ahmed/minecraft-log-server: Init

8 files changed, 319 insertions, 0 deletions

diff --git a/hosts/ahmed/configuration.nix b/hosts/ahmed/configuration.nix
index 25eb336..aab26c3 100644
--- a/hosts/ahmed/configuration.nix
+++ b/hosts/ahmed/configuration.nix
@@ -22,6 +22,7 @@
     ./remote-builder
     ./dyndns
     ./minecraft
+    ./minecraft-log-server
     ./nginx
   ];
 
diff --git a/hosts/ahmed/minecraft-log-server/.htpasswd b/hosts/ahmed/minecraft-log-server/.htpasswd
new file mode 100644
index 0000000..5cb2c4c
--- /dev/null
+++ b/hosts/ahmed/minecraft-log-server/.htpasswd
@@ -0,0 +1 @@
+Gæst:$2y$05$R1XvCulPi3xjTB31b1MuEugyX.Sk0Bkh1m95.wseA1ydJ3Rq9V.j2
diff --git a/hosts/ahmed/minecraft-log-server/default.nix b/hosts/ahmed/minecraft-log-server/default.nix
new file mode 100644
index 0000000..1c18915
--- /dev/null
+++ b/hosts/ahmed/minecraft-log-server/default.nix
@@ -0,0 +1,107 @@
+# This module implements a really simple and shitty WSGI app which streams
+# journald logs to the client. I don't expect it to hang around for long, so
+# it's just quickly hacked together.
+#
+# FIXME: There's still the issue with broken connections. Perhaps heartbeat would fix.
+{
+  pkgs,
+  config,
+  ...
+}: let
+  socket-path = "/run/minecraft-log-server.sock";
+
+  python = pkgs.python3.withPackages (ps:
+    with ps; [
+      gevent
+      gunicorn
+    ]);
+in {
+  users.users.minecraft-log-server = {
+    description = "Runs minecraft-log-server";
+    group = "minecraft-log-server";
+    isSystemUser = true;
+  };
+  users.groups.minecraft-log-server = {};
+
+  systemd.sockets.minecraft-log-server = {
+    description = "Socket where the service of the same name answers HTTP requests.";
+
+    socketConfig = {
+      ListenStream = socket-path;
+
+      # TODO: wtf apple maps
+      SocketUser = "nginx";
+      SocketGroup = "nginx";
+      SocketMode = "600";
+    };
+
+    wantedBy = ["sockets.target"];
+  };
+
+  # See: https://docs.gunicorn.org/en/23.0.0/deploy.html
+  systemd.services.minecraft-log-server = {
+    description = "Minecraft log server";
+
+    serviceConfig = {
+      # Using a non-sync worker class is super important because we have such long-running connections.
+      ExecStart = "${python}/bin/gunicorn --worker-class=gevent --chdir ${./.} minecraft_log_server:app";
+
+      ExecReload = "kill -s HUP $MAINPID";
+      KillMode = "mixed";
+
+      User = config.users.users.minecraft-log-server.uid;
+      Group = config.users.users.minecraft-log-server.group;
+
+      # gunicorn can let systemd know when it is ready
+      Type = "notify";
+      NotifyAccess = "main";
+
+      # Harden
+      ProtectSystem = "strict";
+      PrivateTmp = true;
+    };
+
+    requires = ["minecraft-log-server.socket"]; # Refuse to start without.
+    after = ["network.target"];
+  };
+
+  services.nginx = {
+    virtualHosts."minecraft.linus.onl" = {
+      # Let's be safe and pass-word protect it just in case the logs contain some sensitive data.
+      basicAuthFile = ./.htpasswd;
+
+      # First try resolving files statically, before falling back to the CGI server.
+      locations."/" = {
+        alias = "${./public}/";
+        index = "index.html";
+        tryFiles = "$uri $uri/ @minecraft_log_server";
+      };
+
+      locations."@minecraft_log_server" = {
+        recommendedProxySettings = true;
+
+        # In addition to the important stuff set indirectly via `recommendedProxySettings`
+        # (especially `proxy_http_version`), we need these options for SSE.
+        extraConfig = ''
+          # Disable buffering. This is crucial for SSE to ensure that
+          # messages are sent immediately without waiting for a buffer to
+          # fill.
+          proxy_buffering off;
+
+          # Disable caching to ensure that all messages are sent and received
+          # in real-time without being cached by the proxy.
+          proxy_cache off;
+
+          # Set a long timeout for reading from the proxy to prevent the
+          # connection from timing out. You may need to adjust this value
+          # based on your specific requirements.
+          proxy_read_timeout 86400;
+        '';
+
+        proxyPass = "http://unix:${socket-path}:$request_uri";
+      };
+    };
+  };
+
+  services.cloudflare-dyndns.domains = ["minecraft.linus.onl"];
+}
diff --git a/hosts/ahmed/minecraft-log-server/minecraft_log_server.py b/hosts/ahmed/minecraft-log-server/minecraft_log_server.py
new file mode 100644
index 0000000..30d295d
--- /dev/null
+++ b/hosts/ahmed/minecraft-log-server/minecraft_log_server.py
@@ -0,0 +1,122 @@
+import subprocess
+import json
+import dataclasses
+import typing as t
+import urllib.parse
+
[email protected](kw_only=True, slots=True)
+class Event:
+    id: t.Optional[str | bytes] = None
+    event: t.Optional[str | bytes] = None
+    data: t.Optional[bytes | bytes] = None
+    retry: t.Optional[int] = None
+
+    def __post_init__(self):
+        if (self.id is None and
+            self.event is None and
+            self.data is None and
+            self.retry is None):
+            raise ValueError("At least one property of event must be non-None: id, event, data, retry")
+
+    def encode(self) -> bytes:
+        """Returns the on-line representation of this event."""
+
+        def to_bytes(s: str | bytes | int) -> bytes:
+            if isinstance(s, str):
+                return s.encode()
+            elif isinstance(s, int):
+                return str(s).encode()
+            else:
+                return s
+
+        # We know the result won't be empty because of the invariant that at least one field is non-None.
+        result = b""
+
+        if self.id:    result += b"id: "    + to_bytes(self.id)    + b"\n"
+        if self.event: result += b"event: " + to_bytes(self.event) + b"\n"
+        if self.data:  result += b"data: "  + to_bytes(self.data)  + b"\n"
+        if self.retry: result += b"retry: " + to_bytes(self.retry) + b"\n"
+
+        # With this final newline, the encoding will end with two newlines, signifying end of event.
+        result += b"\n"
+
+        return result
+
+def app(environ, start_response):
+    print(f"{environ=} {start_response=}") # NOCOMMIT
+    path = environ["PATH_INFO"].lstrip("/")
+    method = environ["REQUEST_METHOD"]
+
+    if method == "GET" and path == "stream":
+        return send_stream(environ, start_response)
+    else:
+        return send_404(environ, start_response)
+
+def send_stream(environ, start_response):
+    status = "200 OK"
+    headers = [("Content-Type", "text/event-stream"),
+               ("Cache-Control", "no-cache"),
+               ("X-Accel-Buffering", "no")]
+    start_response(status, headers)
+
+    # Set the retry rate for when the client looses connection.
+    retry_event = Event(retry=2_000)
+    yield retry_event.encode()
+
+    # Figure out if the client is reconnecting.
+    last_event_id = None
+    if "HTTP_LAST_EVENT_ID" in environ:
+        last_event_id = environ["HTTP_LAST_EVENT_ID"]
+    else:
+        query = urllib.parse.parse_qs(environ["QUERY_STRING"])
+        if "lastEventId" in query:
+            last_event_id = query["lastEventId"][0]
+
+    # FIXME: We should also send heartbeat events to avoid NGINX killing our connection.
+    UNITS = [ "minecraft-listen.socket", "minecraft-listen.service", "minecraft-server.socket",
+              "minecraft-server.service", "minecraft-hook.service", "minecraft-stop.timer",
+              "minecraft-stop.service" ]
+    for event in get_log_entries(UNITS, last_event_id):
+        yield event.encode()
+
+def get_log_entries(units, last_event_id = None) -> t.Generator[Event, None, None]:
+    # TODO: We could save some work by only selecting the fields we're interested in with `--fields`.
+    args = [
+            "/run/current-system/sw/bin/journalctl",
+            # We want a stream
+            "--follow",
+            "--lines=20",
+            # A JSON line for each entry
+            "--output=json",
+            # Use UTC timestamps to avoid tricky timezone issues on the client
+            "--utc",
+            # Log entries from any of the units (logical OR)
+            *(f"--unit={u}" for u in units)
+    ]
+
+    # Since we use the cursor as the SSE event ID, the client will send the
+    # last cursor when retrying connections.
+    if last_event_id:
+        # If this is such a connection, we can avoid including duplicate entries by
+        # starting just after the given cursor.
+        args.append("--after-cursor=" + last_event_id)
+
+    try:
+        process = subprocess.Popen(args, stdout=subprocess.PIPE)
+        assert process.stdout is not None
+        for raw_line in process.stdout:
+            assert raw_line[-2:] == b"}\n", "Raw line ends in single newline"
+            parsed = json.loads(raw_line)
+            event = Event(id=parsed["__CURSOR"],
+                          event="entry",
+                          data=raw_line.rstrip(b"\n"))
+            yield event
+    except Exception as e:
+        print("Reading (mega sus) journalctl failed", e)
+        raise e
+
+def send_404(environ, start_response):
+   status = "404 Not Found"
+   headers = [("Content-type", "text/plain")]
+   start_response(status, headers)
+   return [b"The requested resource was not found."]
diff --git a/hosts/ahmed/minecraft-log-server/public/index.html b/hosts/ahmed/minecraft-log-server/public/index.html
new file mode 100644
index 0000000..37fdaac
--- /dev/null
+++ b/hosts/ahmed/minecraft-log-server/public/index.html
@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html>
+	<head>
+		<script type="module" src="./scripts/plain.js"></script>
+		<link rel="stylesheet" href="./styles/plain.css">
+	</head>
+	<body>
+		<p>System events will appear below.</p>
+		<pre><output id="target"></output></pre>
+	</body>
+</html>
diff --git a/hosts/ahmed/minecraft-log-server/public/scripts/plain.js b/hosts/ahmed/minecraft-log-server/public/scripts/plain.js
new file mode 100644
index 0000000..c2da55e
--- /dev/null
+++ b/hosts/ahmed/minecraft-log-server/public/scripts/plain.js
@@ -0,0 +1,68 @@
+import ReconnectingEventSource from "./reconnecting-eventsource.min.js";
+
+function main() {
+	const sse = new ReconnectingEventSource("/stream", {
+		// Retry time after browser fails to reconnect (e.g. HTTP 502).
+		// This is pretty sus, so let's wait a little longer...
+		max_retry_time: 5_000,
+	});
+
+	sse.addEventListener("open", (event) => {
+		addSpecialMessage("info", "Connection to log server established!");
+	});
+
+	sse.addEventListener("error", (event) => {
+		console.error("SSE Error: ", event);
+		addSpecialMessage("error", "Connection to log server lost! Retrying connection...");
+	});
+
+	sse.addEventListener("entry", (event) => {
+		const line = JSON.parse(event.data);
+		addEntry(line);
+	});
+}
+
+function addEntry(json) {
+	const $container = document.createElement("span");
+	$container.classList.add("regular");
+
+	const $time = document.createElement("time");
+	const timestamp = new Date(+json["__REALTIME_TIMESTAMP"] / 1000);
+	$time.textContent = `[${timestamp.toISOString()}]: `;
+	$time.dateTime = timestamp;
+	$container.append($time)
+
+	const $unit = document.createElement("span");
+	$unit.textContent = json["_SYSTEMD_UNIT"];
+	$container.append($unit);
+	$container.append(": ")
+
+	const $message = document.createElement("span");
+	$message.textContent = json["MESSAGE"];
+	$container.append($message);
+
+	$container.append("\n");
+	addToOutput($container);
+}
+
+function addSpecialMessage(klass, message) {
+	const $message = document.createElement("span");
+	$message.classList.add(klass);
+	$message.textContent = message;
+	$message.textContent += "\n";
+	addToOutput($message);
+}
+
+function addToOutput($elem) {
+	// TODO: Maybe allow for a little wiggle-room?
+	const wasAtBottom = window.innerHeight + window.scrollY >= document.body.offsetHeight;
+
+	const $target = document.getElementById("target");
+	$target.appendChild($elem);
+
+	if (wasAtBottom) {
+		window.scrollTo(0, document.body.scrollHeight);
+	}
+}
+
+main();
diff --git a/hosts/ahmed/minecraft-log-server/public/scripts/reconnecting-eventsource.min.js b/hosts/ahmed/minecraft-log-server/public/scripts/reconnecting-eventsource.min.js
new file mode 100644
index 0000000..344e759
--- /dev/null
+++ b/hosts/ahmed/minecraft-log-server/public/scripts/reconnecting-eventsource.min.js
@@ -0,0 +1,2 @@
+// https://github.com/fanout/reconnecting-eventsource
+export class EventSourceNotAvailableError extends Error{constructor(){super("EventSource not available.\nConsider loading an EventSource polyfill and making it available globally as EventSource, or passing one in as eventSourceClass to the ReconnectingEventSource constructor.")}}export default class e{_configuration;CONNECTING=0;OPEN=1;CLOSED=2;static CONNECTING=0;static OPEN=1;static CLOSED=2;_eventSource;_lastEventId;_timer;_listeners;_onevent_wrapped;readyState;url;withCredentials;max_retry_time;eventSourceClass;constructor(e,t){if(this._configuration=null!=t?Object.assign({},t):void 0,this.withCredentials=!1,this._eventSource=null,this._lastEventId=null,this._timer=null,this._listeners={},this.url=e.toString(),this.readyState=this.CONNECTING,this.max_retry_time=3e3,this.eventSourceClass=globalThis.EventSource,null!=this._configuration&&(this._configuration.lastEventId&&(this._lastEventId=this._configuration.lastEventId,delete this._configuration.lastEventId),this._configuration.max_retry_time&&(this.max_retry_time=this._configuration.max_retry_time,delete this._configuration.max_retry_time),this._configuration.eventSourceClass&&(this.eventSourceClass=this._configuration.eventSourceClass,delete this._configuration.eventSourceClass)),null==this.eventSourceClass||"function"!=typeof this.eventSourceClass)throw new EventSourceNotAvailableError;this._onevent_wrapped=e=>{this._onevent(e)},this._start()}dispatchEvent(e){throw Error("Method not implemented.")}_start(){let e=this.url;for(let t of(this._lastEventId&&(-1===e.indexOf("?")?e+="?":e+="&",e+="lastEventId="+encodeURIComponent(this._lastEventId)),this._eventSource=new this.eventSourceClass(e,this._configuration),this._eventSource.onopen=e=>{this._onopen(e)},this._eventSource.onerror=e=>{this._onerror(e)},this._eventSource.onmessage=e=>{this.onmessage(e)},Object.keys(this._listeners)))this._eventSource.addEventListener(t,this._onevent_wrapped)}_onopen(e){0===this.readyState&&(this.readyState=1,this.onopen(e))}_onerror(e){if(1===this.readyState&&(this.readyState=0,this.onerror(e)),this._eventSource&&2===this._eventSource.readyState){this._eventSource.close(),this._eventSource=null;let t=Math.round(this.max_retry_time*Math.random());this._timer=setTimeout(()=>this._start(),t)}}_onevent(e){e instanceof MessageEvent&&(this._lastEventId=e.lastEventId);let t=this._listeners[e.type];if(null!=t)for(let s of[...t])s.call(this,e);"message"===e.type&&this.onmessage(e)}onopen(e){}onerror(e){}onmessage(e){}close(){this._timer&&(clearTimeout(this._timer),this._timer=null),this._eventSource&&(this._eventSource.close(),this._eventSource=null),this.readyState=2}addEventListener(e,t,s){e in this._listeners||(this._listeners[e]=[],null!=this._eventSource&&this._eventSource.addEventListener(e,this._onevent_wrapped));let n=this._listeners[e];Array.isArray(n)&&!n.includes(t)&&n.push(t)}removeEventListener(e,t,s){let n=this._listeners[e];if(null!=n){for(;;){let i=n.indexOf(t);if(-1===i)break;n.splice(i,1)}n.length<=0&&(delete this._listeners[e],null!=this._eventSource&&this._eventSource.removeEventListener(e,this._onevent_wrapped))}}};
diff --git a/hosts/ahmed/minecraft-log-server/public/styles/plain.css b/hosts/ahmed/minecraft-log-server/public/styles/plain.css
new file mode 100644
index 0000000..a40b612
--- /dev/null
+++ b/hosts/ahmed/minecraft-log-server/public/styles/plain.css
@@ -0,0 +1,7 @@
+/* Make special messages stand out */
+.error, .info { font-family: serif; font-style: italic; }
+.error { color: red; }
+.info { color: blue; }
+
+/* Make time lower visual priority */
+time { color: grey; }