Compare commits

...

2 commits

Author SHA1 Message Date
a87e213b08
keytracker: fix a lot of things
Apparently, keytracker expects a toml file as config that may or may not be
an instance of an entirely different specification of the spec than the one
python understands.
2021-08-26 22:46:52 +02:00
9dfac9818e
init keytracker on hainich.
This is a first attempt to package octycs' keytracker [1] application.

It's more a quick-and-dirty approach, so there are a couple things to note:
 - the config file is just generated by Nix as whatever the module got in
   its config option stuffed into a toml file. There are no default values,
   so all values must be set by hand – or rather, we just write the default
   values in the config.
 - I couldn't figure out how to actually make this thing work. It looks like
   it /should/ work, but gets hung up every time on loading key information
   via the web interface. Then again, it appears our current config on
   libocedrus also doesn't conform to what the readme says, so perhaps I just
   missed something that's as-yet undocumented.
 - The module just calls python instead of an actual server as backend. This
   is recommended just for development/testing, not actual deploys [2], but
   since the project is missing a setup.py which afaik are required to package
   these things more sensibly [3], that's it for now.
 - keys and corresponding tokens are currently baked into the nix store. This
   seems a bad idea, and I'll fix it as soon as I find the time.

[1] https://gitlab.infra4future.de/octycs/keytracker
[2] https://gitlab.infra4future.de/octycs/keytracker/-/blob/master/server/Readme.md
[3] https://flask.palletsprojects.com/en/1.1.x/tutorial/deploy/
2021-08-26 22:46:07 +02:00
7 changed files with 159 additions and 0 deletions

View file

@ -21,6 +21,7 @@
../../services/gitlab-runner.nix ../../services/gitlab-runner.nix
../../services/unifi.nix ../../services/unifi.nix
../../services/lantifa.nix ../../services/lantifa.nix
../../services/keytracker.nix
./lxc.nix ./lxc.nix
]; ];

View file

@ -5,5 +5,6 @@ in {
imports = [ imports = [
./nftnat ./nftnat
./decklink.nix ./decklink.nix
./keytracker.nix
]; ];
} }

64
modules/keytracker.nix Normal file
View file

@ -0,0 +1,64 @@
{pkgs, lib, config, ...}:
with lib;
let format = pkgs.formats.toml {};
in
{
options.services.keytracker = {
enable = mkOption {
default = false;
type = types.bool;
};
domain = mkOption {
default = "example.org";
type = types.str;
};
frontendPackage = mkOption {
default = pkgs.keytracker-frontend;
type = types.package;
};
serverPackage = mkOption {
default = pkgs.keytracker-server;
type = types.package;
};
stateDir = mkOption {
default = "/var/lib/keytracker";
type = types.str;
};
config = mkOption {
default = "";
type = types.str;
};
nginx = mkOption {
default = {};
type = types.attrs;
};
};
config =
let cfg = config.services.keytracker;
configfile = pkgs.writeText "keytracker-config" cfg.config;
in {
services.nginx = mkIf cfg.enable {
enable = true;
virtualHosts.${cfg.domain} = {
root = cfg.frontendPackage.outPath;
} // cfg.nginx;
};
systemd.services = mkIf cfg.enable {
"keytracker" = {
enable = true;
description = "Keytracker backend server";
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "simple";
script = ''
mkdir -p ${cfg.stateDir}
cd ${cfg.stateDir}
ln -sf ${configfile} config
${cfg.serverPackage}/wrapped
'';
};
};
};
}

View file

@ -57,6 +57,9 @@ let
''; '';
}; };
keytracker-frontend = callPackage ./keytracker/frontend.nix {};
keytracker-server = callPackage ./keytracker/server.nix {};
inherit (unstable) bottom; inherit (unstable) bottom;
}; };

View file

@ -0,0 +1,26 @@
{ stdenv
, fetchgit
, ...}:
stdenv.mkDerivation rec {
pname = "keytracker-frontend";
version = "0.0.1";
src = (fetchgit {
url = "https://gitlab.infra4future.de/octycs/keytracker";
rev = "2e83366913732029e8a5913f121df969172244ed";
sha256 = "sha256-ty8m/ITR2gmui3dIJX04FkGT/9SGuirrALyWaNaNwhE=";
}).outPath + "/frontend";
apiUrl = "http://chaski.stuebinm.eu:3030";
buildPhase = ''
substituteInPlace assets/main.js --replace "http://localhost:5000" $apiUrl
rm Readme.md
'';
installPhase = ''
mkdir -p $out
cp -r * $out
'';
}

View file

@ -0,0 +1,28 @@
{ stdenv
, python38
, lib
, fetchgit
, ...}:
stdenv.mkDerivation rec {
pname = "keytracker";
version = "0.0.1";
src = (fetchgit {
url = "https://gitlab.infra4future.de/octycs/keytracker";
rev = "0a124c3e7bc5c0e840d45399ad5e69485bb3e49c";
sha256 = "1l3djg3qfisrvv9shi2p44h026n58pimwbvr2idjnaill688s1qf";
}).outPath + "/server";
buildPhase = ''
echo "${python38.withPackages(ps: with ps; [ flask ])}/bin/python $out/server.py" > wrapped
chmod +x wrapped
'';
python = true;
installPhase = ''
mkdir -p $out
cp -r * $out
'';
}

36
services/keytracker.nix Normal file
View file

@ -0,0 +1,36 @@
{pkgs, config, ...}:
{
services.keytracker = {
enable = true;
domain = "keytracker.infra4future.de";
stateDir = "/var/lib/keytracker";
# we have to overwrite this package, since the api url is backed into its code
frontendPackage = pkgs.keytracker-frontend.overrideAttrs (old: { apiUrl = "https://keytracker.infra4future.de/api"; });
config = ''
[Default]
CorsOrigin = "*"
DbPath = "history.db"
Port = 3029
[Keys]
4c81038150f6 = hacc;18673c03507bd03b3a719515;6869ef50fdd047289b58b7dc867dc859b5ddf0a5ab9c850fb7eec821e62f14f0
7a05c8441f3a = testkey;694403310905ed4ac26e56f8;13852ec7855fc51b012874ea5786c215c37c3ed592685a04d1ad56152eccccc5
7fc944c9e632 = Test=2;74fffaf6e463950fc6da3fd3;95313e37ff448b1a19b133fd8067c160f9f1c6d417f5d8dbec6f4f931097d389
8174875f7d85 = Chris Büro;49c5dbda74fe86eae0dd1ce6;247f16f579033a6a947b3be301407319cd9bfe14f11554d71ea3190e04f7cb91
'';
nginx = {
enableACME = true;
forceSSL = true;
locations."^~ /api" = {
proxyPass = "http://localhost:3029/";
};
};
};
networking.firewall.allowedTCPPorts = [ 443 ];
}