From fa8abf4a270596ec418f923216c57c95c50cf7c8 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 17 Oct 2015 23:51:02 +0200 Subject: m 3,5 tinc_graphs: use new tinc_graphs --- makefu/3modules/tinc_graphs.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'makefu/3modules/tinc_graphs.nix') diff --git a/makefu/3modules/tinc_graphs.nix b/makefu/3modules/tinc_graphs.nix index 62d607527..ff2f55873 100644 --- a/makefu/3modules/tinc_graphs.nix +++ b/makefu/3modules/tinc_graphs.nix @@ -83,7 +83,9 @@ let ExecStartPre = pkgs.writeScript "tinc_graphs-init" '' #!/bin/sh - mkdir -p "${external_dir}" "${internal_dir}" + if ! test -e "${cfg.workingDir}/internal/index.html"; then + cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/" "${internal_dir}" + fi ''; ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs"; @@ -94,10 +96,10 @@ let # this is needed because homedir is created with 700 chmod 755 "${cfg.workingDir}" ''; + PrivateTmp = "yes"; User = "root"; # tinc cannot be queried as user, # seems to be a tinc-pre issue - privateTmp = true; }; }; -- cgit v1.2.3 From ba4708f2638722c8d18e560847946fdb5c87484d Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 21 Oct 2015 17:13:12 +0200 Subject: m 3 tinc_graphs: new api for nginx --- makefu/3modules/tinc_graphs.nix | 51 ++++++++++++++++++++++++----------------- 1 file changed, 30 insertions(+), 21 deletions(-) (limited to 'makefu/3modules/tinc_graphs.nix') diff --git a/makefu/3modules/tinc_graphs.nix b/makefu/3modules/tinc_graphs.nix index ff2f55873..42b08d62a 100644 --- a/makefu/3modules/tinc_graphs.nix +++ b/makefu/3modules/tinc_graphs.nix @@ -20,26 +20,37 @@ let default = "${pkgs.geolite-legacy}/share/GeoIP/GeoIPCity.dat"; }; - krebsNginx = { - # configure krebs nginx to serve the new graphs - enable = mkEnableOption "tinc_graphs nginx"; + nginx = { + enable = mkEnableOption "enable tinc_graphs to be served with nginx"; + + anonymous = { + server-names = mkOption { + type = with types; listOf str; + description = "hostnames which serve anonymous graphs"; + default = [ "graphs.${config.krebs.build.host.name}" ]; + }; + + listen = mkOption { + type = with types; listOf str; + description = "listen address for anonymous graphs"; + default = [ "80" ]; + }; - hostnames_complete = mkOption { - #TODO: this is not a secure way to serve these graphs,better listen to - # the correct interface, krebs.nginx does not support this yet - - type = with types; listOf str; - description = "hostname which serves complete graphs"; - default = [ "graphs.${config.krebs.build.host.name}" ]; }; - hostnames_anonymous = mkOption { - type = with types; listOf str; - description = '' - hostname which serves anonymous graphs - must be different from hostname_complete - ''; - default = [ "anongraphs.${config.krebs.build.host.name}" ]; + complete = { + server-names = mkOption { + type = with types; listOf str; + description = "hostname which serves complete graphs"; + default = [ "graphs.${config.krebs.build.host.name}" ]; + }; + + listen = mkOption { + type = with types; listOf str; + description = "listen address for complete graphs"; + default = [ "127.0.0.1:80" ]; + }; + }; }; @@ -110,8 +121,7 @@ let }; krebs.nginx.servers = mkIf cfg.krebsNginx.enable { - tinc_graphs_complete = { - server-names = cfg.krebsNginx.hostnames_complete; + tinc_graphs_complete = cfg.nginx.complete { locations = [ (nameValuePair "/" '' autoindex on; @@ -119,8 +129,7 @@ let '') ]; }; - tinc_graphs_anonymous = { - server-names = cfg.krebsNginx.hostnames_anonymous; + tinc_graphs_anonymous = cfg.nginx.anonymous // { locations = [ (nameValuePair "/" '' autoindex on; -- cgit v1.2.3 From 49b8d341f64b039448a21feeaed777573574549d Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 21 Oct 2015 18:47:26 +0200 Subject: m 3 tinc_graphs: merge instead of override nginx config --- makefu/3modules/tinc_graphs.nix | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'makefu/3modules/tinc_graphs.nix') diff --git a/makefu/3modules/tinc_graphs.nix b/makefu/3modules/tinc_graphs.nix index 42b08d62a..1f87f00cc 100644 --- a/makefu/3modules/tinc_graphs.nix +++ b/makefu/3modules/tinc_graphs.nix @@ -31,6 +31,7 @@ let }; listen = mkOption { + # use the type of the nginx listen option type = with types; listOf str; description = "listen address for anonymous graphs"; default = [ "80" ]; @@ -120,23 +121,23 @@ let createHome = true; }; - krebs.nginx.servers = mkIf cfg.krebsNginx.enable { - tinc_graphs_complete = cfg.nginx.complete { + krebs.nginx.servers = mkIf cfg.nginx.enable { + tinc_graphs_complete = mkMerge [ cfg.nginx.complete { locations = [ (nameValuePair "/" '' autoindex on; root ${internal_dir}; '') ]; - }; - tinc_graphs_anonymous = cfg.nginx.anonymous // { + }] ; + tinc_graphs_anonymous = mkMerge [ cfg.nginx.anonymous { locations = [ (nameValuePair "/" '' autoindex on; root ${external_dir}; '') ]; - }; + }]; }; }; -- cgit v1.2.3 From 9bb3069f69ed801d98034a2effcb4d88f279a92f Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 22 Oct 2015 15:33:05 +0200 Subject: krebs 3 tinc_graphs: mv from makefu 3 tinc_graphs --- makefu/3modules/tinc_graphs.nix | 145 ---------------------------------------- 1 file changed, 145 deletions(-) delete mode 100644 makefu/3modules/tinc_graphs.nix (limited to 'makefu/3modules/tinc_graphs.nix') diff --git a/makefu/3modules/tinc_graphs.nix b/makefu/3modules/tinc_graphs.nix deleted file mode 100644 index 1f87f00cc..000000000 --- a/makefu/3modules/tinc_graphs.nix +++ /dev/null @@ -1,145 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.makefu.tinc_graphs; - internal_dir = "${cfg.workingDir}/internal"; - external_dir = "${cfg.workingDir}/external"; - - out = { - options.makefu.tinc_graphs = api; - config = mkIf cfg.enable imp ; - }; - - api = { - enable = mkEnableOption "tinc graphs"; - - geodbPath = mkOption { - type = types.str; - description = "Path to geocitydb, defaults to geolite-legacy"; - default = "${pkgs.geolite-legacy}/share/GeoIP/GeoIPCity.dat"; - }; - - nginx = { - enable = mkEnableOption "enable tinc_graphs to be served with nginx"; - - anonymous = { - server-names = mkOption { - type = with types; listOf str; - description = "hostnames which serve anonymous graphs"; - default = [ "graphs.${config.krebs.build.host.name}" ]; - }; - - listen = mkOption { - # use the type of the nginx listen option - type = with types; listOf str; - description = "listen address for anonymous graphs"; - default = [ "80" ]; - }; - - }; - - complete = { - server-names = mkOption { - type = with types; listOf str; - description = "hostname which serves complete graphs"; - default = [ "graphs.${config.krebs.build.host.name}" ]; - }; - - listen = mkOption { - type = with types; listOf str; - description = "listen address for complete graphs"; - default = [ "127.0.0.1:80" ]; - }; - - }; - }; - - workingDir = mkOption { - type = types.str; - description = '' - Path to working dir, will create interal and external/. - Defaults to the new users home dir which defaults to - /var/cache/tinc_graphs''; - default = config.users.extraUsers.tinc_graphs.home; - }; - - timerConfig = mkOption { - type = with types; attrsOf str; - default = { - OnCalendar = "*:0/15"; - }; - }; - }; - - imp = { - environment.systemPackages = [ pkgs.tinc_graphs]; - systemd.timers.tinc_graphs = { - description = "Build Tinc Graphs via via timer"; - wantedBy = [ "timers.target"]; - timerConfig = cfg.timerConfig; - }; - systemd.services.tinc_graphs = { - description = "Build Tinc Graphs"; - environment = { - EXTERNAL_FOLDER = external_dir; - INTERNAL_FOLDER = internal_dir; - GEODB = cfg.geodbPath; - TINC_HOSTPATH=config.krebs.retiolum.hosts; - }; - - restartIfChanged = true; - - serviceConfig = { - Type = "simple"; - - ExecStartPre = pkgs.writeScript "tinc_graphs-init" '' - #!/bin/sh - if ! test -e "${cfg.workingDir}/internal/index.html"; then - cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/" "${internal_dir}" - fi - ''; - - ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs"; - - ExecStartPost = pkgs.writeScript "tinc_graphs-post" '' - #!/bin/sh - # TODO: this may break if workingDir is set to something stupid - # this is needed because homedir is created with 700 - chmod 755 "${cfg.workingDir}" - ''; - PrivateTmp = "yes"; - - User = "root"; # tinc cannot be queried as user, - # seems to be a tinc-pre issue - }; - }; - - users.extraUsers.tinc_graphs = { - uid = 3925439960; #genid tinc_graphs - home = "/var/spool/tinc_graphs"; - createHome = true; - }; - - krebs.nginx.servers = mkIf cfg.nginx.enable { - tinc_graphs_complete = mkMerge [ cfg.nginx.complete { - locations = [ - (nameValuePair "/" '' - autoindex on; - root ${internal_dir}; - '') - ]; - }] ; - tinc_graphs_anonymous = mkMerge [ cfg.nginx.anonymous { - locations = [ - (nameValuePair "/" '' - autoindex on; - root ${external_dir}; - '') - ]; - }]; - }; - }; - -in -out -- cgit v1.2.3