2020-12-29 11:18:23 +00:00
|
|
|
{pkgs, ...}:
|
|
|
|
|
|
|
|
let
|
2020-12-30 01:32:46 +00:00
|
|
|
# Import the inquisitor package and build it
|
2020-12-29 18:21:21 +00:00
|
|
|
inquisitorSource = pkgs.fetchFromGitHub {
|
2020-12-29 11:18:23 +00:00
|
|
|
owner = "Jaculabilis";
|
|
|
|
repo = "Inquisitor";
|
2020-12-30 22:17:17 +00:00
|
|
|
rev = "a678b6701990bad6017bd7aa0ffe5ae47f47aec0";
|
|
|
|
sha256 = "0rblxcymbmv7rck7hz2frnzw4a9qnrhbx2gbqjrwlyz21ic6fp0q";
|
2020-12-29 11:18:23 +00:00
|
|
|
};
|
2020-12-29 18:21:21 +00:00
|
|
|
inquisitor = pkgs.callPackage inquisitorSource {};
|
2020-12-29 11:18:23 +00:00
|
|
|
|
2020-12-30 03:22:12 +00:00
|
|
|
# Define the inquisitor data directory
|
|
|
|
inquisiDir = "/var/lib/inquisitor";
|
|
|
|
|
2020-12-30 01:32:46 +00:00
|
|
|
# Create the inquisitor config file in the nix store, pointing to /var/lib/
|
2020-12-29 18:21:21 +00:00
|
|
|
inquisitorConfig = pkgs.writeTextFile {
|
|
|
|
name = "inquisitor.conf";
|
|
|
|
text = ''
|
2020-12-30 03:22:12 +00:00
|
|
|
DataPath = ${inquisiDir}/data/
|
|
|
|
SourcePath = ${inquisiDir}/sources/
|
|
|
|
CachePath = ${inquisiDir}/cache/
|
2020-12-29 18:21:21 +00:00
|
|
|
Verbose = false
|
2020-12-30 22:08:44 +00:00
|
|
|
LogFile = ${inquisiDir}/inquisitor.log
|
2020-12-29 18:21:21 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2020-12-30 01:32:46 +00:00
|
|
|
# Create a run script for the server that sets up all necessary state
|
2020-12-29 18:21:21 +00:00
|
|
|
inquisitorRun = pkgs.writeShellScriptBin "run.sh" ''
|
|
|
|
# Ensure inquisitor directories and inquisitor source folder
|
2020-12-30 03:22:12 +00:00
|
|
|
${pkgs.coreutils}/bin/mkdir -p ${inquisiDir}/data/inquisitor/
|
|
|
|
${pkgs.coreutils}/bin/mkdir -p ${inquisiDir}/sources/
|
|
|
|
${pkgs.coreutils}/bin/mkdir -p ${inquisiDir}/cache/
|
|
|
|
if [ ! -f ${inquisiDir}/data/inquisitor/state ]; then
|
|
|
|
${pkgs.coreutils}/bin/echo "{}" > ${inquisiDir}/data/inquisitor/state
|
2020-12-29 18:21:21 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
# Run inquisitor
|
2020-12-30 03:22:12 +00:00
|
|
|
cd ${inquisiDir}
|
2020-12-30 01:32:46 +00:00
|
|
|
${inquisitor}/bin/gunicorn \
|
|
|
|
--bind=localhost:24133 \
|
|
|
|
--workers=4 \
|
|
|
|
--env INQUISITOR_CONFIG=${inquisitorConfig} \
|
|
|
|
--log-level debug \
|
|
|
|
"inquisitor.app:wsgi()"
|
2020-12-29 18:21:21 +00:00
|
|
|
'';
|
|
|
|
|
|
|
|
# Create a wrapper script to let users call into inquisitor safely
|
|
|
|
inquisitorWrapper = pkgs.writeShellScriptBin "inq" ''
|
|
|
|
INQUISITOR_CONFIG=${inquisitorConfig} ${inquisitor}/bin/inquisitor "$@"
|
2020-12-29 11:18:23 +00:00
|
|
|
'';
|
|
|
|
in
|
|
|
|
{
|
|
|
|
# Create a user for the service
|
|
|
|
users.users.inquisitor = {
|
|
|
|
description = "Inquisitor service user";
|
|
|
|
isSystemUser = true;
|
2020-12-30 03:22:12 +00:00
|
|
|
home = "${inquisiDir}";
|
2020-12-30 02:53:50 +00:00
|
|
|
createHome = true;
|
2020-12-30 06:48:59 +00:00
|
|
|
shell = pkgs.bashInteractive;
|
|
|
|
packages = [ inquisitor pkgs.cron ];
|
2020-12-29 11:18:23 +00:00
|
|
|
};
|
|
|
|
|
2020-12-29 18:21:21 +00:00
|
|
|
# Give all users the inq wrapper
|
|
|
|
environment.systemPackages = [ inquisitorWrapper ];
|
2020-12-29 11:18:23 +00:00
|
|
|
|
|
|
|
# Set up the inquisitor service
|
|
|
|
systemd.services.inquisitor =
|
2020-12-30 02:53:50 +00:00
|
|
|
{
|
2020-12-29 11:18:23 +00:00
|
|
|
description = "Inquisitor server";
|
2020-12-29 18:21:21 +00:00
|
|
|
script = "${inquisitorRun}/bin/run.sh";
|
2020-12-29 11:18:23 +00:00
|
|
|
serviceConfig = {
|
|
|
|
User = "inquisitor";
|
|
|
|
Type = "simple";
|
|
|
|
};
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
after = [ "network.target" ];
|
|
|
|
enable = true;
|
|
|
|
};
|
2020-12-30 02:09:58 +00:00
|
|
|
|
|
|
|
# Set up nginx to reverse proxy from the beatific url to the inq server
|
|
|
|
services.nginx.enable = true;
|
|
|
|
services.nginx.virtualHosts.inquisitorHost = {
|
|
|
|
listen = [ { addr = "10.7.3.99"; port = 80; } ];
|
|
|
|
locations."/".extraConfig = ''
|
|
|
|
access_log /var/log/nginx/access.inquisitor.log;
|
|
|
|
proxy_buffering off;
|
|
|
|
proxy_pass http://localhost:24133/;
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
# Allow nginx through the firewall
|
|
|
|
networking.firewall = {
|
|
|
|
allowedTCPPorts = [
|
|
|
|
80 # http
|
|
|
|
443 # https
|
|
|
|
];
|
|
|
|
};
|
2020-12-30 06:48:59 +00:00
|
|
|
|
|
|
|
# Enable cron, but don't set up any system cron jobs
|
|
|
|
# Inquisitor updates will be managed manually
|
|
|
|
services.cron.enable = true;
|
2020-12-29 11:18:23 +00:00
|
|
|
}
|