summaryrefslogtreecommitdiffstats
path: root/makefu/3modules/tinc_graphs.nix
blob: 06b3f6263cfdda5fc567ed33ab7ac7d3c0ff9f71 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
{ config, lib, pkgs, ... }:

with lib;
let
  cfg = config.makefu.tinc_graphs;
  internal_dir = "${cfg.workingDir}/internal";
  external_dir = "${cfg.workingDir}/external";

  out = {
    options.makefu.tinc_graphs = api;
    config = mkIf cfg.enable imp ;
  };

  api = {
    enable = mkEnableOption "tinc graphs";

    geodbPath = mkOption {
      type = types.str;
      description = "Path to geocitydb, defaults to geolite-legacy";
      default = "${pkgs.geolite-legacy}/share/GeoIP/GeoIPCity.dat";
    };

    krebsNginx = {
      # configure krebs nginx to serve the new graphs
      enable = mkEnableOption "tinc_graphs nginx";

      hostnames_complete = mkOption {
        #TODO: this is not a secure way to serve these graphs,better listen to
        #      the correct interface, krebs.nginx does not support this yet

        type = with types; listOf str;
        description = "hostname which serves complete graphs";
        default = [ "graphs.${config.krebs.build.host.name}" ];
      };

      hostnames_anonymous = mkOption {
        type = with types; listOf str;
        description = ''
          hostname which serves anonymous graphs
          must be different from hostname_complete
        '';
        default = [ "anongraphs.${config.krebs.build.host.name}" ];
      };
    };

    workingDir = mkOption {
      type = types.str;
      description = ''
        Path to working dir, will create interal and external/.
        Defaults to the new users home dir which defaults to
        /var/cache/tinc_graphs'';
      default = config.users.extraUsers.tinc_graphs.home;
    };

    timerConfig = mkOption {
      type = with types; attrsOf str;
      default = {
        OnCalendar = "*:0/15";
      };
    };
  };

  imp = {
    environment.systemPackages = [ pkgs.tinc_graphs];
    systemd.timers.tinc_graphs = {
      description = "Build Tinc Graphs via via timer";

      timerConfig = cfg.timerConfig;
    };
    systemd.services.tinc_graphs = {
      description = "Build Tinc Graphs";
      wantedBy = [ "multi-user.target" ];
      after = [ "network.target" ];
      environment = {
        EXTERNAL_FOLDER = external_dir;
        INTERNAL_FOLDER = internal_dir;
        GEODB = cfg.geodbPath;
        TINC_HOSTPATH=config.krebs.retiolum.hosts;
      };

      restartIfChanged = true;

      serviceConfig = {
        Type = "simple";

        ExecStartPre = pkgs.writeScript "tinc_graphs-init" ''
          #!/bin/sh
          mkdir -p "${external_dir}" "${internal_dir}"
        '';

        ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs";

        ExecStartPost = pkgs.writeScript "tinc_graphs-post" ''
          #!/bin/sh
          # TODO: this may break if workingDir is set to something stupid
          # this is needed because homedir is created with 700
          chmod 755  "${cfg.workingDir}"
        '';

        User = "root"; # tinc cannot be queried as user,
                       #  seems to be a tinc-pre issue
        privateTmp = true;
      };
    };

    users.extraUsers.tinc_graphs = {
      uid = 3925439960; #genid tinc_graphs
      home = "/var/spool/tinc_graphs";
      createHome = true;
    };

    krebs.nginx.servers = mkIf cfg.krebsNginx.enable {
      tinc_graphs_complete = {
        server-names = cfg.krebsNginx.hostnames_complete;
        locations = [
          (nameValuePair "/" ''
            autoindex on;
            root ${internal_dir};
          '')
        ];
      };
      tinc_graphs_anonymous = {
        server-names = cfg.krebsNginx.hostnames_anonymous;
        locations = [
          (nameValuePair "/" ''
            autoindex on;
            root ${external_dir};
          '')
        ];
      };
    };
  };

in
out