blob: dc0484a8b644b93f511014531bdb70a9a6196583 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
|
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.krebs.tinc_graphs;
internal_dir = "${cfg.workingDir}/internal";
external_dir = "${cfg.workingDir}/external";
out = {
options.krebs.tinc_graphs = api;
config = mkIf cfg.enable imp ;
};
api = {
enable = mkEnableOption "tinc graphs";
geodbPath = mkOption {
type = types.str;
description = "Path to geocitydb, defaults to geolite-legacy";
default = "${pkgs.geolite-legacy}/share/GeoIP/GeoIPCity.dat";
};
nginx = {
enable = mkEnableOption "enable tinc_graphs to be served with nginx";
anonymous = {
server-names = mkOption {
type = with types; listOf str;
description = "hostnames which serve anonymous graphs";
default = [ "graphs.${config.krebs.build.host.name}" ];
};
listen = mkOption {
# use the type of the nginx listen option
type = with types; listOf str;
description = "listen address for anonymous graphs";
default = [ "80" ];
};
};
complete = {
server-names = mkOption {
type = with types; listOf str;
description = "hostname which serves complete graphs";
default = [ "graphs.${config.krebs.build.host.name}" ];
};
listen = mkOption {
type = with types; listOf str;
description = "listen address for complete graphs";
default = [ "127.0.0.1:80" ];
};
};
};
workingDir = mkOption {
type = types.str;
description = ''
Path to working dir, will create interal and external/.
Defaults to the new users home dir which defaults to
/var/cache/tinc_graphs'';
default = config.users.extraUsers.tinc_graphs.home;
};
timerConfig = mkOption {
type = with types; attrsOf str;
default = {
OnCalendar = "*:0/15";
};
};
};
imp = {
environment.systemPackages = [ pkgs.tinc_graphs];
systemd.timers.tinc_graphs = {
description = "Build Tinc Graphs via via timer";
wantedBy = [ "timers.target"];
timerConfig = cfg.timerConfig;
};
systemd.services.tinc_graphs = {
description = "Build Tinc Graphs";
environment = {
EXTERNAL_FOLDER = external_dir;
INTERNAL_FOLDER = internal_dir;
GEODB = cfg.geodbPath;
TINC_HOSTPATH = config.krebs.retiolum.hostsPackage;
};
restartIfChanged = true;
serviceConfig = {
Type = "simple";
TimeoutSec = 300; # we will wait 5 minutes, kill otherwise
restart = "always";
ExecStartPre = pkgs.writeScript "tinc_graphs-init" ''
#!/bin/sh
mkdir -p "${internal_dir}" "${external_dir}"
if ! test -e "${cfg.workingDir}/internal/index.html"; then
cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/." "${internal_dir}"
fi
if ! test -e "${cfg.workingDir}/external/index.html"; then
cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/external/." "${external_dir}"
fi
'';
ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs";
ExecStartPost = pkgs.writeScript "tinc_graphs-post" ''
#!/bin/sh
# TODO: this may break if workingDir is set to something stupid
# this is needed because homedir is created with 700
chmod 755 "${cfg.workingDir}"
'';
PrivateTmp = "yes";
User = "root"; # tinc cannot be queried as user,
# seems to be a tinc-pre issue
};
};
users.extraUsers.tinc_graphs = {
uid = genid "tinc_graphs";
home = "/var/spool/tinc_graphs";
};
krebs.nginx.servers = mkIf cfg.nginx.enable {
tinc_graphs_complete = mkMerge [ cfg.nginx.complete {
locations = [
(nameValuePair "/" ''
autoindex on;
root ${internal_dir};
'')
];
}] ;
tinc_graphs_anonymous = mkMerge [ cfg.nginx.anonymous {
locations = [
(nameValuePair "/" ''
autoindex on;
root ${external_dir};
'')
];
}];
};
};
in
out
|