kiara/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity

get ssh socket in prod

Browse source
This commit is contained in:
Kiara Grouwstra 2025-04-12 12:31:36 +02:00
parent b0942bd174
commit a41405775e
Signed by: kiara
SSH key fingerprint: SHA256:COspvLoLJ5WC5rFb9ZDe5urVCkK4LJZOsjfF4duRJFU
2 changed files with 8 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
panel/nix/configuration.nix
View file

@ -159,16 +159,14 @@ in
}; };
}; };
users.users.${name} = { users.users.${name}.isNormalUser = true;
isNormalUser = true;
};
users.groups.${name} = { };
systemd.services.${name} = { systemd.services.${name} = {
description = "${name} ASGI server"; description = "${name} ASGI server";
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = [ path = [
pkgs.openssh
python-environment python-environment
manage-service manage-service
]; ];
@ -187,7 +185,7 @@ in
''; '';
serviceConfig = { serviceConfig = {
Restart = "always"; Restart = "always";
User = "root"; User = name;
WorkingDirectory = "/var/lib/${name}"; WorkingDirectory = "/var/lib/${name}";
StateDirectory = name; StateDirectory = name;
RuntimeDirectory = name; RuntimeDirectory = name;

5
panel/src/panel/settings.py
View file

@ -251,6 +251,11 @@ bin_path=env['BIN_PATH']
# to deploy this should be specified, for dev just use a relative path. # to deploy this should be specified, for dev just use a relative path.
repo_dir = env["REPO_DIR"] repo_dir = env["REPO_DIR"]
output = subprocess.run(["ssh-agent"], capture_output=True, text=True, env={"PATH": bin_path}).stdout
ssh_auth_sock = re.search("(?<==)([^;]*)", output)[1]
ENV_VARS = { ENV_VARS = {
"ssh_private_key_file": env["SSH_PRIVATE_KEY_FILE"], "ssh_private_key_file": env["SSH_PRIVATE_KEY_FILE"],
"deploy_environment": {
"SSH_AUTH_SOCK": ssh_auth_sock,
},
} }