Migrate osmium

Sven Slootweg 2 years ago
parent 525845c534
commit b83e8c2d46

@ -7,6 +7,12 @@ in injectHostnames {
internalIpv4 = ""; internalIpv4 = "";
tincPublicKey = builtins.readFile ./tinc-keys/machine-workbot-01.cryto.net.pub; tincPublicKey = builtins.readFile ./tinc-keys/machine-workbot-01.cryto.net.pub;
}; };
"machine-osmium-01.cryto.net" = {
friendlyName = "osmium";
ipv4 = "";
internalIpv4 = "";
tincPublicKey = builtins.readFile ./tinc-keys/machine-osmium-01.cryto.net.pub;
"machine-haless-03.cryto.net" = { "machine-haless-03.cryto.net" = {
friendlyName = "haless"; friendlyName = "haless";
ipv4 = ""; ipv4 = "";

@ -0,0 +1 @@

@ -9,6 +9,7 @@ let
unpack = self.callPackage ./lib/unpack.nix {}; unpack = self.callPackage ./lib/unpack.nix {};
mobileProxy = self.callPackage ./packages/mobile-proxy { configFile = null; }; mobileProxy = self.callPackage ./packages/mobile-proxy { configFile = null; };
matrixRooms = self.callPackage ./packages/matrix-rooms {}; matrixRooms = self.callPackage ./packages/matrix-rooms {};
pastebinStream = self.callPackage ./packages/pastebin-stream { errorPath = null; };
}; };
}) })
]; ];
@ -30,6 +31,7 @@ let
httpHealthChecks = (import ./lib/http-health-checks.nix); httpHealthChecks = (import ./lib/http-health-checks.nix);
nginx = (import ./lib/nginx.nix); nginx = (import ./lib/nginx.nix);
daemon = (import ./lib/daemon.nix); daemon = (import ./lib/daemon.nix);
errorReporter = (import ./lib/error-reporter.nix);
in { in {
network = { network = {
inherit pkgs; inherit pkgs;
@ -207,6 +209,7 @@ in {
}) })
]; ];
# FIXME: Verify that this actually works...
services.borgbackup.jobs.system = { services.borgbackup.jobs.system = {
paths = "/"; paths = "/";
exclude = [ exclude = [
@ -391,6 +394,47 @@ in {
]; ];
}; };
"machine-osmium-01.cryto.net" = let
self = nodes."machine-osmium-01.cryto.net";
pastebinStreamPackage = pkgs.cryto.pastebinStream.override { errorPath = "/var/lib/pastebin-stream/errors"; };
in { pkgs, lib, config, ... }@args: {
system.stateVersion = "16.09";
networking.hostName = "machine-osmium-01";
imports = [
(tincConfiguration { hostname = self.hostname; nodes = nodes; })
(trackSystemMetrics self.internalIpv4)
(trackServiceMetrics self.internalIpv4)
(httpHealthChecks {
both = [
(daemon {
name = "pastebin-stream";
displayName = "pastebin-stream";
fakeHome = false;
binaryPath = "${pastebinStreamPackage}/bin/pastebin-stream";
environmentVariables = {};
(errorReporter {
serviceName = "pastebin-stream";
binaryPath = "${pastebinStreamPackage}/node_modules/.bin/report-errors";
errorPath = "/var/lib/pastebin-stream/errors";
from = "ops@cryto.net";
to = "admin@cryto.net";
(nginx {
"pastebin-stream.cryto.net" = [
(nginxPresets.reverseProxy "http://localhost:3000/")
"machine-workbot-01.cryto.net" = let "machine-workbot-01.cryto.net" = let
self = nodes."machine-workbot-01.cryto.net"; self = nodes."machine-workbot-01.cryto.net";
in { pkgs, lib, config, ... }@args: { in { pkgs, lib, config, ... }@args: {

@ -0,0 +1,29 @@
{ config, lib, pkgs, ... }:
/* Begin hardware configuration section */
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
swapDevices = [ ];
nix.maxJobs = pkgs.lib.mkDefault 2;
/* End hardware configuration section */
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/cf472470-0b3d-414b-93f8-b5e4298fad05";
fsType = "ext4";
networking = {
defaultGateway6 = "2a01:4a0:4a::1";
interfaces.ens3 = {
ipv6.addresses = [{
address = "2a01:4a0:4a:5d::35c7";
prefixLength = 48;
boot.loader.grub.device = lib.mkForce "/dev/vda";

@ -1,4 +1,4 @@
{ name, displayName, fakeHome, binaryPath, environmentVariables }: { name, displayName, fakeHome, binaryPath, environmentVariables, prepare ? "", before ? null }:
{ lib, ... }: { { lib, ... }: {
users.groups.${name} = {}; users.groups.${name} = {};
users.users.${name} = { users.users.${name} = {
@ -11,6 +11,7 @@
description = displayName; description = displayName;
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
after = ["network.target"]; after = ["network.target"];
before = lib.mkIf (before != null) before;
serviceConfig = { serviceConfig = {
ExecStart = binaryPath; ExecStart = binaryPath;
@ -19,11 +20,13 @@
# PermissionsStartOnly = true; # PermissionsStartOnly = true;
}; };
preStart = lib.mkIf fakeHome '' preStart = ''
mkdir -m 0700 -p /tmp/${name}-home ${lib.optionalString (prepare != null) prepare}
chown ${name} /tmp/${name}-home ${lib.optionalString fakeHome ''
mkdir -m 0700 -p /tmp/${name}-home
chown ${name} /tmp/${name}-home
''; '';
environment = { environment = {
HOME = lib.mkIf fakeHome "/tmp/${name}-home"; HOME = lib.mkIf fakeHome "/tmp/${name}-home";
} // environmentVariables; } // environmentVariables;

@ -0,0 +1,28 @@
{ serviceName, binaryPath, errorPath, from, to }:
daemon = import ./daemon.nix;
configurationFile = builtins.toFile "error-reporter-config.json" (builtins.toJSON {
errorPath = errorPath;
stackFilter = "*";
subjectFormat = "UNHANDLED ERROR: $type - $message";
metadata = {
from = from;
to = to;
in { pkgs, lib, ... }: {
imports = [
(daemon {
name = "${serviceName}-error-reporter";
displayName = "${serviceName} Error Reporter";
fakeHome = false;
binaryPath = "${binaryPath} ${configurationFile}";
environmentVariables = {};
prepare = ''
mkdir -m 0700 -p ${errorPath}
chown ${serviceName} ${errorPath}
before = [ "${serviceName}.service" ];

@ -0,0 +1,34 @@
{ pkgs, errorPath, ... }:
configuration = builtins.toFile "pastebin-stream-config.json" (builtins.toJSON {
errors = {
directory = errorPath;
scraperSettings = {
pastebinCom = {
listInterval = 60;
listLimit = 100;
pasteInterval = 1;
in pkgs.cryto.nodeApplication {
name = "pastebin-stream";
source = pkgs.stdenv.mkDerivation {
name = "pastebin-stream-application";
src = pkgs.cryto.fetchFromCrytoGit {
owner = "joepie91";
repo = "pastebin-stream";
rev = "40615402511bf6655f8420dd5f0908dfbcf7a406";
sha256 = "1qkqbldgr3lwv8xq6mijzwv7kcnpp54x695dp6i6bm4skijyzqnm";
# TODO: Move this logic into fetchFromCrytoGit somehow
buildCommand = ''
mkdir -p $out
tar --strip-components=1 -xzvf $src -C $out
cp ${configuration} $out/config.json