hosts/TITAN: add shinobi service

2022-03-17 20:51:11 +01:00 · 2022-03-17 20:51:11 +01:00 · 6903a2d8ba
commit 6903a2d8ba
parent e055e489be
4 changed files with 72 additions and 0 deletions
--- a/hosts/TITAN/extras/shinobi.nix
+++ b/hosts/TITAN/extras/shinobi.nix
@ -0,0 +1,58 @@
+{ config, inputs, pkgs, ... }:
+let
+  dataDir = "/srv/data/SHINOBI/shinobi";
+  
+  shinobiConfigJson = builtins.toJSON {
+    ffmpegBinary = "${pkgs.ffmpeg}/bin/ffmpeg";
+    port = 38080;
+    db = {
+      host = "127.0.0.1";
+      port = 3306;
+      user = "majesticflame";
+      database = "ccio";
+    };
+  };
+  
+  configFile = pkgs.writeText "shinobi-conf.json" shinobiConfigJson;
+  
+  secretFile = config.age.secrets.shinobi-secrets.path;
+  
+  inherit (inputs.self.packages.${pkgs.system}) shinobi;
+in
+  {
+    age.secrets.shinobi-secrets = {
+      file = ../../../secrets/shinobi-secrets.age;
+      owner = "shinobi";
+      group = "shinobi";
+      mode = "0400";
+    };
+    services.mysql = {
+      enable = true;
+      settings.mysqld.bind-address = "127.0.0.1";
+      package = pkgs.mariadb;
+      dataDir = "/srv/data/DB/mariadb";
+    };
+    
+    users.users.shinobi = {
+      isSystemUser = true;
+      group = "shinobi";
+    };
+    
+    users.groups.shinobi = {};
+
+    systemd.tmpfiles.rules = [ "d '${dataDir}' 0750 shinobi shinobi - -" ];
+    
+    systemd.services.shinobi = {
+      wantedBy = [ "multi-user.target" ];
+      path = [ pkgs.bash pkgs.nodejs-14_x ];
+      preStart = ''
+        ${pkgs.jq}/bin/jq --slurp '.[0] * .[1]' ${configFile} ${secretFile} | install -Dm600 -o shinobi -g shinobi /dev/stdin ${dataDir}/conf.json
+      '';
+      serviceConfig = {
+        WorkingDirectory = dataDir;
+        ExecStart = "${pkgs.nodejs-14_x}/bin/node ${shinobi}/bin/shinobi";
+        KillSignal = "HUP";
+      };
+      environment.NODE_PATH = "${shinobi}/lib/node_modules/shinobi/node_modules";
+    };
+  }
--- a/hosts/TITAN/system.nix
+++ b/hosts/TITAN/system.nix
@ -7,6 +7,7 @@
    ./extras/cachix-upload-daemon.nix
    ./extras/ddcci-backlight.nix
    ./extras/fbi-downloader.nix
+    ./extras/shinobi.nix
    (import ../../users "desktop").users.max
    inputs.agenix.nixosModules.age
  ]
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -12,4 +12,5 @@ in with hosts;
  "transmission-rpc-password.age".publicKeys = max ++ map systemKeys [ TITAN ];
  "wireguard-key-upload.age".publicKeys = max ++ map systemKeys [ TITAN ];
  "shadow-max.age".publicKeys = max ++ map systemKeys [ TITAN jericho ];
+  "shinobi-secrets.age".publicKeys = max ++ map systemKeys [ TITAN ];
 }
--- a/secrets/shinobi-secrets.age
+++ b/secrets/shinobi-secrets.age
@ -0,0 +1,12 @@
+age-encryption.org/v1
+-> ssh-ed25519 NO562A hiAC2AAphXRWW35HBHSREoncYBWCkI0Z8cANU/rVJxA
+1k2mhBAb1ouUBVr873dWkQqhG7iF4h0isksHS/d43h8
+-> ssh-ed25519 5/zT0w FUssFl0eWdJ0bdU2tMHKGLZ+hEt37YuiR/GkMvXQryM
+Pxq9ImZShXX6ehqhOXp2EgnWVPmZ0m0kQoKKiJuG6jM
+-> ssh-ed25519 OxDh5w vtUjeVCgKhdWywJfLij2UbDdgQXdUADnRrVmZHGQz1Y
+DO39ddAIY93G1j09MCGQzH30WhBC1SQISAVEUwOqorg
+-> )zyQ:-grease 5|^w (<I
+52tCw96M9yWTix4pLJQ
+--- I3aDCmK5N4V0lLGmsP4QQwNJ2RP/TiavQO+s/Csqy/M
+—
_ßðËRÁù^ìÚ´Œu€•´óŠ†ìwV<77>Ù[Õ\NÂqÒóÆcÊª¶t„v›‡¼G/-bZ<62>ð¡X·ccñh
+s3R¥®—·9MœBk`àN"E7ÌŽ™ÖÍA	MPÚã{©<>¿¡KÄ€E5§â&ÌÞì