Add content to the demo vm

This commit is contained in:
Tim Van Baak 2023-06-07 22:47:02 -07:00
parent b2e199f8f3
commit 657f37634d
5 changed files with 66 additions and 14 deletions

View File

@ -0,0 +1,4 @@
{
"username": "alice",
"secret": "alpha"
}

View File

@ -0,0 +1,11 @@
{
"action": {
"fetch": {
"exe": "sh",
"args": [
"-c",
"echo {\\\"id\\\": \\\"$(date +%Y-%m-%d-%H-%M)\\\"}"
]
}
}
}

View File

@ -0,0 +1,4 @@
{
"username": "bob",
"secret": "beta"
}

View File

@ -3,23 +3,56 @@ flake: { pkgs, ... }:
{
system.stateVersion = "22.11";
nixos-shell.mounts = {
mountHome = false;
mountNixProfile = false;
cache = "none";
};
services.intake.users.alpha.enable = true;
services.intake.users.beta.enable = true;
users.users.alpha = {
# Set up two users to demonstrate the user separation
users.users.alice = {
isNormalUser = true;
password = "alpha";
};
users.users.beta = {
users.users.bob = {
isNormalUser = true;
password = "beta";
};
# Put intake on both users' PATH
environment.systemPackages = [ flake.packages.${pkgs.stdenv.hostPlatform.system}.default ];
# Set up intake for both users with an entry point at port 8080
services.intake = {
listen.port = 8080;
users.alice.enable = true;
users.bob.enable = true;
};
# Expose the vm's intake revproxy at host port 5234
virtualisation.forwardPorts = [{
from = "host";
host.port = 5234;
guest.port = 8080;
}];
# Mount the demo content for both users
nixos-shell.mounts = {
mountHome = false;
mountNixProfile = false;
cache = "none";
extraMounts = {
"/mnt/alice" = ./alice;
"/mnt/bob" = ./bob;
};
};
# Create an activation script that copies and chowns the demo content
system.activationScripts.demoSetup = ''
${pkgs.coreutils}/bin/mkdir -p /home/alice/.local/share/intake
${pkgs.coreutils}/bin/cp -r /mnt/alice/* /home/alice/.local/share/intake/
${pkgs.coreutils}/bin/chgrp -R users /home/alice
${pkgs.coreutils}/bin/chmod -R 775 /home/alice/.local
${pkgs.coreutils}/bin/mkdir -p /home/bob/.local/share/intake
${pkgs.coreutils}/bin/cp -r /mnt/bob/* /home/bob/.local/share/intake/
${pkgs.coreutils}/bin/chgrp -R users /home/bob
${pkgs.coreutils}/bin/chmod -R 775 /home/bob/.local
'';
}

View File

@ -14,7 +14,7 @@ in {
listen.port = mkOption {
type = types.port;
default = 8032;
default = 80;
description = "The listen port for the entry point to intake services. This endpoint will redirect to a local port based on the request's HTTP Basic Auth credentials.";
};
@ -84,7 +84,7 @@ in {
listen = [ intakeCfg.listen ];
locations."/" = {
proxyPass = "http://127.0.0.1:$target_port";
basicAuth = { alpha = "alpha"; beta = "beta"; };
basicAuth = { alice = "alpha"; bob = "beta"; };
};
extraConfig = foldl (acc: val: acc + val) "" (mapAttrsToList (userName: port: ''
if ($remote_user = "${userName}") {