forked from hacc/haccfiles
stuebinm
57b6eac7c2
note: I am author of both the file now under /persist/containers/tracktrain & the upstream one at ilztalbahn.eu, but don't have direct access to the wordpress instance running there, and no one who does has yet uploaded the new file.
158 lines
4.4 KiB
Nix
158 lines
4.4 KiB
Nix
{ config, lib, pkgs, inputs, evalConfig, ... }:
|
|
|
|
let
|
|
tracktrain-config = ''
|
|
dbstring: "dbname=tracktrain"
|
|
gtfs: /persist/gtfs.zip
|
|
assets: ${pkgs.tracktrain}/assets
|
|
|
|
warp:
|
|
port: 4000
|
|
|
|
login:
|
|
enable: true
|
|
url: https://login.infra4future.de
|
|
clientname: tracktrain
|
|
# clientsecret defined in env file
|
|
'';
|
|
in
|
|
{
|
|
sops.secrets = {
|
|
"tracktrain/env" = {};
|
|
};
|
|
|
|
services.nginx.virtualHosts."tracktrain.ilztalbahn.eu" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/" = {
|
|
proxyPass = "http://192.168.42.41:4000";
|
|
proxyWebsockets = true;
|
|
};
|
|
# note: this shadows the /metrics endpoint of tracktrain
|
|
# in case you remove this, please consider putting something
|
|
# else here to keep it from being publicly scrapable
|
|
locations."/metrics/" = {
|
|
proxyPass = "http://192.168.42.41:2342";
|
|
proxyWebsockets = true;
|
|
extraConfig = ''
|
|
rewrite ^/metrics/(.*) /$1 break;
|
|
'';
|
|
};
|
|
};
|
|
|
|
containers.tracktrain = {
|
|
privateNetwork = true;
|
|
hostAddress = "192.168.42.40";
|
|
localAddress = "192.168.42.41";
|
|
autoStart = true;
|
|
bindMounts = {
|
|
"/persist" = {
|
|
hostPath = "/persist/containers/tracktrain";
|
|
isReadOnly = false;
|
|
};
|
|
"/secrets".hostPath = "/run/secrets/tracktrain";
|
|
};
|
|
|
|
path = evalConfig ({ config, lib, pkgs, profiles, ... }: {
|
|
system.stateVersion = "21.11";
|
|
|
|
imports = [ profiles.nopersist profiles.container ];
|
|
|
|
users.users.tracktrain = {
|
|
group = "tracktrain";
|
|
isSystemUser = true;
|
|
};
|
|
users.groups.tracktrain = {};
|
|
|
|
systemd.services.tracktrain = {
|
|
enable = true;
|
|
|
|
description = "tracks trains, hopefully";
|
|
wantedBy = [ "multi-user.target" ];
|
|
requires = [ "network.target" ];
|
|
after = [ "network.target" ];
|
|
serviceConfig = {
|
|
Type = "simple";
|
|
EnvironmentFile = "/secrets/env";
|
|
User = "tracktrain";
|
|
Group = "tracktrain";
|
|
};
|
|
path = [ pkgs.wget ];
|
|
script = ''
|
|
mkdir -p /persist/tracktrain
|
|
cd /persist/tracktrain
|
|
ln -sf ${pkgs.writeText "tracktrain-config.yaml" tracktrain-config} config.yaml
|
|
wget "https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip" || sleep 4; wget "https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip"
|
|
${pkgs.tracktrain}/bin/tracktrain +RTS -T
|
|
'';
|
|
};
|
|
|
|
services.postgresql = {
|
|
enable = true;
|
|
|
|
ensureDatabases = [ "tracktrain" ];
|
|
ensureUsers = [ {
|
|
name = "tracktrain";
|
|
ensurePermissions = {
|
|
"DATABASE tracktrain" = "ALL PRIVILEGES";
|
|
};
|
|
} ];
|
|
authentication = ''
|
|
local all all trust
|
|
host all all 127.0.0.1/32 trust
|
|
'';
|
|
};
|
|
|
|
services.prometheus = {
|
|
enable = true;
|
|
port = 9001;
|
|
scrapeConfigs = [ {
|
|
job_name = "tracktrain";
|
|
static_configs = [{
|
|
targets = [ "0.0.0.0:4000" ];
|
|
}];
|
|
} ];
|
|
};
|
|
|
|
services.grafana = {
|
|
enable = true;
|
|
settings.server = {
|
|
serve_from_sub_path = true;
|
|
domain = "tracktrain.ilztalbahn.eu";
|
|
root_url = "https://%(domain)s/metrics/";
|
|
http_port = 2342;
|
|
http_addr = "0.0.0.0";
|
|
};
|
|
|
|
settings."auth.generic_oauth" = {
|
|
name = "uffd";
|
|
enabled = true;
|
|
allow_sign_up = true;
|
|
empty_scopes = true;
|
|
client_id = "ilztalbahn-grafana";
|
|
client_secret = "\${GRAFANA_CLIENT_SECRET}";
|
|
auth_url = "https://login.infra4future.de/oauth2/authorize";
|
|
token_url = "https://login.infra4future.de/oauth2/token";
|
|
api_url = "https://login.infra4future.de/oauth2/userinfo";
|
|
};
|
|
# disables the default login screen. comment out if for some
|
|
# reason you do need it
|
|
settings.auth.oauth_auto_login = true;
|
|
settings.users.auto_assign_org_role = "Admin";
|
|
|
|
provision = {
|
|
enable = true;
|
|
datasources.settings.datasources = [ {
|
|
url = "http://localhost:9001";
|
|
type = "prometheus";
|
|
name = "prometheus";
|
|
} ];
|
|
};
|
|
};
|
|
|
|
systemd.services.grafana.serviceConfig.EnvironmentFile =
|
|
"/secrets/env";
|
|
});
|
|
};
|
|
|
|
}
|