peering-manager: 1.8.3 -> 1.9.6 (#382862)

    settingsFile

    extraConfigFile

  ];

  finalConfigFile =

    if (cfg.environmentFile != null) then "/var/lib/peering-manager/configuration.py" else configFile;

  pkg =

    (pkgs.peering-manager.overrideAttrs (old: {

      postInstall = ''

        ln -s ${configFile} $out/opt/peering-manager/peering_manager/configuration.py

        ln -s ${finalConfigFile} $out/opt/peering-manager/peering_manager/configuration.py

      ''

      + lib.optionalString cfg.enableLdap ''

        ln -s ${cfg.ldapConfigPath} $out/opt/peering-manager/peering_manager/ldap_config.py

      ''

      + lib.optionalString cfg.enableOidc ''

        ln -s ${cfg.oidcConfigPath} $out/opt/peering-manager/peering_manager/oidc_config.py

      '';

    })).override

      {

      '';

    };

    environmentFile = mkOption {

      type = with types; nullOr path;

      default = null;

      example = "/run/secrets/peering-manager.env";

      description = ''

        Environment file as defined in {manpage}`systemd.exec(5)`.

        Secrets may be passed to the service without adding them to the world-readable

        Nix store, by specifying placeholder variables as the option value in Nix and

        setting these variables accordingly in the environment file.

        ```

          # snippet of peering-manager-related config

          services.peering-manager.settings.SOCIAL_AUTH_OIDC_SECRET = "$PM_OIDC_SECRET";

        ```

        ```

          # content of the environment file

          PM_OIDC_SECRET=topsecret

        ```

        Note that this file needs to be available on the host on which

        `peering-manager` is running.

      '';

    };

    enableScheduledTasks = mkOption {

      type = types.bool;

      default = true;

        See the [documentation](https://peering-manager.readthedocs.io/en/stable/setup/6-ldap/#configuration) for possible options.

      '';

    };

  };

    enableOidc = mkOption {

      type = types.bool;

      default = false;

      description = ''

        Enable OIDC-Authentication for Peering Manager.

  imports = [

    (lib.mkRemovedOptionModule [ "services" "peering-manager" "enableOidc" ] ''

      The enableOidc option has been removed, since peering-manager has OIDC support builtin since version >= 1.9.0.

        This requires a configuration file being pass through `oidcConfigPath`.

      '';

    };

      Make sure to update your OIDC configuration according to the documentation:

      https://peering-manager.readthedocs.io/en/v1.9.3/administration/authentication/oidc/

    '')

    (lib.mkRemovedOptionModule [ "services" "peering-manager" "oidcConfigPath" ] ''

      The oidcConfigPath option has been removed, since peering-manager has OIDC support builtin since version >= 1.9.0.

    oidcConfigPath = mkOption {

      type = types.path;

      description = ''

        Path to the Configuration-File for OIDC-Authentication, will be loaded as `oidc_config.py`.

        See the [documentation](https://peering-manager.readthedocs.io/en/stable/setup/6b-oidc/#configuration) for possible options.

      '';

    };

  };

      The new config settings for OIDC are explained in the documentation:

      https://peering-manager.readthedocs.io/en/v1.9.3/administration/authentication/oidc/

    '')

  ];

  config = lib.mkIf cfg.enable {

    services.peering-manager = {

          PEERINGDB_API_KEY = file.readline()

      '';

      plugins = (

        ps:

        (lib.optionals cfg.enableLdap [ ps.django-auth-ldap ])

        ++ (lib.optionals cfg.enableOidc (

          with ps;

          [

            mozilla-django-oidc

            pyopenssl

            josepy

          ]

        ))

      );

      plugins = (ps: (lib.optionals cfg.enableLdap [ ps.django-auth-ldap ]));

    };

    system.build.peeringManagerPkg = pkg;

        };

      in

      {

        peering-manager-config = lib.mkIf (cfg.environmentFile != null) (

          lib.recursiveUpdate defaults {

            description = "Peering Manager config file setup";

            wantedBy = [ "peering-manager.target" ];

            serviceConfig = {

              Type = "oneshot";

              EnvironmentFile = [ cfg.environmentFile ];

              ExecStart = "${lib.getExe pkgs.envsubst} -i ${configFile} -o ${finalConfigFile}";

            };

          }

        );

        peering-manager-migration = lib.recursiveUpdate defaults {

          description = "Peering Manager migrations";

          wantedBy = [ "peering-manager.target" ];

          after = lib.mkIf (cfg.environmentFile != null) [ "peering-manager-config.service" ];

          serviceConfig = {

            Type = "oneshot";

            ExecStart = "${pkg}/bin/peering-manager migrate";

        peering-manager = lib.recursiveUpdate defaults {

          description = "Peering Manager WSGI Service";

          wantedBy = [ "peering-manager.target" ];

          after = [ "peering-manager-migration.service" ];

          after = [

            "peering-manager-migration.service"

          ]

          ++ lib.optionals (cfg.environmentFile != null) [ "peering-manager-config.service" ];

          preStart = ''

            ${pkg}/bin/peering-manager remove_stale_contenttypes --no-input

          after = [ "peering-manager.service" ];

          serviceConfig = {

            Type = "oneshot";

            ExecStart = "${pkg}/bin/peering-manager poll_bgp_sessions --all";

            ExecStart = "${pkg}/bin/peering-manager poll_bgp_sessions";

          };

        };

      };

From ee558ff66e467412942559a8a92252e3fc009920 Mon Sep 17 00:00:00 2001

From: Guillaume Mazoyer <guillaume@mazoyer.eu>

Date: Wed, 21 Feb 2024 23:32:32 +0100

Subject: [PATCH] Use pyixapi 0.2.3

---

diff --git a/extras/models/ixapi.py b/extras/models/ixapi.py

index 65572c971e065e3deed69465a71a54b4e1372851..637a004043e0a044c65a5e37fbb2b3bf82965436 100644

--- a/extras/models/ixapi.py

+++ b/extras/models/ixapi.py

@@ -7,7 +7,6 @@

 from django.db import models

 from django.db.models import Q

 from django.urls import reverse

-from django.utils.timezone import make_aware

 from peering_manager.models import ChangeLoggedModel

@@ -117,9 +116,9 @@ def dial(self):

         if auth:

             # Save tokens if they've changed

             self.access_token = api.access_token.encoded

-            self.access_token_expiration = make_aware(api.access_token.expires_at)

+            self.access_token_expiration = api.access_token.expires_at

             self.refresh_token = api.refresh_token.encoded

-            self.refresh_token_expiration = make_aware(api.refresh_token.expires_at)

+            self.refresh_token_expiration = api.refresh_token.expires_at

             self.save()

         return api

python3.pkgs.buildPythonApplication rec {

  pname = "peering-manager";

  version = "1.8.3";

  version = "1.9.6";

  src = fetchFromGitHub {

    owner = "peering-manager";

    repo = "peering-manager";

    tag = "v${version}";

    sha256 = "sha256-UV1zSX9C9y5faOBUQ7bfj2DT6ffhMW28MIT7SaYjMgw=";

    sha256 = "sha256-XPnov+pvO0H1ucMuSXs2tpYRE87jpfDiBDUFjnEhydA=";

  };

  format = "other";

  patches = [

    # Fix compatibility with pyixapi 0.2.3

    # https://github.com/peering-manager/peering-manager/commit/ee558ff66e467412942559a8a92252e3fc009920

    ./fix-pyixapi-0.2.3-compatibility.patch

  ];

  propagatedBuildInputs =

    with python3.pkgs;

    [

      django

      djangorestframework

      django-redis

      django-debug-toolbar

      django-filter

      django-postgresql-netfields

      django-prometheus

      django-redis

      django-rq

      django-tables2

      django-taggit

      djangorestframework

      drf-spectacular

      drf-spectacular-sidecar

      dulwich

      jinja2

      markdown

      napalm

      pynetbox

      pyyaml

      requests

      social-auth-app-django

      tzdata

    ]

    ++ plugins python3.pkgs;