init keytracker on hainich.

This is a first attempt to package octycs' keytracker [1] application. It's more a quick-and-dirty approach, so there are a couple things to note: - the config file is just generated by Nix as whatever the module got in its config option stuffed into a toml file. There are no default values, so all values must be set by hand – or rather, we just write the default values in the config. - I couldn't figure out how to actually make this thing work. It looks like it /should/ work, but gets hung up every time on loading key information via the web interface. Then again, it appears our current config on libocedrus also doesn't conform to what the readme says, so perhaps I just missed something that's as-yet undocumented. - The module just calls python instead of an actual server as backend. This is recommended just for development/testing, not actual deploys [2], but since the project is missing a setup.py which afaik are required to package these things more sensibly [3], that's it for now. - keys and corresponding tokens are currently baked into the nix store. This seems a bad idea, and I'll fix it as soon as I find the time. [1] https://gitlab.infra4future.de/octycs/keytracker [2] https://gitlab.infra4future.de/octycs/keytracker/-/blob/master/server/Readme.md [3] https://flask.palletsprojects.com/en/1.1.x/tutorial/deploy/
2021-03-15 15:08:45 +01:00 · 2021-03-15 15:08:45 +01:00 · 9dfac9818e
commit 9dfac9818e
parent 20398cf2c8
7 changed files with 154 additions and 0 deletions
--- a/hosts/parsons/configuration.nix
+++ b/hosts/parsons/configuration.nix
@ -21,6 +21,7 @@
    ../../services/gitlab-runner.nix
    ../../services/unifi.nix
    ../../services/lantifa.nix
    ../../services/keytracker.nix
    ./lxc.nix
  ];
--- a/modules/default.nix
+++ b/modules/default.nix
@ -5,5 +5,6 @@ in {
  imports = [
    ./nftnat
    ./decklink.nix
    ./keytracker.nix
  ];
 }
--- a/modules/keytracker.nix
+++ b/modules/keytracker.nix
@ -0,0 +1,64 @@
 {pkgs, lib, config, ...}:
 with lib;
 let format = pkgs.formats.toml {};
 in
 {
  options.services.keytracker = {
    enable = mkOption {
      default = false;
      type = types.bool;
    };
    domain = mkOption {
      default = "example.org";
      type = types.str;
    };
    frontendPackage = mkOption {
      default = pkgs.keytracker-frontend;
      type = types.package;
    };
    serverPackage = mkOption {
      default = pkgs.keytracker-server;
      type = types.package;
    };
    stateDir = mkOption {
      default = "/var/lib/keytracker";
      type = types.str;
    };
    config = mkOption {
      default = {};
      type = format.type;
    };
    nginx = mkOption {
      default = {};
      type = types.attrs;
    };
  };
  config =
    let cfg = config.services.keytracker;
        configfile = format.generate "config" cfg.config;
    in {
    services.nginx = mkIf cfg.enable {
      enable = true;
      virtualHosts.${cfg.domain} = {
        root = cfg.frontendPackage.outPath;
      } // cfg.nginx;
    };
    systemd.services = mkIf cfg.enable {
      "keytracker" = {
        enable = true;
        description = "Keytracker backend server";
        wantedBy = [ "multi-user.target" ];
        serviceConfig.Type = "simple";
        script = ''
          mkdir -p ${cfg.stateDir}
          cd ${cfg.stateDir}
          ln -sf ${configfile} config
          ${cfg.serverPackage}/wrapped
        '';
      };
    };
  };
 }
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@ -57,6 +57,9 @@ let
      '';
    };
    keytracker-frontend = callPackage ./keytracker/frontend.nix {};
    keytracker-server = callPackage ./keytracker/server.nix {};
    inherit (unstable) bottom;
  };
--- a/pkgs/keytracker/frontend.nix
+++ b/pkgs/keytracker/frontend.nix
@ -0,0 +1,26 @@
 { stdenv
 , fetchgit
 , ...}:
 stdenv.mkDerivation rec {
  pname = "keytracker-frontend";
  version = "0.0.1";
  src = (fetchgit {
    url = "https://gitlab.infra4future.de/octycs/keytracker";
    rev = "0a124c3e7bc5c0e840d45399ad5e69485bb3e49c";
    sha256 = "1l3djg3qfisrvv9shi2p44h026n58pimwbvr2idjnaill688s1qf";
  }).outPath + "/frontend";
  apiUrl = "https://localhost:5000";
  buildPhase = ''
    substituteInPlace assets/main.js --replace "http://localhost:5000" $apiUrl
    rm Readme.md
  '';
  installPhase = ''
    mkdir -p $out
    cp -r * $out
  '';
 }
--- a/pkgs/keytracker/server.nix
+++ b/pkgs/keytracker/server.nix
@ -0,0 +1,28 @@
 { stdenv
 , python38
 , lib
 , fetchgit
 , ...}:
 stdenv.mkDerivation rec {
  pname = "keytracker";
  version = "0.0.1";
  src = (fetchgit {
    url = "https://gitlab.infra4future.de/octycs/keytracker";
    rev = "0a124c3e7bc5c0e840d45399ad5e69485bb3e49c";
    sha256 = "1l3djg3qfisrvv9shi2p44h026n58pimwbvr2idjnaill688s1qf";
  }).outPath + "/server";
  buildPhase = ''
    echo "${python38.withPackages(ps: with ps; [ flask ])}/bin/python $out/server.py" > wrapped
    chmod +x wrapped
  '';
  python = true;
  installPhase = ''
    mkdir -p $out
    cp -r * $out
  '';
 }
--- a/services/keytracker.nix
+++ b/services/keytracker.nix
@ -0,0 +1,31 @@
 {pkgs, config, ...}:
 {
  services.keytracker = {
    enable = true;
    domain = "keytracker.infra4future.de";
    stateDir = "/var/lib/keytracker";
    # we have to overwrite this package, since the api url is backed into its code
    frontendPackage = pkgs.keytracker-frontend.overrideAttrs (old: { apiUrl = "https://keytracker.infra4future.de:5000"; });
    config.Default = {
      Port = 5000;
      DbPath = "history.db";
      CorsOrigin = "off";
    };
    config.Keys = {
      "8174875f7d85" = "Chris Büro;49c5dbda74fe86eae0dd1ce6;247f16f579033a6a947b3be301407319cd9bfe14f11554d71ea3190e04f7cb91";
      "7fc944c9e632" = "Test=2;74fffaf6e463950fc6da3fd3;95313e37ff448b1a19b133fd8067c160f9f1c6d417f5d8dbec6f4f931097d389";
      "7a05c8441f3a" = "testkey;694403310905ed4ac26e56f8;13852ec7855fc51b012874ea5786c215c37c3ed592685a04d1ad56152eccccc5";
    };
    nginx = {
      enableACME = true;
      forceSSL = true;
    };
  };
  networking.firewall.allowedTCPPorts = [ 5000 ];
 }