working tracktrain + monitoring

This commit is contained in:
stuebinm 2023-01-22 20:03:11 +01:00
parent 9af819b4b8
commit 7a3e65a3f5
2 changed files with 100 additions and 57 deletions

View file

@ -840,11 +840,11 @@
"tracktrain": {
"flake": false,
"locked": {
"lastModified": 1674348451,
"narHash": "sha256-fkVvjRe8wKKjEdLiRJV62nns0svy2pngE5jvsZjIlvE=",
"lastModified": 1674405034,
"narHash": "sha256-zKGuktcZ47kC+Jo0Mc0dvB1rMTZN1HprouZ7uRm9VoU=",
"ref": "main",
"rev": "3d0980811d61a78f265ec06dd5bd4ef2cde1cbdf",
"revCount": 78,
"rev": "53e7884ec03e870431064062519d3a94302bc480",
"revCount": 80,
"type": "git",
"url": "https://stuebinm.eu/git/tracktrain"
},

View file

@ -1,55 +1,43 @@
{ config, lib, pkgs, inputs, evalConfig, ... }:
let
tracktrain-config = ''
dbstring: "dbname=tracktrain"
gtfs: ./gtfs.zip
warp:
port: 4000
login:
enable: true
url: https://login.infra4future.de
clientname: tracktrain
# clientsecret defined in env file
'';
in
{
services.nginx.virtualHosts."tracktrain.ilztalbahn.eu" = {
locations."/api" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://192.168.42.41:4000";
proxyWebsockets = true;
extraConfig = ''
add_header 'Access-Control-Allow-Origin' '*' always;
'';
};
# locations."/metrics/" = {
# proxyPass = "http://localhost:2342";
# proxyWebsockets = true;
# extraConfig = ''
# rewrite ^/metrics/(.*) /$1 break;
# '';
# };
enableACME = true;
forceSSL = true;
# note: this shadows the /metrics endpoint of tracktrain
# in case you remove this, please consider putting something
# else here to keep it from being publicly scrapable
locations."/metrics/" = {
proxyPass = "http://192.168.42.41:2342";
proxyWebsockets = true;
extraConfig = ''
rewrite ^/metrics/(.*) /$1 break;
'';
};
};
# services.prometheus = {
# enable = true;
# port = 9001;
# scrapeConfigs = [ {
# job_name = "tracktrain";
# static_configs = [{
# targets = [ "192.168.42.41:4000" ];
# }];
# } ];
# };
# services.grafana = {
# enable = true;
# settings.server = {
# serve_from_sub_path = true;
# domain = "tracktrain.ilztalbahn.eu";
# root_url = "%(protocol)s://%(domain)s:/metrics/";
# http_port = 2342;
# http_addr = "0.0.0.0";
# };
# provision = {
# enable = true;
# datasources.settings.datasources = [ {
# url = "http://localhost:9001";
# type = "prometheus";
# name = "prometheus";
# } ];
# };
# };
networking.firewall.allowedTCPPorts = [ 443 ];
@ -58,13 +46,13 @@
hostAddress = "192.168.42.40";
localAddress = "192.168.42.41";
autoStart = true;
bindMounts = {
"/persist" = {
hostPath = "/persist/containers/tracktrain";
isReadOnly = false;
};
};
path = (evalConfig {
hosts = { };
groups = { };
@ -81,27 +69,32 @@
interface = "eth0";
};
users.users.tracktrain = {
group = "tracktrain";
isSystemUser = true;
};
users.groups.tracktrain = {};
systemd.services.tracktrain = {
enable = true;
description = "tracks trains, hopefully";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig.Type = "simple";
serviceConfig = {
Type = "simple";
EnvironmentFile = "/persist/secrets.env";
User = "tracktrain";
Group = "tracktrain";
};
path = [ pkgs.wget ];
script = ''
cd /tmp
# wget "https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip"
${(pkgs.tracktrain
# have to remove version constraints because some aren't in 22.05
.overrideAttrs (old: { patchPhase = ''
sed -i "s/base.*/base/g" *.cabal
sed -i "s/^>=.*//g" *.cabal
sed -i "s/>=.*//g" *.cabal
''; }))
}/bin/tracktrain --dbString="dbname=tracktrain user=tracktrain" --warp.port=4000 +RTS -T
mkdir -p /persist/tracktrain
cd /persist/tracktrain
ln -sf ${pkgs.writeText "tracktrain-config.yaml" tracktrain-config} config.yaml
wget "https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip"
${pkgs.tracktrain}/bin/tracktrain +RTS -T
'';
startAt = "daily";
};
services.postgresql = {
@ -120,6 +113,56 @@
'';
};
services.prometheus = {
enable = true;
port = 9001;
scrapeConfigs = [ {
job_name = "tracktrain";
static_configs = [{
targets = [ "0.0.0.0:4000" ];
}];
} ];
};
services.grafana = {
enable = true;
settings.server = {
serve_from_sub_path = true;
domain = "tracktrain.ilztalbahn.eu";
root_url = "https://%(domain)s/metrics/";
http_port = 2342;
http_addr = "0.0.0.0";
};
settings."auth.generic_oauth" = {
name = "uffd";
enabled = true;
allow_sign_up = true;
empty_scopes = true;
client_id = "ilztalbahn-grafana";
client_secret = "\${GRAFANA_CLIENT_SECRET}";
auth_url = "https://login.infra4future.de/oauth2/authorize";
token_url = "https://login.infra4future.de/oauth2/token";
api_url = "https://login.infra4future.de/oauth2/userinfo";
};
# disables the default login screen. comment out if for some
# reason you do need it
settings.auth.oauth_auto_login = true;
settings.users.auto_assign_org_role = "Admin";
provision = {
enable = true;
datasources.settings.datasources = [ {
url = "http://localhost:9001";
type = "prometheus";
name = "prometheus";
} ];
};
};
systemd.services.grafana.serviceConfig.EnvironmentFile =
"/persist/secrets.env";
services.coredns = {
enable = true;
config = ''