Documentation

[syrm]

Please add documentation for install and using passopolis on own server

[teh]

@OXman we're running the server on nixos which is very unlike other systems so I'm not sure how useful adding docs about nixos is.

There's some good docs in this issue for how to run on a normal server:

mitro-co/mitro#123 (comment)

[andrew-morris]

+1 for current documentation

[hugochinchilla]

+1, I'm trying to create a docker container for this, I'm using nixos/nix as a base, but I have no previous experience with nix, some minimal documentation would help.

[teh]

The basic module is very simple and looks like this:

{ stdenv, antBuild, fetchurl, unzip, perl, git, python }:

let
  version = "HEAD";

in antBuild rec {
  name = "mitro-core-${version}";

  buildInputs = [ git python unzip ];
  src = fetchurl {
    url = "https://github.com/WeAreWizards/passopolis-server/archive/965d23f10ef76377e82c4a2b1ded81f4d6a28234.zip";
    sha256 = "1ij67qzwg6p3y9jwd8w68qcaricxxl5v57zq77ry4492sc6bd521";
  };
  antTargets = [ "crypto" "jar" ];

  antProperties = [
    { name = "version"; value = version; }
  ];
}

The rest is somewhat intertwined with our server setup so we can't publish that (secrets etc). There isn't anything magic going on, the binary is a simple jar which can be run like so:

${pkgs.jre}/bin/java -ea -jar ${cfg.mitro}/share/java/mitrocore.jar

[andrew-morris]

I don't mean to be rude and I mean this with all due respect and appreciation for the work you've done so far, but I don't see the value in carrying on and supporting a project if you flatly reject the idea of writing installation documentation, even after being requested by several people. I'd be happy to help write the documentation, but I'm having a hard time getting the server installed myself. Even just a minimal walkthrough of how to go from a blank nix install to running server would be hugely helpful. Currently the entire README is three commands with no context.

If this is out of the question, then no problem. I'll try my best to write the docs myself, but I'd appreciate a hand.

Thanks!

[teh]

Apologies, I'm assuming too much nix knowledge. The basic idea is to have nix-modules,

{ config, pkgs, lib, ... }:
with lib;
let
  cfg = config.services.waw-secrets;
in
{
  options = {
    services.waw-secrets = rec {
      enable = mkOption {
        type = types.bool;
        default = false;
        description = "Whether to run the secrets server.";
      };
      mitrocore-secrets = mkOption {
        type = types.package;
        default = null;
        description = "Secret keys.";
      };
      mitro = mkOption {
        type = types.package;
        default = null;
        description = "mitro server";
      };
    };
  };

  config = mkIf cfg.enable {
    users.extraUsers.waw-secrets = {
      description = "user to run the service";
      createHome = false;
      useDefaultShell = true;
    };

    systemd.services."mitro-create-db" = {
      wantedBy = [ "multi-user.target" ];
      requires = [ "postgresql.service" ];
      after = [ "postgresql.service" ];
      serviceConfig.PermissionsStartOnly = true;
      serviceConfig.Type = "oneshot";
      serviceConfig.RemainAfterExit = true;
      path = [
        config.services.postgresql.package
      ];
      serviceConfig.ExecStart = pkgs.writeScript "mitro-create-db" ''#!/bin/sh
        psql postgres -c "CREATE ROLE \"waw-secrets\" WITH LOGIN NOCREATEDB NOCREATEROLE NOCREATEUSER" || true
        createdb -O waw-secrets mitro || true
      '';
    };

    systemd.services."waw-secrets-server" = {
      requires = [ "mitro-create-db.service" ];
      after = [ "mitro-create-db.service" ];

      wantedBy = [ "multi-user.target" ];
      # Mitro is looking for a ./mitrocore_secrets directory
      serviceConfig.WorkingDirectory = cfg.mitrocore-secrets;
      serviceConfig.ExecStart = "${pkgs.jre}/bin/java -ea -jar ${cfg.mitro}/share/java/mitrocore.jar";
      serviceConfig.User = "waw-secrets";
    };
  };
}

(You can see that the names are all a bit off). I'll try to get a more coherent set of files in, bit busy ATM.

[andrew-morris]

Great, thanks for providing this.

[teh]

One other pointer I have is that we use nixops. Running on e.g. ec2 looks like [1]. The require section would include something like the module above. With those things in place and a bit of fiddling you should be able to get a server running. I wish we had this in easily publishable form and it's something we will have to do at some point.

[1]
https://github.com/WeAreWizards/website/blob/master/aws.nix

[amenk]

Did anybody get it running on a normal Ubuntu?

[amenk]

Concerning Key generation, there is something at https://groups.google.com/forum/#!topic/mitro-dev/krFWxgWHIgo

[amenk]

ah, it's just ant server

[amenk]

will try to document it here: master...amenk:patch-2