From 27b8ef6784fdf480fa541a0adf01d179b3b0d96e Mon Sep 17 00:00:00 2001
From: stuebinm <stuebinm@disroot.org>
Date: Wed, 1 May 2024 04:08:16 +0200
Subject: [PATCH] tracktrain: update

This is the initial version for this year's run of absurd train
operations. I won't dare to call it a release for at least another month
or so, so no version number.

Changes done in our nixfiles:
 - tracktrain now needs ntfy-sh so people (read: I) can get push
   notifications if things break or at least look a little weird
 - I removed the grafana instance; seems like somewhere in the last year
   they changed how to host it under a sub-path (ours was at /metrics),
   so it broke, and I'm not feeling any particular urge to fix it
 - last year's database contents have been yoten
 - also manually updated the gtfs (though I intend to implement logic
   for fetching it in tracktrain, I first need to drag Ilztalbahn into
   actually publishing up-to-date versions again first)
---
 flake.lock             |  8 +++---
 parsons/tracktrain.nix | 60 ++++++------------------------------------
 secrets.yaml           |  6 ++---
 3 files changed, 15 insertions(+), 59 deletions(-)

diff --git a/flake.lock b/flake.lock
index fac8847..173ba73 100644
--- a/flake.lock
+++ b/flake.lock
@@ -228,11 +228,11 @@
     "tracktrain": {
       "flake": false,
       "locked": {
-        "lastModified": 1688154251,
-        "narHash": "sha256-iv2xUUYhjIcKWs1+l7h43z7v/a9/OamBKXi/gcl4ppI=",
+        "lastModified": 1714552989,
+        "narHash": "sha256-I/Lml1AWvuvnFqlzJ017MymKTD2N1oGwNu2eEf6K/O4=",
         "ref": "main",
-        "rev": "a995dabf07574a32c1ae62ad23b96ba7d8e076ee",
-        "revCount": 92,
+        "rev": "203d9555b6915d834e9107db4e4ccfa5c99c3631",
+        "revCount": 101,
         "type": "git",
         "url": "https://stuebinm.eu/git/tracktrain"
       },
diff --git a/parsons/tracktrain.nix b/parsons/tracktrain.nix
index f4df212..06022a8 100644
--- a/parsons/tracktrain.nix
+++ b/parsons/tracktrain.nix
@@ -14,6 +14,10 @@ let
       url: https://login.infra4future.de
       clientname: tracktrain
       # clientsecret defined in env file
+
+    logging:
+      ntfytopic: ping.stuebinm.eu/monit
+      name: ilztalbahn
   '';
 in
 {
@@ -44,13 +48,6 @@ in
     bindSecrets = true;
 
     config = { config, lib, pkgs, ... }: {
-      system.stateVersion = "21.11";
-
-      users.users.tracktrain = {
-        group = "tracktrain";
-        isSystemUser = true;
-      };
-      users.groups.tracktrain = {};
 
       systemd.services.tracktrain = {
         enable = true;
@@ -62,22 +59,18 @@ in
         serviceConfig = {
           Type = "simple";
           EnvironmentFile = "/secrets/env";
-          User = "tracktrain";
-          Group = "tracktrain";
+          DynamicUser = true;
         };
-        path = [ pkgs.wget ];
+        path = [ pkgs.wget pkgs.ntfy-sh ];
         script = ''
-          mkdir -p /persist/tracktrain
-          cd /persist/tracktrain
+          cd /tmp
           ln -sf ${pkgs.writeText "tracktrain-config.yaml" tracktrain-config} config.yaml
-          wget "https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip" || sleep 4; wget "https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip"
           ${pkgs.tracktrain}/bin/tracktrain +RTS -T
         '';
       };
 
       services.postgresql = {
         enable = true;
-
         package = pkgs.postgresql_15;
         ensureDatabases = [ "tracktrain" ];
         ensureUsers = [ {
@@ -85,8 +78,7 @@ in
           ensureDBOwnership = true;
         } ];
         authentication = ''
-          local   all   all                              trust
-          host    all   all        127.0.0.1/32          trust
+          local all all trust
         '';
       };
 
@@ -101,42 +93,6 @@ in
         } ];
       };
 
-      services.grafana = {
-        enable = true;
-        settings.server = {
-          serve_from_sub_path = true;
-          domain = "tracktrain.ilztalbahn.eu";
-          root_url = "https://%(domain)s/metrics/";
-          http_port = 2342;
-          http_addr = "0.0.0.0";
-        };
-
-        settings."auth.generic_oauth" = {
-          name = "uffd";
-          enabled = true;
-          allow_sign_up = true;
-          empty_scopes = true;
-          client_id = "ilztalbahn-grafana";
-          client_secret = "\${GRAFANA_CLIENT_SECRET}";
-          auth_url = "https://login.infra4future.de/oauth2/authorize";
-          token_url = "https://login.infra4future.de/oauth2/token";
-          api_url = "https://login.infra4future.de/oauth2/userinfo";
-        };
-        # disables the default login screen. comment out if for some
-        # reason you do need it
-        settings.auth.oauth_auto_login = true;
-        settings.users.auto_assign_org_role = "Admin";
-
-        provision = {
-          enable = true;
-          datasources.settings.datasources = [ {
-            url = "http://localhost:9001";
-            type = "prometheus";
-            name = "prometheus";
-          } ];
-        };
-      };
-
       systemd.services.grafana.serviceConfig.EnvironmentFile =
         "/secrets/env";
       hacc.bindToPersist = [ "/var/lib/grafana" ];
diff --git a/secrets.yaml b/secrets.yaml
index 6ab89aa..6009879 100644
--- a/secrets.yaml
+++ b/secrets.yaml
@@ -3,7 +3,7 @@ hedgedoc-hacc:
 mattermost:
     env: ENC[AES256_GCM,data:4GcV8UOYmVUjZoYc0Nq/vEWtxtYNV81zVTEyFnZIfY1k/Ar1MU+fn5A99JLIMc8U84/QupDU7TcneiN/wqPv2jYqGS7ixSNTk+x5uUPMarzKZ04ynav6FCWEvlSF0Sz4/5s/Pvp1Qi3zdv16ZVGUHbM8/wCcaZBkSS0ofwBTIXVsVYSRPFxLehtBgwjAnD46qS+YJmszmd7V5N/adWWF34vAdfLiO6Y7KDB3jnMLOPU6Drtw9L83AW6NuOtk8crZrI1dkTD/xUC07IvMhZpZVc9ktQJqIvlk/ADs5aIp/QYrjICdYvb8xC16oV7jC/7yzXzC/UuYbCvS5gnHGMK/CsBkmM9HXmQ6mWjrfuOJEkMHSefS7O8HyrNoNDSXq0ivCr6KJmwrz7NXNAE6a6xx9LMjs5DJ8H5fda1l5TGVAdA2tg==,iv:dG4cnEtUgUxw7zS2k15p+6//Bl19WquTfFIiz5Vi/0M=,tag:cMBU8CtFBBjfcfpO709Kpg==,type:str]
 tracktrain:
-    env: ENC[AES256_GCM,data:jaq039FNxBrsPfG/q+InYpiyl1LBdY++DlLM6UpSAwKlINucooTrHz51QrdRWhAZDqXhVTHM55Q/Zm4wazweCABiNjkXDFoZgxc5YJX+pvBct6M533xl109yD6KiYOXDqPY03u71aop8OmOAnKDp1JlzPS1otdlaN8Vd56G+,iv:nYU2rgMMG4QcJo5DnZpYZm1zr82idd7r1uTsqNiXLdA=,tag:9rdxAneYUREacXNunpTuHw==,type:str]
+    env: ENC[AES256_GCM,data:W3+8qWomPgGJt5u50aAm9x/dilMpqKY11I2AdaIBTz5posc25ts0LB5S/Sxe1ROz4itpDK3QvjoFUTRhS39k4dwMr5lqXV8Ln4B+sPpvh7oBM8A5zydP8Jj1J1YqRt8++RTUmb4z41DIwb/yaZKMu6z0guXIu1yuYzcbCuk0xe/iOp6UUpfjOzzWTvxY54zY6kWcjHLiCSwD31Cd+MxMPfbUEkHt+0W+sBmYXGeEFI/6ULSB6FnGjNW6F9g=,iv:3ymah8HG+Yg6VYZZA/MRRjHDYvYJz01ezvhfQiftegg=,tag:trht+PRYfKgWJkg2wRwISQ==,type:str]
 vaultwarden:
     env: ENC[AES256_GCM,data:hdm91tI8WBd3es+IUbdBO69kh1pNZTNvZNFIdSZO8lm4yYMPE+Jm7EzVqwOaZRbpQaVDBg7uh5P4ODc=,iv:no7U0wQCwZOeL2pwXf2pUIgrEsEOYwqOT04LvpCl614=,tag:AGSu5M7H69x6pDM062bC6g==,type:str]
 auamost:
@@ -98,8 +98,8 @@ sops:
             bndBTXJhQVE2OVlKeGNTbzJlL0duUzAKIWdesesYvBIN/m36fhzxq30+IT8qp/pF
             S6i7QqZF75y2BpEoupRCqNIAsHrouUE+U9ZQJZO8m9J591mWvbVJIw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-04-09T18:13:36Z"
-    mac: ENC[AES256_GCM,data:oKKQC09MGj+ng9LQqQefY1/xZGRPD3NzyILgB/pzeQT0JjlzXx27JzedmOvx2IPDgJQWPfwevoWdai4HAZeRQQk4yFDePSM/ZJqSn2NnQdUJ9mSQEu5iSrseez/OiotVHZ85ZFhu3thk34rzu0ImHhqYoSqWx5d/tnjC4wPdJlY=,iv:Hm27YPP0U7t7ZiGqMynBTCSHdpJ1dEhBz5HGS5RKgdw=,tag:WJZVcs3t+FV7FmsQVag5/w==,type:str]
+    lastmodified: "2024-05-01T01:20:25Z"
+    mac: ENC[AES256_GCM,data:2fVIskFTMl1jefsa3A9fbBBUBK3Ni9XpUjLbwgewEUEKDhwzHY7vjlauzEVtcFJhYkorG/I/0YkPE6PjHta8Qk4mAOfXeVeLDrwH0dmIoPxw+J4kCgRNgNGdhkvmSUBQKwmhfvG3owZnGvq6JfcKZW8HodXyZ+GQQNknGzoX1wQ=,iv:fIXw7lsLwMHsNpZyv9nil7pdXrYNm18UV87KY0Z2zJ4=,tag:L/zymgljJWopKN1q7rpPhg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1