From 704cfc7eb8e332466ddf918bc289b60c7b700988 Mon Sep 17 00:00:00 2001
From: Sven Slootweg <admin@cryto.net>
Date: Wed, 12 Jul 2017 16:26:08 +0200
Subject: [PATCH] Update attempt...

---
 applications/pastebin-stream.nix           |   7 ++
 lib/node-application.nix                   |  46 ++++++++++
 lib/node-error-reporter/default.nix        | 102 +++++++++++++++++++++
 lib/root-ssh.nix                           |   6 ++
 networks/default.nix                       |  14 ++-
 systems/{osmium.nix => osmium-testing.nix} |   6 --
 test-infinite-recursion.nix                |   9 ++
 7 files changed, 183 insertions(+), 7 deletions(-)
 create mode 100644 applications/pastebin-stream.nix
 create mode 100644 lib/node-application.nix
 create mode 100644 lib/node-error-reporter/default.nix
 rename systems/{osmium.nix => osmium-testing.nix} (78%)
 create mode 100644 test-infinite-recursion.nix

diff --git a/applications/pastebin-stream.nix b/applications/pastebin-stream.nix
new file mode 100644
index 0000000..4d4b567
--- /dev/null
+++ b/applications/pastebin-stream.nix
@@ -0,0 +1,7 @@
+{pkgs, ...}:
+	(import ../lib/node-application.nix) { inherit pkgs; } {
+		tarball = "https://git.cryto.net/joepie91/pastebin-stream/archive/master.tar.gz";
+		name = "pastebin-stream";
+		hasErrorReporting = true;
+		mainBinaryPath = "server.js";
+	}
diff --git a/lib/node-application.nix b/lib/node-application.nix
new file mode 100644
index 0000000..9e4e692
--- /dev/null
+++ b/lib/node-application.nix
@@ -0,0 +1,46 @@
+{pkgs}: {tarball, name, mainBinaryPath, serviceOptions ? {}, serviceConfig ? {}, hasErrorReporting ? false}:
+	with pkgs.stdenv.lib;
+
+	let
+		/*serviceName = "node-${name}";*/
+		serviceName = "node-foo";
+		cfg = config.services."${serviceName}";
+		source = builtins.fetchTarball tarball;
+		application = (import (pkgs.stdenv.mkDerivation {
+			src = source;
+			buildInputs = [ pkgs.node2nix ];
+			buildCommand = ''
+				node2nix -6 --pkg-name nodejs_6_x
+			'';
+		})).package;
+		errorReporter = (import ./node-error-reporter) { inherit pkgs; };
+	in {
+		imports = [
+			/*mkIf hasErrorReporting (errorReporter {
+				application = application;
+				applicationName = name;
+			})*/
+		];
+
+		options.services."${serviceName}" = {
+			enable = mkEnableOption "${name}";
+		} // serviceOptions;
+
+		config = mkIf cfg.enable {
+			# FIXME: What if a username conflict occurs?
+			users.extraUsers."${name}" = {
+				description = "${name} Service User";
+			};
+
+			services."${serviceName}" = {
+				description = "${name} Service";
+				wantedBy = ["multi-user.target"];
+				after = ["network.target"];
+
+				serviceConfig = {
+					ExecStart = "${application}/${mainBinaryPath}";
+					User = name;
+				};
+			} // serviceConfig;
+		};
+	}
diff --git a/lib/node-error-reporter/default.nix b/lib/node-error-reporter/default.nix
new file mode 100644
index 0000000..318cc65
--- /dev/null
+++ b/lib/node-error-reporter/default.nix
@@ -0,0 +1,102 @@
+{pkgs}: {applicationName, application}:
+	with pkgs.stdenv.lib;
+
+	let
+		serviceName = "node-${applicationName}-error-reporter";
+		cfg = config.services."${serviceName}";
+		# FIXME: report-errors NPM package!
+	in {
+		options.services."${serviceName}" = {
+			enable = mkEnableOption "${name} Error Reporter";
+
+			stackFilter = mkOption {
+				description = ''
+					What modules to filter out of the simplified stacktraces
+					shown in the e-mail report. This can either be the
+					string "*" (to filter out every third-party module), or
+					an array of module names to filter.
+
+					Note that the e-mail will always include a JSON
+					attachment containing the full stacktrace - this setting
+					purely affects the e-mail body.
+				'';
+				default = "*";
+				type = types.either types.str (types.listOf types.str);
+			};
+
+			subjectFormat = mkOption {
+				description = ''
+					The format for the subject line of the report e-mail. In
+					this string, `$type` will be replaced with the error
+					type/name, and `$message` will be replaced with the
+					error message.
+				'';
+				default = "UNHANDLED ERROR: $type - $message";
+				type = types.str;
+			};
+
+			metadata = {
+				from = mkOption {
+					description = ''
+						 The sender address displayed on the e-mail report.
+					'';
+					type = types.str;
+				};
+
+				to = mkOption {
+					description = ''
+						 The address to e-mail reports to.
+					'';
+					type = types.str;
+				};
+			};
+
+			smtp = {
+				hostname = mkOption {
+					description = ''
+						 The hostname on which the SMTP server can be
+						 reached.
+					'';
+					default = null;
+					type = types.nullOr types.str;
+				};
+
+				port = mkOption {
+					description = ''
+						 The port number that the SMTP server is accessible
+						 on.
+					'';
+					default = null;
+					type = types.nullOr types.str;
+				};
+
+				username = mkOption {
+					description = ''
+						 Your username for the SMTP server.
+					'';
+					default = null;
+					type = types.nullOr types.str;
+				};
+
+				password = mkOption {
+					description = ''
+						 Your password for the SMTP server.
+					'';
+					default = null;
+					type = types.nullOr types.str;
+				};
+
+			};
+		};
+
+		config = {
+			services."${serviceName}" = mkIf cfg.enabled {
+				wantedBy = [ "multi-user.target" ];
+				after = [ "network.target" ];
+				serviceConfig = {
+					ExecStart = "${pkgs.nodejs_6_x}/bin/node ${application}/node_modules/report-errors/lib/daemon/index.js";
+					User = systemd.services."node-${applicationName}".serviceConfig.User; # MARKER
+				};
+			};
+		};
+	}
diff --git a/lib/root-ssh.nix b/lib/root-ssh.nix
index 36cf5b8..b23a12a 100644
--- a/lib/root-ssh.nix
+++ b/lib/root-ssh.nix
@@ -1,4 +1,10 @@
 {
+	services.openssh = {
+		enable = true;
+		passwordAuthentication = false;
+		challengeResponseAuthentication = false;
+	};
+
 	users.users.root.openssh.authorizedKeys.keys = [
 		(builtins.readFile ./joepie91.pub)
 	];
diff --git a/networks/default.nix b/networks/default.nix
index 8a5eab3..63ea210 100644
--- a/networks/default.nix
+++ b/networks/default.nix
@@ -5,8 +5,9 @@
 		proxiedApplications = [{
 			hostname = "pastebin-stream.cryto.net";
 			tls = false;
+			root = "${pkgs.valgrind.doc}/share/doc/valgrind/html";
 			config = ''
-				root ${pkgs.valgrind.doc}/share/doc/valgrind/html
+
 			'';
 		}];
 
@@ -14,10 +15,17 @@
 			lib.concatStrings (map (application: ''
 				${application.hostname} {
 					${lib.optionalString (application.tls == false) "tls off"}
+					${lib.optionalString (application.root != null) "root ${application.root}"}
 					${application.config}
 				}
 			'') applications);
+
+		pastebinStream = (import ../applications/pastebin-stream.nix);
 	in {
+		imports = [
+			pastebinStream { inherit pkgs; }
+		];
+
 		services.caddy = {
 			enable = true;
 			agree = true;
@@ -28,5 +36,9 @@
 		};
 
 		networking.firewall.allowedTCPPorts = [ 2015 ];
+
+		environment.systemPackages = with pkgs; [
+			htop
+		];
 	};
 }
diff --git a/systems/osmium.nix b/systems/osmium-testing.nix
similarity index 78%
rename from systems/osmium.nix
rename to systems/osmium-testing.nix
index 055d838..0615ac2 100644
--- a/systems/osmium.nix
+++ b/systems/osmium-testing.nix
@@ -4,12 +4,6 @@ in {
 	resources.sshKeyPairs.ssh-key = {};
 
 	osmium = { config, pkgs, ... }: {
-		services.openssh = {
-			enable = true;
-			passwordAuthentication = false;
-			challengeResponseAuthentication = false;
-		};
-
 		deployment.targetEnv = "digitalOcean";
 		deployment.digitalOcean.region = "ams2";
 		deployment.digitalOcean.size = "512mb";
diff --git a/test-infinite-recursion.nix b/test-infinite-recursion.nix
new file mode 100644
index 0000000..c20178e
--- /dev/null
+++ b/test-infinite-recursion.nix
@@ -0,0 +1,9 @@
+let
+	foo1 = {
+		qux1 = bar2 1;
+		quz = 42;
+	};
+	bar2 = arg: baz3 (item: item);
+	baz3 = func: func bah4;
+	bah4 = foo1.qux1;
+in bar2 1 #foo1.qux1