tracktrain: update

This is the initial version for this year's run of absurd train operations. I won't dare to call it a release for at least another month or so, so no version number. Changes done in our nixfiles: - tracktrain now needs ntfy-sh so people (read: I) can get push notifications if things break or at least look a little weird - I removed the grafana instance; seems like somewhere in the last year they changed how to host it under a sub-path (ours was at /metrics), so it broke, and I'm not feeling any particular urge to fix it - last year's database contents have been yoten - also manually updated the gtfs (though I intend to implement logic for fetching it in tracktrain, I first need to drag Ilztalbahn into actually publishing up-to-date versions again first)
2024-05-01 04:08:16 +02:00 · 2024-05-01 04:08:16 +02:00 · 27b8ef6784
parent 8662943183
commit 27b8ef6784
3 changed files with 15 additions and 59 deletions
--- a/flake.lock
+++ b/flake.lock
@ -228,11 +228,11 @@
    "tracktrain": {
      "flake": false,
      "locked": {
-        "lastModified": 1688154251,
-        "narHash": "sha256-iv2xUUYhjIcKWs1+l7h43z7v/a9/OamBKXi/gcl4ppI=",
+        "lastModified": 1714552989,
+        "narHash": "sha256-I/Lml1AWvuvnFqlzJ017MymKTD2N1oGwNu2eEf6K/O4=",
        "ref": "main",
-        "rev": "a995dabf07574a32c1ae62ad23b96ba7d8e076ee",
-        "revCount": 92,
+        "rev": "203d9555b6915d834e9107db4e4ccfa5c99c3631",
+        "revCount": 101,
        "type": "git",
        "url": "https://stuebinm.eu/git/tracktrain"
      },
--- a/parsons/tracktrain.nix
+++ b/parsons/tracktrain.nix
@ -14,6 +14,10 @@ let
      url: https://login.infra4future.de
      clientname: tracktrain
      # clientsecret defined in env file
+
+    logging:
+      ntfytopic: ping.stuebinm.eu/monit
+      name: ilztalbahn
  '';
 in
 {
@ -44,13 +48,6 @@ in
    bindSecrets = true;

    config = { config, lib, pkgs, ... }: {
-      system.stateVersion = "21.11";
-
-      users.users.tracktrain = {
-        group = "tracktrain";
-        isSystemUser = true;
-      };
-      users.groups.tracktrain = {};

      systemd.services.tracktrain = {
        enable = true;
@ -62,22 +59,18 @@ in
        serviceConfig = {
          Type = "simple";
          EnvironmentFile = "/secrets/env";
-          User = "tracktrain";
-          Group = "tracktrain";
+          DynamicUser = true;
        };
-        path = [ pkgs.wget ];
+        path = [ pkgs.wget pkgs.ntfy-sh ];
        script = ''
-          mkdir -p /persist/tracktrain
-          cd /persist/tracktrain
+          cd /tmp
          ln -sf ${pkgs.writeText "tracktrain-config.yaml" tracktrain-config} config.yaml
-          wget "https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip" || sleep 4; wget "https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip"
          ${pkgs.tracktrain}/bin/tracktrain +RTS -T
        '';
      };

      services.postgresql = {
        enable = true;
-
        package = pkgs.postgresql_15;
        ensureDatabases = [ "tracktrain" ];
        ensureUsers = [ {
@ -85,8 +78,7 @@ in
          ensureDBOwnership = true;
        } ];
        authentication = ''
-          local   all   all                              trust
-          host    all   all        127.0.0.1/32          trust
+          local all all trust
        '';
      };

@ -101,42 +93,6 @@ in
        } ];
      };

-      services.grafana = {
-        enable = true;
-        settings.server = {
-          serve_from_sub_path = true;
-          domain = "tracktrain.ilztalbahn.eu";
-          root_url = "https://%(domain)s/metrics/";
-          http_port = 2342;
-          http_addr = "0.0.0.0";
-        };
-
-        settings."auth.generic_oauth" = {
-          name = "uffd";
-          enabled = true;
-          allow_sign_up = true;
-          empty_scopes = true;
-          client_id = "ilztalbahn-grafana";
-          client_secret = "\${GRAFANA_CLIENT_SECRET}";
-          auth_url = "https://login.infra4future.de/oauth2/authorize";
-          token_url = "https://login.infra4future.de/oauth2/token";
-          api_url = "https://login.infra4future.de/oauth2/userinfo";
-        };
-        # disables the default login screen. comment out if for some
-        # reason you do need it
-        settings.auth.oauth_auto_login = true;
-        settings.users.auto_assign_org_role = "Admin";
-
-        provision = {
-          enable = true;
-          datasources.settings.datasources = [ {
-            url = "http://localhost:9001";
-            type = "prometheus";
-            name = "prometheus";
-          } ];
-        };
-      };
-
      systemd.services.grafana.serviceConfig.EnvironmentFile =
        "/secrets/env";
      hacc.bindToPersist = [ "/var/lib/grafana" ];
--- a/secrets.yaml
+++ b/secrets.yaml
@ -3,7 +3,7 @@ hedgedoc-hacc:
 mattermost:
    env: ENC[AES256_GCM,data:4GcV8UOYmVUjZoYc0Nq/vEWtxtYNV81zVTEyFnZIfY1k/Ar1MU+fn5A99JLIMc8U84/QupDU7TcneiN/wqPv2jYqGS7ixSNTk+x5uUPMarzKZ04ynav6FCWEvlSF0Sz4/5s/Pvp1Qi3zdv16ZVGUHbM8/wCcaZBkSS0ofwBTIXVsVYSRPFxLehtBgwjAnD46qS+YJmszmd7V5N/adWWF34vAdfLiO6Y7KDB3jnMLOPU6Drtw9L83AW6NuOtk8crZrI1dkTD/xUC07IvMhZpZVc9ktQJqIvlk/ADs5aIp/QYrjICdYvb8xC16oV7jC/7yzXzC/UuYbCvS5gnHGMK/CsBkmM9HXmQ6mWjrfuOJEkMHSefS7O8HyrNoNDSXq0ivCr6KJmwrz7NXNAE6a6xx9LMjs5DJ8H5fda1l5TGVAdA2tg==,iv:dG4cnEtUgUxw7zS2k15p+6//Bl19WquTfFIiz5Vi/0M=,tag:cMBU8CtFBBjfcfpO709Kpg==,type:str]
 tracktrain:
-    env: ENC[AES256_GCM,data:jaq039FNxBrsPfG/q+InYpiyl1LBdY++DlLM6UpSAwKlINucooTrHz51QrdRWhAZDqXhVTHM55Q/Zm4wazweCABiNjkXDFoZgxc5YJX+pvBct6M533xl109yD6KiYOXDqPY03u71aop8OmOAnKDp1JlzPS1otdlaN8Vd56G+,iv:nYU2rgMMG4QcJo5DnZpYZm1zr82idd7r1uTsqNiXLdA=,tag:9rdxAneYUREacXNunpTuHw==,type:str]
+    env: ENC[AES256_GCM,data:W3+8qWomPgGJt5u50aAm9x/dilMpqKY11I2AdaIBTz5posc25ts0LB5S/Sxe1ROz4itpDK3QvjoFUTRhS39k4dwMr5lqXV8Ln4B+sPpvh7oBM8A5zydP8Jj1J1YqRt8++RTUmb4z41DIwb/yaZKMu6z0guXIu1yuYzcbCuk0xe/iOp6UUpfjOzzWTvxY54zY6kWcjHLiCSwD31Cd+MxMPfbUEkHt+0W+sBmYXGeEFI/6ULSB6FnGjNW6F9g=,iv:3ymah8HG+Yg6VYZZA/MRRjHDYvYJz01ezvhfQiftegg=,tag:trht+PRYfKgWJkg2wRwISQ==,type:str]
 vaultwarden:
    env: ENC[AES256_GCM,data:hdm91tI8WBd3es+IUbdBO69kh1pNZTNvZNFIdSZO8lm4yYMPE+Jm7EzVqwOaZRbpQaVDBg7uh5P4ODc=,iv:no7U0wQCwZOeL2pwXf2pUIgrEsEOYwqOT04LvpCl614=,tag:AGSu5M7H69x6pDM062bC6g==,type:str]
 auamost:
@ -98,8 +98,8 @@ sops:
            bndBTXJhQVE2OVlKeGNTbzJlL0duUzAKIWdesesYvBIN/m36fhzxq30+IT8qp/pF
            S6i7QqZF75y2BpEoupRCqNIAsHrouUE+U9ZQJZO8m9J591mWvbVJIw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-04-09T18:13:36Z"
-    mac: ENC[AES256_GCM,data:oKKQC09MGj+ng9LQqQefY1/xZGRPD3NzyILgB/pzeQT0JjlzXx27JzedmOvx2IPDgJQWPfwevoWdai4HAZeRQQk4yFDePSM/ZJqSn2NnQdUJ9mSQEu5iSrseez/OiotVHZ85ZFhu3thk34rzu0ImHhqYoSqWx5d/tnjC4wPdJlY=,iv:Hm27YPP0U7t7ZiGqMynBTCSHdpJ1dEhBz5HGS5RKgdw=,tag:WJZVcs3t+FV7FmsQVag5/w==,type:str]
+    lastmodified: "2024-05-01T01:20:25Z"
+    mac: ENC[AES256_GCM,data:2fVIskFTMl1jefsa3A9fbBBUBK3Ni9XpUjLbwgewEUEKDhwzHY7vjlauzEVtcFJhYkorG/I/0YkPE6PjHta8Qk4mAOfXeVeLDrwH0dmIoPxw+J4kCgRNgNGdhkvmSUBQKwmhfvG3owZnGvq6JfcKZW8HodXyZ+GQQNknGzoX1wQ=,iv:fIXw7lsLwMHsNpZyv9nil7pdXrYNm18UV87KY0Z2zJ4=,tag:L/zymgljJWopKN1q7rpPhg==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1