Reorganize and finish configuration

7 years ago · 9deabe3699
parent a67f620b82
commit 9deabe3699
14 changed files with 286 additions and 155 deletions
--- a/applications/pastebin-stream.nix
+++ b/applications/pastebin-stream.nix
@ -1,7 +1,55 @@
 {pkgs, ...}@args:
-	(import ../lib/node-application.nix) args {
+	with pkgs.stdenv.lib;
-		tarball = "https://git.cryto.net/joepie91/pastebin-stream/archive/master.tar.gz";
+
-		name = "pastebin-stream";
+	let
-		hasErrorReporting = true;
+		fetchFromCrytoGit = (import ../lib/fetch/from-cryto-git.nix) args;
-		mainBinaryPath = "server.js";
+		nodeApplication = (import ../lib/node-application.nix) args;
-	}
+		createJsonConfiguration = (import ../lib/build/json-configuration.nix) args;
 	in
 		{errorPath, debugMode ? false, rev, sha256}:
 			let
 				configuration = {
 					errors = {
 						directory = errorPath;
 					};
 					scraperSettings = {
 						pastebinCom = {
 							listInterval = 60;
 							listLimit = 100;
 							pasteInterval = 1;
 						};
 					};
 				};
 				configurationFile = createJsonConfiguration {
 					name = "pastebin-stream-configuration.json";
 					contents = configuration;
 				};
 			in
 				nodeApplication {
 					name = "pastebin-stream";
 					src = fetchFromCrytoGit {
 						owner = "joepie91";
 						repo = "pastebin-stream";
 						inherit rev sha256;
 					};
 					hasErrorReporting = true;
 					errorPath = errorPath;
 					mainBinaryPath = "bin/pastebin-stream";
 					setupCommands = ''
 						cp ${configurationFile} $out/config.json
 					'';
 					serviceConfig = {
 						preStart = ''
 							mkdir -m 0700 -p ${errorPath}
 							chown pastebin-stream ${errorPath}
 						'';
 						environment = mkIf debugMode {
 							DEBUG = "pastebinStream:*";
 						};
 					};
 				}
--- a/lib/build/json-configuration.nix
+++ b/lib/build/json-configuration.nix
@ -0,0 +1,3 @@
 {pkgs, ...}@args:
 	{name ? "config.json", contents}:
 		builtins.toFile name (builtins.toJSON contents)
--- a/lib/build/node2nix-package.nix
+++ b/lib/build/node2nix-package.nix
@ -0,0 +1,12 @@
 {pkgs, ...}@args:
 	{name, src, setupCommands}:
 		((import (pkgs.stdenv.mkDerivation {
 			name = name;
 			src = src;
 			buildCommand = ''
 				mkdir $out
 				tar -xzvf $src -C $out
 				cd $out
 				${setupCommands}
 			'';
 		})) {}).package
--- a/lib/fetch/from-cryto-git.nix
+++ b/lib/fetch/from-cryto-git.nix
@ -0,0 +1,11 @@
 {pkgs, ...}@args:
 	# FIXME: The below `name` default should be updated to use `gitRepoToName` in 17.09
 	{owner, repo, rev, name ? ("${repo}-${rev}-src"), ...}@sourceArgs:
 		let
 			baseUrl = "https://git.cryto.net/${owner}/${repo}";
 		in
 			pkgs.fetchurl ({
 				inherit name;
 				url = "${baseUrl}/archive/${rev}.tar.gz";
 				meta.homepage = baseUrl;
 			} // removeAttrs sourceArgs ["owner" "repo" "rev"])
--- a/lib/generate/caddy-configuration.nix
+++ b/lib/generate/caddy-configuration.nix
@ -0,0 +1,19 @@
 {pkgs, ...}@args:
 	with pkgs.stdenv.lib;
 	applications:
 		concatStrings (map (application: ''
 			${application.hostname} {
 				timeouts none
 				${optionalString (application.tls == false) "tls off"}
 				${optionalString (application?root && application.root != null) "root ${application.root}"}
 				${optionalString (application?proxyTarget && application.proxyTarget != null) ''
 					proxy / ${application.proxyTarget} {
 						websocket
 						transparent
 					}
 				''}
 				${optionalString (application?config) application.config}
 			}
 		'') applications)
--- a/lib/node-application.nix
+++ b/lib/node-application.nix
@ -1,38 +1,39 @@
-{pkgs, config, ...}: {tarball, name, mainBinaryPath, serviceOptions ? {}, serviceConfig ? {}, hasErrorReporting ? false}:
+{pkgs, config, ...}@args: {src, name, mainBinaryPath, setupCommands ? "", serviceOptions ? {}, serviceConfig ? {}, hasErrorReporting ? false, errorPath ? null}:
 	with pkgs.stdenv.lib;
 	let
-		/*serviceName = "node-${name}";*/
+		buildNode2nixPackage = (import ./build/node2nix-package.nix) args;
-		serviceName = "node-foo";
+	in let
 		serviceName = "node-${name}";
 		cfg = config.services."${serviceName}";
-		source = builtins.fetchTarball tarball;
+
-		application = (import (pkgs.stdenv.mkDerivation {
+		application = buildNode2nixPackage {
-			src = source;
+			name = "${serviceName}-source";
-			buildInputs = [ pkgs.node2nix ];
+			inherit src setupCommands;
-			buildCommand = ''
+		};
-				node2nix -6 --pkg-name nodejs_6_x
+
-			'';
+		errorReporter = (import ./node-error-reporter) args;
-		})).package;
+		errorReporterModule = if hasErrorReporting then (errorReporter {
-		errorReporter = (import ./node-error-reporter) { inherit pkgs; };
+			application = application;
 			applicationName = name;
 			errorPath = errorPath;
 		}) else null;
 	in {
 		imports = [
-			/*mkIf hasErrorReporting (errorReporter {
+			errorReporterModule
 				application = application;
 				applicationName = name;
 			})*/
 		];
 		options.services."${serviceName}" = {
 			enable = mkEnableOption "${name}";
 		} // serviceOptions;
-		config = mkIf cfg.enable {
+		config = {
 			# FIXME: What if a username conflict occurs?
-			users.extraUsers."${name}" = {
+			users.extraUsers."${name}" = mkIf cfg.enable {
 				description = "${name} Service User";
 			};
-			services."${serviceName}" = {
+			systemd.services."${serviceName}" = mkIf cfg.enable ({
 				description = "${name} Service";
 				wantedBy = ["multi-user.target"];
 				after = ["network.target"];
@ -40,7 +41,8 @@
 				serviceConfig = {
 					ExecStart = "${application}/${mainBinaryPath}";
 					User = name;
 					PermissionsStartOnly = true;
 				};
-			} // serviceConfig;
+			} // serviceConfig);
 		};
 	}
--- a/lib/node-error-reporter/default.nix
+++ b/lib/node-error-reporter/default.nix
@ -1,102 +1,117 @@
-{pkgs}: {applicationName, application}:
+{pkgs, config, lib, ...}@args: {applicationName, application, errorPath}:
 	with pkgs.stdenv.lib;
 	let
 		createJsonConfiguration = (import ../build/json-configuration.nix) args;
 		optionalValue = (import ../util/optional-value.nix);
 	in let
 		serviceName = "node-${applicationName}-error-reporter";
-		cfg = config.services."${serviceName}";
+		cfg = config.services."node-${applicationName}".errorReporting;
 		# FIXME: report-errors NPM package!
 	in {
 		options.services."${serviceName}" = {
 			enable = mkEnableOption "${name} Error Reporter";
-			stackFilter = mkOption {
+		configurationFile = createJsonConfiguration {
-				description = ''
+			name = "error-reporter-configuration.json";
-					What modules to filter out of the simplified stacktraces
+			contents = (lib.filterAttrs (key: value: key != "enable") cfg) // {
-					shown in the e-mail report. This can either be the
+				errorPath = errorPath;
 					string "*" (to filter out every third-party module), or
 					an array of module names to filter.
-					Note that the e-mail will always include a JSON
+				# The following is to make sure we don't end up with {hostname: null, user: null}, etc., which makes report-errors incorrectly conclude that we want to use a local SMTP server.
-					attachment containing the full stacktrace - this setting
+				smtp = optionalValue (cfg.smtp.hostname != null) cfg.smtp;
 					purely affects the e-mail body.
 				'';
 				default = "*";
 				type = types.either types.str (types.listOf types.str);
 			};
 			subjectFormat = mkOption {
 				description = ''
 					The format for the subject line of the report e-mail. In
 					this string, `$type` will be replaced with the error
 					type/name, and `$message` will be replaced with the
 					error message.
 				'';
 				default = "UNHANDLED ERROR: $type - $message";
 				type = types.str;
 			};
 		};
 	in
 		{
 			options.services."node-${applicationName}".errorReporting = {
 				enable = mkEnableOption "${name} Error Reporter";
-			metadata = {
+				stackFilter = mkOption {
 				from = mkOption {
 					description = ''
-						 The sender address displayed on the e-mail report.
+						What modules to filter out of the simplified stacktraces
 						shown in the e-mail report. This can either be the
 						string "*" (to filter out every third-party module), or
 						an array of module names to filter.
 						Note that the e-mail will always include a JSON
 						attachment containing the full stacktrace - this setting
 						purely affects the e-mail body.
 					'';
-					type = types.str;
+					default = "*";
 					type = types.either types.str (types.listOf types.str);
 				};
-				to = mkOption {
+				subjectFormat = mkOption {
 					description = ''
-						 The address to e-mail reports to.
+						The format for the subject line of the report e-mail. In
 						this string, `$type` will be replaced with the error
 						type/name, and `$message` will be replaced with the
 						error message.
 					'';
 					default = "UNHANDLED ERROR: $type - $message";
 					type = types.str;
 				};
 			};
-			smtp = {
+				metadata = {
-				hostname = mkOption {
+					from = mkOption {
-					description = ''
+						description = ''
-						 The hostname on which the SMTP server can be
+							 The sender address displayed on the e-mail report.
-						 reached.
+						'';
-					'';
+						type = types.str;
-					default = null;
+					};
 					type = types.nullOr types.str;
 				};
-				port = mkOption {
+					to = mkOption {
-					description = ''
+						description = ''
-						 The port number that the SMTP server is accessible
+							 The address to e-mail reports to.
-						 on.
+						'';
-					'';
+						type = types.str;
-					default = null;
+					};
 					type = types.nullOr types.str;
 				};
-				username = mkOption {
+				smtp = {
-					description = ''
+					hostname = mkOption {
-						 Your username for the SMTP server.
+						description = ''
-					'';
+							 The hostname on which the SMTP server can be
-					default = null;
+							 reached.
-					type = types.nullOr types.str;
+						'';
-				};
+						default = null;
 						type = types.nullOr types.str;
 					};
-				password = mkOption {
+					port = mkOption {
-					description = ''
+						description = ''
-						 Your password for the SMTP server.
+							 The port number that the SMTP server is accessible
-					'';
+							 on.
-					default = null;
+						'';
-					type = types.nullOr types.str;
+						default = null;
-				};
+						type = types.nullOr types.str;
 					};
 					username = mkOption {
 						description = ''
 							 Your username for the SMTP server.
 						'';
 						default = null;
 						type = types.nullOr types.str;
 					};
 					password = mkOption {
 						description = ''
 							 Your password for the SMTP server.
 						'';
 						default = null;
 						type = types.nullOr types.str;
 					};
 				};
 			};
 		};
-		config = {
+			config = {
-			services."${serviceName}" = mkIf cfg.enabled {
+				systemd.services."${serviceName}" = mkIf cfg.enable {
-				wantedBy = [ "multi-user.target" ];
+					wantedBy = [ "multi-user.target" ];
-				after = [ "network.target" ];
+					after = [ "network.target" ];
-				serviceConfig = {
+					serviceConfig = {
-					ExecStart = "${pkgs.nodejs_6_x}/bin/node ${application}/node_modules/report-errors/lib/daemon/index.js";
+						ExecStart = "${application}/lib/node_modules/pastebin-stream/node_modules/.bin/report-errors ${configurationFile}";
-					User = systemd.services."node-${applicationName}".serviceConfig.User; # MARKER
+
 						# FIXME: Is the below the ideal approach?
 						User = config.systemd.services."node-${applicationName}".serviceConfig.User;
 					};
 				};
 			};
-		};
+		}
 	}
--- a/lib/presets/root-ssh.nix
+++ b/lib/presets/root-ssh.nix
@ -6,6 +6,6 @@
 	};
 	users.users.root.openssh.authorizedKeys.keys = [
-		(builtins.readFile ./joepie91.pub)
+		(builtins.readFile ../joepie91.pub)
 	];
 }
--- a/lib/presets/tools.nix
+++ b/lib/presets/tools.nix
@ -0,0 +1,12 @@
 {pkgs, ...}:
 	{
 		environment.systemPackages = with pkgs; [
 			wget
 			curl
 			htop
 			iotop
 			iftop
 			nload
 			lsof
 		];
 	}
--- a/lib/tools.nix
+++ b/lib/tools.nix
@ -1,11 +0,0 @@
 pkgs: {
 	environment.systemPackages = with pkgs; [
 		wget
 		curl
 		htop
 		iotop
 		iftop
 		nload
 		lsof
 	];
 }
--- a/lib/util/optional-value.nix
+++ b/lib/util/optional-value.nix
@ -0,0 +1,5 @@
 condition: value:
 	if condition then
 		value
 	else
 		null
--- a/lib/util/remove-newlines.nix
+++ b/lib/util/remove-newlines.nix
--- a/networks/default.nix
+++ b/networks/default.nix
@ -1,44 +1,55 @@
 {
 	network.description = "Cryto";
-	osmium = { config, lib, pkgs, ... }@args: let
+	osmium = { config, lib, pkgs, ... }@args:
-		proxiedApplications = [{
+		let
-			hostname = "pastebin-stream.cryto.net";
+			pastebinStream = (import ../applications/pastebin-stream.nix) args;
-			tls = false;
+			generateCaddyConfiguration = (import ../lib/generate/caddy-configuration.nix) args;
-			root = "${pkgs.valgrind.doc}/share/doc/valgrind/html";
+		in let
-			config = ''
+			proxiedApplications = [{
 				hostname = "pastebin-stream-dev.cryto.net";
 				tls = true;
 				proxyTarget = "http://localhost:3000";
 			}];
 		in
 			{
 				imports = [
 					(pastebinStream {
 						errorPath = "/var/lib/pastebin-stream/errors";
 						rev = "3b7f6ea4ad663b82e7cfd95ae3c65f1a32f0cb0a";
 						sha256 = "0w29rwgkjpd9cl42z0n2fy5is730db3mfsqvjmxa7x65nz34d3wj";
 					})
 				];
-			'';
+				services.caddy = {
-		}];
+					enable = true;
 					agree = true;
 					email = "admin@cryto.net";
 					config = ''
 						${generateCaddyConfiguration proxiedApplications}
 					'';
 				};
-		generateCaddyHostConfiguration = applications:
+				services.node-pastebin-stream = {
-			lib.concatStrings (map (application: ''
+					enable = true;
 				${application.hostname} {
 					${lib.optionalString (application.tls == false) "tls off"}
 					${lib.optionalString (application.root != null) "root ${application.root}"}
 					${application.config}
 				}
 			'') applications);
-		pastebinStream = (import ../applications/pastebin-stream.nix);
+					errorReporting = {
-	in {
+						enable = true;
 		imports = [
 			(pastebinStream args)
 		];
-		services.caddy = {
+						metadata = {
-			enable = true;
+							from = "ops@cryto.net";
-			agree = true;
+							to = "admin@cryto.net";
-			email = "admin@cryto.net";
+						};
-			config = ''
+					};
-				${generateCaddyHostConfiguration proxiedApplications}
+				};
 			'';
 		};
-		networking.firewall.allowedTCPPorts = [ 2015 ];
+				networking.firewall.allowedTCPPorts = [
 					80
 					443
 				];
-		environment.systemPackages = with pkgs; [
+				environment.systemPackages = with pkgs; [
-			htop
+					htop
-		];
+				];
-	};
+			};
 }
--- a/systems/osmium-testing.nix
+++ b/systems/osmium-testing.nix
@ -1,12 +1,16 @@
 let
-	removeNewlines = (import ../lib/remove-newlines.nix);
+	removeNewlines = (import ../lib/util/remove-newlines.nix);
 	presetRootSsh = (import ../lib/presets/root-ssh.nix);
 in {
 	resources.sshKeyPairs.ssh-key = {};
-	osmium = { config, pkgs, ... }: {
+	osmium = {config, pkgs, ...}@args: let
-		deployment.targetEnv = "digitalOcean";
+		presetTools = (import ../lib/presets/tools.nix) args;
-		deployment.digitalOcean.region = "ams2";
+	in
-		deployment.digitalOcean.size = "512mb";
+		{
-		#deployment.digitalOcean.authToken = removeNewlines (builtins.readFile ../credentials/digitalocean-auth-token);
+			deployment.targetEnv = "digitalOcean";
-	} // (import ../lib/root-ssh.nix) // ((import ../lib/tools.nix) pkgs);
+			deployment.digitalOcean.region = "ams2";
 			deployment.digitalOcean.size = "512mb";
 			#deployment.digitalOcean.authToken = removeNewlines (builtins.readFile ../credentials/digitalocean-auth-token);
 		} // presetRootSsh // presetTools;
 }