max/config
1
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

hosts/TITAN: add shinobi service

Browse source
This commit is contained in:
Max Headroom 2022-03-17 20:51:11 +01:00
parent e055e489be
commit 6903a2d8ba
4 changed files with 72 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

58
hosts/TITAN/extras/shinobi.nix Normal file
View file

@ -0,0 +1,58 @@
{ config, inputs, pkgs, ... }:
let
dataDir = "/srv/data/SHINOBI/shinobi";
shinobiConfigJson = builtins.toJSON {
ffmpegBinary = "${pkgs.ffmpeg}/bin/ffmpeg";
port = 38080;
db = {
host = "127.0.0.1";
port = 3306;
user = "majesticflame";
database = "ccio";
};
};
configFile = pkgs.writeText "shinobi-conf.json" shinobiConfigJson;
secretFile = config.age.secrets.shinobi-secrets.path;
inherit (inputs.self.packages.${pkgs.system}) shinobi;
in
{
age.secrets.shinobi-secrets = {
file = ../../../secrets/shinobi-secrets.age;
owner = "shinobi";
group = "shinobi";
mode = "0400";
};
services.mysql = {
enable = true;
settings.mysqld.bind-address = "127.0.0.1";
package = pkgs.mariadb;
dataDir = "/srv/data/DB/mariadb";
};
users.users.shinobi = {
isSystemUser = true;
group = "shinobi";
};
users.groups.shinobi = {};
systemd.tmpfiles.rules = [ "d '${dataDir}' 0750 shinobi shinobi - -" ];
systemd.services.shinobi = {
wantedBy = [ "multi-user.target" ];
path = [ pkgs.bash pkgs.nodejs-14_x ];
preStart = ''
${pkgs.jq}/bin/jq --slurp '.[0] * .[1]' ${configFile} ${secretFile} | install -Dm600 -o shinobi -g shinobi /dev/stdin ${dataDir}/conf.json
'';
serviceConfig = {
WorkingDirectory = dataDir;
ExecStart = "${pkgs.nodejs-14_x}/bin/node ${shinobi}/bin/shinobi";
KillSignal = "HUP";
};
environment.NODE_PATH = "${shinobi}/lib/node_modules/shinobi/node_modules";
};
}

1
hosts/TITAN/system.nix
View file

@ -7,6 +7,7 @@
./extras/cachix-upload-daemon.nix ./extras/cachix-upload-daemon.nix
./extras/ddcci-backlight.nix ./extras/ddcci-backlight.nix
./extras/fbi-downloader.nix ./extras/fbi-downloader.nix
./extras/shinobi.nix
(import ../../users "desktop").users.max (import ../../users "desktop").users.max
inputs.agenix.nixosModules.age inputs.agenix.nixosModules.age
] ]

1
secrets/secrets.nix
View file

@ -12,4 +12,5 @@ in with hosts;
"transmission-rpc-password.age".publicKeys = max ++ map systemKeys [ TITAN ]; "transmission-rpc-password.age".publicKeys = max ++ map systemKeys [ TITAN ];
"wireguard-key-upload.age".publicKeys = max ++ map systemKeys [ TITAN ]; "wireguard-key-upload.age".publicKeys = max ++ map systemKeys [ TITAN ];
"shadow-max.age".publicKeys = max ++ map systemKeys [ TITAN jericho ]; "shadow-max.age".publicKeys = max ++ map systemKeys [ TITAN jericho ];
"shinobi-secrets.age".publicKeys = max ++ map systemKeys [ TITAN ];
} }

12
secrets/shinobi-secrets.age Normal file
View file

@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 NO562A hiAC2AAphXRWW35HBHSREoncYBWCkI0Z8cANU/rVJxA
1k2mhBAb1ouUBVr873dWkQqhG7iF4h0isksHS/d43h8
-> ssh-ed25519 5/zT0w FUssFl0eWdJ0bdU2tMHKGLZ+hEt37YuiR/GkMvXQryM
Pxq9ImZShXX6ehqhOXp2EgnWVPmZ0m0kQoKKiJuG6jM
-> ssh-ed25519 OxDh5w vtUjeVCgKhdWywJfLij2UbDdgQXdUADnRrVmZHGQz1Y
DO39ddAIY93G1j09MCGQzH30WhBC1SQISAVEUwOqorg
-> )zyQ:-grease 5|^w (<I
52tCw96M9yWTix4pLJQ
--- I3aDCmK5N4V0lLGmsP4QQwNJ2RP/TiavQO+s/Csqy/M
— _ßðËRÁù^ìÚ´Œu€•´óŠ†ìwV<77>Ù[Õ\NÂqÒ óÆcʪ¶t„v‡¼G/-bZ<62>ð¡X·ccñh
s3R¥®—·9MœBk`àN"E7ÌŽ™ÖÍA MPÚã{©<>¿¡KÄ€E5§â&ÌÞì