How to make additional package available to the service?

anton · January 6, 2022, 12:01pm

Hello,

I am using services.node-red and need to make git package available within the service.
What is the proper way to add git into node-red system service?

services.node-red = {
    enable = true;
    withNpmAndGcc = true;
    configFile = "/var/lib/node-red/settings.js";
};

@

mattchrist · January 6, 2022, 1:53pm

You should be able to add it to the ‘path’ attribute in the systemd service node-red uses.

systemd.services.node-red = {
  path = [ pkgs.git ];
};

erictapen · January 6, 2022, 2:42pm

Also: If you think every user of the service should have git in the service’s path, feel free to upstream this setting to the module by creating a PR!!

anton · January 6, 2022, 2:49pm

Thanks @mattchrist. Adding path does indeed add git to the PATH of systems service. I can see it in systemctl show node-red. Though the node-red still not able to find it, I wonder whether path is hardcoded somewhere in node-red now…

@erictapen, surething, as soon as I make it work.

matthewcroughan · January 6, 2022, 5:57pm

This is to use the projects feature of Node-RED, isn’t it? You will also need openssh to use this feature. The way the Node-RED module works means that the PATH is hardcoded, since the implementation of withNpmAndGcc already sets the PATH to have npm and gcc on it.

Here is the most basic way to enable the projects functionality for Node-RED:

{ config, pkgs, lib, ... }:
let
  myNodeRed = pkgs.runCommand "node-red" {
    nativeBuildInputs = [ pkgs.makeWrapper ];
  }
  ''
    mkdir -p $out/bin
    makeWrapper ${pkgs.nodePackages.node-red}/bin/node-red $out/bin/node-red \
      --set PATH '${lib.makeBinPath [ pkgs.git pkgs.openssh pkgs.nodePackages.npm pkgs.gcc ]}:$PATH' \
  '';
in
{
  services.node-red = {
    enable = true;
    package = myNodeRed;
    configFile = "${pkgs.nodePackages.node-red}/lib/node_modules/node-red/settings.js";
    define = { "editorTheme.projects.enabled" = "true"; };
  };

  # Because Node-RED devs don't believe that this is an issue that needs to be
  # solved in the node application itself, but rather hardcoded into the env of
  # their docker image.
  # https://github.com/node-red/node-red-docker/issues/191
  # https://github.com/node-red/node-red/issues/2420
  programs.ssh.knownHosts."github.com".publicKey =
      "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
}

This will create a new package named myNodeRed which has git, npm, gcc and ssh on its PATH. We can tell the Node-RED service to use this package we just made via services.node-red.package. The services.node-red.define option is used to set editorTheme.projects.enabled to true in the settings.js used by Node-RED.

Then, because the developers of the projects function of Node-RED have not programmed in a way to accept and write authorized keys as part of ssh auth with git+ssh, we need to write Github.com into the known hosts globally for the NixOS system. Linked below are some issues to track that problem.

github.com/node-red/node-red-docker

Host key verification failed when using Projects and GIT

opened 11:46AM - 14 Jul 20 UTC

closed 04:25PM - 13 Aug 21 UTC

mmick08

### What happens? after container restart we are getting "Host key verificati…on failed. - The repository host key could not be verified. Please update your known_hosts file and try again." Error when trying to push/pull git. it seems that it is necessary to maintain known_hosts file but that's not possible in openshift/docker environment. As sometimes the GIT Repository is also hosted by a company within the intranet different host-keys are involved (f.e. load balancing) Therefore it should be possible to set either **StrictHostKeyChecking no** somewhere in the Container Environment or accept adding the new host-key via GUI cause it seems this process takes place only during initial GIT configuration. ### What do you expect to happen? it should be possible to use GIT Integration within projects without getting any "Host key verification failed" errors. ### Please tell us about your environment: FYI: i did a temporary fix by adding the following into my Dockerfile RUN echo "Host *" >> /etc/ssh/ssh_config RUN echo " StrictHostKeyChecking no" >> /etc/ssh/ssh_config - [ ] Node-RED version: v1.1.0 (latest container image) - [ ] Node.js version: - [ ] npm version: 6.14.4 (latest container image) - [ ] Platform/OS: official container image hosted on openshift platform - [ ] Browser: Edge Chromium

github.com/node-red/node-red

Node-Red Projects cloning over SSH auth problem

opened 03:00PM - 08 Jan 20 UTC

ApuCpu

needs-info

Hello, I'm trying to clone existing project but after pressing the clone butt…on I get Authentication failed. I'm using your latest docker image and the application version is v1.0.3. I tried also latest docker image from "node-red-docker" with application version 0.20.8 where this feature works. There are no errors in the log. I've also tried disabling the admin auth which was recommended in previous post with no success. I've also tried to modify the Dockerfile as recomended in this post, with no change. https://github.com/node-red/node-red/issues/2120 Any recommendation? Thank you

anton · January 7, 2022, 10:54am

@matthewcroughan, yikes! thank you so much!

anton · January 7, 2022, 11:17am

@matthewcroughan, how do you manage this part of the config? I feed the config itself and wonder whether there is a way to make it a part of *nix config files.

    adminAuth: {
        type: "credentials",
        users: [{
            username: "admin",
            password: "$2b$...",
            permissions: "*"
        }]
    },

matthewcroughan · January 7, 2022, 12:41pm

Since you can’t pass Node-RED multiple settings.js files which it would concatenate internally, the NixOS module is going to have to become more complex, and allow you to specify things like services.node-red.passwordFile which would be implemented by concatenating javascript files together as part of the Nix code. It currently does not do this, as when I implemented it, I just wanted a basic NixOS service to be available to people.

This is going to be difficult, because settings.js is not JSON, it’s turing complete javascript, and parsing it with Nix is not going to be trivial. I don’t have a quick and easy answer for you. What you can do is write your own settings.js file and then pass it to the Node-RED service by using services.node-red.configFile. That’s all I can recommend for now.

anton · January 7, 2022, 12:58pm

This is exactly how I do it. Thanks for your thoughts here.