Browse Source

Migrate osmium

master
Sven Slootweg 12 months ago
parent
commit
b83e8c2d46
  1. 6
      configuration/data/nodes.nix
  2. 1
      configuration/data/tinc-keys/machine-osmium-01.cryto.net.pub
  3. 44
      configuration/default.nix
  4. 29
      configuration/hardware-configurations/machine-osmium-01.nix
  5. 13
      configuration/lib/daemon.nix
  6. 28
      configuration/lib/error-reporter.nix
  7. 34
      configuration/packages/pastebin-stream/default.nix

6
configuration/data/nodes.nix

@ -7,6 +7,12 @@ in injectHostnames {
internalIpv4 = "10.217.0.1";
tincPublicKey = builtins.readFile ./tinc-keys/machine-workbot-01.cryto.net.pub;
};
"machine-osmium-01.cryto.net" = {
friendlyName = "osmium";
ipv4 = "80.255.0.137";
internalIpv4 = "10.217.0.2";
tincPublicKey = builtins.readFile ./tinc-keys/machine-osmium-01.cryto.net.pub;
};
"machine-haless-03.cryto.net" = {
friendlyName = "haless";
ipv4 = "31.7.187.145";

1
configuration/data/tinc-keys/machine-osmium-01.cryto.net.pub

@ -0,0 +1 @@
rKm3gedo1rHXcKVnZTjKFVJhqbcPTyH1Z1irfcAH8TB

44
configuration/default.nix

@ -9,6 +9,7 @@ let
unpack = self.callPackage ./lib/unpack.nix {};
mobileProxy = self.callPackage ./packages/mobile-proxy { configFile = null; };
matrixRooms = self.callPackage ./packages/matrix-rooms {};
pastebinStream = self.callPackage ./packages/pastebin-stream { errorPath = null; };
};
})
];
@ -30,6 +31,7 @@ let
httpHealthChecks = (import ./lib/http-health-checks.nix);
nginx = (import ./lib/nginx.nix);
daemon = (import ./lib/daemon.nix);
errorReporter = (import ./lib/error-reporter.nix);
in {
network = {
inherit pkgs;
@ -207,6 +209,7 @@ in {
})
];
# FIXME: Verify that this actually works...
services.borgbackup.jobs.system = {
paths = "/";
exclude = [
@ -391,6 +394,47 @@ in {
];
};
"machine-osmium-01.cryto.net" = let
self = nodes."machine-osmium-01.cryto.net";
pastebinStreamPackage = pkgs.cryto.pastebinStream.override { errorPath = "/var/lib/pastebin-stream/errors"; };
in { pkgs, lib, config, ... }@args: {
system.stateVersion = "16.09";
networking.hostName = "machine-osmium-01";
imports = [
presets.base
./hardware-configurations/machine-osmium-01.nix
(tincConfiguration { hostname = self.hostname; nodes = nodes; })
(trackSystemMetrics self.internalIpv4)
(trackServiceMetrics self.internalIpv4)
(httpHealthChecks {
both = [
"pastebin-stream.cryto.net"
];
})
(daemon {
name = "pastebin-stream";
displayName = "pastebin-stream";
fakeHome = false;
binaryPath = "${pastebinStreamPackage}/bin/pastebin-stream";
environmentVariables = {};
})
(errorReporter {
serviceName = "pastebin-stream";
binaryPath = "${pastebinStreamPackage}/node_modules/.bin/report-errors";
errorPath = "/var/lib/pastebin-stream/errors";
from = "ops@cryto.net";
to = "admin@cryto.net";
})
(nginx {
"pastebin-stream.cryto.net" = [
(nginxPresets.letsEncrypt)
(nginxPresets.reverseProxy "http://localhost:3000/")
];
})
];
};
"machine-workbot-01.cryto.net" = let
self = nodes."machine-workbot-01.cryto.net";
in { pkgs, lib, config, ... }@args: {

29
configuration/hardware-configurations/machine-osmium-01.nix

@ -0,0 +1,29 @@
{ config, lib, pkgs, ... }:
{
/* Begin hardware configuration section */
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
swapDevices = [ ];
nix.maxJobs = pkgs.lib.mkDefault 2;
/* End hardware configuration section */
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/cf472470-0b3d-414b-93f8-b5e4298fad05";
fsType = "ext4";
};
};
networking = {
defaultGateway6 = "2a01:4a0:4a::1";
interfaces.ens3 = {
ipv6.addresses = [{
address = "2a01:4a0:4a:5d::35c7";
prefixLength = 48;
}];
};
};
boot.loader.grub.device = lib.mkForce "/dev/vda";
}

13
configuration/lib/daemon.nix

@ -1,4 +1,4 @@
{ name, displayName, fakeHome, binaryPath, environmentVariables }:
{ name, displayName, fakeHome, binaryPath, environmentVariables, prepare ? "", before ? null }:
{ lib, ... }: {
users.groups.${name} = {};
users.users.${name} = {
@ -11,6 +11,7 @@
description = displayName;
wantedBy = ["multi-user.target"];
after = ["network.target"];
before = lib.mkIf (before != null) before;
serviceConfig = {
ExecStart = binaryPath;
@ -19,11 +20,13 @@
# PermissionsStartOnly = true;
};
preStart = lib.mkIf fakeHome ''
mkdir -m 0700 -p /tmp/${name}-home
chown ${name} /tmp/${name}-home
preStart = ''
${lib.optionalString (prepare != null) prepare}
${lib.optionalString fakeHome ''
mkdir -m 0700 -p /tmp/${name}-home
chown ${name} /tmp/${name}-home
''}
'';
environment = {
HOME = lib.mkIf fakeHome "/tmp/${name}-home";
} // environmentVariables;

28
configuration/lib/error-reporter.nix

@ -0,0 +1,28 @@
{ serviceName, binaryPath, errorPath, from, to }:
let
daemon = import ./daemon.nix;
configurationFile = builtins.toFile "error-reporter-config.json" (builtins.toJSON {
errorPath = errorPath;
stackFilter = "*";
subjectFormat = "UNHANDLED ERROR: $type - $message";
metadata = {
from = from;
to = to;
};
});
in { pkgs, lib, ... }: {
imports = [
(daemon {
name = "${serviceName}-error-reporter";
displayName = "${serviceName} Error Reporter";
fakeHome = false;
binaryPath = "${binaryPath} ${configurationFile}";
environmentVariables = {};
prepare = ''
mkdir -m 0700 -p ${errorPath}
chown ${serviceName} ${errorPath}
'';
before = [ "${serviceName}.service" ];
})
];
}

34
configuration/packages/pastebin-stream/default.nix

@ -0,0 +1,34 @@
{ pkgs, errorPath, ... }:
let
configuration = builtins.toFile "pastebin-stream-config.json" (builtins.toJSON {
errors = {
directory = errorPath;
};
scraperSettings = {
pastebinCom = {
listInterval = 60;
listLimit = 100;
pasteInterval = 1;
};
};
});
in pkgs.cryto.nodeApplication {
name = "pastebin-stream";
source = pkgs.stdenv.mkDerivation {
name = "pastebin-stream-application";
src = pkgs.cryto.fetchFromCrytoGit {
owner = "joepie91";
repo = "pastebin-stream";
rev = "40615402511bf6655f8420dd5f0908dfbcf7a406";
sha256 = "1qkqbldgr3lwv8xq6mijzwv7kcnpp54x695dp6i6bm4skijyzqnm";
};
# TODO: Move this logic into fetchFromCrytoGit somehow
buildCommand = ''
mkdir -p $out
tar --strip-components=1 -xzvf $src -C $out
cp ${configuration} $out/config.json
'';
};
}
Loading…
Cancel
Save