From 7a3e65a3f54fdd258f61a5d0f2d82f987959291f Mon Sep 17 00:00:00 2001 From: stuebinm Date: Sun, 22 Jan 2023 20:03:11 +0100 Subject: [PATCH] working tracktrain + monitoring --- flake.lock | 8 +-- services/tracktrain.nix | 149 ++++++++++++++++++++++++++-------------- 2 files changed, 100 insertions(+), 57 deletions(-) diff --git a/flake.lock b/flake.lock index f27c340..cdd6af9 100644 --- a/flake.lock +++ b/flake.lock @@ -840,11 +840,11 @@ "tracktrain": { "flake": false, "locked": { - "lastModified": 1674348451, - "narHash": "sha256-fkVvjRe8wKKjEdLiRJV62nns0svy2pngE5jvsZjIlvE=", + "lastModified": 1674405034, + "narHash": "sha256-zKGuktcZ47kC+Jo0Mc0dvB1rMTZN1HprouZ7uRm9VoU=", "ref": "main", - "rev": "3d0980811d61a78f265ec06dd5bd4ef2cde1cbdf", - "revCount": 78, + "rev": "53e7884ec03e870431064062519d3a94302bc480", + "revCount": 80, "type": "git", "url": "https://stuebinm.eu/git/tracktrain" }, diff --git a/services/tracktrain.nix b/services/tracktrain.nix index ded85e7..9435d7b 100644 --- a/services/tracktrain.nix +++ b/services/tracktrain.nix @@ -1,55 +1,43 @@ { config, lib, pkgs, inputs, evalConfig, ... }: +let + tracktrain-config = '' + dbstring: "dbname=tracktrain" + gtfs: ./gtfs.zip + + warp: + port: 4000 + + login: + enable: true + url: https://login.infra4future.de + clientname: tracktrain + # clientsecret defined in env file + ''; +in { services.nginx.virtualHosts."tracktrain.ilztalbahn.eu" = { - locations."/api" = { + enableACME = true; + forceSSL = true; + locations."/" = { proxyPass = "http://192.168.42.41:4000"; proxyWebsockets = true; extraConfig = '' add_header 'Access-Control-Allow-Origin' '*' always; ''; }; - # locations."/metrics/" = { - # proxyPass = "http://localhost:2342"; - # proxyWebsockets = true; - # extraConfig = '' - # rewrite ^/metrics/(.*) /$1 break; - # ''; - # }; - enableACME = true; - forceSSL = true; + # note: this shadows the /metrics endpoint of tracktrain + # in case you remove this, please consider putting something + # else here to keep it from being publicly scrapable + locations."/metrics/" = { + proxyPass = "http://192.168.42.41:2342"; + proxyWebsockets = true; + extraConfig = '' + rewrite ^/metrics/(.*) /$1 break; + ''; + }; }; - # services.prometheus = { - # enable = true; - # port = 9001; - # scrapeConfigs = [ { - # job_name = "tracktrain"; - # static_configs = [{ - # targets = [ "192.168.42.41:4000" ]; - # }]; - # } ]; - # }; - - # services.grafana = { - # enable = true; - # settings.server = { - # serve_from_sub_path = true; - # domain = "tracktrain.ilztalbahn.eu"; - # root_url = "%(protocol)s://%(domain)s:/metrics/"; - # http_port = 2342; - # http_addr = "0.0.0.0"; - # }; - - # provision = { - # enable = true; - # datasources.settings.datasources = [ { - # url = "http://localhost:9001"; - # type = "prometheus"; - # name = "prometheus"; - # } ]; - # }; - # }; networking.firewall.allowedTCPPorts = [ 443 ]; @@ -58,13 +46,13 @@ hostAddress = "192.168.42.40"; localAddress = "192.168.42.41"; autoStart = true; - bindMounts = { "/persist" = { hostPath = "/persist/containers/tracktrain"; isReadOnly = false; }; }; + path = (evalConfig { hosts = { }; groups = { }; @@ -81,27 +69,32 @@ interface = "eth0"; }; + users.users.tracktrain = { + group = "tracktrain"; + isSystemUser = true; + }; + users.groups.tracktrain = {}; + systemd.services.tracktrain = { enable = true; description = "tracks trains, hopefully"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; - serviceConfig.Type = "simple"; + serviceConfig = { + Type = "simple"; + EnvironmentFile = "/persist/secrets.env"; + User = "tracktrain"; + Group = "tracktrain"; + }; path = [ pkgs.wget ]; script = '' - cd /tmp - # wget "https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip" - ${(pkgs.tracktrain - # have to remove version constraints because some aren't in 22.05 - .overrideAttrs (old: { patchPhase = '' - sed -i "s/base.*/base/g" *.cabal - sed -i "s/^>=.*//g" *.cabal - sed -i "s/>=.*//g" *.cabal - ''; })) - }/bin/tracktrain --dbString="dbname=tracktrain user=tracktrain" --warp.port=4000 +RTS -T + mkdir -p /persist/tracktrain + cd /persist/tracktrain + ln -sf ${pkgs.writeText "tracktrain-config.yaml" tracktrain-config} config.yaml + wget "https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip" + ${pkgs.tracktrain}/bin/tracktrain +RTS -T ''; - startAt = "daily"; }; services.postgresql = { @@ -120,6 +113,56 @@ ''; }; + services.prometheus = { + enable = true; + port = 9001; + scrapeConfigs = [ { + job_name = "tracktrain"; + static_configs = [{ + targets = [ "0.0.0.0:4000" ]; + }]; + } ]; + }; + + services.grafana = { + enable = true; + settings.server = { + serve_from_sub_path = true; + domain = "tracktrain.ilztalbahn.eu"; + root_url = "https://%(domain)s/metrics/"; + http_port = 2342; + http_addr = "0.0.0.0"; + }; + + settings."auth.generic_oauth" = { + name = "uffd"; + enabled = true; + allow_sign_up = true; + empty_scopes = true; + client_id = "ilztalbahn-grafana"; + client_secret = "\${GRAFANA_CLIENT_SECRET}"; + auth_url = "https://login.infra4future.de/oauth2/authorize"; + token_url = "https://login.infra4future.de/oauth2/token"; + api_url = "https://login.infra4future.de/oauth2/userinfo"; + }; + # disables the default login screen. comment out if for some + # reason you do need it + settings.auth.oauth_auto_login = true; + settings.users.auto_assign_org_role = "Admin"; + + provision = { + enable = true; + datasources.settings.datasources = [ { + url = "http://localhost:9001"; + type = "prometheus"; + name = "prometheus"; + } ]; + }; + }; + + systemd.services.grafana.serviceConfig.EnvironmentFile = + "/persist/secrets.env"; + services.coredns = { enable = true; config = ''