From c88ee737b8c44162c640a4c865336c5a843029ea Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 8 Sep 2018 14:37:34 +0200 Subject: Simplify bragi, move bar to odin --- bragi.nix | 209 +------------------------------------------ bragi/bar/default.nix | 47 ---------- bragi/bar/generated.nix | 35 -------- bragi/bar/generated.nix.gup | 5 -- custom/bar-service.nix | 99 ++++++++++++++++++++ custom/bar/default.nix | 47 ++++++++++ custom/bar/generated.nix | 35 ++++++++ custom/bar/generated.nix.gup | 5 ++ custom/trivmix-service.nix | 8 +- odin.nix | 48 +++++++++- 10 files changed, 240 insertions(+), 298 deletions(-) delete mode 100644 bragi/bar/default.nix delete mode 100644 bragi/bar/generated.nix delete mode 100644 bragi/bar/generated.nix.gup create mode 100644 custom/bar-service.nix create mode 100644 custom/bar/default.nix create mode 100644 custom/bar/generated.nix create mode 100644 custom/bar/generated.nix.gup diff --git a/bragi.nix b/bragi.nix index 146defc8..156abdbc 100644 --- a/bragi.nix +++ b/bragi.nix @@ -40,22 +40,8 @@ in rec { nixpkgs = { overlays = [ (selfPkgs: superPkgs: { - haskellPackages = superPkgs.haskellPackages.extend (selfH: superH: { - encoding = superPkgs.haskell.lib.overrideCabal superH.encoding ( oldAttrs: { - src = superPkgs.fetchFromGitHub { owner = "pngwjpgh"; repo = "encoding"; rev = "extended-version-bounds"; sha256 = "0pzxixp384a1ywzj56pl7xc4ln7i9x6mq8spqjwcs80y0pgfpp9s"; }; - patches = []; - }); - inherit - (lib.mapAttrs (name: superPkgs.haskell.lib.dontCheck) superH) - Glob filelock hedgehog scientific http-date; - bar = superPkgs.callPackage ./bragi/bar { haskellPackages = selfH; }; - } // (import ./custom/thermoprint { callPackage = superPkgs.lib.callPackageWith (selfH // { inherit (superPkgs) stdenv makeWrapper runCommand; }); extraPackages = (p: with p; [ persistent-postgresql ]); })); - jack2Full = superPkgs.jack2Full.override { dbus = null; }; - mpd = superPkgs.mpd.override { gmeSupport = false; pulseaudioSupport = false; }; - - inherit (selfPkgs.haskellPackages) thermoprint-server thermoprint-webgui tprint bar; }) ]; @@ -72,9 +58,7 @@ in rec { nfs-utils jack2Full tprint - samba rebuild-system - vnstat ]; # List services that you want to enable: @@ -87,33 +71,6 @@ in rec { rateLimitBurst = 0; }; - systemd.automounts = [ - { - wantedBy = [ "multi-user.target" ]; - where = "/media/dellingr"; - automountConfig.TimoutIdleSec = "30s"; - } - { - wantedBy = [ "multi-user.target" ]; - where = "/media/vali"; - automountConfig.TimoutIdleSec = "5min"; - } - ]; - - systemd.mounts = [ - { - what = "/dev/disk/by-uuid/6436-3432"; - where = "/media/dellingr"; - type = "vfat"; - } - { - what = "//VALI/Public"; - where = "/media/vali"; - type = "cifs"; - options = "guest,dir_mode=0777,file_mode=0666,nounix,iocharset=utf8,sec=none"; - } - ]; - systemd.globalEnvironment = { JACK_PROMISCUOUS_SERVER = "1"; }; @@ -224,176 +181,14 @@ in rec { esac ''; - services.samba = { - enable = true; - extraConfig = '' - domain master = no - workgroup = ASGARD - load printers = no - printing = bsd - printcap name = /dev/null - disable spoolss = yes - ''; - }; - - users.extraUsers.root = let + users.users.root = let template = (import users/gkleen.nix); in { inherit (template) shell; openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles; }; - - users.extraUsers."thermoprint" = { - name = "thermoprint"; - group = "lp"; - isSystemUser = true; - createHome = true; - home = "/var/lib/thermoprint"; }; - systemd.services."thermoprint" = { - environment = { - THERMOPRINT_CONFIG = "${./bragi/thermoprint-server}"; - THERMOPRINT_CACHE = "${users.extraUsers."thermoprint".home}/dyre"; - }; - requires = [ "postgresql.service" ]; - wantedBy = [ "default.target" ]; - serviceConfig = { - Type = "simple"; - ExecStart = "${pkgs.thermoprint-server}/bin/thermoprint-server --force-reconf"; - User = users.extraUsers."thermoprint".name; - Group = users.extraUsers."thermoprint".group; - WorkingDirectory = "~"; - }; - }; - - systemd.services."thermoprint-webgui" = { - wantedBy = [ "default.target" ]; - serviceConfig = { - Type = "simple"; - ExecStart = '' - ${pkgs.thermoprint-webgui}/bin/thermoprint-webgui -P 80 -A localhost -F /thermoprint/api/ -a "localhost" -p 8081 - ''; - User = users.extraUsers."thermoprint".name; - Group = users.extraUsers."thermoprint".group; - WorkingDirectory = "~"; - }; - }; - - users.extraUsers."bar" = { - name = "bar"; - group = "nogroup"; - isSystemUser = true; - createHome = true; - home = "/var/lib/bar"; - }; - - systemd.services."bar" = let - ghc = pkgs.haskellPackages.ghcWithPackages (p: with p; [yesod persistent-postgresql]); - in { - environment = { - PORT = "8082"; - HOST = "::1"; - TPRINT_BASEURL = "http://localhost:80/thermoprint/api"; - APPROOT = "/bar"; - IP_FROM_HEADER = "true"; - }; - bindsTo = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; - wantedBy = [ "default.target" ]; - path = with pkgs; [ bar ]; - script = '' - exec bar - ''; - serviceConfig = { - Type = "notify"; - User = users.extraUsers."bar".name; - Group = users.extraUsers."bar".group; - WorkingDirectory = "~"; - }; - }; - - services.nginx = { - enable = true; - httpConfig = '' - default_type application/octet-stream; - - log_format main - '$remote_addr - $remote_user [$time_local] ' - '"$request" $status $bytes_sent ' - '"$http_referer" "$http_user_agent" ' - '"$gzip_ratio"'; - - client_header_timeout 10m; - client_body_timeout 10m; - send_timeout 10m; - - connection_pool_size 256; - client_header_buffer_size 1k; - large_client_header_buffers 4 2k; - request_pool_size 4k; - - gzip on; - gzip_min_length 1100; - gzip_buffers 4 8k; - gzip_types text/plain; - - output_buffers 1 32k; - postpone_output 1460; - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - - keepalive_timeout 75 20; - - ignore_invalid_headers on; - - access_log stderr; - error_log stderr; - - server { - listen *:80; - server_name _; - - location /thermoprint/api/ { - proxy_pass http://[::1]:8080/; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } - - location /thermoprint/ { - proxy_pass http://localhost:8081/; - } - - location /bar/ { - proxy_pass http://[::1]:8082/; - } - } - ''; - }; - - services.postgresql = { - enable = true; - enableTCPIP = true; - authentication = lib.mkForce '' - local all all peer - host all all 10.141.0.0/16 md5 - ''; - initialScript = pkgs.writeText "schema.sql" '' - CREATE USER thermoprint; - CREATE DATABASE thermoprint WITH OWNER = thermoprint; - GRANT ALL ON DATABASE thermoprint TO thermoprint; - - CREATE USER bar; - CREATE DATABASE bar WITH OWNER = bar; - GRANT ALL ON DATABASE bar TO bar; - ''; - }; - - services.vnstat.enable = true; - nix = { daemonIONiceLevel = 3; daemonNiceLevel = 10; @@ -405,7 +200,7 @@ in rec { }; system.autoUpgrade.enable = true; - system.nixos.stateVersion = "16.09"; + system.stateVersion = "16.09"; systemd.services."nixos-upgrade".path = with pkgs; [ git ]; systemd.services."nixos-upgrade".preStart = '' diff --git a/bragi/bar/default.nix b/bragi/bar/default.nix deleted file mode 100644 index 98b36901..00000000 --- a/bragi/bar/default.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ haskellPackages -, stdenv -, fetchFromGitHub -, fetchurl -, haskell -}: - -let - pkg = haskellPackages.callPackage ./generated.nix {}; - webshim = stdenv.mkDerivation rec { - name = "webshim-${version}"; - version = "1.16.0"; - src = fetchFromGitHub { - owner = "aFarkas"; - repo = "webshim"; - rev = "1.16.0"; - sha256 = "14pk7hljqipzp0n7vpgcfxr3w4bla57cwyd7bmwmmxrm2zn62cyh"; - }; - - installPhase = '' - mkdir -p $out/js - cp -r $src/js-webshim/dev/* $out/js/ - ''; - }; - jquery = stdenv.mkDerivation rec { - name = "jquery-${version}"; - version = "3.3.1"; - src = fetchurl { - url = "https://github.com/jquery/jquery/archive/${version}.tar.gz"; - sha256 = "1d1pilrwiz0yjx27cd7gbn8qar6hw5zgwjhpsyaijcg52z82wi5q"; - }; - - installPhase = '' - mkdir -p $out/js - cp -r dist/jquery.js $out/js/ - ''; - }; -in stdenv.lib.overrideDerivation pkg (drv: { - postUnpack = '' - ( - cd bar-*/static - rm -rf jquery.js webshim - ln -vs ${jquery}/js/jquery.js . - ln -vs ${webshim}/js webshim - ) - ''; -}) diff --git a/bragi/bar/generated.nix b/bragi/bar/generated.nix deleted file mode 100644 index 966924ad..00000000 --- a/bragi/bar/generated.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ mkDerivation, aeson, base, bytestring, case-insensitive -, classy-prelude, classy-prelude-conduit, classy-prelude-yesod -, conduit, containers, data-default, directory, fast-logger -, fetchgit, file-embed, hashids, hjsmin, http-conduit, lens -, monad-control, monad-logger, mtl, persistent -, persistent-postgresql, persistent-template, safe, shakespeare -, stdenv, systemd, template-haskell, text, thermoprint-client, time -, unordered-containers, vector, wai, wai-extra, wai-logger, warp -, yaml, yesod, yesod-auth, yesod-core, yesod-form, yesod-static -}: -mkDerivation { - pname = "bar"; - version = "0.6.6"; - src = fetchgit { - url = "git://git.yggdrasil.li/gkleen/pub/bar"; - sha256 = "1nhvmqnsfcj2afbxsqgvdrq97rq7xls7w9w280dg6vyba8gipiwp"; - rev = "76fe2bc3bf14fb3f4cbd892e680f61183ff6db83"; - }; - isLibrary = true; - isExecutable = true; - libraryHaskellDepends = [ - aeson base bytestring case-insensitive classy-prelude - classy-prelude-conduit classy-prelude-yesod conduit containers - data-default directory fast-logger file-embed hashids hjsmin - http-conduit lens monad-control monad-logger mtl persistent - persistent-postgresql persistent-template safe shakespeare systemd - template-haskell text thermoprint-client time unordered-containers - vector wai wai-extra wai-logger warp yaml yesod yesod-auth - yesod-core yesod-form yesod-static - ]; - executableHaskellDepends = [ base ]; - doHaddock = false; - license = stdenv.lib.licenses.unfree; - hydraPlatforms = stdenv.lib.platforms.none; -} diff --git a/bragi/bar/generated.nix.gup b/bragi/bar/generated.nix.gup deleted file mode 100644 index eeb13ad2..00000000 --- a/bragi/bar/generated.nix.gup +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env zsh - -gup -u ${2:r}.cabal -cd ${2:h} -cabal2nix --no-haddock "git://git.yggdrasil.li/gkleen/pub/bar" >! ${1} diff --git a/custom/bar-service.nix b/custom/bar-service.nix new file mode 100644 index 00000000..2a492ce1 --- /dev/null +++ b/custom/bar-service.nix @@ -0,0 +1,99 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.bar; +in { + options.services.bar = { + enable = mkEnableOption "the Bar Inventory System"; + + user = mkOption { + type = types.str; + default = "bar"; + description = "User to execute the daemon under"; + }; + + group = mkOption { + type = types.str; + default = "bar"; + description = "Group to execute the daemon under"; + }; + + stateDir = mkOption { + type = types.path; + default = "/var/lib/bar"; + description = "Directory for the daemon to store semi-transient state (encryption keys etc.)"; + }; + + port = mkOption { + type = types.int; + default = 8080; + description = "Port for the daemon to listen on"; + }; + + host = mkOption { + type = types.str; + default = "localhost"; + description = "Host to bind to"; + }; + + approot = mkOption { + type = types.str; + default = "/"; + description = "Subdirectory of the daemon-managed site relative to HTTP /; only useful when using a reverse proxy"; + }; + + thermoprintBaseURL = mkOption { + type = with types; nullOr types.str; + default = null; + example = "http://localhost:80/thermoprint/api"; + description = "Thermoprint base url"; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { assertion = config.services.postgresql.enable; + message = "bar requires PostgreSQL"; + } + ]; + + users.users."${cfg.user}" = { + group = cfg.group; + description = "User for the Bar Inventory System"; + isSystemUser = true; + home = cfg.stateDir; + createHome = true; + }; + + users.groups."${cfg.group}" = {}; + + nixpkgs.overlays = [(self: super: { + bar = self.callPackage ./bar { inherit (self) haskellPackages; }; + })]; + + systemd.services."bar" = { + environment = { + PORT = cfg.port; + HOST = cfg.host; + APPROOT = cfg.approot; + IP_FROM_HEADER = cfg.ipFromHeader; + TPRINT_BASEURL = mkIf (cfg.thermoprintBaseURL != null) cfg.thermoprintBaseURL; + }; + + bindsTo = [ "postgresql.service" ]; + after = [ "postgresql.service" ]; + wantedBy = [ "default.target" ]; + + serviceConfig = { + Type = "notify"; + User = cfg.user; + Group = cfg.group; + WorkingDirectory = cfg.stateDir; + + ExecStart = with pkgs; "${bar}/bin/bar"; + }; + }; + }; +} diff --git a/custom/bar/default.nix b/custom/bar/default.nix new file mode 100644 index 00000000..98b36901 --- /dev/null +++ b/custom/bar/default.nix @@ -0,0 +1,47 @@ +{ haskellPackages +, stdenv +, fetchFromGitHub +, fetchurl +, haskell +}: + +let + pkg = haskellPackages.callPackage ./generated.nix {}; + webshim = stdenv.mkDerivation rec { + name = "webshim-${version}"; + version = "1.16.0"; + src = fetchFromGitHub { + owner = "aFarkas"; + repo = "webshim"; + rev = "1.16.0"; + sha256 = "14pk7hljqipzp0n7vpgcfxr3w4bla57cwyd7bmwmmxrm2zn62cyh"; + }; + + installPhase = '' + mkdir -p $out/js + cp -r $src/js-webshim/dev/* $out/js/ + ''; + }; + jquery = stdenv.mkDerivation rec { + name = "jquery-${version}"; + version = "3.3.1"; + src = fetchurl { + url = "https://github.com/jquery/jquery/archive/${version}.tar.gz"; + sha256 = "1d1pilrwiz0yjx27cd7gbn8qar6hw5zgwjhpsyaijcg52z82wi5q"; + }; + + installPhase = '' + mkdir -p $out/js + cp -r dist/jquery.js $out/js/ + ''; + }; +in stdenv.lib.overrideDerivation pkg (drv: { + postUnpack = '' + ( + cd bar-*/static + rm -rf jquery.js webshim + ln -vs ${jquery}/js/jquery.js . + ln -vs ${webshim}/js webshim + ) + ''; +}) diff --git a/custom/bar/generated.nix b/custom/bar/generated.nix new file mode 100644 index 00000000..966924ad --- /dev/null +++ b/custom/bar/generated.nix @@ -0,0 +1,35 @@ +{ mkDerivation, aeson, base, bytestring, case-insensitive +, classy-prelude, classy-prelude-conduit, classy-prelude-yesod +, conduit, containers, data-default, directory, fast-logger +, fetchgit, file-embed, hashids, hjsmin, http-conduit, lens +, monad-control, monad-logger, mtl, persistent +, persistent-postgresql, persistent-template, safe, shakespeare +, stdenv, systemd, template-haskell, text, thermoprint-client, time +, unordered-containers, vector, wai, wai-extra, wai-logger, warp +, yaml, yesod, yesod-auth, yesod-core, yesod-form, yesod-static +}: +mkDerivation { + pname = "bar"; + version = "0.6.6"; + src = fetchgit { + url = "git://git.yggdrasil.li/gkleen/pub/bar"; + sha256 = "1nhvmqnsfcj2afbxsqgvdrq97rq7xls7w9w280dg6vyba8gipiwp"; + rev = "76fe2bc3bf14fb3f4cbd892e680f61183ff6db83"; + }; + isLibrary = true; + isExecutable = true; + libraryHaskellDepends = [ + aeson base bytestring case-insensitive classy-prelude + classy-prelude-conduit classy-prelude-yesod conduit containers + data-default directory fast-logger file-embed hashids hjsmin + http-conduit lens monad-control monad-logger mtl persistent + persistent-postgresql persistent-template safe shakespeare systemd + template-haskell text thermoprint-client time unordered-containers + vector wai wai-extra wai-logger warp yaml yesod yesod-auth + yesod-core yesod-form yesod-static + ]; + executableHaskellDepends = [ base ]; + doHaddock = false; + license = stdenv.lib.licenses.unfree; + hydraPlatforms = stdenv.lib.platforms.none; +} diff --git a/custom/bar/generated.nix.gup b/custom/bar/generated.nix.gup new file mode 100644 index 00000000..eeb13ad2 --- /dev/null +++ b/custom/bar/generated.nix.gup @@ -0,0 +1,5 @@ +#!/usr/bin/env zsh + +gup -u ${2:r}.cabal +cd ${2:h} +cabal2nix --no-haddock "git://git.yggdrasil.li/gkleen/pub/bar" >! ${1} diff --git a/custom/trivmix-service.nix b/custom/trivmix-service.nix index fc69d93e..f278c7eb 100644 --- a/custom/trivmix-service.nix +++ b/custom/trivmix-service.nix @@ -5,8 +5,6 @@ with lib; let cfg = config.services.trivmix; - trivmix = pkgs.haskellPackages.callPackage ./trivmix {}; - mixerModule = { options = { connectIn = mkOption { @@ -117,7 +115,11 @@ in { }; config = mkIf (cfg.mixers != {}) { - environment.systemPackages = [ trivmix ]; + nixpkgs.overlays = [(self: super: { + trivmix = self.haskellPackages.callPackage ./trivmix {}; + })]; + + environment.systemPackages = with pkgs; [ trivmix ]; systemd.services = mapAttrs service cfg.mixers; }; diff --git a/odin.nix b/odin.nix index 71e5617d..7e911610 100644 --- a/odin.nix +++ b/odin.nix @@ -15,6 +15,7 @@ ./custom/motion.nix ./custom/unit-status-mail.nix ./custom/zsh.nix + ./custom/bar-service.nix ./utils/nix/module.nix ]; @@ -423,6 +424,51 @@ ''; }; + services.postgresql = { + enable = true; + package = with pkgs; postgresql100; + enableTCPIP = true; + authentication = lib.mkForce '' + local all all peer + host all all 127.0.0.1/32 scram-sha-256 + host all all ::1/128 scram-sha-256 + host all all 10.141.0.0/16 scram-sha-256 + ''; + initialScript = pkgs.writeText "schema.sql" '' + CREATE USER bar; + CREATE DATABASE bar WITH OWNER = bar; + GRANT ALL ON DATABASE bar TO bar; + ''; + }; + + services.bar = { + enable = true; + port = 8082; + approot = "/bar"; + }; + + services.nginx = { + enable = true; + + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + + virtualHosts."odin.asgard.yggdrasil" = { + serverAliases = [ "odin" "10.141.1.2" ]; + + locations = { + "/bar/".proxyPass = "http://bar"; + }; + }; + + upstreams = { + "bar" = { + servers."localhost:${services.bar.port}"= {}; + }; + }; + }; + systemd.status-mail = { recipient = "root@odin.asgard.yggdrasil"; onFailure = [ "nixos-upgrade" @@ -432,7 +478,7 @@ }; system.autoUpgrade.enable = true; - system.nixos.stateVersion = "18.09"; + system.stateVersion = "18.09"; systemd.services."nixos-upgrade" = { path = with pkgs; [ git ]; -- cgit v1.2.3