From ed1a86fee698f01c6d0186ec540013f883e4b30b Mon Sep 17 00:00:00 2001
From: Munyoki Kilyungi
Date: Tue, 14 May 2024 20:07:27 +0300
Subject: services: genenetwork: Configure SSL keys conf in the gunicorn apps.

---
 genenetwork/services/genenetwork.scm | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/genenetwork/services/genenetwork.scm b/genenetwork/services/genenetwork.scm
index 663b7ca..e9ea108 100644
--- a/genenetwork/services/genenetwork.scm
+++ b/genenetwork/services/genenetwork.scm
@@ -199,7 +199,7 @@ G-expressions or numbers."
 described by @var{config}, a @code{<genenetwork-configuration>}
 object."
   (match-record config <genenetwork-configuration>
-    (genenetwork2 genenetwork3 gn-auth server-name gn-auth-server-name gn2-port gn3-port gn-auth-port sql-uri auth-db xapian-db genotype-files sparql-endpoint gn-sourcecode-directory gn3-data-directory gn2-secrets gn3-secrets gn-auth-secrets llm-db)
+    (genenetwork2 genenetwork3 gn-auth server-name gn-auth-server-name gn2-port gn3-port gn-auth-port sql-uri auth-db xapian-db genotype-files sparql-endpoint gn-sourcecode-directory gn3-data-directory gn2-secrets gn3-secrets gn-auth-secrets llm-db ssl-path)
     ;; If we mapped only the mysqld.sock socket file, it would break
     ;; when the external mysqld server is restarted.
     (let* ((database-mapping (file-system-mapping
@@ -217,6 +217,9 @@ object."
                                        ("GN2_SECRETS" ,gn2-secrets)
                                        ("GN3_LOCAL_URL" ,(string-append "http://localhost:"
                                                                         (number->string gn3-port)))
+				       ("SSL_PRIVATE_KEY" ,(string-append ssl-path "/gn2-ssl-private-key.pem"))
+				       ("AUTH_SERVER_SSL_PUBLIC_KEY"
+					,(string-append ssl-path "/gn-auth-ssl-public-key.pem"))
                                        ("GN_SERVER_URL" ,(string-append "https://" server-name "/api3/"))
                                        ("AUTH_SERVER_URL" ,(string-append "https://" gn-auth-server-name "/"))
                                        ("JS_GUIX_PATH" ,(file-append gn2-profile "/share/genenetwork2/javascript"))
@@ -228,6 +231,8 @@ object."
                                        ("DATA_DIR" ,gn3-data-directory)
                                        ("SOURCE_DIR" ,gn-sourcecode-directory)
                                        ("SPARQL_ENDPOINT" ,sparql-endpoint)
+				       ("AUTH_SERVER_SSL_PUBLIC_KEY"
+					,(string-append ssl-path "/gn-auth-ssl-public-key.pem"))
                                        ("SQL_URI" ,sql-uri)
 				       ("LLM_DB_PATH" ,llm-db)
                                        ("XAPIAN_DB_PATH" ,xapian-db)))))
@@ -235,6 +240,10 @@ object."
                                         (configuration-file-gexp
                                          `(("AUTH_DB" ,auth-db)
                                            ("SQL_URI" ,sql-uri)
+					   ("CLIENTS_SSL_PUBLIC_KEYS_DIR"
+					    ,(string-append ssl-path "/clients-public-keys"))
+					   ("SSL_PRIVATE_KEY"
+					    ,(string-append ssl-path "/gn-auth-ssl-private-key.pem"))
                                            ("GN_AUTH_SECRETS" ,gn-auth-secrets))))))
       (list (gunicorn-app
              (name "genenetwork2")
-- 
cgit v1.2.3