From 4f331322ffaec1900e8ba01276f1e7efd65e6175 Mon Sep 17 00:00:00 2001
From: Jaculabilis <jaculabilis@git.alogoulogoi.com>
Date: Wed, 7 Apr 2021 03:56:19 +0000
Subject: [PATCH] Refactor catacomb browser into its own file

---
 configuration.nix |  62 ++-----------------
 fileserver.nix    | 153 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 158 insertions(+), 57 deletions(-)
 create mode 100644 fileserver.nix

diff --git a/configuration.nix b/configuration.nix
index 4855a0e..97bf3c8 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -2,7 +2,10 @@
 
 {
   disabledModules = [ "system/boot/loader/raspberrypi/raspberrypi.nix" ];
-  imports = [ ./modules/system/boot/loader/raspberrypi/raspberrypi.nix ];
+  imports = [
+    ./modules/system/boot/loader/raspberrypi/raspberrypi.nix
+    ./fileserver.nix
+  ];
 
   boot = {
     kernelPackages = pkgs.linuxPackages_rpi4;
@@ -64,7 +67,7 @@
     firewall = {
       enable = true;
       allowPing = true;
-      allowedTCPPorts = [ 22 80 139 445 7473 ];
+      allowedTCPPorts = [ 22 139 445 ];
       allowedUDPPorts = [ 137 138 ];
     };
   };
@@ -86,31 +89,6 @@
     passwordAuthentication = true;
   };
 
-  services.nginx = {
-    enable = true;
-
-    virtualHosts."catacomb-server" = {
-      listen = [ { addr = "10.7.3.16"; } ];
-      root = "/nas";
-      locations."/".tryFiles = "\$uri @indexer";
-      locations."@indexer".extraConfig = "
-        proxy_buffering off;
-        proxy_pass http://127.0.0.1:5000;
-      ";
-    };
-
-    virtualHosts."guest-server" = {
-      listen = [ { addr = "10.7.3.16"; port = 7473; } ];
-      extraConfig  = "
-        access_log /var/log/nginx/access.guest-server.log;
-      ";
-      locations."/".extraConfig = "
-        proxy_buffering off;
-        proxy_pass http://127.0.0.1:7473/;
-      ";
-    };
-  };
-  
   services.ntp = {
     enable = true;
     servers = ["time.nist.gov"];
@@ -207,34 +185,6 @@
     };
   };
 
-  systemd.services.host-server = {
-    enable = true;
-    description = "catapool host index server";
-    serviceConfig = {
-      Type = "simple";
-      ExecStart = "/nas-indexer/host-server/run.sh";
-      Restart = "on-failure";
-      User = "tvb";
-      WorkingDirectory = "/nas-indexer/host-server";
-    };
-    requires = [ "zfs.target" ];
-    wantedBy = [ "multi-user.target" ];
-  };
-
-  systemd.services.guest-server = {
-    enable = true;
-    description = "catapool guest index server";
-    serviceConfig = {
-      Type = "simple";
-      ExecStart = "/nas-indexer/guest-server/run.sh";
-      Restart = "on-failure";
-      User = "tvb";
-      WorkingDirectory = "/nas-indexer/guest-server";
-    };
-    requires = [ "zfs.target" ];
-    wantedBy = [ "multi-user.target" ];
-  };
-
   users.groups = {
     nas = { gid = 1600; };
   };
@@ -254,7 +204,5 @@
   };
   #./keys/tvb.empyrean.pub
 
-  users.users.nginx.extraGroups = ["nas"];
-
   nix.buildCores = 4;
 }
diff --git a/fileserver.nix b/fileserver.nix
new file mode 100644
index 0000000..70d3b47
--- /dev/null
+++ b/fileserver.nix
@@ -0,0 +1,153 @@
+# nas indexer server module
+{ pkgs, ... }:
+
+let
+  # Build the catacomb server package
+  catacombServerSource = builtins.fetchGit {
+    url = "https://git.alogoulogoi.com/Jaculabilis/catacomb-server.git";
+    ref = "develop-nix";
+    rev = "08749de4adeb2ea01f0f646c53c6e30aa9a240e7";
+  };
+  catacombServer = pkgs.callPackage catacombServerSource {};
+
+  catacombUser = "tvb";
+
+  # Define the service directory, which pretty much only stores tokens
+  catacombServerDir = "/var/lib/nas-indexer/";
+
+  # Create a setup script to ensure the token directory exists
+  catacombSetup = pkgs.writeShellScriptBin "catacomb-setup.sh" ''
+    ${pkgs.coreutils}/bin/mkdir -p ${catacombServerDir}tokens
+    chown -R ${catacombUser} ${catacombServerDir}
+  '';
+
+  # Host-mode server run script
+  hostRun = pkgs.writeShellScriptBin "catacomb-run-host.sh" ''
+    cd ${catacombServerDir}
+    ${catacombServer}/bin/gunicorn \
+      --bind=localhost:5000 \
+      --workers=3 \
+      --log-level=debug \
+      --env CATACOMB_ROOT=/nas \
+      --env CATACOMB_TOKENS=${catacombServerDir}tokens \
+      --env CATACOMB_MODE=host \
+      "catacomb.server:wsgi()"
+  '';
+
+  # Guest-mode server run script
+  guestRun = pkgs.writeShellScriptBin "catacomb-run-guest.sh" ''
+    cd ${catacombServerDir}
+    ${catacombServer}/bin/gunicorn \
+      --bind=localhost:5001 \
+      --workers=3 \
+      --log-level=debug \
+      --env CATACOMB_ROOT=/nas \
+      --env CATACOMB_TOKENS=${catacombServerDir}tokens \
+      --env CATACOMB_MODE=guest \
+      "catacomb.server:wsgi()"
+  '';
+
+  # Guest-mode auth server for direct nginx file serving
+  accessRun = pkgs.writeShellScriptBin "catacomb-run-access.sh" ''
+    cd ${catacombServerDir}
+    ${catacombServer}/bin/gunicorn \
+      --bind=localhost:5002 \
+      --workers=3 \
+      --log-level=debug \
+      --env CATACOMB_TOKENS=${catacombServerDir}tokens \
+      "catacomb.access.nginx:wsgi()"
+  '';
+
+in
+{
+  # Run the setup script on activation
+  system.activationScripts.catacombSetup = "${catacombSetup}/bin/catacomb-setup.sh";
+
+  # Set up the host mode service
+  systemd.services."catacomb-host" = {
+    enable = true;
+    description = "catapool host-mode index server";
+    script = "${hostRun}/bin/catacomb-run-host.sh";
+    serviceConfig = {
+      Type = "simple";
+      WorkingDirectory = "${catacombServerDir}";
+    };
+    requires = [ "zfs.target" ];
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+  };
+
+  # Set up the guest mode service
+  systemd.services."catacomb-guest" = {
+    enable = true;
+    description = "catapool guest-mode index server";
+    script = "${guestRun}/bin/catacomb-run-guest.sh";
+    serviceConfig = {
+      Type = "simple";
+      User = "${catacombUser}";
+      WorkingDirectory = "${catacombServerDir}";
+    };
+    requires = [ "zfs.target" ];
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+  };
+
+  # Set up the access server service
+  systemd.services."catacomb-access" = {
+    enable = true;
+    description = "catapool access token authenticator";
+    script = "${accessRun}/bin/catacomb-run-access.sh";
+    serviceConfig = {
+      Type = "simple";
+      User = "${catacombUser}";
+      WorkingDirectory = "${catacombServerDir}";
+    };
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 7470 7471 7472 ];
+
+  # Set up nginx to reverse proxy to these services
+  services.nginx = {
+    enable = true;
+
+    # Serve the host server over the internal ip at the default port
+    virtualHosts."catacomb-host-server" = {
+      listen = [ { addr = "10.7.3.16"; } ];
+      root = "/nas";
+      locations."/".tryFiles = "\$uri @indexer";
+      locations."@indexer".proxyPass = "http://localhost:5000";
+    };
+
+    # Serve the guest server over the internal ip at a custom port
+    virtualHosts."catacomb-guest-server" = {
+      listen = [ { addr = "10.7.3.16"; port = 7472; } ];
+      extraConfig = ''
+        access_log /var/log/nginx/access.guest-server.log;
+      '';
+      locations."/".proxyPass = "http://localhost:5001";
+    };
+
+    # Serve the auth server at a custom port internally
+    virtualHosts."catacomb-auth" = {
+      listen = [ { addr = "10.7.3.16"; port = 7471; } ];
+      extraConfig = ''
+        access_log /var/log/nginx/access.guest-auth.log;
+      '';
+      locations."/".proxyPass = "http://localhost:5002";
+    };
+
+    # Serve files at a custom port internally
+    virtualHosts."catacomb-guest-files" = {
+      listen = [ { addr = "10.7.3.16"; port = 7470; } ];
+      extraConfig = ''
+        access_log /var/log/nginx/access.guest-files.log;
+      '';
+      locations."/".root = "/nas";
+    };
+  };
+
+  # Allow nginx to read catapool files
+  users.users.nginx.extraGroups = ["nas"];
+}