2015-10-04 16:42:04 +02:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
2016-10-20 20:54:38 +02:00
|
|
|
with import <stockholm/lib>;
|
2015-10-04 16:42:04 +02:00
|
|
|
let
|
2015-10-22 15:33:05 +02:00
|
|
|
cfg = config.krebs.tinc_graphs;
|
2015-10-04 16:42:04 +02:00
|
|
|
internal_dir = "${cfg.workingDir}/internal";
|
|
|
|
external_dir = "${cfg.workingDir}/external";
|
|
|
|
|
|
|
|
out = {
|
2015-10-22 15:33:05 +02:00
|
|
|
options.krebs.tinc_graphs = api;
|
2016-02-14 16:43:44 +01:00
|
|
|
config = lib.mkIf cfg.enable imp ;
|
2015-10-04 16:42:04 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
api = {
|
2015-10-04 18:55:36 +02:00
|
|
|
enable = mkEnableOption "tinc graphs";
|
2015-10-04 16:42:04 +02:00
|
|
|
|
|
|
|
geodbPath = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
description = "Path to geocitydb, defaults to geolite-legacy";
|
2015-10-04 18:55:36 +02:00
|
|
|
default = "${pkgs.geolite-legacy}/share/GeoIP/GeoIPCity.dat";
|
|
|
|
};
|
|
|
|
|
2016-06-23 16:45:06 +02:00
|
|
|
hostsPath = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
description = "Path to Hosts directory";
|
2016-07-20 17:20:47 +02:00
|
|
|
default = "${config.krebs.tinc.retiolum.hostsPackage}";
|
2021-11-08 04:23:30 +01:00
|
|
|
defaultText = "\${config.krebs.tinc.retiolum.hostsPackage}";
|
2016-06-23 16:45:06 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
network = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
description = "Tinc Network to use";
|
|
|
|
default = "retiolum";
|
|
|
|
};
|
|
|
|
|
2015-10-21 17:13:12 +02:00
|
|
|
nginx = {
|
|
|
|
enable = mkEnableOption "enable tinc_graphs to be served with nginx";
|
|
|
|
|
2016-12-24 23:38:39 +01:00
|
|
|
anonymous = mkOption {
|
|
|
|
type = types.attrsOf types.unspecified;
|
2020-01-11 20:27:01 +01:00
|
|
|
default = {};
|
2016-12-24 23:38:39 +01:00
|
|
|
description = ''
|
|
|
|
nginx virtualHost options to be merged into the anonymous graphs
|
|
|
|
vhost entry.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
anonymous-domain = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
description = ''
|
|
|
|
external domainname to be used for anonymous graphs
|
|
|
|
it will be used if you want to enable ACME
|
|
|
|
'';
|
2017-06-18 14:03:43 +02:00
|
|
|
default = "graph.krebsco.de";
|
2015-10-04 18:55:36 +02:00
|
|
|
};
|
|
|
|
|
2016-12-24 23:38:39 +01:00
|
|
|
complete = mkOption {
|
|
|
|
type = types.attrsOf types.unspecified;
|
|
|
|
description = ''
|
|
|
|
nginx virtualHost options to be merged into the complete graphs
|
|
|
|
vhost entry.
|
|
|
|
'';
|
2015-10-04 18:55:36 +02:00
|
|
|
};
|
2015-10-04 16:42:04 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
workingDir = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
description = ''
|
|
|
|
Path to working dir, will create interal and external/.
|
|
|
|
Defaults to the new users home dir which defaults to
|
|
|
|
/var/cache/tinc_graphs'';
|
2015-10-04 18:55:36 +02:00
|
|
|
default = config.users.extraUsers.tinc_graphs.home;
|
2021-11-08 04:23:30 +01:00
|
|
|
defaultText = "<literal>\${config.users.extraUsers.tinc_graphs.home}</literal>";
|
2015-10-04 16:42:04 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
timerConfig = mkOption {
|
|
|
|
type = with types; attrsOf str;
|
|
|
|
default = {
|
|
|
|
OnCalendar = "*:0/15";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
imp = {
|
2016-06-23 16:45:06 +02:00
|
|
|
environment.systemPackages = [ pkgs.tinc_graphs ];
|
2015-10-04 16:42:04 +02:00
|
|
|
systemd.timers.tinc_graphs = {
|
|
|
|
description = "Build Tinc Graphs via via timer";
|
2016-06-23 16:45:06 +02:00
|
|
|
wantedBy = [ "timers.target" ];
|
2015-10-04 16:42:04 +02:00
|
|
|
timerConfig = cfg.timerConfig;
|
|
|
|
};
|
|
|
|
systemd.services.tinc_graphs = {
|
|
|
|
description = "Build Tinc Graphs";
|
2015-10-04 18:55:36 +02:00
|
|
|
environment = {
|
|
|
|
EXTERNAL_FOLDER = external_dir;
|
|
|
|
INTERNAL_FOLDER = internal_dir;
|
|
|
|
GEODB = cfg.geodbPath;
|
2016-06-23 16:45:06 +02:00
|
|
|
TINC_HOSTPATH = cfg.hostsPath;
|
|
|
|
TINC_NETWORK = cfg.network;
|
2015-10-04 18:55:36 +02:00
|
|
|
};
|
2015-10-04 16:42:04 +02:00
|
|
|
|
|
|
|
restartIfChanged = true;
|
|
|
|
serviceConfig = {
|
|
|
|
Type = "simple";
|
2015-12-03 20:39:29 +01:00
|
|
|
TimeoutSec = 300; # we will wait 5 minutes, kill otherwise
|
2015-11-13 12:24:43 +01:00
|
|
|
restart = "always";
|
2015-10-04 22:29:30 +02:00
|
|
|
|
2016-06-13 02:04:22 +02:00
|
|
|
ExecStartPre = pkgs.writeDash "tinc_graphs-init" ''
|
2015-10-25 21:54:59 +01:00
|
|
|
mkdir -p "${internal_dir}" "${external_dir}"
|
2015-10-17 23:51:02 +02:00
|
|
|
if ! test -e "${cfg.workingDir}/internal/index.html"; then
|
2015-10-25 21:54:59 +01:00
|
|
|
cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/." "${internal_dir}"
|
|
|
|
fi
|
|
|
|
if ! test -e "${cfg.workingDir}/external/index.html"; then
|
|
|
|
cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/external/." "${external_dir}"
|
2015-10-17 23:51:02 +02:00
|
|
|
fi
|
2015-10-04 16:42:04 +02:00
|
|
|
'';
|
2016-06-23 16:45:06 +02:00
|
|
|
ExecStart = ''${pkgs.tinc_graphs}/bin/all-the-graphs "${cfg.network}"'';
|
2015-10-04 22:29:30 +02:00
|
|
|
|
2016-06-13 02:04:22 +02:00
|
|
|
ExecStartPost = pkgs.writeDash "tinc_graphs-post" ''
|
2015-10-04 22:29:30 +02:00
|
|
|
# TODO: this may break if workingDir is set to something stupid
|
|
|
|
# this is needed because homedir is created with 700
|
|
|
|
chmod 755 "${cfg.workingDir}"
|
|
|
|
'';
|
2015-10-17 23:51:02 +02:00
|
|
|
PrivateTmp = "yes";
|
2015-10-04 22:29:30 +02:00
|
|
|
|
|
|
|
User = "root"; # tinc cannot be queried as user,
|
2015-10-04 18:55:36 +02:00
|
|
|
# seems to be a tinc-pre issue
|
2015-10-04 16:42:04 +02:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
users.extraUsers.tinc_graphs = {
|
2018-12-03 09:46:19 +01:00
|
|
|
uid = genid_uint31 "tinc_graphs";
|
2015-10-04 22:29:30 +02:00
|
|
|
home = "/var/spool/tinc_graphs";
|
2021-06-05 14:57:08 +02:00
|
|
|
isSystemUser = true;
|
2015-10-04 16:42:04 +02:00
|
|
|
};
|
2016-12-24 23:38:39 +01:00
|
|
|
services.nginx = mkIf cfg.nginx.enable {
|
2016-06-23 16:45:06 +02:00
|
|
|
enable = mkDefault true;
|
2016-12-24 23:38:39 +01:00
|
|
|
virtualHosts = {
|
2016-06-23 16:45:06 +02:00
|
|
|
tinc_graphs_complete = mkMerge [ cfg.nginx.complete {
|
2016-12-24 23:38:39 +01:00
|
|
|
locations = {
|
|
|
|
"/".extraConfig = "autoindex on;";
|
|
|
|
"/".root = internal_dir;
|
|
|
|
};
|
|
|
|
}];
|
|
|
|
"${cfg.nginx.anonymous-domain}" = mkMerge [ cfg.nginx.anonymous {
|
|
|
|
locations = {
|
|
|
|
"/".extraConfig = "autoindex on;";
|
|
|
|
"/".root = external_dir;
|
|
|
|
};
|
2016-06-23 16:45:06 +02:00
|
|
|
}];
|
|
|
|
};
|
2015-10-04 18:55:36 +02:00
|
|
|
};
|
2015-10-04 16:42:04 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
in
|
|
|
|
out
|