printerfacts

Signed-off-by: Christine Dodrill <me@christine.website>

common/default.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 
 {
-  imports = [ ./paranoid.nix ./users.nix ];
+  imports = [ ./paranoid.nix ./users.nix ./services ];
 
   nix.autoOptimiseStore = true;
 

common/services/default.nix

@@ -0,0 +1,5 @@
+{ ... }:
+
+{
+  imports = [ ./printerfacts.nix ];
+}

common/services/printerfacts.nix

@@ -0,0 +1,64 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+  sources = import ../../nix/sources.nix;
+  pkg = pkgs.callPackage sources.printerfacts { };
+  cfg = config.xeserv.services.printerfacts;
+in {
+  options.xeserv.services.printerfacts = {
+    enable = mkEnableOption "enable Printerfacts";
+    useACME = mkEnableOption "enable ACME certs";
+
+    domain = mkOption {
+      type = types.str;
+      default = "printerfacts.akua";
+      example = "printerfacts.cetacean.club";
+      description =
+        "The domain name that nginx should check against for HTTP hostnames";
+    };
+
+    port = mkOption {
+      type = types.int;
+      default = 28318;
+      example = 9001;
+      description =
+        "The port number printerfacts should listen on for HTTP traffic";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.printerfacts = {
+      wantedBy = [ "multi-user.target" ];
+
+      script = ''
+        export PORT=${toString cfg.port}
+        export DOMAIN=${toString cfg.domain}
+        export RUST_LOG=info
+        exec ${pkg}/bin/printerfacts
+      '';
+
+      serviceConfig = {
+        Restart = "always";
+        RestartSec = "30s";
+        WorkingDirectory = "${pkg}";
+        RuntimeDirectory = "printerfacts";
+        RuntimeDirectoryMode = "0755";
+        StateDirectory = "tailscale";
+        StateDirectoryMode = "0750";
+        CacheDirectory = "tailscale";
+        CacheDirectoryMode = "0750";
+        DynamicUser = "yes";
+      };
+    };
+
+    services.nginx.virtualHosts."${cfg.domain}" = {
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${toString cfg.port}";
+        proxyWebsockets = true;
+      };
+      enableACME = cfg.useACME;
+    };
+  };
+}

images/make-image.nix

@@ -29,7 +29,7 @@
   format ? "raw"
 
 , # Include a copy of Nixpkgs in the disk image
-  includeChannel ? false
+  includeChannel ? true
 , ...
 }:
 let

nix/sources.json

@@ -34,5 +34,11 @@
         "type": "tarball",
         "url": "https://github.com/NixOS/nixpkgs/archive/2d6ab6c6b92f7aaf8bc53baba9754b9bfdce56f2.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+    },
+    "printerfacts": {
+        "branch": "main",
+        "repo": "https://tulpa.dev/cadey/printerfacts",
+        "rev": "e159fc7124c64ddd71ba8a2e03cf2e1c3be2e101",
+        "type": "git"
     }
 }

terraform/printerfacts/.terraform.lock.hcl

@@ -0,0 +1,74 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version = "3.53.0"
+  hashes = [
+    "h1:oRCCzfwGCDNyuhIJ8kCg0N7h4W2WESm37o2GIt0ETpQ=",
+    "zh:35a77c79170b0cf3fb7eb835f3ce0b715aeeceda0a259e96e49fed5a30cf6646",
+    "zh:519d5470a932b1ec9a0fe08876c5e0f0f84f8e506b652c051e4ab708be081e89",
+    "zh:58cfa5b454602d57c47acd15c2ad166a012574742cdbcf950787ce79b6510218",
+    "zh:5fc3c0162335a730701c0175809250233f45f1021da8fa52c73635e4c08372d8",
+    "zh:6790f9d6261eb4bd5cdd7cd9125f103befce2ba127f9ba46eef83585b86e1d11",
+    "zh:76e1776c3bf9568d520f78419ec143c081f653b8df4fb22577a8c4a35d3315f9",
+    "zh:ca8ed88d0385e45c35223ace59b1bf77d81cd2154d5416e63a3dddaf0def30e6",
+    "zh:d002562c4a89a9f1f6cd8d854fad3c66839626fc260e5dde5267f6d34dbd97a4",
+    "zh:da5e47fb769e90a2f16c90fd0ba95d62da3d76eb006823664a5c6e96188731b0",
+    "zh:dfe7f33ec252ea550e090975a5f10940c27302bebb5559957957937b069646ea",
+    "zh:fa91574605ddce726e8a4e421297009a9dabe023106e139ac46da49c8285f2fe",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/external" {
+  version = "2.1.0"
+  hashes = [
+    "h1:wbtDfLeawmv6xVT1W0w0fctRCb4ABlaD3JTxwb1jXag=",
+    "zh:0d83ffb72fbd08986378204a7373d8c43b127049096eaf2765bfdd6b00ad9853",
+    "zh:7577d6edc67b1e8c2cf62fe6501192df1231d74125d90e51d570d586d95269c5",
+    "zh:9c669ded5d5affa4b2544952c4b6588dfed55260147d24ced02dca3a2829f328",
+    "zh:a404d46f2831f90633947ab5d57e19dbfe35b3704104ba6ec80bcf50b058acfd",
+    "zh:ae1caea1c936d459ceadf287bb5c5bd67b5e2a7819df6f5c4114b7305df7f822",
+    "zh:afb4f805477694a4b9dde86b268d2c0821711c8aab1c6088f5f992228c4c06fb",
+    "zh:b993b4a1de8a462643e78f4786789e44ce5064b332fee1cb0d6250ed085561b8",
+    "zh:c84b2c13fa3ea2c0aa7291243006d560ce480a5591294b9001ce3742fc9c5791",
+    "zh:c8966f69b7eccccb771704fd5335923692eccc9e0e90cb95d14538fe2e92a3b8",
+    "zh:d5fe68850d449b811e633a300b114d0617df6d450305e8251643b4d143dc855b",
+    "zh:ddebfd1e674ba336df09b1f27bbaa0e036c25b7a7087dc8081443f6e5954028b",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/null" {
+  version = "3.1.0"
+  hashes = [
+    "h1:vpC6bgUQoJ0znqIKVFevOdq+YQw42bRq0u+H3nto8nA=",
+    "zh:02a1675fd8de126a00460942aaae242e65ca3380b5bb192e8773ef3da9073fd2",
+    "zh:53e30545ff8926a8e30ad30648991ca8b93b6fa496272cd23b26763c8ee84515",
+    "zh:5f9200bf708913621d0f6514179d89700e9aa3097c77dac730e8ba6e5901d521",
+    "zh:9ebf4d9704faba06b3ec7242c773c0fbfe12d62db7d00356d4f55385fc69bfb2",
+    "zh:a6576c81adc70326e4e1c999c04ad9ca37113a6e925aefab4765e5a5198efa7e",
+    "zh:a8a42d13346347aff6c63a37cda9b2c6aa5cc384a55b2fe6d6adfa390e609c53",
+    "zh:c797744d08a5307d50210e0454f91ca4d1c7621c68740441cf4579390452321d",
+    "zh:cecb6a304046df34c11229f20a80b24b1603960b794d68361a67c5efe58e62b8",
+    "zh:e1371aa1e502000d9974cfaff5be4cfa02f47b17400005a16f14d2ef30dc2a70",
+    "zh:fc39cc1fe71234a0b0369d5c5c7f876c71b956d23d7d6f518289737a001ba69b",
+    "zh:fea4227271ebf7d9e2b61b89ce2328c7262acd9fd190e1fd6d15a591abfa848e",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/tls" {
+  version = "3.1.0"
+  hashes = [
+    "h1:fUJX8Zxx38e2kBln+zWr1Tl41X+OuiE++REjrEyiOM4=",
+    "zh:3d46616b41fea215566f4a957b6d3a1aa43f1f75c26776d72a98bdba79439db6",
+    "zh:623a203817a6dafa86f1b4141b645159e07ec418c82fe40acd4d2a27543cbaa2",
+    "zh:668217e78b210a6572e7b0ecb4134a6781cc4d738f4f5d09eb756085b082592e",
+    "zh:95354df03710691773c8f50a32e31fca25f124b7f3d6078265fdf3c4e1384dca",
+    "zh:9f97ab190380430d57392303e3f36f4f7835c74ea83276baa98d6b9a997c3698",
+    "zh:a16f0bab665f8d933e95ca055b9c8d5707f1a0dd8c8ecca6c13091f40dc1e99d",
+    "zh:be274d5008c24dc0d6540c19e22dbb31ee6bfdd0b2cddd4d97f3cd8a8d657841",
+    "zh:d5faa9dce0a5fc9d26b2463cea5be35f8586ab75030e7fa4d4920cd73ee26989",
+    "zh:e9b672210b7fb410780e7b429975adcc76dd557738ecc7c890ea18942eb321a5",
+    "zh:eb1f8368573d2370605d6dbf60f9aaa5b64e55741d96b5fb026dbfe91de67c0d",
+    "zh:fc1e12b713837b85daf6c3bb703d7795eaf1c5177aebae1afcf811dd7009f4b0",
+  ]
+}

terraform/printerfacts/main.tf

@@ -0,0 +1,101 @@
+provider "aws" {
+  region = "us-east-1"
+}
+
+terraform {
+  backend "s3" {
+    bucket = "xeserv-tf-state-paranoid"
+    key    = "printerfacts"
+    region = "us-east-1"
+  }
+}
+
+data "terraform_remote_state" "aws_image" {
+  backend = "s3"
+
+  config = {
+    bucket = "xeserv-tf-state-paranoid"
+    key    = "aws_image"
+    region = "us-east-1"
+  }
+}
+
+resource "tls_private_key" "state_ssh_key" {
+  algorithm = "RSA"
+}
+
+resource "aws_key_pair" "generated_key" {
+  key_name   = "generated-key-${sha256(tls_private_key.state_ssh_key.public_key_openssh)}"
+  public_key = tls_private_key.state_ssh_key.public_key_openssh
+}
+
+resource "aws_security_group" "printerfacts" {
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  ingress {
+    from_port   = -1
+    to_port     = -1
+    protocol    = "icmp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = -1
+    to_port     = -1
+    protocol    = "icmp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 65535
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 65535
+    protocol    = "udp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_instance" "printerfacts" {
+  ami           = data.terraform_remote_state.aws_image.outputs.nixos_21_05_ami
+  instance_type = "t3.micro"
+  security_groups = [
+    aws_security_group.printerfacts.name,
+  ]
+  key_name = aws_key_pair.generated_key.key_name
+
+  root_block_device {
+    volume_size = 40 # GiB
+  }
+
+  tags = {
+    Name = "xe-printerfacts"
+  }
+}
+
+output "printerfacts_public_ip" {
+  value = aws_instance.printerfacts.public_ip
+}
+
+module "deploy_printerfacts" {
+  source          = "git::https://github.com/Xe/terraform-nixos.git//deploy_nixos?ref=1b49f2c6b4e7537cca6dd6d7b530037ea81e8268"
+  nixos_config    = "${path.module}/printerfacts.nix"
+  hermetic        = true
+  target_user     = "root"
+  target_host     = aws_instance.printerfacts.public_ip
+  ssh_private_key = tls_private_key.state_ssh_key.private_key_pem
+  ssh_agent       = false
+  build_on_target = false
+}

terraform/printerfacts/printerfacts.nix

@@ -0,0 +1,25 @@
+let
+  sources = import ../../nix/sources.nix;
+  pkgs = import sources.nixpkgs { };
+  system = "x86_64-linux";
+
+  printerfacts = pkgs.callPackage sources.printerfacts { };
+
+  configuration = { config, lib, pkgs, ... }: {
+    imports = [
+      ../../common
+      "${sources.nixpkgs}/nixos/modules/virtualisation/amazon-image.nix"
+    ];
+
+    networking.firewall.allowedTCPPorts = [ 22 80 443 ];
+
+    xeserv.paranoid.enable = true;
+
+    services.nginx.enable = true;
+
+    xeserv.services.printerfacts = {
+      enable = true;
+      domain = "3.237.88.228";
+    };
+  };
+in import "${sources.nixpkgs}/nixos" { inherit system configuration; }