Add content to the demo vm
This commit is contained in:
parent
b2e199f8f3
commit
657f37634d
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
"username": "alice",
|
||||
"secret": "alpha"
|
||||
}
|
|
@ -0,0 +1,11 @@
|
|||
{
|
||||
"action": {
|
||||
"fetch": {
|
||||
"exe": "sh",
|
||||
"args": [
|
||||
"-c",
|
||||
"echo {\\\"id\\\": \\\"$(date +%Y-%m-%d-%H-%M)\\\"}"
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
"username": "bob",
|
||||
"secret": "beta"
|
||||
}
|
|
@ -3,23 +3,56 @@ flake: { pkgs, ... }:
|
|||
{
|
||||
system.stateVersion = "22.11";
|
||||
|
||||
nixos-shell.mounts = {
|
||||
mountHome = false;
|
||||
mountNixProfile = false;
|
||||
cache = "none";
|
||||
};
|
||||
|
||||
services.intake.users.alpha.enable = true;
|
||||
|
||||
services.intake.users.beta.enable = true;
|
||||
|
||||
users.users.alpha = {
|
||||
# Set up two users to demonstrate the user separation
|
||||
users.users.alice = {
|
||||
isNormalUser = true;
|
||||
password = "alpha";
|
||||
};
|
||||
|
||||
users.users.beta = {
|
||||
users.users.bob = {
|
||||
isNormalUser = true;
|
||||
password = "beta";
|
||||
};
|
||||
|
||||
# Put intake on both users' PATH
|
||||
environment.systemPackages = [ flake.packages.${pkgs.stdenv.hostPlatform.system}.default ];
|
||||
|
||||
# Set up intake for both users with an entry point at port 8080
|
||||
services.intake = {
|
||||
listen.port = 8080;
|
||||
users.alice.enable = true;
|
||||
users.bob.enable = true;
|
||||
};
|
||||
|
||||
# Expose the vm's intake revproxy at host port 5234
|
||||
virtualisation.forwardPorts = [{
|
||||
from = "host";
|
||||
host.port = 5234;
|
||||
guest.port = 8080;
|
||||
}];
|
||||
|
||||
# Mount the demo content for both users
|
||||
nixos-shell.mounts = {
|
||||
mountHome = false;
|
||||
mountNixProfile = false;
|
||||
cache = "none";
|
||||
|
||||
extraMounts = {
|
||||
"/mnt/alice" = ./alice;
|
||||
"/mnt/bob" = ./bob;
|
||||
};
|
||||
};
|
||||
|
||||
# Create an activation script that copies and chowns the demo content
|
||||
system.activationScripts.demoSetup = ''
|
||||
${pkgs.coreutils}/bin/mkdir -p /home/alice/.local/share/intake
|
||||
${pkgs.coreutils}/bin/cp -r /mnt/alice/* /home/alice/.local/share/intake/
|
||||
${pkgs.coreutils}/bin/chgrp -R users /home/alice
|
||||
${pkgs.coreutils}/bin/chmod -R 775 /home/alice/.local
|
||||
|
||||
${pkgs.coreutils}/bin/mkdir -p /home/bob/.local/share/intake
|
||||
${pkgs.coreutils}/bin/cp -r /mnt/bob/* /home/bob/.local/share/intake/
|
||||
${pkgs.coreutils}/bin/chgrp -R users /home/bob
|
||||
${pkgs.coreutils}/bin/chmod -R 775 /home/bob/.local
|
||||
'';
|
||||
}
|
||||
|
|
|
@ -14,7 +14,7 @@ in {
|
|||
|
||||
listen.port = mkOption {
|
||||
type = types.port;
|
||||
default = 8032;
|
||||
default = 80;
|
||||
description = "The listen port for the entry point to intake services. This endpoint will redirect to a local port based on the request's HTTP Basic Auth credentials.";
|
||||
};
|
||||
|
||||
|
@ -84,7 +84,7 @@ in {
|
|||
listen = [ intakeCfg.listen ];
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:$target_port";
|
||||
basicAuth = { alpha = "alpha"; beta = "beta"; };
|
||||
basicAuth = { alice = "alpha"; bob = "beta"; };
|
||||
};
|
||||
extraConfig = foldl (acc: val: acc + val) "" (mapAttrsToList (userName: port: ''
|
||||
if ($remote_user = "${userName}") {
|
||||
|
|
Loading…
Reference in New Issue