From 6903a2d8ba20377421325c9ff10d94b307802ad9 Mon Sep 17 00:00:00 2001 From: Max Date: Thu, 17 Mar 2022 20:51:11 +0100 Subject: [PATCH] hosts/TITAN: add shinobi service --- hosts/TITAN/extras/shinobi.nix | 58 ++++++++++++++++++++++++++++++++++ hosts/TITAN/system.nix | 1 + secrets/secrets.nix | 1 + secrets/shinobi-secrets.age | 12 +++++++ 4 files changed, 72 insertions(+) create mode 100644 hosts/TITAN/extras/shinobi.nix create mode 100644 secrets/shinobi-secrets.age diff --git a/hosts/TITAN/extras/shinobi.nix b/hosts/TITAN/extras/shinobi.nix new file mode 100644 index 0000000..385d623 --- /dev/null +++ b/hosts/TITAN/extras/shinobi.nix @@ -0,0 +1,58 @@ +{ config, inputs, pkgs, ... }: +let + dataDir = "/srv/data/SHINOBI/shinobi"; + + shinobiConfigJson = builtins.toJSON { + ffmpegBinary = "${pkgs.ffmpeg}/bin/ffmpeg"; + port = 38080; + db = { + host = "127.0.0.1"; + port = 3306; + user = "majesticflame"; + database = "ccio"; + }; + }; + + configFile = pkgs.writeText "shinobi-conf.json" shinobiConfigJson; + + secretFile = config.age.secrets.shinobi-secrets.path; + + inherit (inputs.self.packages.${pkgs.system}) shinobi; +in + { + age.secrets.shinobi-secrets = { + file = ../../../secrets/shinobi-secrets.age; + owner = "shinobi"; + group = "shinobi"; + mode = "0400"; + }; + services.mysql = { + enable = true; + settings.mysqld.bind-address = "127.0.0.1"; + package = pkgs.mariadb; + dataDir = "/srv/data/DB/mariadb"; + }; + + users.users.shinobi = { + isSystemUser = true; + group = "shinobi"; + }; + + users.groups.shinobi = {}; + + systemd.tmpfiles.rules = [ "d '${dataDir}' 0750 shinobi shinobi - -" ]; + + systemd.services.shinobi = { + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.bash pkgs.nodejs-14_x ]; + preStart = '' + ${pkgs.jq}/bin/jq --slurp '.[0] * .[1]' ${configFile} ${secretFile} | install -Dm600 -o shinobi -g shinobi /dev/stdin ${dataDir}/conf.json + ''; + serviceConfig = { + WorkingDirectory = dataDir; + ExecStart = "${pkgs.nodejs-14_x}/bin/node ${shinobi}/bin/shinobi"; + KillSignal = "HUP"; + }; + environment.NODE_PATH = "${shinobi}/lib/node_modules/shinobi/node_modules"; + }; + } diff --git a/hosts/TITAN/system.nix b/hosts/TITAN/system.nix index 48245be..15378a1 100644 --- a/hosts/TITAN/system.nix +++ b/hosts/TITAN/system.nix @@ -7,6 +7,7 @@ ./extras/cachix-upload-daemon.nix ./extras/ddcci-backlight.nix ./extras/fbi-downloader.nix + ./extras/shinobi.nix (import ../../users "desktop").users.max inputs.agenix.nixosModules.age ] diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 19f18cb..4b11af6 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -12,4 +12,5 @@ in with hosts; "transmission-rpc-password.age".publicKeys = max ++ map systemKeys [ TITAN ]; "wireguard-key-upload.age".publicKeys = max ++ map systemKeys [ TITAN ]; "shadow-max.age".publicKeys = max ++ map systemKeys [ TITAN jericho ]; + "shinobi-secrets.age".publicKeys = max ++ map systemKeys [ TITAN ]; } diff --git a/secrets/shinobi-secrets.age b/secrets/shinobi-secrets.age new file mode 100644 index 0000000..568378a --- /dev/null +++ b/secrets/shinobi-secrets.age @@ -0,0 +1,12 @@ +age-encryption.org/v1 +-> ssh-ed25519 NO562A hiAC2AAphXRWW35HBHSREoncYBWCkI0Z8cANU/rVJxA +1k2mhBAb1ouUBVr873dWkQqhG7iF4h0isksHS/d43h8 +-> ssh-ed25519 5/zT0w FUssFl0eWdJ0bdU2tMHKGLZ+hEt37YuiR/GkMvXQryM +Pxq9ImZShXX6ehqhOXp2EgnWVPmZ0m0kQoKKiJuG6jM +-> ssh-ed25519 OxDh5w vtUjeVCgKhdWywJfLij2UbDdgQXdUADnRrVmZHGQz1Y +DO39ddAIY93G1j09MCGQzH30WhBC1SQISAVEUwOqorg +-> )zyQ:-grease 5|^w (