chaski: re-add tracktrain

this is a spiritual revert of a85c8907e863d44c80a4caac5da097de3bf0b2bc. infra4future.de sadly is no more; hence chaski now also serves as the main host to serve gtfs realtime requests
author: stuebinm 2026-03-29 23:36:24 +0200
committer: stuebinm 2026-03-29 23:42:44 +0200
commit: 765c608686dbbe082db15123cfccc16c6f3e797d (patch)
tree: 72f922a6bbebf458eb3b62bbc33689a43147bb7f /chaski
parent: 79031ec02106c3731aac4fe546b8ccc9f0590088 (diff)
2 files changed, 147 insertions, 1 deletions
diff --git a/chaski/configuration.nix b/chaski/configuration.nix
index 0271e0f..94b89df 100644
--- a/chaski/configuration.nix
+++ b/chaski/configuration.nix
@@ -12,7 +12,8 @@
       ./services/chat.nix
       ./services/bahnhof-name.nix
       ./services/conduit.nix
-      ./services/headscale.nix
+      # ./services/headscale.nix
+      ./services/tracktrain.nix
     ];
 
   sops.defaultSopsFile = ../secrets/chaski.yaml;
diff --git a/chaski/services/tracktrain.nix b/chaski/services/tracktrain.nix
new file mode 100644
index 0000000..77a1ab7
--- /dev/null
+++ b/chaski/services/tracktrain.nix
@@ -0,0 +1,145 @@
+{ config, lib, pkgs, inputs, ... }:
+
+let
+  tracktrain-config = ''
+    dbstring: "dbname=tracktrain user=tracktrain"
+    gtfs: ${pkgs.copyPathToStore ./gtfs.zip}
+    assets: ${pkgs.tracktrain}/assets
+
+    warp:
+      port: 4000
+  '';
+in
+{
+  sops.secrets = {
+    "tracktrain/env" = {};
+    "nginx/tracktrain-auth" = {
+      owner = "nginx";
+    };
+  };
+
+  services.nginx.recommendedProxySettings = true;
+  services.nginx.virtualHosts."tracktrain.stuebinm.eu" = {
+    serverAliases = [ "tracktrain.ilztalbahn.eu" "ilztalbahn.infra4future.de" ];
+    locations."/" = {
+      proxyPass = "http://192.168.42.41:4000";
+      proxyWebsockets = true;
+      basicAuthFile = "/run/secrets/nginx/tracktrain-auth";
+    };
+    locations."/api" = {
+      proxyPass = "http://192.168.42.41:4000";
+      proxyWebsockets = true;
+      extraConfig = ''
+        add_header 'Access-Control-Allow-Origin' '*' always;
+      '';
+    };
+    locations."/metrics/" = {
+      proxyPass = "http://localhost:2342";
+      proxyWebsockets = true;
+      extraConfig = ''
+        rewrite  ^/metrics/(.*)  /$1 break;
+      '';
+    };
+    enableACME = true;
+    forceSSL = true;
+  };
+
+
+  # services.prometheus = {
+  #   enable = true;
+  #   port = 9001;
+  #   scrapeConfigs = [ {
+  #     job_name = "tracktrain";
+  #     static_configs = [{
+  #       targets = [  "192.168.42.41:4000" ];
+  #     }];
+  #   } ];
+  # };
+
+  # services.grafana = {
+  #   enable = true;
+  #   settings.server = {
+  #     serve_from_sub_path = true;
+  #     domain = "tracktrain.ilztalbahn.eu";
+  #     root_url = "%(protocol)s://%(domain)s:/metrics/";
+  #     http_port = 2342;
+  #     http_addr = "0.0.0.0";
+  #   };
+
+  #   provision = {
+  #     enable = true;
+  #     datasources.settings.datasources = [ {
+  #       url = "http://localhost:9001";
+  #       type = "prometheus";
+  #       name = "prometheus";
+  #     } ];
+  #   };
+  # };
+
+  networking.firewall.allowedTCPPorts = [ 443 ];
+
+  containers.tracktrain = {
+    autoStart = true;
+    privateNetwork = true;
+    hostAddress6 = "fd00::42:40";
+    localAddress6 = "fd00::42:41";
+    hostAddress = "192.168.42.40";
+    localAddress = "192.168.42.41";
+
+    config = { config, ... }: {
+
+      systemd.services.tracktrain = {
+        enable = true;
+
+        description = "tracks trains, hopefully";
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network.target" ];
+        serviceConfig = {
+          Type = "simple";
+          # EnvironmentFile = "/secrets/env";
+          DynamicUser = true;
+        };
+        path = [ pkgs.wget pkgs.ntfy-sh ];
+        script = ''
+          cd /tmp
+          ln -sf ${pkgs.writeText "config.yaml" tracktrain-config} "config.yaml"
+          sleep 3
+          ${pkgs.tracktrain}/bin/tracktrain +RTS -T
+        '';
+      };
+
+      systemd.services.postgresql.wantedBy = [ "tracktrain.service" ];
+
+      services.postgresql = {
+        enable = true;
+        ensureDatabases = [ "tracktrain" ];
+        ensureUsers = [ {
+          name = "tracktrain";
+          ensureDBOwnership = true;
+        } ];
+        authentication = ''
+          local all all trust
+        '';
+      };
+
+      networking.firewall.enable = false;
+      system.stateVersion = "25.11";
+
+      services.coredns = {
+        enable = true;
+        config = ''
+          .:53 {
+          forward . 1.1.1.1
+          }
+        '';
+      };
+    };
+  };
+
+  networking.nat = {
+    enable = true;
+    internalInterfaces = [ "ve-tracktrain" ];
+    externalInterface = "ens3";
+  };
+
+}
author	stuebinm	2026-03-29 23:36:24 +0200
committer	stuebinm	2026-03-29 23:42:44 +0200
commit	765c608686dbbe082db15123cfccc16c6f3e797d (patch)
tree	72f922a6bbebf458eb3b62bbc33689a43147bb7f /chaski
parent	79031ec02106c3731aac4fe546b8ccc9f0590088 (diff)