1
1
Fork 0
nixos-configs/inquisitor.nix

100 lines
3.0 KiB
Nix
Raw Normal View History

2020-12-29 11:18:23 +00:00
{pkgs, ...}:
let
2020-12-30 01:32:46 +00:00
# Import the inquisitor package and build it
2020-12-29 18:21:21 +00:00
inquisitorSource = pkgs.fetchFromGitHub {
2020-12-29 11:18:23 +00:00
owner = "Jaculabilis";
repo = "Inquisitor";
2020-12-30 01:32:46 +00:00
rev = "4315cfa7becead61bb3c75327b12a9bba918ddb9";
sha256 = "0dx18x79pfk5i92ksb7ih62q34lkrd436xjvhpc2rlwjgyr47zhn";
2020-12-29 11:18:23 +00:00
};
2020-12-29 18:21:21 +00:00
inquisitor = pkgs.callPackage inquisitorSource {};
2020-12-29 11:18:23 +00:00
2020-12-30 01:32:46 +00:00
# Create the inquisitor config file in the nix store, pointing to /var/lib/
2020-12-29 18:21:21 +00:00
inquisitorConfig = pkgs.writeTextFile {
name = "inquisitor.conf";
text = ''
DataPath = /var/lib/inquisitor/data/
SourcePath = /var/lib/inquisitor/sources/
CachePath = /var/lib/inquisitor/cache/
Verbose = false
LogFile = /var/log/inquisitor.log
'';
};
2020-12-30 01:32:46 +00:00
# Create a run script for the server that sets up all necessary state
2020-12-29 18:21:21 +00:00
inquisitorRun = pkgs.writeShellScriptBin "run.sh" ''
# Ensure inquisitor directories and inquisitor source folder
2020-12-30 01:32:46 +00:00
${pkgs.coreutils}/bin/mkdir -p /var/lib/inquisitor/data/inquisitor/
2020-12-29 18:21:21 +00:00
${pkgs.coreutils}/bin/mkdir -p /var/lib/inquisitor/sources/
${pkgs.coreutils}/bin/mkdir -p /var/lib/inquisitor/cache/
if [ ! -f /var/lib/inquisitor/data/inquisitor/state ]; then
${pkgs.coreutils}/bin/echo "{}" > /var/lib/inquisitor/data/inquisitor/state
fi
# Run inquisitor
cd /var/lib/inquisitor/
2020-12-30 01:32:46 +00:00
${inquisitor}/bin/gunicorn \
--bind=localhost:24133 \
--workers=4 \
--env INQUISITOR_CONFIG=${inquisitorConfig} \
--log-level debug \
"inquisitor.app:wsgi()"
2020-12-29 18:21:21 +00:00
'';
# Create a wrapper script to let users call into inquisitor safely
inquisitorWrapper = pkgs.writeShellScriptBin "inq" ''
INQUISITOR_CONFIG=${inquisitorConfig} ${inquisitor}/bin/inquisitor "$@"
2020-12-29 11:18:23 +00:00
'';
in
{
# Create a user for the service
users.users.inquisitor = {
description = "Inquisitor service user";
isSystemUser = true;
packages = [ inquisitor ];
};
2020-12-29 18:21:21 +00:00
# Give all users the inq wrapper
environment.systemPackages = [ inquisitorWrapper ];
2020-12-29 11:18:23 +00:00
# Set up the inquisitor service
systemd.services.inquisitor =
let
inquisitorSetup = pkgs.writeShellScriptBin "setup.sh" ''
2020-12-29 18:21:21 +00:00
${pkgs.coreutils}/bin/mkdir -p /var/lib/inquisitor &&
${pkgs.coreutils}/bin/chown inquisitor /var/lib/inquisitor
2020-12-29 11:18:23 +00:00
'';
in {
description = "Inquisitor server";
2020-12-29 18:21:21 +00:00
script = "${inquisitorRun}/bin/run.sh";
2020-12-29 11:18:23 +00:00
serviceConfig = {
User = "inquisitor";
Type = "simple";
2020-12-29 18:21:21 +00:00
ExecStartPre = "+${inquisitorSetup}/bin/setup.sh";
2020-12-29 11:18:23 +00:00
};
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
enable = true;
};
2020-12-30 02:09:58 +00:00
# Set up nginx to reverse proxy from the beatific url to the inq server
services.nginx.enable = true;
services.nginx.virtualHosts.inquisitorHost = {
listen = [ { addr = "10.7.3.99"; port = 80; } ];
locations."/".extraConfig = ''
access_log /var/log/nginx/access.inquisitor.log;
proxy_buffering off;
proxy_pass http://localhost:24133/;
'';
};
# Allow nginx through the firewall
networking.firewall = {
allowedTCPPorts = [
80 # http
443 # https
];
};
2020-12-29 11:18:23 +00:00
}