add arweave-gateway in its current state

.dockerignore

@@ -0,0 +1,18 @@
+# Ignore everything
+**
+
+# Allow files and directories
+!.env*
+!/package.json
+!/yarn.lock
+!/tsconfig.json
+!/src/**
+!/node_modules/arweave/**
+!/rds-combined-ca-bundle.pem
+
+
+# Ignore unnecessary files inside allowed directories
+# This should go after the allowed directories
+**/*.log
+**/.DS_Store
+**/Thumbs.db

.gitignore

@@ -0,0 +1,16 @@
+*#
+*~
+dist
+# package directories
+node_modules
+package-lock.json
+jspm_packages
+
+result
+
+# Serverless directories
+.serverless
+.terraform
+
+.DS_STORE
+.idea

Dockerfile

@@ -0,0 +1,19 @@
+FROM node:16.3
+
+RUN apt update && apt install bash git python3
+
+WORKDIR /usr/app
+
+COPY ./package.json .
+COPY ./yarn.lock .
+COPY ./.env .
+COPY ./tsconfig.json .
+COPY ./src ./src
+COPY ./node_modules ./node_modules
+
+RUN yarn install
+RUN yarn build
+
+ENTRYPOINT ["node"]
+
+CMD ["dist/gateway/app.js"]

ec2/README.md

@@ -0,0 +1,3 @@
+### osx with linux nixos-builders
+
+`sudo nix build .#packages.x86_64-linux.import-blocks -j0`

ec2/base.nix

@@ -0,0 +1,43 @@
+{ config, lib, pkgs, ... }:
+
+{
+
+  imports = [ ];
+
+  config = {
+    nix.autoOptimiseStore = true;
+    users.users.root.openssh.authorizedKeys.keys = [];
+    services.tailscale.enable = true;
+    networking.firewall.trustedInterfaces = [ "tailscale0" ];
+
+    # Tell the firewall to implicitly trust packets routed over Tailscale:
+    # config.
+    security.auditd.enable = true;
+    security.audit.enable = true;
+    security.audit.rules = [
+      "-a exit,always -F arch=b64 -S execve"
+    ];
+
+    nix.trustedUsers = [ "root" "@wheel" ];
+    security.sudo.enable = true;
+    security.sudo.wheelNeedsPassword = false;
+    environment.defaultPackages = lib.mkForce [];
+
+    services.openssh = {
+      passwordAuthentication = false;
+      allowSFTP = false; # Don't set this if you need sftp
+      challengeResponseAuthentication = false;
+      extraConfig = ''
+        AllowTcpForwarding yes
+        X11Forwarding no
+        AllowAgentForwarding no
+        AllowStreamLocalForwarding no
+        AuthenticationMethods publickey
+     '';
+    };
+
+    # PCI compliance
+    environment.systemPackages = with pkgs; [ clamav ];
+
+  };
+}

ec2/flake.nix

@@ -0,0 +1,50 @@
+/**
+ * Arweave Gateway
+ * Copyright (C) 2022 Permanent Data Solutions, Inc
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+
+{
+  inputs = {
+    nixpkgs.url = "nixpkgs/nixos-unstable";
+    nixos-generators = {
+      url = "github:nix-community/nixos-generators";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+
+  outputs = { self, nixpkgs, nixos-generators, ... }:
+
+    let
+      system = "x86_64-linux";
+      pkgs = (import nixpkgs {
+        inherit overlays system;
+        config = { allowUnfree = true; };
+      });
+      overlays = [ (import ./import-blocks/overlay.nix) ];
+
+    in {
+      packages.x86_64-linux = {
+        import-blocks = nixos-generators.nixosGenerate {
+          inherit pkgs;
+          modules = [
+            ./base.nix
+            ./import-blocks/module.nix
+          ];
+          format = "amazon";
+        };
+      };
+    };
+}

ec2/import-blocks/module.nix

@@ -0,0 +1,66 @@
+{ pkgs, lib, config, modulesPath, ... }:
+
+
+{
+  imports = [ "${modulesPath}/virtualisation/amazon-image.nix" ];
+
+  config = {
+    ec2.hvm = true;
+    time.timeZone = "Europe/Berlin";
+    networking.hostName = "import-blocks";
+    # services.tailscale.enable = true;
+    # networking.firewall.trustedInterfaces = [ "tailscale0" ];
+
+    security.auditd.enable = true;
+    security.audit.enable = true;
+    security.audit.rules = [
+      "-a exit,always -F arch=b64 -S execve"
+    ];
+
+    nix.trustedUsers = [ "root" "@wheel" ];
+    security.sudo.enable = true;
+    security.sudo.wheelNeedsPassword = false;
+
+    nix.autoOptimiseStore = true;
+
+    users.users.root.openssh.authorizedKeys.keys = [];
+
+
+    services.openssh = {
+      passwordAuthentication = false;
+      allowSFTP = false; # Don't set this if you need sftp
+      challengeResponseAuthentication = false;
+      extraConfig = ''
+       AllowTcpForwarding yes
+       X11Forwarding no
+       AllowAgentForwarding no
+       AllowStreamLocalForwarding no
+       AuthenticationMethods publickey
+     '';
+    };
+
+    # PCI compliance
+    environment.systemPackages = with pkgs; [ clamav ];
+
+    systemd.services.import-blocks = {
+      description = "import-block poller";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+
+      environment = {
+        ARWEAVE_DOTENV_PATH = "/var/dotenv";
+      };
+
+      script = ''
+        ${pkgs.import-blocks-wrapped}/bin/import-blocks
+      '';
+
+      serviceConfig = {
+        Restart = "on-failure";
+        RestartSec = "5s";
+        TimeoutStartSec = 0;
+        KillSignal = "SIGINT";
+      };
+    };
+  };
+}

ec2/import-blocks/overlay.nix

@@ -0,0 +1,9 @@
+final: prev: {
+  import-blocks = (import ./package-lock.nix prev)."@arweave/import-blocks";
+  import-blocks-wrapped = prev.writeShellScriptBin "import-blocks" ''
+    cd ${final.import-blocks}/lib/node_modules/@arweave/import-blocks
+    ${prev.bash}/bin/bash /etc/ec2-metadata/user-data
+    ${prev.nodejs_latest}/bin/node src/index.mjs
+  '';
+
+}