Reorganize and finish configuration

applications/pastebin-stream.nix

@@ -1,7 +1,55 @@
 {pkgs, ...}@args:
-	(import ../lib/node-application.nix) args {
+	with pkgs.stdenv.lib;
-		tarball = "https://git.cryto.net/joepie91/pastebin-stream/archive/master.tar.gz";
+
+	let
+		fetchFromCrytoGit = (import ../lib/fetch/from-cryto-git.nix) args;
+		nodeApplication = (import ../lib/node-application.nix) args;
+		createJsonConfiguration = (import ../lib/build/json-configuration.nix) args;
+	in
+		{errorPath, debugMode ? false, rev, sha256}:
+			let
+				configuration = {
+					errors = {
+						directory = errorPath;
+					};
+
+					scraperSettings = {
+						pastebinCom = {
+							listInterval = 60;
+							listLimit = 100;
+							pasteInterval = 1;
+						};
+					};
+				};
+
+				configurationFile = createJsonConfiguration {
+					name = "pastebin-stream-configuration.json";
+					contents = configuration;
+				};
+			in
+				nodeApplication {
 					name = "pastebin-stream";
+
+					src = fetchFromCrytoGit {
+						owner = "joepie91";
+						repo = "pastebin-stream";
+						inherit rev sha256;
+					};
+
 					hasErrorReporting = true;
-		mainBinaryPath = "server.js";
+					errorPath = errorPath;
+					mainBinaryPath = "bin/pastebin-stream";
+					setupCommands = ''
+						cp ${configurationFile} $out/config.json
+					'';
+
+					serviceConfig = {
+						preStart = ''
+							mkdir -m 0700 -p ${errorPath}
+							chown pastebin-stream ${errorPath}
+						'';
+						environment = mkIf debugMode {
+							DEBUG = "pastebinStream:*";
+						};
+					};
 				}

lib/build/json-configuration.nix

@@ -0,0 +1,3 @@
+{pkgs, ...}@args:
+	{name ? "config.json", contents}:
+		builtins.toFile name (builtins.toJSON contents)

lib/build/node2nix-package.nix

@@ -0,0 +1,12 @@
+{pkgs, ...}@args:
+	{name, src, setupCommands}:
+		((import (pkgs.stdenv.mkDerivation {
+			name = name;
+			src = src;
+			buildCommand = ''
+				mkdir $out
+				tar -xzvf $src -C $out
+				cd $out
+				${setupCommands}
+			'';
+		})) {}).package

lib/fetch/from-cryto-git.nix

@@ -0,0 +1,11 @@
+{pkgs, ...}@args:
+	# FIXME: The below `name` default should be updated to use `gitRepoToName` in 17.09
+	{owner, repo, rev, name ? ("${repo}-${rev}-src"), ...}@sourceArgs:
+		let
+			baseUrl = "https://git.cryto.net/${owner}/${repo}";
+		in
+			pkgs.fetchurl ({
+				inherit name;
+				url = "${baseUrl}/archive/${rev}.tar.gz";
+				meta.homepage = baseUrl;
+			} // removeAttrs sourceArgs ["owner" "repo" "rev"])

lib/generate/caddy-configuration.nix

@@ -0,0 +1,19 @@
+{pkgs, ...}@args:
+	with pkgs.stdenv.lib;
+
+	applications:
+		concatStrings (map (application: ''
+			${application.hostname} {
+				timeouts none
+
+				${optionalString (application.tls == false) "tls off"}
+				${optionalString (application?root && application.root != null) "root ${application.root}"}
+				${optionalString (application?proxyTarget && application.proxyTarget != null) ''
+					proxy / ${application.proxyTarget} {
+						websocket
+						transparent
+					}
+				''}
+				${optionalString (application?config) application.config}
+			}
+		'') applications)

lib/node-application.nix

@@ -1,38 +1,39 @@
-{pkgs, config, ...}: {tarball, name, mainBinaryPath, serviceOptions ? {}, serviceConfig ? {}, hasErrorReporting ? false}:
+{pkgs, config, ...}@args: {src, name, mainBinaryPath, setupCommands ? "", serviceOptions ? {}, serviceConfig ? {}, hasErrorReporting ? false, errorPath ? null}:
 	with pkgs.stdenv.lib;
 
 	let
-		/*serviceName = "node-${name}";*/
+		buildNode2nixPackage = (import ./build/node2nix-package.nix) args;
-		serviceName = "node-foo";
+	in let
+		serviceName = "node-${name}";
 		cfg = config.services."${serviceName}";
-		source = builtins.fetchTarball tarball;
+
-		application = (import (pkgs.stdenv.mkDerivation {
+		application = buildNode2nixPackage {
-			src = source;
+			name = "${serviceName}-source";
-			buildInputs = [ pkgs.node2nix ];
+			inherit src setupCommands;
-			buildCommand = ''
+		};
-				node2nix -6 --pkg-name nodejs_6_x
+
-			'';
+		errorReporter = (import ./node-error-reporter) args;
-		})).package;
+		errorReporterModule = if hasErrorReporting then (errorReporter {
-		errorReporter = (import ./node-error-reporter) { inherit pkgs; };
-	in {
-		imports = [
-			/*mkIf hasErrorReporting (errorReporter {
 			application = application;
 			applicationName = name;
-			})*/
+			errorPath = errorPath;
+		}) else null;
+	in {
+		imports = [
+			errorReporterModule
 		];
 
 		options.services."${serviceName}" = {
 			enable = mkEnableOption "${name}";
 		} // serviceOptions;
 
-		config = mkIf cfg.enable {
+		config = {
 			# FIXME: What if a username conflict occurs?
-			users.extraUsers."${name}" = {
+			users.extraUsers."${name}" = mkIf cfg.enable {
 				description = "${name} Service User";
 			};
 
-			services."${serviceName}" = {
+			systemd.services."${serviceName}" = mkIf cfg.enable ({
 				description = "${name} Service";
 				wantedBy = ["multi-user.target"];
 				after = ["network.target"];
@@ -40,7 +41,8 @@
 				serviceConfig = {
 					ExecStart = "${application}/${mainBinaryPath}";
 					User = name;
+					PermissionsStartOnly = true;
 				};
-			} // serviceConfig;
+			} // serviceConfig);
 		};
 	}

lib/node-error-reporter/default.nix

@@ -1,12 +1,25 @@
-{pkgs}: {applicationName, application}:
+{pkgs, config, lib, ...}@args: {applicationName, application, errorPath}:
 	with pkgs.stdenv.lib;
 
 	let
+		createJsonConfiguration = (import ../build/json-configuration.nix) args;
+		optionalValue = (import ../util/optional-value.nix);
+	in let
 		serviceName = "node-${applicationName}-error-reporter";
-		cfg = config.services."${serviceName}";
+		cfg = config.services."node-${applicationName}".errorReporting;
-		# FIXME: report-errors NPM package!
+
-	in {
+		configurationFile = createJsonConfiguration {
-		options.services."${serviceName}" = {
+			name = "error-reporter-configuration.json";
+			contents = (lib.filterAttrs (key: value: key != "enable") cfg) // {
+				errorPath = errorPath;
+
+				# The following is to make sure we don't end up with {hostname: null, user: null}, etc., which makes report-errors incorrectly conclude that we want to use a local SMTP server.
+				smtp = optionalValue (cfg.smtp.hostname != null) cfg.smtp;
+			};
+		};
+	in
+		{
+			options.services."node-${applicationName}".errorReporting = {
 				enable = mkEnableOption "${name} Error Reporter";
 
 				stackFilter = mkOption {
@@ -90,12 +103,14 @@
 			};
 
 			config = {
-			services."${serviceName}" = mkIf cfg.enabled {
+				systemd.services."${serviceName}" = mkIf cfg.enable {
 					wantedBy = [ "multi-user.target" ];
 					after = [ "network.target" ];
 					serviceConfig = {
-					ExecStart = "${pkgs.nodejs_6_x}/bin/node ${application}/node_modules/report-errors/lib/daemon/index.js";
+						ExecStart = "${application}/lib/node_modules/pastebin-stream/node_modules/.bin/report-errors ${configurationFile}";
-					User = systemd.services."node-${applicationName}".serviceConfig.User; # MARKER
+
+						# FIXME: Is the below the ideal approach?
+						User = config.systemd.services."node-${applicationName}".serviceConfig.User;
 					};
 				};
 			};

lib/presets/root-ssh.nix

@@ -6,6 +6,6 @@
 	};
 
 	users.users.root.openssh.authorizedKeys.keys = [
-		(builtins.readFile ./joepie91.pub)
+		(builtins.readFile ../joepie91.pub)
 	];
 }

lib/presets/tools.nix

@@ -0,0 +1,12 @@
+{pkgs, ...}:
+	{
+		environment.systemPackages = with pkgs; [
+			wget
+			curl
+			htop
+			iotop
+			iftop
+			nload
+			lsof
+		];
+	}

lib/tools.nix

@@ -1,11 +0,0 @@
-pkgs: {
-	environment.systemPackages = with pkgs; [
-		wget
-		curl
-		htop
-		iotop
-		iftop
-		nload
-		lsof
-	];
-}

lib/util/optional-value.nix

@@ -0,0 +1,5 @@
+condition: value:
+	if condition then
+		value
+	else
+		null

networks/default.nix

@@ -1,29 +1,24 @@
 {
 	network.description = "Cryto";
 
-	osmium = { config, lib, pkgs, ... }@args: let
+	osmium = { config, lib, pkgs, ... }@args:
+		let
+			pastebinStream = (import ../applications/pastebin-stream.nix) args;
+			generateCaddyConfiguration = (import ../lib/generate/caddy-configuration.nix) args;
+		in let
 			proxiedApplications = [{
-			hostname = "pastebin-stream.cryto.net";
+				hostname = "pastebin-stream-dev.cryto.net";
-			tls = false;
+				tls = true;
-			root = "${pkgs.valgrind.doc}/share/doc/valgrind/html";
+				proxyTarget = "http://localhost:3000";
-			config = ''
-
-			'';
 			}];
-
+		in
-		generateCaddyHostConfiguration = applications:
+			{
-			lib.concatStrings (map (application: ''
-				${application.hostname} {
-					${lib.optionalString (application.tls == false) "tls off"}
-					${lib.optionalString (application.root != null) "root ${application.root}"}
-					${application.config}
-				}
-			'') applications);
-
-		pastebinStream = (import ../applications/pastebin-stream.nix);
-	in {
 				imports = [
-			(pastebinStream args)
+					(pastebinStream {
+						errorPath = "/var/lib/pastebin-stream/errors";
+						rev = "3b7f6ea4ad663b82e7cfd95ae3c65f1a32f0cb0a";
+						sha256 = "0w29rwgkjpd9cl42z0n2fy5is730db3mfsqvjmxa7x65nz34d3wj";
+					})
 				];
 
 				services.caddy = {
@@ -31,11 +26,27 @@
 					agree = true;
 					email = "admin@cryto.net";
 					config = ''
-				${generateCaddyHostConfiguration proxiedApplications}
+						${generateCaddyConfiguration proxiedApplications}
 					'';
 				};
 
-		networking.firewall.allowedTCPPorts = [ 2015 ];
+				services.node-pastebin-stream = {
+					enable = true;
+
+					errorReporting = {
+						enable = true;
+
+						metadata = {
+							from = "ops@cryto.net";
+							to = "admin@cryto.net";
+						};
+					};
+				};
+
+				networking.firewall.allowedTCPPorts = [
+					80
+					443
+				];
 
 				environment.systemPackages = with pkgs; [
 					htop

systems/osmium-testing.nix

@@ -1,12 +1,16 @@
 let
-	removeNewlines = (import ../lib/remove-newlines.nix);
+	removeNewlines = (import ../lib/util/remove-newlines.nix);
+	presetRootSsh = (import ../lib/presets/root-ssh.nix);
 in {
 	resources.sshKeyPairs.ssh-key = {};
 
-	osmium = { config, pkgs, ... }: {
+	osmium = {config, pkgs, ...}@args: let
+		presetTools = (import ../lib/presets/tools.nix) args;
+	in
+		{
 			deployment.targetEnv = "digitalOcean";
 			deployment.digitalOcean.region = "ams2";
 			deployment.digitalOcean.size = "512mb";
 			#deployment.digitalOcean.authToken = removeNewlines (builtins.readFile ../credentials/digitalocean-auth-token);
-	} // (import ../lib/root-ssh.nix) // ((import ../lib/tools.nix) pkgs);
+		} // presetRootSsh // presetTools;
 }