Refactor catacomb browser into its own file

This commit is contained in:
Jaculabilis 2021-04-07 03:56:19 +00:00
parent 703844b2a4
commit 4f331322ff
2 changed files with 158 additions and 57 deletions

View File

@ -2,7 +2,10 @@
{
disabledModules = [ "system/boot/loader/raspberrypi/raspberrypi.nix" ];
imports = [ ./modules/system/boot/loader/raspberrypi/raspberrypi.nix ];
imports = [
./modules/system/boot/loader/raspberrypi/raspberrypi.nix
./fileserver.nix
];
boot = {
kernelPackages = pkgs.linuxPackages_rpi4;
@ -64,7 +67,7 @@
firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [ 22 80 139 445 7473 ];
allowedTCPPorts = [ 22 139 445 ];
allowedUDPPorts = [ 137 138 ];
};
};
@ -86,31 +89,6 @@
passwordAuthentication = true;
};
services.nginx = {
enable = true;
virtualHosts."catacomb-server" = {
listen = [ { addr = "10.7.3.16"; } ];
root = "/nas";
locations."/".tryFiles = "\$uri @indexer";
locations."@indexer".extraConfig = "
proxy_buffering off;
proxy_pass http://127.0.0.1:5000;
";
};
virtualHosts."guest-server" = {
listen = [ { addr = "10.7.3.16"; port = 7473; } ];
extraConfig = "
access_log /var/log/nginx/access.guest-server.log;
";
locations."/".extraConfig = "
proxy_buffering off;
proxy_pass http://127.0.0.1:7473/;
";
};
};
services.ntp = {
enable = true;
servers = ["time.nist.gov"];
@ -207,34 +185,6 @@
};
};
systemd.services.host-server = {
enable = true;
description = "catapool host index server";
serviceConfig = {
Type = "simple";
ExecStart = "/nas-indexer/host-server/run.sh";
Restart = "on-failure";
User = "tvb";
WorkingDirectory = "/nas-indexer/host-server";
};
requires = [ "zfs.target" ];
wantedBy = [ "multi-user.target" ];
};
systemd.services.guest-server = {
enable = true;
description = "catapool guest index server";
serviceConfig = {
Type = "simple";
ExecStart = "/nas-indexer/guest-server/run.sh";
Restart = "on-failure";
User = "tvb";
WorkingDirectory = "/nas-indexer/guest-server";
};
requires = [ "zfs.target" ];
wantedBy = [ "multi-user.target" ];
};
users.groups = {
nas = { gid = 1600; };
};
@ -254,7 +204,5 @@
};
#./keys/tvb.empyrean.pub
users.users.nginx.extraGroups = ["nas"];
nix.buildCores = 4;
}

153
fileserver.nix Normal file
View File

@ -0,0 +1,153 @@
# nas indexer server module
{ pkgs, ... }:
let
# Build the catacomb server package
catacombServerSource = builtins.fetchGit {
url = "https://git.alogoulogoi.com/Jaculabilis/catacomb-server.git";
ref = "develop-nix";
rev = "08749de4adeb2ea01f0f646c53c6e30aa9a240e7";
};
catacombServer = pkgs.callPackage catacombServerSource {};
catacombUser = "tvb";
# Define the service directory, which pretty much only stores tokens
catacombServerDir = "/var/lib/nas-indexer/";
# Create a setup script to ensure the token directory exists
catacombSetup = pkgs.writeShellScriptBin "catacomb-setup.sh" ''
${pkgs.coreutils}/bin/mkdir -p ${catacombServerDir}tokens
chown -R ${catacombUser} ${catacombServerDir}
'';
# Host-mode server run script
hostRun = pkgs.writeShellScriptBin "catacomb-run-host.sh" ''
cd ${catacombServerDir}
${catacombServer}/bin/gunicorn \
--bind=localhost:5000 \
--workers=3 \
--log-level=debug \
--env CATACOMB_ROOT=/nas \
--env CATACOMB_TOKENS=${catacombServerDir}tokens \
--env CATACOMB_MODE=host \
"catacomb.server:wsgi()"
'';
# Guest-mode server run script
guestRun = pkgs.writeShellScriptBin "catacomb-run-guest.sh" ''
cd ${catacombServerDir}
${catacombServer}/bin/gunicorn \
--bind=localhost:5001 \
--workers=3 \
--log-level=debug \
--env CATACOMB_ROOT=/nas \
--env CATACOMB_TOKENS=${catacombServerDir}tokens \
--env CATACOMB_MODE=guest \
"catacomb.server:wsgi()"
'';
# Guest-mode auth server for direct nginx file serving
accessRun = pkgs.writeShellScriptBin "catacomb-run-access.sh" ''
cd ${catacombServerDir}
${catacombServer}/bin/gunicorn \
--bind=localhost:5002 \
--workers=3 \
--log-level=debug \
--env CATACOMB_TOKENS=${catacombServerDir}tokens \
"catacomb.access.nginx:wsgi()"
'';
in
{
# Run the setup script on activation
system.activationScripts.catacombSetup = "${catacombSetup}/bin/catacomb-setup.sh";
# Set up the host mode service
systemd.services."catacomb-host" = {
enable = true;
description = "catapool host-mode index server";
script = "${hostRun}/bin/catacomb-run-host.sh";
serviceConfig = {
Type = "simple";
WorkingDirectory = "${catacombServerDir}";
};
requires = [ "zfs.target" ];
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
};
# Set up the guest mode service
systemd.services."catacomb-guest" = {
enable = true;
description = "catapool guest-mode index server";
script = "${guestRun}/bin/catacomb-run-guest.sh";
serviceConfig = {
Type = "simple";
User = "${catacombUser}";
WorkingDirectory = "${catacombServerDir}";
};
requires = [ "zfs.target" ];
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
};
# Set up the access server service
systemd.services."catacomb-access" = {
enable = true;
description = "catapool access token authenticator";
script = "${accessRun}/bin/catacomb-run-access.sh";
serviceConfig = {
Type = "simple";
User = "${catacombUser}";
WorkingDirectory = "${catacombServerDir}";
};
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
};
networking.firewall.allowedTCPPorts = [ 80 7470 7471 7472 ];
# Set up nginx to reverse proxy to these services
services.nginx = {
enable = true;
# Serve the host server over the internal ip at the default port
virtualHosts."catacomb-host-server" = {
listen = [ { addr = "10.7.3.16"; } ];
root = "/nas";
locations."/".tryFiles = "\$uri @indexer";
locations."@indexer".proxyPass = "http://localhost:5000";
};
# Serve the guest server over the internal ip at a custom port
virtualHosts."catacomb-guest-server" = {
listen = [ { addr = "10.7.3.16"; port = 7472; } ];
extraConfig = ''
access_log /var/log/nginx/access.guest-server.log;
'';
locations."/".proxyPass = "http://localhost:5001";
};
# Serve the auth server at a custom port internally
virtualHosts."catacomb-auth" = {
listen = [ { addr = "10.7.3.16"; port = 7471; } ];
extraConfig = ''
access_log /var/log/nginx/access.guest-auth.log;
'';
locations."/".proxyPass = "http://localhost:5002";
};
# Serve files at a custom port internally
virtualHosts."catacomb-guest-files" = {
listen = [ { addr = "10.7.3.16"; port = 7470; } ];
extraConfig = ''
access_log /var/log/nginx/access.guest-files.log;
'';
locations."/".root = "/nas";
};
};
# Allow nginx to read catapool files
users.users.nginx.extraGroups = ["nas"];
}