Simplify bragi, move bar to odin

7 files changed, 153 insertions, 211 deletions

diff --git a/bragi.nix b/bragi.nix
index 146defc8..156abdbc 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -40,22 +40,8 @@ in rec {
   nixpkgs = {
     overlays = [
       (selfPkgs: superPkgs: {
-        haskellPackages = superPkgs.haskellPackages.extend (selfH: superH: {
-          encoding = superPkgs.haskell.lib.overrideCabal superH.encoding ( oldAttrs: {
-            src = superPkgs.fetchFromGitHub { owner = "pngwjpgh"; repo = "encoding"; rev = "extended-version-bounds"; sha256 = "0pzxixp384a1ywzj56pl7xc4ln7i9x6mq8spqjwcs80y0pgfpp9s"; };
-            patches = [];
-          });
-          inherit
-            (lib.mapAttrs (name: superPkgs.haskell.lib.dontCheck) superH)
-            Glob filelock hedgehog scientific http-date;
-          bar = superPkgs.callPackage ./bragi/bar { haskellPackages = selfH; };
-        } // (import ./custom/thermoprint { callPackage = superPkgs.lib.callPackageWith (selfH // { inherit (superPkgs) stdenv makeWrapper runCommand; }); extraPackages = (p: with p; [ persistent-postgresql ]); }));
-
         jack2Full = superPkgs.jack2Full.override { dbus = null; };
-
         mpd = superPkgs.mpd.override { gmeSupport = false; pulseaudioSupport = false; };
-      
-        inherit (selfPkgs.haskellPackages) thermoprint-server thermoprint-webgui tprint bar;
       })
     ];
 
@@ -72,9 +58,7 @@ in rec {
     nfs-utils
     jack2Full
     tprint
-    samba
     rebuild-system
-    vnstat
   ];
 
   # List services that you want to enable:
@@ -87,33 +71,6 @@ in rec {
     rateLimitBurst = 0;
   };
     
-  systemd.automounts = [
-    {
-      wantedBy = [ "multi-user.target" ];
-      where = "/media/dellingr";
-      automountConfig.TimoutIdleSec = "30s";
-    }
-    {
-      wantedBy = [ "multi-user.target" ];
-      where = "/media/vali";
-      automountConfig.TimoutIdleSec = "5min";
-    }
-  ];
-
-  systemd.mounts = [
-    {
-      what = "/dev/disk/by-uuid/6436-3432";
-      where = "/media/dellingr";
-      type = "vfat";
-    }
-    {
-      what = "//VALI/Public";
-      where = "/media/vali";
-      type = "cifs";
-      options = "guest,dir_mode=0777,file_mode=0666,nounix,iocharset=utf8,sec=none";
-    }
-  ];
-
   systemd.globalEnvironment = {
     JACK_PROMISCUOUS_SERVER = "1";
   };
@@ -224,176 +181,14 @@ in rec {
     esac
   '';
 
-  services.samba = {
-    enable = true;
-    extraConfig = ''
-      domain master = no
-      workgroup = ASGARD
-      load printers = no
-      printing = bsd
-      printcap name = /dev/null
-      disable spoolss = yes
-    '';
-  };
-
-  users.extraUsers.root = let
+  users.users.root = let
     template = (import users/gkleen.nix);
     in {
         inherit (template) shell;
         openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles;
       };
-
-  users.extraUsers."thermoprint" = {
-    name = "thermoprint";
-    group = "lp";
-    isSystemUser = true;
-    createHome = true;
-    home = "/var/lib/thermoprint";
   };
 
-  systemd.services."thermoprint" = {
-    environment = {
-      THERMOPRINT_CONFIG = "${./bragi/thermoprint-server}";
-      THERMOPRINT_CACHE = "${users.extraUsers."thermoprint".home}/dyre";
-    };
-    requires = [ "postgresql.service" ];
-    wantedBy = [ "default.target" ];
-    serviceConfig = {
-      Type = "simple";
-      ExecStart = "${pkgs.thermoprint-server}/bin/thermoprint-server --force-reconf";
-      User = users.extraUsers."thermoprint".name;
-      Group = users.extraUsers."thermoprint".group;
-      WorkingDirectory = "~";
-    };
-  };
-
-  systemd.services."thermoprint-webgui" = {
-    wantedBy = [ "default.target" ];
-    serviceConfig = {
-      Type = "simple";
-      ExecStart = ''
-        ${pkgs.thermoprint-webgui}/bin/thermoprint-webgui -P 80 -A localhost -F /thermoprint/api/ -a "localhost" -p 8081
-      '';
-      User = users.extraUsers."thermoprint".name;
-      Group = users.extraUsers."thermoprint".group;
-      WorkingDirectory = "~";
-    };
-  };
-
-  users.extraUsers."bar" = {
-    name = "bar";
-    group = "nogroup";
-    isSystemUser = true;
-    createHome = true;
-    home = "/var/lib/bar";
-  };
-
-  systemd.services."bar" = let
-    ghc = pkgs.haskellPackages.ghcWithPackages (p: with p; [yesod persistent-postgresql]);
-  in {
-    environment = {
-      PORT = "8082";
-      HOST = "::1";
-      TPRINT_BASEURL = "http://localhost:80/thermoprint/api";
-      APPROOT = "/bar";
-      IP_FROM_HEADER = "true";
-    };
-    bindsTo = [ "postgresql.service" ];
-    after = [ "postgresql.service" ];
-    wantedBy = [ "default.target" ];
-    path = with pkgs; [ bar ];
-    script = ''
-      exec bar
-    '';
-    serviceConfig = {
-      Type = "notify";
-      User = users.extraUsers."bar".name;
-      Group = users.extraUsers."bar".group;
-      WorkingDirectory = "~";
-    };
-  };
-
-  services.nginx = {
-    enable = true;
-    httpConfig = ''
-      default_type application/octet-stream;
-
-      log_format main
-              '$remote_addr - $remote_user [$time_local] '
-              '"$request" $status $bytes_sent '
-              '"$http_referer" "$http_user_agent" '
-              '"$gzip_ratio"';
-
-      client_header_timeout 10m;
-      client_body_timeout 10m;
-      send_timeout 10m;
-
-      connection_pool_size 256;
-      client_header_buffer_size 1k;
-      large_client_header_buffers 4 2k;
-      request_pool_size 4k;
-
-      gzip on;
-      gzip_min_length 1100;
-      gzip_buffers 4 8k;
-      gzip_types text/plain;
-
-      output_buffers 1 32k;
-      postpone_output 1460;
-
-      sendfile on;
-      tcp_nopush on;
-      tcp_nodelay on;
-
-      keepalive_timeout 75 20;
-
-      ignore_invalid_headers on;
-
-      access_log stderr;
-      error_log stderr;
-
-      server {
-        listen *:80;
-        server_name _;
-
-        location /thermoprint/api/ {
-          proxy_pass http://[::1]:8080/;
-          proxy_http_version 1.1;
-          proxy_set_header Upgrade $http_upgrade;
-          proxy_set_header Connection "upgrade";
-        }
-
-        location /thermoprint/ {
-          proxy_pass http://localhost:8081/;
-        }
-
-        location /bar/ {
-          proxy_pass http://[::1]:8082/;
-        }
-      }
-    '';
-  };
-
-  services.postgresql = {
-    enable = true;
-    enableTCPIP = true;
-    authentication = lib.mkForce ''
-      local all all peer
-      host all all 10.141.0.0/16 md5
-    '';
-    initialScript = pkgs.writeText "schema.sql" ''
-      CREATE USER thermoprint;
-      CREATE DATABASE thermoprint WITH OWNER = thermoprint;
-      GRANT ALL ON DATABASE thermoprint TO thermoprint;
-
-      CREATE USER bar;
-      CREATE DATABASE bar WITH OWNER = bar;
-      GRANT ALL ON DATABASE bar TO bar;
-    '';
-  };
-
-  services.vnstat.enable = true;
-
   nix = {
     daemonIONiceLevel = 3;
     daemonNiceLevel = 10;
@@ -405,7 +200,7 @@ in rec {
   };
 
   system.autoUpgrade.enable = true;
-  system.nixos.stateVersion = "16.09";
+  system.stateVersion = "16.09";
 
   systemd.services."nixos-upgrade".path = with pkgs; [ git ];
   systemd.services."nixos-upgrade".preStart = ''
diff --git a/custom/bar-service.nix b/custom/bar-service.nix
new file mode 100644
index 00000000..2a492ce1
--- /dev/null
+++ b/custom/bar-service.nix
@@ -0,0 +1,99 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.bar;
+in {
+  options.services.bar = {
+    enable = mkEnableOption "the Bar Inventory System";
+
+    user = mkOption {
+      type = types.str;
+      default = "bar";
+      description = "User to execute the daemon under";
+    };
+
+    group = mkOption {
+      type = types.str;
+      default = "bar";
+      description = "Group to execute the daemon under";
+    };
+
+    stateDir = mkOption {
+      type = types.path;
+      default = "/var/lib/bar";
+      description = "Directory for the daemon to store semi-transient state (encryption keys etc.)";
+    };
+
+    port = mkOption {
+      type = types.int;
+      default = 8080;
+      description = "Port for the daemon to listen on";
+    };
+
+    host = mkOption {
+      type = types.str;
+      default = "localhost";
+      description = "Host to bind to";
+    };
+
+    approot = mkOption {
+      type = types.str;
+      default = "/";
+      description = "Subdirectory of the daemon-managed site relative to HTTP /; only useful when using a reverse proxy";
+    };
+
+    thermoprintBaseURL = mkOption {
+      type = with types; nullOr types.str;
+      default = null;
+      example = "http://localhost:80/thermoprint/api";
+      description = "Thermoprint base url";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    assertions = [
+      { assertion = config.services.postgresql.enable;
+        message = "bar requires PostgreSQL";
+      }
+    ];
+
+    users.users."${cfg.user}" = {
+      group = cfg.group;
+      description = "User for the Bar Inventory System";
+      isSystemUser = true;
+      home = cfg.stateDir;
+      createHome = true;
+    };
+
+    users.groups."${cfg.group}" = {};
+
+    nixpkgs.overlays = [(self: super: {
+      bar = self.callPackage ./bar { inherit (self) haskellPackages; };
+    })];
+
+    systemd.services."bar" = {
+      environment = {
+        PORT = cfg.port;
+        HOST = cfg.host;
+        APPROOT = cfg.approot;
+        IP_FROM_HEADER = cfg.ipFromHeader;
+        TPRINT_BASEURL = mkIf (cfg.thermoprintBaseURL != null) cfg.thermoprintBaseURL;
+      };
+
+      bindsTo = [ "postgresql.service" ];
+      after = [ "postgresql.service" ];
+      wantedBy = [ "default.target" ];
+
+      serviceConfig = {
+        Type = "notify";
+        User = cfg.user;
+        Group = cfg.group;
+        WorkingDirectory = cfg.stateDir;
+
+        ExecStart = with pkgs; "${bar}/bin/bar";
+      };
+    };
+  };
+}
diff --git a/bragi/bar/default.nix b/custom/bar/default.nix
index 98b36901..98b36901 100644
--- a/bragi/bar/default.nix
+++ b/custom/bar/default.nix
diff --git a/bragi/bar/generated.nix b/custom/bar/generated.nix
index 966924ad..966924ad 100644
--- a/bragi/bar/generated.nix
+++ b/custom/bar/generated.nix
diff --git a/bragi/bar/generated.nix.gup b/custom/bar/generated.nix.gup
index eeb13ad2..eeb13ad2 100644
--- a/bragi/bar/generated.nix.gup
+++ b/custom/bar/generated.nix.gup
diff --git a/custom/trivmix-service.nix b/custom/trivmix-service.nix
index fc69d93e..f278c7eb 100644
--- a/custom/trivmix-service.nix
+++ b/custom/trivmix-service.nix
@@ -5,8 +5,6 @@ with lib;
 let
   cfg = config.services.trivmix;
 
-  trivmix = pkgs.haskellPackages.callPackage ./trivmix {};
-
   mixerModule = {
     options = {
       connectIn = mkOption {
@@ -117,7 +115,11 @@ in {
   };
 
   config = mkIf (cfg.mixers != {}) {
-    environment.systemPackages = [ trivmix ];
+    nixpkgs.overlays = [(self: super: {
+      trivmix = self.haskellPackages.callPackage ./trivmix {};
+    })];
+
+    environment.systemPackages = with pkgs; [ trivmix ];
   
     systemd.services = mapAttrs service cfg.mixers;
   };
diff --git a/odin.nix b/odin.nix
index 71e5617d..7e911610 100644
--- a/odin.nix
+++ b/odin.nix
@@ -15,6 +15,7 @@
       ./custom/motion.nix
       ./custom/unit-status-mail.nix
       ./custom/zsh.nix
+      ./custom/bar-service.nix
       ./utils/nix/module.nix
     ];
 
@@ -423,6 +424,51 @@
     '';
   };
 
+  services.postgresql = {
+    enable = true;
+    package = with pkgs; postgresql100;
+    enableTCPIP = true;
+    authentication = lib.mkForce ''
+      local all all               peer
+      host  all all 127.0.0.1/32  scram-sha-256
+      host  all all ::1/128       scram-sha-256
+      host  all all 10.141.0.0/16 scram-sha-256
+    '';
+    initialScript = pkgs.writeText "schema.sql" ''
+      CREATE USER bar;
+      CREATE DATABASE bar WITH OWNER = bar;
+      GRANT ALL ON DATABASE bar TO bar;
+    '';
+  };
+
+  services.bar = {
+    enable = true;
+    port = 8082;
+    approot = "/bar";
+  };
+
+  services.nginx = {
+    enable = true;
+
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+
+    virtualHosts."odin.asgard.yggdrasil" = {
+      serverAliases = [ "odin" "10.141.1.2" ];
+
+      locations = {
+        "/bar/".proxyPass = "http://bar";
+      };
+    };
+
+    upstreams = {
+      "bar" = {
+        servers."localhost:${services.bar.port}"= {};
+      };
+    };
+  };
+
   systemd.status-mail = {
     recipient = "root@odin.asgard.yggdrasil";
     onFailure = [ "nixos-upgrade"
@@ -432,7 +478,7 @@
   };
 
   system.autoUpgrade.enable = true;
-  system.nixos.stateVersion = "18.09";
+  system.stateVersion = "18.09";
 
   systemd.services."nixos-upgrade" = {
     path = with pkgs; [ git ];