172 lines
4.7 KiB
Nix
172 lines
4.7 KiB
Nix
{ config, lib, pkgs, inputs, evalConfig, ... }:
|
|
|
|
let
|
|
tracktrain-config = ''
|
|
dbstring: "dbname=tracktrain"
|
|
gtfs: ./gtfs.zip
|
|
|
|
warp:
|
|
port: 4000
|
|
|
|
login:
|
|
enable: true
|
|
url: https://login.infra4future.de
|
|
clientname: tracktrain
|
|
# clientsecret defined in env file
|
|
'';
|
|
in
|
|
{
|
|
services.nginx.virtualHosts."tracktrain.ilztalbahn.eu" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/" = {
|
|
proxyPass = "http://192.168.42.41:4000";
|
|
proxyWebsockets = true;
|
|
};
|
|
# note: this shadows the /metrics endpoint of tracktrain
|
|
# in case you remove this, please consider putting something
|
|
# else here to keep it from being publicly scrapable
|
|
locations."/metrics/" = {
|
|
proxyPass = "http://192.168.42.41:2342";
|
|
proxyWebsockets = true;
|
|
extraConfig = ''
|
|
rewrite ^/metrics/(.*) /$1 break;
|
|
'';
|
|
};
|
|
};
|
|
|
|
containers.tracktrain = {
|
|
privateNetwork = true;
|
|
hostAddress = "192.168.42.40";
|
|
localAddress = "192.168.42.41";
|
|
autoStart = true;
|
|
bindMounts = {
|
|
"/persist" = {
|
|
hostPath = "/persist/containers/tracktrain";
|
|
isReadOnly = false;
|
|
};
|
|
};
|
|
|
|
path = (evalConfig {
|
|
hosts = { };
|
|
groups = { };
|
|
} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
|
|
boot.isContainer = true;
|
|
networking.useDHCP = false;
|
|
users.users.root.hashedPassword = "";
|
|
system.stateVersion = "21.11";
|
|
|
|
imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ];
|
|
networking.firewall.enable = false;
|
|
networking.defaultGateway = {
|
|
address = "192.168.100.1";
|
|
interface = "eth0";
|
|
};
|
|
|
|
users.users.tracktrain = {
|
|
group = "tracktrain";
|
|
isSystemUser = true;
|
|
};
|
|
users.groups.tracktrain = {};
|
|
|
|
systemd.services.tracktrain = {
|
|
enable = true;
|
|
|
|
description = "tracks trains, hopefully";
|
|
wantedBy = [ "multi-user.target" ];
|
|
requires = [ "network.target" ];
|
|
after = [ "network.target" ];
|
|
serviceConfig = {
|
|
Type = "simple";
|
|
EnvironmentFile = "/persist/secrets.env";
|
|
User = "tracktrain";
|
|
Group = "tracktrain";
|
|
};
|
|
path = [ pkgs.wget ];
|
|
script = ''
|
|
mkdir -p /persist/tracktrain
|
|
cd /persist/tracktrain
|
|
ln -sf ${pkgs.writeText "tracktrain-config.yaml" tracktrain-config} config.yaml
|
|
wget "https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip"
|
|
${pkgs.tracktrain}/bin/tracktrain +RTS -T
|
|
'';
|
|
};
|
|
|
|
services.postgresql = {
|
|
enable = true;
|
|
|
|
ensureDatabases = [ "tracktrain" ];
|
|
ensureUsers = [ {
|
|
name = "tracktrain";
|
|
ensurePermissions = {
|
|
"DATABASE tracktrain" = "ALL PRIVILEGES";
|
|
};
|
|
} ];
|
|
authentication = ''
|
|
local all all trust
|
|
host all all 127.0.0.1/32 trust
|
|
'';
|
|
};
|
|
|
|
services.prometheus = {
|
|
enable = true;
|
|
port = 9001;
|
|
scrapeConfigs = [ {
|
|
job_name = "tracktrain";
|
|
static_configs = [{
|
|
targets = [ "0.0.0.0:4000" ];
|
|
}];
|
|
} ];
|
|
};
|
|
|
|
services.grafana = {
|
|
enable = true;
|
|
settings.server = {
|
|
serve_from_sub_path = true;
|
|
domain = "tracktrain.ilztalbahn.eu";
|
|
root_url = "https://%(domain)s/metrics/";
|
|
http_port = 2342;
|
|
http_addr = "0.0.0.0";
|
|
};
|
|
|
|
settings."auth.generic_oauth" = {
|
|
name = "uffd";
|
|
enabled = true;
|
|
allow_sign_up = true;
|
|
empty_scopes = true;
|
|
client_id = "ilztalbahn-grafana";
|
|
client_secret = "\${GRAFANA_CLIENT_SECRET}";
|
|
auth_url = "https://login.infra4future.de/oauth2/authorize";
|
|
token_url = "https://login.infra4future.de/oauth2/token";
|
|
api_url = "https://login.infra4future.de/oauth2/userinfo";
|
|
};
|
|
# disables the default login screen. comment out if for some
|
|
# reason you do need it
|
|
settings.auth.oauth_auto_login = true;
|
|
settings.users.auto_assign_org_role = "Admin";
|
|
|
|
provision = {
|
|
enable = true;
|
|
datasources.settings.datasources = [ {
|
|
url = "http://localhost:9001";
|
|
type = "prometheus";
|
|
name = "prometheus";
|
|
} ];
|
|
};
|
|
};
|
|
|
|
systemd.services.grafana.serviceConfig.EnvironmentFile =
|
|
"/persist/secrets.env";
|
|
|
|
services.coredns = {
|
|
enable = true;
|
|
config = ''
|
|
.:53 {
|
|
forward . 1.1.1.1
|
|
}
|
|
'';
|
|
};
|
|
})).config.system.build.toplevel;
|
|
};
|
|
|
|
}
|