krebs/3modules/tinc_graphs.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161

{ config, lib, pkgs, ... }:

with config.krebs.lib;
let
  cfg = config.krebs.tinc_graphs;
  internal_dir = "${cfg.workingDir}/internal";
  external_dir = "${cfg.workingDir}/external";

  out = {
    options.krebs.tinc_graphs = api;
    config = lib.mkIf cfg.enable imp ;
  };

  api = {
    enable = mkEnableOption "tinc graphs";

    geodbPath = mkOption {
      type = types.str;
      description = "Path to geocitydb, defaults to geolite-legacy";
      default = "${pkgs.geolite-legacy}/share/GeoIP/GeoIPCity.dat";
    };

    hostsPath = mkOption {
      type = types.str;
      description = "Path to Hosts directory";
      default = "${config.krebs.retiolum.hostsPackage}";
    };

    network = mkOption {
      type = types.str;
      description = "Tinc Network to use";
      default = "retiolum";
    };

    nginx = {
      enable = mkEnableOption "enable tinc_graphs to be served with nginx";

      anonymous = {
        server-names = mkOption {
          type = with types; listOf str;
          description = "hostnames which serve anonymous graphs";
          default = [ "graphs.${config.krebs.build.host.name}" ];
        };

        listen = mkOption {
          # use the type of the nginx listen option
          type = with types; listOf str;
          description = "listen address for anonymous graphs";
          default = [ "80" ];
        };

      };

      complete = {
        server-names = mkOption {
          type = with types; listOf str;
          description = "hostname which serves complete graphs";
          default = [ "graphs.${config.krebs.build.host.name}" ];
        };

        listen = mkOption {
          type = with types; listOf str;
          description = "listen address for complete graphs";
          default = [ "127.0.0.1:80" ];
        };

      };
    };

    workingDir = mkOption {
      type = types.str;
      description = ''
        Path to working dir, will create interal and external/.
        Defaults to the new users home dir which defaults to
        /var/cache/tinc_graphs'';
      default = config.users.extraUsers.tinc_graphs.home;
    };

    timerConfig = mkOption {
      type = with types; attrsOf str;
      default = {
        OnCalendar = "*:0/15";
      };
    };
  };

  imp = {
    environment.systemPackages = [ pkgs.tinc_graphs ];
    systemd.timers.tinc_graphs = {
      description = "Build Tinc Graphs via via timer";
      wantedBy = [ "timers.target" ];
      timerConfig = cfg.timerConfig;
    };
    systemd.services.tinc_graphs = {
      description = "Build Tinc Graphs";
      environment = {
        EXTERNAL_FOLDER = external_dir;
        INTERNAL_FOLDER = internal_dir;
        GEODB = cfg.geodbPath;
        TINC_HOSTPATH = cfg.hostsPath;
        TINC_NETWORK = cfg.network;
      };

      restartIfChanged = true;
      serviceConfig = {
        Type = "simple";
        TimeoutSec = 300; # we will wait 5 minutes, kill otherwise
        restart = "always";

        ExecStartPre = pkgs.writeDash "tinc_graphs-init" ''
          mkdir -p "${internal_dir}" "${external_dir}"
          if ! test -e "${cfg.workingDir}/internal/index.html"; then
            cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/." "${internal_dir}"
          fi
          if ! test -e "${cfg.workingDir}/external/index.html"; then
            cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/external/." "${external_dir}"
          fi
        '';
        ExecStart = ''${pkgs.tinc_graphs}/bin/all-the-graphs "${cfg.network}"'';

        ExecStartPost = pkgs.writeDash "tinc_graphs-post" ''
          # TODO: this may break if workingDir is set to something stupid
          # this is needed because homedir is created with 700
          chmod 755  "${cfg.workingDir}"
        '';
        PrivateTmp = "yes";

        User = "root"; # tinc cannot be queried as user,
                       #  seems to be a tinc-pre issue
      };
    };

    users.extraUsers.tinc_graphs = {
      uid = genid "tinc_graphs";
      home = "/var/spool/tinc_graphs";
    };
    krebs.nginx = mkIf cfg.nginx.enable {
      enable = mkDefault true;
      servers = {
        tinc_graphs_complete = mkMerge [ cfg.nginx.complete  {
          locations = [
            (nameValuePair "/" ''
              autoindex on;
              root ${internal_dir};
            '')
          ];
        }] ;
        tinc_graphs_anonymous = mkMerge [ cfg.nginx.anonymous {
          locations = [
            (nameValuePair "/" ''
              autoindex on;
              root ${external_dir};
            '')
          ];
        }];
      };
    };
  };

in
out