Migrate osmium

12 months ago · b83e8c2d46
7 changed files with 150 additions and 5 deletions
--- a/configuration/data/nodes.nix
+++ b/configuration/data/nodes.nix
@ -7,6 +7,12 @@ in injectHostnames {
 		internalIpv4 = "10.217.0.1";
 		tincPublicKey = builtins.readFile ./tinc-keys/machine-workbot-01.cryto.net.pub;
 	};
+	"machine-osmium-01.cryto.net" = {
+		friendlyName = "osmium";
+		ipv4 = "80.255.0.137";
+		internalIpv4 = "10.217.0.2";
+		tincPublicKey = builtins.readFile ./tinc-keys/machine-osmium-01.cryto.net.pub;
+	};
 	"machine-haless-03.cryto.net" = {
 		friendlyName = "haless";
 		ipv4 = "31.7.187.145";
--- a/configuration/data/tinc-keys/machine-osmium-01.cryto.net.pub
+++ b/configuration/data/tinc-keys/machine-osmium-01.cryto.net.pub
@ -0,0 +1 @@
+rKm3gedo1rHXcKVnZTjKFVJhqbcPTyH1Z1irfcAH8TB
--- a/configuration/default.nix
+++ b/configuration/default.nix
@ -9,6 +9,7 @@ let
 					unpack = self.callPackage ./lib/unpack.nix {};
 					mobileProxy = self.callPackage ./packages/mobile-proxy { configFile = null; };
 					matrixRooms = self.callPackage ./packages/matrix-rooms {};
+					pastebinStream = self.callPackage ./packages/pastebin-stream { errorPath = null; };
 				};
 			})
 		];
@ -30,6 +31,7 @@ let
 	httpHealthChecks = (import ./lib/http-health-checks.nix);
 	nginx = (import ./lib/nginx.nix);
 	daemon = (import ./lib/daemon.nix);
+	errorReporter = (import ./lib/error-reporter.nix);
 in {
 	network = {
 		inherit pkgs;
@ -207,6 +209,7 @@ in {
 			})
 		];

+		# FIXME: Verify that this actually works...
 		services.borgbackup.jobs.system = {
 			paths = "/";
 			exclude = [
@ -391,6 +394,47 @@ in {
 		];
 	};

+	"machine-osmium-01.cryto.net" = let
+		self = nodes."machine-osmium-01.cryto.net";
+		pastebinStreamPackage = pkgs.cryto.pastebinStream.override { errorPath = "/var/lib/pastebin-stream/errors"; };
+	in { pkgs, lib, config, ... }@args: {
+		system.stateVersion = "16.09";
+		networking.hostName = "machine-osmium-01";
+
+		imports = [
+			presets.base
+			./hardware-configurations/machine-osmium-01.nix
+			(tincConfiguration { hostname = self.hostname; nodes = nodes; })
+			(trackSystemMetrics self.internalIpv4)
+			(trackServiceMetrics self.internalIpv4)
+			(httpHealthChecks {
+				both = [
+					"pastebin-stream.cryto.net"
+				];
+			})
+			(daemon {
+				name = "pastebin-stream";
+				displayName = "pastebin-stream";
+				fakeHome = false;
+				binaryPath = "${pastebinStreamPackage}/bin/pastebin-stream";
+				environmentVariables = {};
+			})
+			(errorReporter {
+				serviceName = "pastebin-stream";
+				binaryPath = "${pastebinStreamPackage}/node_modules/.bin/report-errors";
+				errorPath = "/var/lib/pastebin-stream/errors";
+				from = "ops@cryto.net";
+				to = "admin@cryto.net";
+			})
+			(nginx {
+				"pastebin-stream.cryto.net" = [
+					(nginxPresets.letsEncrypt)
+					(nginxPresets.reverseProxy "http://localhost:3000/")
+				];
+			})
+		];
+	};
+
 	"machine-workbot-01.cryto.net" = let
 		self = nodes."machine-workbot-01.cryto.net";
 	in { pkgs, lib, config, ... }@args: {
--- a/configuration/hardware-configurations/machine-osmium-01.nix
+++ b/configuration/hardware-configurations/machine-osmium-01.nix
@ -0,0 +1,29 @@
+{ config, lib, pkgs, ... }:
+
+{
+	/* Begin hardware configuration section */
+	boot.kernelModules = [ ];
+	boot.extraModulePackages = [ ];
+	swapDevices = [ ];
+	nix.maxJobs = pkgs.lib.mkDefault 2;
+	/* End hardware configuration section */
+
+	fileSystems = {
+		"/" = {
+			device = "/dev/disk/by-uuid/cf472470-0b3d-414b-93f8-b5e4298fad05";
+			fsType = "ext4";
+		};
+	};
+
+	networking = {
+		defaultGateway6 = "2a01:4a0:4a::1";
+		interfaces.ens3 = {
+			ipv6.addresses = [{
+				address = "2a01:4a0:4a:5d::35c7";
+				prefixLength = 48;
+			}];
+		};
+	};
+
+	boot.loader.grub.device = lib.mkForce "/dev/vda";
+}
--- a/configuration/lib/daemon.nix
+++ b/configuration/lib/daemon.nix
@ -1,4 +1,4 @@
-{ name, displayName, fakeHome, binaryPath, environmentVariables }:
+{ name, displayName, fakeHome, binaryPath, environmentVariables, prepare ? "", before ? null }:
 	{ lib, ... }: {
 		users.groups.${name} = {};
 		users.users.${name} = {
@ -11,6 +11,7 @@
 			description = displayName;
 			wantedBy = ["multi-user.target"];
 			after = ["network.target"];
+			before = lib.mkIf (before != null) before;

 			serviceConfig = {
 				ExecStart = binaryPath;
@ -19,11 +20,13 @@
 				# PermissionsStartOnly = true;
 			};

-			preStart = lib.mkIf fakeHome ''
-				mkdir -m 0700 -p /tmp/${name}-home
-				chown ${name} /tmp/${name}-home
+			preStart = ''
+				${lib.optionalString (prepare != null) prepare}
+				${lib.optionalString fakeHome ''
+					mkdir -m 0700 -p /tmp/${name}-home
+					chown ${name} /tmp/${name}-home
+				''}
 			'';
-
 			environment =  {
 				HOME = lib.mkIf fakeHome "/tmp/${name}-home";
 			} // environmentVariables;
--- a/configuration/lib/error-reporter.nix
+++ b/configuration/lib/error-reporter.nix
@ -0,0 +1,28 @@
+{ serviceName, binaryPath, errorPath, from, to }:
+	let
+		daemon = import ./daemon.nix;
+		configurationFile = builtins.toFile "error-reporter-config.json" (builtins.toJSON {
+			errorPath = errorPath;
+			stackFilter = "*";
+			subjectFormat = "UNHANDLED ERROR: $type - $message";
+			metadata = {
+				from = from;
+				to = to;
+			};
+		});
+	in { pkgs, lib, ... }: {
+		imports = [
+			(daemon {
+				name = "${serviceName}-error-reporter";
+				displayName = "${serviceName} Error Reporter";
+				fakeHome = false;
+				binaryPath = "${binaryPath} ${configurationFile}";
+				environmentVariables = {};
+				prepare = ''
+					mkdir -m 0700 -p ${errorPath}
+					chown ${serviceName} ${errorPath}
+				'';
+				before = [ "${serviceName}.service" ];
+			})
+		];	
+	}
--- a/configuration/packages/pastebin-stream/default.nix
+++ b/configuration/packages/pastebin-stream/default.nix
@ -0,0 +1,34 @@
+{ pkgs, errorPath, ... }:
+	let
+		configuration = builtins.toFile "pastebin-stream-config.json" (builtins.toJSON {
+			errors = {
+				directory = errorPath;
+			};
+
+			scraperSettings = {
+				pastebinCom = {
+					listInterval = 60;
+					listLimit = 100;
+					pasteInterval = 1;
+				};
+			};
+		});
+	in pkgs.cryto.nodeApplication {
+		name = "pastebin-stream";
+		source = pkgs.stdenv.mkDerivation {
+			name = "pastebin-stream-application";
+			src = pkgs.cryto.fetchFromCrytoGit {
+				owner = "joepie91";
+				repo = "pastebin-stream";
+				rev = "40615402511bf6655f8420dd5f0908dfbcf7a406";
+				sha256 = "1qkqbldgr3lwv8xq6mijzwv7kcnpp54x695dp6i6bm4skijyzqnm";
+			};
+
+			# TODO: Move this logic into fetchFromCrytoGit somehow
+			buildCommand = ''
+				mkdir -p $out
+				tar --strip-components=1 -xzvf $src -C $out
+				cp ${configuration} $out/config.json
+			'';
+		};
+	}