gnu packages python), (guix build
python-build-system) and (guix packages).
(gn-uploader-nginx-server-block): Serve static files via nginx.
Signed-off-by: Arun Isaac <arunisaac@systemreboot.net>
|
|
|
|
|
|
|
|
This commit enables us to change the logging level of the gn-uploader
service within the container: this will help in the instances when we
need to debug events in the application that are unexpected.
|
|
While the share is technically writable from the container, the
service was running as an unprivileged user, and thus could not write
to the data-directory. This commit changes the ownership of the
data-directory to the same user that runs the service.
|
|
|
|
|
|
|
|
|
|
|
|
source code for development. See
topics/systems/debug-and-developing-code-with-genenetwork-system-container.gmi
|
|
|
|
* genenetwork/services/genenetwork.scm (<gn-uploader-configuration>):
New type.
(gn-uploader-activation, gn-uploader-gunicorn-app,
gn-uploader-nginx-server-block): New functions.
(gn-uploader-service-type): New variable.
* uploader.scm, uploader-deploy.sh: New files.
Signed-off-by: Arun Isaac <arunisaac@systemreboot.net>
|
|
|
|
gn-auth runs as the gunicorn-gn-auth user, not the genenetwork user.
* genenetwork/services/genenetwork.scm (genenetwork-activation): Let
the gunicorn-gn-auth user own the auth database.
Reported-by: Frederick M. Muriithi <fredmanglis@protonmail.com>
|
|
This is useful to enable building URIs with the correct scheme in the
application. These URIs are important when redirection to and from
external services such as the gn-auth service.
|
|
* genenetwork/services/genenetwork.scm (genenetwork-gunicorn-apps):
Set AUTH_SERVER_URL on production genenetwork2.
|
|
*
genenetwork/services/genenetwork.scm (<genenetwork-configuration>)[gn-auth-server-name]:
New field.
*
genenetwork/services/genenetwork.scm (genenetwork-nginx-server-block):
Rename to ...
(genenetwork-nginx-server-blocks): ... this. Return list of reverse
proxy blocks including one for gn-auth.
* genenetwork/services/genenetwork.scm (genenetwork-service-type): Use
genenetwork-nginx-server-blocks instead of
genenetwork-nginx-server-block.
*
production.scm (operating-system)[services]{genenetwork-service-type}:
Add gn-auth-server-name.
|
|
* genenetwork/services/genenetwork.scm (genenetwork-activation): Set
owner-only permissions on secrets files.
|