From 7656868d1b3232d5a17ed422c25c38e37c81e588 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 19 Oct 2015 19:48:56 +0200 Subject: m 1 wry: start Reaktor --- makefu/1systems/wry.nix | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index 819a208ac..d8c8d6fa1 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -5,23 +5,29 @@ let ip = (lib.head config.krebs.build.host.nets.internet.addrs4); in { imports = [ - ../../tv/2configs/CAC-CentOS-7-64bit.nix - ../2configs/base.nix - ../2configs/base-sources.nix - ../2configs/tinc-basic-retiolum.nix + # TODO: copy this config or move to krebs + ../../tv/2configs/CAC-CentOS-7-64bit.nix + ../2configs/base.nix + ../2configs/base-sources.nix + ../2configs/tinc-basic-retiolum.nix + + # Reaktor + ../2configs/Reaktor/simpleExtend.nix ]; + krebs.Reaktor.enable = true; + networking.firewall.allowPing = true; networking.interfaces.enp2s1.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = "104.233.87.1"; - networking.nameservers = [ - "8.8.8.8" - ]; + { + address = ip; + prefixLength = 24; + } + ]; + networking.defaultGateway = "104.233.87.1"; + networking.nameservers = [ + "8.8.8.8" + ]; # based on ../../tv/2configs/CAC-Developer-2.nix sound.enable = false; -- cgit v1.3.1 From 858034cc615469c6e4b7e48711f6fb026f16ffb4 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 19 Oct 2015 21:51:20 +0200 Subject: m 1 wry: host is the new provider for tinc.krebsco.de --- krebs/3modules/makefu/default.nix | 2 +- makefu/1systems/wry.nix | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'makefu/1systems') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 4628b2acc..659e71458 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -130,7 +130,6 @@ with import ../../4lib { inherit lib; }; io IN NS pigstarter.krebsco.de. pigstarter IN A ${head nets.internet.addrs4} gold IN A ${head nets.internet.addrs4} - tinc IN A ${head nets.internet.addrs4} boot IN A ${head nets.internet.addrs4}''; }; nets = { @@ -167,6 +166,7 @@ with import ../../4lib { inherit lib; }; "krebsco.de" = '' wry IN A ${head nets.internet.addrs4} graphs IN A ${head nets.internet.addrs4} + tinc IN A ${head nets.internet.addrs4} ''; }; nets = rec { diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index d8c8d6fa1..03b19d1c7 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -34,15 +34,19 @@ in { # prepare graphs nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; + krebs.nginx.enable = true; + krebs.retiolum-bootstrap.enable = true; makefu.tinc_graphs.enable = true; + makefu.tinc_graphs.krebsNginx = { enable = true; # TODO: remove hard-coded hostname hostnames_complete = [ "graphs.wry" ]; hostnames_anonymous = [ "graphs.krebsco.de" ]; }; - networking.firewall.allowedTCPPorts = [80]; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; krebs.build = { user = config.krebs.users.makefu; -- cgit v1.3.1 From ded0821d9bf7c85e2197cb7811d5f95987ded02e Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 19 Oct 2015 23:46:10 +0200 Subject: m 1,2 : wry serves as iodine entry point --- krebs/3modules/makefu/default.nix | 2 +- makefu/1systems/wry.nix | 4 +++- makefu/2configs/base-sources.nix | 6 +++--- makefu/2configs/iodined.nix | 16 ++++++++++++++++ 4 files changed, 23 insertions(+), 5 deletions(-) create mode 100644 makefu/2configs/iodined.nix (limited to 'makefu/1systems') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 659e71458..acc5d7dd2 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -127,7 +127,6 @@ with import ../../4lib { inherit lib; }; "krebsco.de" = '' IN MX 10 mx42 euer IN MX 1 aspmx.l.google.com. - io IN NS pigstarter.krebsco.de. pigstarter IN A ${head nets.internet.addrs4} gold IN A ${head nets.internet.addrs4} boot IN A ${head nets.internet.addrs4}''; @@ -165,6 +164,7 @@ with import ../../4lib { inherit lib; }; extraZones = { "krebsco.de" = '' wry IN A ${head nets.internet.addrs4} + io IN NS wry.krebsco.de. graphs IN A ${head nets.internet.addrs4} tinc IN A ${head nets.internet.addrs4} ''; diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index 03b19d1c7..a7ed93c43 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -11,6 +11,8 @@ in { ../2configs/base-sources.nix ../2configs/tinc-basic-retiolum.nix + ../2configs/iodined.nix + # Reaktor ../2configs/Reaktor/simpleExtend.nix ]; @@ -46,7 +48,7 @@ in { hostnames_anonymous = [ "graphs.krebsco.de" ]; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [ 53 80 443 ]; krebs.build = { user = config.krebs.users.makefu; diff --git a/makefu/2configs/base-sources.nix b/makefu/2configs/base-sources.nix index 826cd6fef..7e6bebec3 100644 --- a/makefu/2configs/base-sources.nix +++ b/makefu/2configs/base-sources.nix @@ -3,9 +3,9 @@ { krebs.build.source = { git.nixpkgs = { - url = https://github.com/NixOS/nixpkgs; - #url = https://github.com/makefu/nixpkgs; - rev = "dc18f39bfb2f9d1ba62c7e8ad98544bb15cb26b2"; # nixos-15.09 + #url = https://github.com/NixOS/nixpkgs; + url = https://github.com/makefu/nixpkgs; + rev = "78340b042463fd35caa587b0db2e400e5666dbe1"; # nixos-15.09 + cherry-picked iodine }; dir.secrets = { diff --git a/makefu/2configs/iodined.nix b/makefu/2configs/iodined.nix new file mode 100644 index 000000000..db8a1bfed --- /dev/null +++ b/makefu/2configs/iodined.nix @@ -0,0 +1,16 @@ +{ services,builtins,environment,pkgs, ... }: + +let + # TODO: make this a parameter + domain = "io.krebsco.de"; + pw = import ; +in { + + services.iodined = { + enable = true; + domain = domain; + ip = "172.16.10.1/24"; + extraConfig = "-P ${pw}"; + }; + +} -- cgit v1.3.1 From be44341c6ba0d8fe66220f4fe6493a88fdce849b Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 20 Oct 2015 14:25:49 +0200 Subject: m 2 mail: split exim-retiolum --- makefu/1systems/pornocauster.nix | 1 + makefu/2configs/mail-client.nix | 12 ++++++++++++ 2 files changed, 13 insertions(+) create mode 100644 makefu/2configs/mail-client.nix (limited to 'makefu/1systems') diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 8f7f5ea7c..97cf86a4e 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -21,6 +21,7 @@ # applications ../2configs/exim-retiolum.nix + ../2configs/mail-client.nix #../2configs/virtualization.nix ../2configs/virtualization-virtualbox.nix ../2configs/wwan.nix diff --git a/makefu/2configs/mail-client.nix b/makefu/2configs/mail-client.nix new file mode 100644 index 000000000..a6ae33d2f --- /dev/null +++ b/makefu/2configs/mail-client.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + environment.systemPackages = with pkgs; [ + msmtp + mutt-kz + notmuch + offlineimap + ]; + +} -- cgit v1.3.1 From 6eb195b0bc1b2ecd1a39c842da4d14d4837d98cc Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 21 Oct 2015 18:49:20 +0200 Subject: wry: is the new provider for paste.krebsco.de --- krebs/3modules/makefu/default.nix | 15 ++++---- makefu/1systems/wry.nix | 73 +++++++++++++++++++++++---------------- makefu/2configs/bepasty-dual.nix | 52 ++++++++++++++++++++++++++++ 3 files changed, 104 insertions(+), 36 deletions(-) create mode 100644 makefu/2configs/bepasty-dual.nix (limited to 'makefu/1systems') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index acc5d7dd2..6b3781b49 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -163,10 +163,11 @@ with import ../../4lib { inherit lib; }; dc = "makefu"; #dc = "cac"; extraZones = { "krebsco.de" = '' - wry IN A ${head nets.internet.addrs4} - io IN NS wry.krebsco.de. - graphs IN A ${head nets.internet.addrs4} - tinc IN A ${head nets.internet.addrs4} + wry IN A ${head nets.internet.addrs4} + io IN NS wry.krebsco.de. + graphs IN A ${head nets.internet.addrs4} + paste 60 IN A ${head nets.internet.addrs4} + tinc IN A ${head nets.internet.addrs4} ''; }; nets = rec { @@ -174,6 +175,7 @@ with import ../../4lib { inherit lib; }; addrs4 = ["104.233.87.86"]; aliases = [ "wry.internet" + "paste.internet" ]; }; retiolum = { @@ -182,6 +184,8 @@ with import ../../4lib { inherit lib; }; addrs6 = ["42:6e1e:cc8a:7cef:827:f938:8c64:baad"]; aliases = [ "graphs.wry.retiolum" + "paste.wry.retiolum" + "paste.retiolum" "wry.retiolum" ]; tinc.pubkey = '' @@ -210,8 +214,7 @@ with import ../../4lib { inherit lib; }; "krebsco.de" = '' omo IN A ${head nets.internet.addrs4} euer IN A ${head nets.internet.addrs4} - gum IN A ${head nets.internet.addrs4} - paste IN A ${head nets.internet.addrs4}''; + gum IN A ${head nets.internet.addrs4} ''; }; nets = { internet = { diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index a7ed93c43..63b1f47f7 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -1,59 +1,72 @@ { config, lib, pkgs, ... }: +with lib; let - ip = (lib.head config.krebs.build.host.nets.internet.addrs4); + external-ip = head config.krebs.build.host.nets.internet.addrs4; + internal-ip = head config.krebs.build.host.nets.retiolum.addrs4; in { imports = [ # TODO: copy this config or move to krebs ../../tv/2configs/CAC-CentOS-7-64bit.nix ../2configs/base.nix - ../2configs/base-sources.nix + ../2configs/unstable-sources.nix ../2configs/tinc-basic-retiolum.nix + ../2configs/bepasty-dual.nix + ../2configs/iodined.nix # Reaktor ../2configs/Reaktor/simpleExtend.nix ]; - krebs.Reaktor.enable = true; + krebs.build = { + user = config.krebs.users.makefu; + target = "root@wry"; + host = config.krebs.hosts.wry; + }; - networking.firewall.allowPing = true; - networking.interfaces.enp2s1.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = "104.233.87.1"; - networking.nameservers = [ - "8.8.8.8" - ]; - # based on ../../tv/2configs/CAC-Developer-2.nix - sound.enable = false; - # prepare graphs - nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; + krebs.Reaktor.enable = true; + + # bepasty to listen only on the correct interfaces + krebs.bepasty.servers.internal.nginx.listen = [ "${internal-ip}:80" ]; + krebs.bepasty.servers.external.nginx.listen = [ "${external-ip}:80" "${external-ip}:443 ssl" ]; + # prepare graphs krebs.nginx.enable = true; krebs.retiolum-bootstrap.enable = true; - makefu.tinc_graphs.enable = true; - makefu.tinc_graphs.krebsNginx = { + nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; + makefu.tinc_graphs = { enable = true; - # TODO: remove hard-coded hostname - hostnames_complete = [ "graphs.wry" ]; - hostnames_anonymous = [ "graphs.krebsco.de" ]; + nginx = { + enable = true; + # TODO: remove hard-coded hostname + complete = { + listen = [ "${internal-ip}:80" ]; + server-names = [ "graphs.wry" ]; + }; + anonymous = { + listen = [ "${external-ip}:80" ] ; + server-names = [ "graphs.krebsco.de" ]; + }; + }; }; - - networking.firewall.allowedTCPPorts = [ 53 80 443 ]; - - krebs.build = { - user = config.krebs.users.makefu; - target = "root@${ip}"; - host = config.krebs.hosts.wry; + networking = { + firewall.allowPing = true; + firewall.allowedTCPPorts = [ 53 80 443 ]; + interfaces.enp2s1.ip4 = [{ + address = external-ip; + prefixLength = 24; + }]; + defaultGateway = "104.233.87.1"; + nameservers = [ "8.8.8.8" ]; }; + + # based on ../../tv/2configs/CAC-Developer-2.nix + sound.enable = false; } diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix new file mode 100644 index 000000000..fb170957a --- /dev/null +++ b/makefu/2configs/bepasty-dual.nix @@ -0,0 +1,52 @@ +{ config, lib, pkgs, ... }: + +# 1systems should configure itself: +# krebs.bepasty.servers.internal.nginx.listen = [ "80" ] +# krebs.bepasty.servers.external.nginx.listen = [ "80" "443 ssl" ] +# 80 is redirected to 443 ssl + +# secrets used: +# wildcard.krebsco.de.crt +# wildcard.krebsco.de.key +# bepasty-secret.nix <- contains single string + +with lib; +{ + + krebs.nginx.enable = mkDefault true; + krebs.bepasty = { + enable = true; + serveNginx= true; + + servers = { + internal = { + nginx = { + server-names = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ]; + }; + defaultPermissions = "admin,list,create,read,delete"; + secretKey = import ; + }; + + external = { + nginx = { + server-names = [ "paste.krebsco.de" ]; + extraConfig = '' + ssl_session_cache shared:SSL:1m; + ssl_session_timeout 10m; + ssl_certificate /root/secrets/wildcard.krebsco.de.crt; + ssl_certificate_key /root/secrets/wildcard.krebsco.de.key; + ssl_verify_client off; + proxy_ssl_session_reuse off; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers RC4:HIGH:!aNULL:!MD5; + ssl_prefer_server_ciphers on; + if ($scheme = http){ + return 301 https://$server_name$request_uri; + }''; + }; + defaultPermissions = "read"; + secretKey = import ; + }; + }; + }; +} -- cgit v1.3.1 From 9bb3069f69ed801d98034a2effcb4d88f279a92f Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 22 Oct 2015 15:33:05 +0200 Subject: krebs 3 tinc_graphs: mv from makefu 3 tinc_graphs --- krebs/3modules/default.nix | 1 + krebs/3modules/tinc_graphs.nix | 145 ++++++++++++++++++++++++++++++++++++++++ makefu/1systems/wry.nix | 2 +- makefu/3modules/default.nix | 1 - makefu/3modules/tinc_graphs.nix | 145 ---------------------------------------- 5 files changed, 147 insertions(+), 147 deletions(-) create mode 100644 krebs/3modules/tinc_graphs.nix delete mode 100644 makefu/3modules/tinc_graphs.nix (limited to 'makefu/1systems') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 1f34c8e68..5c5bec005 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -18,6 +18,7 @@ let ./retiolum-bootstrap.nix ./realwallpaper.nix ./retiolum.nix + ./tinc_graphs.nix ./urlwatch.nix ]; options.krebs = api; diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix new file mode 100644 index 000000000..a6c628353 --- /dev/null +++ b/krebs/3modules/tinc_graphs.nix @@ -0,0 +1,145 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.krebs.tinc_graphs; + internal_dir = "${cfg.workingDir}/internal"; + external_dir = "${cfg.workingDir}/external"; + + out = { + options.krebs.tinc_graphs = api; + config = mkIf cfg.enable imp ; + }; + + api = { + enable = mkEnableOption "tinc graphs"; + + geodbPath = mkOption { + type = types.str; + description = "Path to geocitydb, defaults to geolite-legacy"; + default = "${pkgs.geolite-legacy}/share/GeoIP/GeoIPCity.dat"; + }; + + nginx = { + enable = mkEnableOption "enable tinc_graphs to be served with nginx"; + + anonymous = { + server-names = mkOption { + type = with types; listOf str; + description = "hostnames which serve anonymous graphs"; + default = [ "graphs.${config.krebs.build.host.name}" ]; + }; + + listen = mkOption { + # use the type of the nginx listen option + type = with types; listOf str; + description = "listen address for anonymous graphs"; + default = [ "80" ]; + }; + + }; + + complete = { + server-names = mkOption { + type = with types; listOf str; + description = "hostname which serves complete graphs"; + default = [ "graphs.${config.krebs.build.host.name}" ]; + }; + + listen = mkOption { + type = with types; listOf str; + description = "listen address for complete graphs"; + default = [ "127.0.0.1:80" ]; + }; + + }; + }; + + workingDir = mkOption { + type = types.str; + description = '' + Path to working dir, will create interal and external/. + Defaults to the new users home dir which defaults to + /var/cache/tinc_graphs''; + default = config.users.extraUsers.tinc_graphs.home; + }; + + timerConfig = mkOption { + type = with types; attrsOf str; + default = { + OnCalendar = "*:0/15"; + }; + }; + }; + + imp = { + environment.systemPackages = [ pkgs.tinc_graphs]; + systemd.timers.tinc_graphs = { + description = "Build Tinc Graphs via via timer"; + wantedBy = [ "timers.target"]; + timerConfig = cfg.timerConfig; + }; + systemd.services.tinc_graphs = { + description = "Build Tinc Graphs"; + environment = { + EXTERNAL_FOLDER = external_dir; + INTERNAL_FOLDER = internal_dir; + GEODB = cfg.geodbPath; + TINC_HOSTPATH=config.krebs.retiolum.hosts; + }; + + restartIfChanged = true; + + serviceConfig = { + Type = "simple"; + + ExecStartPre = pkgs.writeScript "tinc_graphs-init" '' + #!/bin/sh + if ! test -e "${cfg.workingDir}/internal/index.html"; then + cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/" "${internal_dir}" + fi + ''; + + ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs"; + + ExecStartPost = pkgs.writeScript "tinc_graphs-post" '' + #!/bin/sh + # TODO: this may break if workingDir is set to something stupid + # this is needed because homedir is created with 700 + chmod 755 "${cfg.workingDir}" + ''; + PrivateTmp = "yes"; + + User = "root"; # tinc cannot be queried as user, + # seems to be a tinc-pre issue + }; + }; + + users.extraUsers.tinc_graphs = { + uid = 3925439960; #genid tinc_graphs + home = "/var/spool/tinc_graphs"; + createHome = true; + }; + + krebs.nginx.servers = mkIf cfg.nginx.enable { + tinc_graphs_complete = mkMerge [ cfg.nginx.complete { + locations = [ + (nameValuePair "/" '' + autoindex on; + root ${internal_dir}; + '') + ]; + }] ; + tinc_graphs_anonymous = mkMerge [ cfg.nginx.anonymous { + locations = [ + (nameValuePair "/" '' + autoindex on; + root ${external_dir}; + '') + ]; + }]; + }; + }; + +in +out diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index 63b1f47f7..6627d87b5 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -40,7 +40,7 @@ in { krebs.retiolum-bootstrap.enable = true; nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; - makefu.tinc_graphs = { + krebs.tinc_graphs = { enable = true; nginx = { enable = true; diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index 598365c39..a8a1f69d0 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -2,7 +2,6 @@ _: { imports = [ - ./tinc_graphs.nix ]; } diff --git a/makefu/3modules/tinc_graphs.nix b/makefu/3modules/tinc_graphs.nix deleted file mode 100644 index 1f87f00cc..000000000 --- a/makefu/3modules/tinc_graphs.nix +++ /dev/null @@ -1,145 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.makefu.tinc_graphs; - internal_dir = "${cfg.workingDir}/internal"; - external_dir = "${cfg.workingDir}/external"; - - out = { - options.makefu.tinc_graphs = api; - config = mkIf cfg.enable imp ; - }; - - api = { - enable = mkEnableOption "tinc graphs"; - - geodbPath = mkOption { - type = types.str; - description = "Path to geocitydb, defaults to geolite-legacy"; - default = "${pkgs.geolite-legacy}/share/GeoIP/GeoIPCity.dat"; - }; - - nginx = { - enable = mkEnableOption "enable tinc_graphs to be served with nginx"; - - anonymous = { - server-names = mkOption { - type = with types; listOf str; - description = "hostnames which serve anonymous graphs"; - default = [ "graphs.${config.krebs.build.host.name}" ]; - }; - - listen = mkOption { - # use the type of the nginx listen option - type = with types; listOf str; - description = "listen address for anonymous graphs"; - default = [ "80" ]; - }; - - }; - - complete = { - server-names = mkOption { - type = with types; listOf str; - description = "hostname which serves complete graphs"; - default = [ "graphs.${config.krebs.build.host.name}" ]; - }; - - listen = mkOption { - type = with types; listOf str; - description = "listen address for complete graphs"; - default = [ "127.0.0.1:80" ]; - }; - - }; - }; - - workingDir = mkOption { - type = types.str; - description = '' - Path to working dir, will create interal and external/. - Defaults to the new users home dir which defaults to - /var/cache/tinc_graphs''; - default = config.users.extraUsers.tinc_graphs.home; - }; - - timerConfig = mkOption { - type = with types; attrsOf str; - default = { - OnCalendar = "*:0/15"; - }; - }; - }; - - imp = { - environment.systemPackages = [ pkgs.tinc_graphs]; - systemd.timers.tinc_graphs = { - description = "Build Tinc Graphs via via timer"; - wantedBy = [ "timers.target"]; - timerConfig = cfg.timerConfig; - }; - systemd.services.tinc_graphs = { - description = "Build Tinc Graphs"; - environment = { - EXTERNAL_FOLDER = external_dir; - INTERNAL_FOLDER = internal_dir; - GEODB = cfg.geodbPath; - TINC_HOSTPATH=config.krebs.retiolum.hosts; - }; - - restartIfChanged = true; - - serviceConfig = { - Type = "simple"; - - ExecStartPre = pkgs.writeScript "tinc_graphs-init" '' - #!/bin/sh - if ! test -e "${cfg.workingDir}/internal/index.html"; then - cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/" "${internal_dir}" - fi - ''; - - ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs"; - - ExecStartPost = pkgs.writeScript "tinc_graphs-post" '' - #!/bin/sh - # TODO: this may break if workingDir is set to something stupid - # this is needed because homedir is created with 700 - chmod 755 "${cfg.workingDir}" - ''; - PrivateTmp = "yes"; - - User = "root"; # tinc cannot be queried as user, - # seems to be a tinc-pre issue - }; - }; - - users.extraUsers.tinc_graphs = { - uid = 3925439960; #genid tinc_graphs - home = "/var/spool/tinc_graphs"; - createHome = true; - }; - - krebs.nginx.servers = mkIf cfg.nginx.enable { - tinc_graphs_complete = mkMerge [ cfg.nginx.complete { - locations = [ - (nameValuePair "/" '' - autoindex on; - root ${internal_dir}; - '') - ]; - }] ; - tinc_graphs_anonymous = mkMerge [ cfg.nginx.anonymous { - locations = [ - (nameValuePair "/" '' - autoindex on; - root ${external_dir}; - '') - ]; - }]; - }; - }; - -in -out -- cgit v1.3.1