From 657f37634dde21eb8563af6f6f468d2f9edb0cb4 Mon Sep 17 00:00:00 2001 From: Tim Van Baak Date: Wed, 7 Jun 2023 22:47:02 -0700 Subject: [PATCH] Add content to the demo vm --- demo/alice/credentials.json | 4 +++ demo/alice/currenttime/intake.json | 11 ++++++ demo/bob/credentials.json | 4 +++ demo/default.nix | 57 +++++++++++++++++++++++------- module.nix | 4 +-- 5 files changed, 66 insertions(+), 14 deletions(-) create mode 100644 demo/alice/credentials.json create mode 100644 demo/alice/currenttime/intake.json create mode 100644 demo/bob/credentials.json diff --git a/demo/alice/credentials.json b/demo/alice/credentials.json new file mode 100644 index 0000000..fb3a62c --- /dev/null +++ b/demo/alice/credentials.json @@ -0,0 +1,4 @@ +{ + "username": "alice", + "secret": "alpha" +} diff --git a/demo/alice/currenttime/intake.json b/demo/alice/currenttime/intake.json new file mode 100644 index 0000000..c93b584 --- /dev/null +++ b/demo/alice/currenttime/intake.json @@ -0,0 +1,11 @@ +{ + "action": { + "fetch": { + "exe": "sh", + "args": [ + "-c", + "echo {\\\"id\\\": \\\"$(date +%Y-%m-%d-%H-%M)\\\"}" + ] + } + } +} diff --git a/demo/bob/credentials.json b/demo/bob/credentials.json new file mode 100644 index 0000000..04fd3e7 --- /dev/null +++ b/demo/bob/credentials.json @@ -0,0 +1,4 @@ +{ + "username": "bob", + "secret": "beta" +} diff --git a/demo/default.nix b/demo/default.nix index 61e5c0b..d46ebe0 100644 --- a/demo/default.nix +++ b/demo/default.nix @@ -3,23 +3,56 @@ flake: { pkgs, ... }: { system.stateVersion = "22.11"; - nixos-shell.mounts = { - mountHome = false; - mountNixProfile = false; - cache = "none"; - }; - - services.intake.users.alpha.enable = true; - - services.intake.users.beta.enable = true; - - users.users.alpha = { + # Set up two users to demonstrate the user separation + users.users.alice = { isNormalUser = true; password = "alpha"; }; - users.users.beta = { + users.users.bob = { isNormalUser = true; password = "beta"; }; + + # Put intake on both users' PATH + environment.systemPackages = [ flake.packages.${pkgs.stdenv.hostPlatform.system}.default ]; + + # Set up intake for both users with an entry point at port 8080 + services.intake = { + listen.port = 8080; + users.alice.enable = true; + users.bob.enable = true; + }; + + # Expose the vm's intake revproxy at host port 5234 + virtualisation.forwardPorts = [{ + from = "host"; + host.port = 5234; + guest.port = 8080; + }]; + + # Mount the demo content for both users + nixos-shell.mounts = { + mountHome = false; + mountNixProfile = false; + cache = "none"; + + extraMounts = { + "/mnt/alice" = ./alice; + "/mnt/bob" = ./bob; + }; + }; + + # Create an activation script that copies and chowns the demo content + system.activationScripts.demoSetup = '' + ${pkgs.coreutils}/bin/mkdir -p /home/alice/.local/share/intake + ${pkgs.coreutils}/bin/cp -r /mnt/alice/* /home/alice/.local/share/intake/ + ${pkgs.coreutils}/bin/chgrp -R users /home/alice + ${pkgs.coreutils}/bin/chmod -R 775 /home/alice/.local + + ${pkgs.coreutils}/bin/mkdir -p /home/bob/.local/share/intake + ${pkgs.coreutils}/bin/cp -r /mnt/bob/* /home/bob/.local/share/intake/ + ${pkgs.coreutils}/bin/chgrp -R users /home/bob + ${pkgs.coreutils}/bin/chmod -R 775 /home/bob/.local + ''; } diff --git a/module.nix b/module.nix index 40addbd..0050e73 100644 --- a/module.nix +++ b/module.nix @@ -14,7 +14,7 @@ in { listen.port = mkOption { type = types.port; - default = 8032; + default = 80; description = "The listen port for the entry point to intake services. This endpoint will redirect to a local port based on the request's HTTP Basic Auth credentials."; }; @@ -84,7 +84,7 @@ in { listen = [ intakeCfg.listen ]; locations."/" = { proxyPass = "http://127.0.0.1:$target_port"; - basicAuth = { alpha = "alpha"; beta = "beta"; }; + basicAuth = { alice = "alpha"; bob = "beta"; }; }; extraConfig = foldl (acc: val: acc + val) "" (mapAttrsToList (userName: port: '' if ($remote_user = "${userName}") {