flake.nix

@@ -48,10 +48,11 @@
           ./machine/backyard
         ];
       };
-      catacomb = nixpkgs-2405.lib.nixosSystem {
+      catacomb = nixpkgs-2305.lib.nixosSystem {
         system = "aarch64-linux";
         modules = [
           self.nixosModules.beatific
+          (pinNixpkgs nixpkgs-2305)
           ./machine/catacomb
         ];
       };

machine/catacomb/default.nix

@@ -3,6 +3,7 @@
 {
   imports = [
     ./hardware-configuration.nix
+    ./fileserver.nix
   ];
 
   beatific.hostName = "catacomb";
@@ -16,6 +17,7 @@
       generic-extlinux-compatible.enable = true;
     };
     supportedFilesystems = ["zfs"];
+    zfs.enableUnstable = true;
     zfs.extraPools = [ "catapool" ];
     kernelParams = [ "zfs.zfs_dmu_offset_next_sync=0" ];
   };

machine/catacomb/fileserver.nix

@@ -0,0 +1,157 @@
+# nas indexer server module
+{ pkgs, ... }:
+
+let
+  # Build the catacomb server package
+  catacombServerSource = builtins.fetchGit {
+    url = "https://git.alogoulogoi.com/Jaculabilis/catacomb-server.git";
+    ref = "develop-nix";
+    rev = "3d6fb16948c377f94d030648849f120c8ada3884";
+  };
+  catacombServer = pkgs.callPackage catacombServerSource {};
+
+  catacombUser = "tvb";
+
+  # Define the service directory, which pretty much only stores tokens
+  catacombServerDir = "/var/lib/nas-indexer/";
+
+  # The address to bind to
+  bindAddr = "10.22.20.2";
+
+  # Create a setup script to ensure the token directory exists
+  catacombSetup = pkgs.writeShellScriptBin "catacomb-setup.sh" ''
+    ${pkgs.coreutils}/bin/mkdir -p ${catacombServerDir}tokens
+    chown -R ${catacombUser} ${catacombServerDir}
+  '';
+
+  # Host-mode server run script
+  hostRun = pkgs.writeShellScriptBin "catacomb-run-host.sh" ''
+    cd ${catacombServerDir}
+    ${catacombServer}/bin/gunicorn \
+      --bind=localhost:5000 \
+      --workers=3 \
+      --log-level=debug \
+      --env CATACOMB_ROOT=/nas \
+      --env CATACOMB_TOKENS=${catacombServerDir}tokens \
+      --env CATACOMB_MODE=host \
+      --env CATACOMB_GUEST_HOST=catacomb.alogoulogoi.com \
+      "catacomb.server:wsgi()"
+  '';
+
+  # Guest-mode server run script
+  guestRun = pkgs.writeShellScriptBin "catacomb-run-guest.sh" ''
+    cd ${catacombServerDir}
+    ${catacombServer}/bin/gunicorn \
+      --bind=localhost:5001 \
+      --workers=3 \
+      --log-level=debug \
+      --env CATACOMB_ROOT=/nas \
+      --env CATACOMB_TOKENS=${catacombServerDir}tokens \
+      --env CATACOMB_MODE=guest \
+      "catacomb.server:wsgi()"
+  '';
+
+  # Guest-mode auth server for direct nginx file serving
+  accessRun = pkgs.writeShellScriptBin "catacomb-run-access.sh" ''
+    cd ${catacombServerDir}
+    ${catacombServer}/bin/gunicorn \
+      --bind=localhost:5002 \
+      --workers=3 \
+      --log-level=debug \
+      --env CATACOMB_TOKENS=${catacombServerDir}tokens \
+      "catacomb.access.nginx:wsgi()"
+  '';
+
+in
+{
+  # Run the setup script on activation
+  system.activationScripts.catacombSetup = "${catacombSetup}/bin/catacomb-setup.sh";
+
+  # Set up the host mode service
+  systemd.services."catacomb-host" = {
+    enable = true;
+    description = "catapool host-mode index server";
+    script = "${hostRun}/bin/catacomb-run-host.sh";
+    serviceConfig = {
+      Type = "simple";
+      WorkingDirectory = "${catacombServerDir}";
+    };
+    requires = [ "zfs.target" ];
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+  };
+
+  # Set up the guest mode service
+  systemd.services."catacomb-guest" = {
+    enable = true;
+    description = "catapool guest-mode index server";
+    script = "${guestRun}/bin/catacomb-run-guest.sh";
+    serviceConfig = {
+      Type = "simple";
+      User = "${catacombUser}";
+      WorkingDirectory = "${catacombServerDir}";
+    };
+    requires = [ "zfs.target" ];
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+  };
+
+  # Set up the access server service
+  systemd.services."catacomb-access" = {
+    enable = true;
+    description = "catapool access token authenticator";
+    script = "${accessRun}/bin/catacomb-run-access.sh";
+    serviceConfig = {
+      Type = "simple";
+      User = "${catacombUser}";
+      WorkingDirectory = "${catacombServerDir}";
+    };
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 7470 7471 7472 ];
+
+  # Set up nginx to reverse proxy to these services
+  services.nginx = {
+    enable = true;
+
+    # Serve the host server over the internal ip at the default port
+    virtualHosts."catacomb-host-server" = {
+      listen = [ { addr = bindAddr; } ];
+      root = "/nas";
+      locations."/".tryFiles = "\$uri @indexer";
+      locations."@indexer".proxyPass = "http://localhost:5000";
+    };
+
+    # Serve the guest server over the internal ip at a custom port
+    virtualHosts."catacomb-guest-server" = {
+      listen = [ { addr = bindAddr; port = 7472; } ];
+      extraConfig = ''
+        access_log /var/log/nginx/access.guest-server.log;
+      '';
+      locations."/".proxyPass = "http://localhost:5001";
+    };
+
+    # Serve the auth server at a custom port internally
+    virtualHosts."catacomb-auth" = {
+      listen = [ { addr = bindAddr; port = 7471; } ];
+      extraConfig = ''
+        access_log /var/log/nginx/access.guest-auth.log;
+      '';
+      locations."/".proxyPass = "http://localhost:5002";
+    };
+
+    # Serve files at a custom port internally
+    virtualHosts."catacomb-guest-files" = {
+      listen = [ { addr = bindAddr; port = 7470; } ];
+      extraConfig = ''
+        access_log /var/log/nginx/access.guest-files.log;
+      '';
+      locations."/".root = "/nas";
+    };
+  };
+
+  # Allow nginx to read catapool files
+  users.users.nginx.extraGroups = ["nas"];
+}