{pkgs, ...}: let # Import the inquisitor package and build it inquisitorSource = pkgs.fetchFromGitHub { owner = "Jaculabilis"; repo = "Inquisitor"; rev = "4315cfa7becead61bb3c75327b12a9bba918ddb9"; sha256 = "0dx18x79pfk5i92ksb7ih62q34lkrd436xjvhpc2rlwjgyr47zhn"; }; inquisitor = pkgs.callPackage inquisitorSource {}; # Create the inquisitor config file in the nix store, pointing to /var/lib/ inquisitorConfig = pkgs.writeTextFile { name = "inquisitor.conf"; text = '' DataPath = /var/lib/inquisitor/data/ SourcePath = /var/lib/inquisitor/sources/ CachePath = /var/lib/inquisitor/cache/ Verbose = false LogFile = /var/log/inquisitor.log ''; }; # Create a run script for the server that sets up all necessary state inquisitorRun = pkgs.writeShellScriptBin "run.sh" '' # Ensure inquisitor directories and inquisitor source folder ${pkgs.coreutils}/bin/mkdir -p /var/lib/inquisitor/data/inquisitor/ ${pkgs.coreutils}/bin/mkdir -p /var/lib/inquisitor/sources/ ${pkgs.coreutils}/bin/mkdir -p /var/lib/inquisitor/cache/ if [ ! -f /var/lib/inquisitor/data/inquisitor/state ]; then ${pkgs.coreutils}/bin/echo "{}" > /var/lib/inquisitor/data/inquisitor/state fi # Run inquisitor cd /var/lib/inquisitor/ ${inquisitor}/bin/gunicorn \ --bind=localhost:24133 \ --workers=4 \ --env INQUISITOR_CONFIG=${inquisitorConfig} \ --log-level debug \ "inquisitor.app:wsgi()" ''; # Create a wrapper script to let users call into inquisitor safely inquisitorWrapper = pkgs.writeShellScriptBin "inq" '' INQUISITOR_CONFIG=${inquisitorConfig} ${inquisitor}/bin/inquisitor "$@" ''; in { # Create a user for the service users.users.inquisitor = { description = "Inquisitor service user"; isSystemUser = true; packages = [ inquisitor ]; }; # Give all users the inq wrapper environment.systemPackages = [ inquisitorWrapper ]; # Set up the inquisitor service systemd.services.inquisitor = let inquisitorSetup = pkgs.writeShellScriptBin "setup.sh" '' ${pkgs.coreutils}/bin/mkdir -p /var/lib/inquisitor && ${pkgs.coreutils}/bin/chown inquisitor /var/lib/inquisitor ''; in { description = "Inquisitor server"; script = "${inquisitorRun}/bin/run.sh"; serviceConfig = { User = "inquisitor"; Type = "simple"; ExecStartPre = "+${inquisitorSetup}/bin/setup.sh"; }; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; enable = true; }; # Set up nginx to reverse proxy from the beatific url to the inq server services.nginx.enable = true; services.nginx.virtualHosts.inquisitorHost = { listen = [ { addr = "10.7.3.99"; port = 80; } ]; locations."/".extraConfig = '' access_log /var/log/nginx/access.inquisitor.log; proxy_buffering off; proxy_pass http://localhost:24133/; ''; }; # Allow nginx through the firewall networking.firewall = { allowedTCPPorts = [ 80 # http 443 # https ]; }; }