summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--chaski/configuration.nix3
-rw-r--r--chaski/services/tracktrain.nix145
-rw-r--r--inputs.nix2
-rw-r--r--npins/sources.json65
-rw-r--r--pkgs/default.nix2
-rw-r--r--pkgs/overlay.nix4
-rw-r--r--secrets/chaski.yaml15
7 files changed, 199 insertions, 37 deletions
diff --git a/chaski/configuration.nix b/chaski/configuration.nix
index 0271e0f..94b89df 100644
--- a/chaski/configuration.nix
+++ b/chaski/configuration.nix
@@ -12,7 +12,8 @@
./services/chat.nix
./services/bahnhof-name.nix
./services/conduit.nix
- ./services/headscale.nix
+ # ./services/headscale.nix
+ ./services/tracktrain.nix
];
sops.defaultSopsFile = ../secrets/chaski.yaml;
diff --git a/chaski/services/tracktrain.nix b/chaski/services/tracktrain.nix
new file mode 100644
index 0000000..77a1ab7
--- /dev/null
+++ b/chaski/services/tracktrain.nix
@@ -0,0 +1,145 @@
+{ config, lib, pkgs, inputs, ... }:
+
+let
+ tracktrain-config = ''
+ dbstring: "dbname=tracktrain user=tracktrain"
+ gtfs: ${pkgs.copyPathToStore ./gtfs.zip}
+ assets: ${pkgs.tracktrain}/assets
+
+ warp:
+ port: 4000
+ '';
+in
+{
+ sops.secrets = {
+ "tracktrain/env" = {};
+ "nginx/tracktrain-auth" = {
+ owner = "nginx";
+ };
+ };
+
+ services.nginx.recommendedProxySettings = true;
+ services.nginx.virtualHosts."tracktrain.stuebinm.eu" = {
+ serverAliases = [ "tracktrain.ilztalbahn.eu" "ilztalbahn.infra4future.de" ];
+ locations."/" = {
+ proxyPass = "http://192.168.42.41:4000";
+ proxyWebsockets = true;
+ basicAuthFile = "/run/secrets/nginx/tracktrain-auth";
+ };
+ locations."/api" = {
+ proxyPass = "http://192.168.42.41:4000";
+ proxyWebsockets = true;
+ extraConfig = ''
+ add_header 'Access-Control-Allow-Origin' '*' always;
+ '';
+ };
+ locations."/metrics/" = {
+ proxyPass = "http://localhost:2342";
+ proxyWebsockets = true;
+ extraConfig = ''
+ rewrite ^/metrics/(.*) /$1 break;
+ '';
+ };
+ enableACME = true;
+ forceSSL = true;
+ };
+
+
+ # services.prometheus = {
+ # enable = true;
+ # port = 9001;
+ # scrapeConfigs = [ {
+ # job_name = "tracktrain";
+ # static_configs = [{
+ # targets = [ "192.168.42.41:4000" ];
+ # }];
+ # } ];
+ # };
+
+ # services.grafana = {
+ # enable = true;
+ # settings.server = {
+ # serve_from_sub_path = true;
+ # domain = "tracktrain.ilztalbahn.eu";
+ # root_url = "%(protocol)s://%(domain)s:/metrics/";
+ # http_port = 2342;
+ # http_addr = "0.0.0.0";
+ # };
+
+ # provision = {
+ # enable = true;
+ # datasources.settings.datasources = [ {
+ # url = "http://localhost:9001";
+ # type = "prometheus";
+ # name = "prometheus";
+ # } ];
+ # };
+ # };
+
+ networking.firewall.allowedTCPPorts = [ 443 ];
+
+ containers.tracktrain = {
+ autoStart = true;
+ privateNetwork = true;
+ hostAddress6 = "fd00::42:40";
+ localAddress6 = "fd00::42:41";
+ hostAddress = "192.168.42.40";
+ localAddress = "192.168.42.41";
+
+ config = { config, ... }: {
+
+ systemd.services.tracktrain = {
+ enable = true;
+
+ description = "tracks trains, hopefully";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+ serviceConfig = {
+ Type = "simple";
+ # EnvironmentFile = "/secrets/env";
+ DynamicUser = true;
+ };
+ path = [ pkgs.wget pkgs.ntfy-sh ];
+ script = ''
+ cd /tmp
+ ln -sf ${pkgs.writeText "config.yaml" tracktrain-config} "config.yaml"
+ sleep 3
+ ${pkgs.tracktrain}/bin/tracktrain +RTS -T
+ '';
+ };
+
+ systemd.services.postgresql.wantedBy = [ "tracktrain.service" ];
+
+ services.postgresql = {
+ enable = true;
+ ensureDatabases = [ "tracktrain" ];
+ ensureUsers = [ {
+ name = "tracktrain";
+ ensureDBOwnership = true;
+ } ];
+ authentication = ''
+ local all all trust
+ '';
+ };
+
+ networking.firewall.enable = false;
+ system.stateVersion = "25.11";
+
+ services.coredns = {
+ enable = true;
+ config = ''
+ .:53 {
+ forward . 1.1.1.1
+ }
+ '';
+ };
+ };
+ };
+
+ networking.nat = {
+ enable = true;
+ internalInterfaces = [ "ve-tracktrain" ];
+ externalInterface = "ens3";
+ };
+
+}
diff --git a/inputs.nix b/inputs.nix
index 4d38903..4d01e99 100644
--- a/inputs.nix
+++ b/inputs.nix
@@ -28,7 +28,7 @@ let
inherit system;
overlays = [
(import sources.rust-overlay)
- deploy-rs.overlay
+ deploy-rs.overlays.default
(import ./pkgs/overlay.nix { inherit inputs; })
lix-overlay
];
diff --git a/npins/sources.json b/npins/sources.json
index 8525b6c..17e7e94 100644
--- a/npins/sources.json
+++ b/npins/sources.json
@@ -9,9 +9,9 @@
},
"branch": "main",
"submodules": false,
- "revision": "86d582b11cb651e2e5f0eb8a1fcabbcb7360181d",
- "url": "https://github.com/ai-robots-txt/ai.robots.txt/archive/86d582b11cb651e2e5f0eb8a1fcabbcb7360181d.tar.gz",
- "hash": "12wi706wkyvgpx3iyfsmgzfpqhan1ydpv2hyk9ghqcmki910jza3"
+ "revision": "198653b59a888d8c580b8566d305a44e184f5b33",
+ "url": "https://github.com/ai-robots-txt/ai.robots.txt/archive/198653b59a888d8c580b8566d305a44e184f5b33.tar.gz",
+ "hash": "0pc31az81782g9msh58y3187alb0bsbxis73nm6z4f2g66z2mx47"
},
"almanac": {
"type": "Git",
@@ -52,14 +52,15 @@
"deploy-rs": {
"type": "Git",
"repository": {
- "type": "Git",
- "url": "https://stuebinm.eu/git/forks/deploy-rs"
+ "type": "GitHub",
+ "owner": "serokell",
+ "repo": "deploy-rs"
},
- "branch": "nom-flag",
+ "branch": "master",
"submodules": false,
- "revision": "9001480e03ab8c957716e2bf164bbde605472399",
- "url": null,
- "hash": "1iiplqa731ldha728xk2fi36n87p20hnzf35g21jli1dlknw388f"
+ "revision": "77c906c0ba56aabdbc72041bf9111b565cdd6171",
+ "url": "https://github.com/serokell/deploy-rs/archive/77c906c0ba56aabdbc72041bf9111b565cdd6171.tar.gz",
+ "hash": "0mh86igciasvqnmm7lvdp937yi6x8n4lalss6l4rvjyv7601h2w7"
},
"flake-compat": {
"type": "GitRelease",
@@ -114,9 +115,9 @@
},
"branch": "release-25.11",
"submodules": false,
- "revision": "cf9686ba26f5ef788226843bc31fda4cf72e373b",
- "url": "https://github.com/nix-community/home-manager/archive/cf9686ba26f5ef788226843bc31fda4cf72e373b.tar.gz",
- "hash": "19idpl3xa2g8225r24l1xvc18d32c9vzp04r37rh8lhcj6zyywbn"
+ "revision": "7afd8cebb99e25a64a745765920e663478eb8830",
+ "url": "https://github.com/nix-community/home-manager/archive/7afd8cebb99e25a64a745765920e663478eb8830.tar.gz",
+ "hash": "08ls04dhzda3wcmd5250kvany5wc2mcqhcshb9fsymbgcr72bxjq"
},
"isabelle-utils": {
"type": "Git",
@@ -138,9 +139,9 @@
},
"branch": "main",
"submodules": false,
- "revision": "b94d615baa20ac93fb48674e017dd1498a573168",
+ "revision": "d0190cff6f2314cc1c727ff113aea20e086f4bcc",
"url": null,
- "hash": "178081zlc1q011i5ig5bhbpl5x2d1f1gsgvpc0v0pp00f8zp13wq"
+ "hash": "0gym67yfpxb2fjzdhgy4vlhvca6zkl47zcgnf42xaaar52bh8b99"
},
"lix-nixos-module": {
"type": "Git",
@@ -189,9 +190,9 @@
},
"branch": "nixos-25.11",
"submodules": false,
- "revision": "4590696c8693fea477850fe379a01544293ca4e2",
- "url": "https://github.com/NixOS/nixpkgs/archive/4590696c8693fea477850fe379a01544293ca4e2.tar.gz",
- "hash": "1i2dygdxf20mkma168mgy85a1xzlhs16dmm1lcvxz3039mfwqxz1"
+ "revision": "1073dad219cb244572b74da2b20c7fe39cb3fa9e",
+ "url": "https://github.com/NixOS/nixpkgs/archive/1073dad219cb244572b74da2b20c7fe39cb3fa9e.tar.gz",
+ "hash": "0xgsq0cfjnl2axbzzw579jrjq9g8mhbgjgfippl3qx03im636p5l"
},
"nixpkgs-unstable": {
"type": "Git",
@@ -202,9 +203,9 @@
},
"branch": "nixpkgs-unstable",
"submodules": false,
- "revision": "fdc7b8f7b30fdbedec91b71ed82f36e1637483ed",
- "url": "https://github.com/NixOS/nixpkgs/archive/fdc7b8f7b30fdbedec91b71ed82f36e1637483ed.tar.gz",
- "hash": "0h19f2gy632baa2g0infji3nbr0s3mfaqis34gskdc2haiksvvvb"
+ "revision": "b63fe7f000adcfa269967eeff72c64cafecbbebe",
+ "url": "https://github.com/NixOS/nixpkgs/archive/b63fe7f000adcfa269967eeff72c64cafecbbebe.tar.gz",
+ "hash": "095ivddf22pgq7g4fqgp88hnzi5h97p87yf51cr0ajql0ghbz108"
},
"ntfy-matrix-bot": {
"type": "Git",
@@ -312,9 +313,9 @@
},
"branch": "master",
"submodules": false,
- "revision": "49a67e6894d4cb782842ee6faa466aa90c92812d",
- "url": "https://github.com/oxalica/rust-overlay/archive/49a67e6894d4cb782842ee6faa466aa90c92812d.tar.gz",
- "hash": "002wr0ljlg3is4c9jri5cmpsssf9il0cjmsyn3ksz58d6cr32pw3"
+ "revision": "d9f52b51548e76ab8b6e7d647763047ebdec835c",
+ "url": "https://github.com/oxalica/rust-overlay/archive/d9f52b51548e76ab8b6e7d647763047ebdec835c.tar.gz",
+ "hash": "1vx5dnxa0jlmhvkcrm33afg5rknjkhy14cmmc1822f5k2acbis6w"
},
"showrt": {
"type": "Git",
@@ -337,9 +338,21 @@
},
"branch": "master",
"submodules": false,
- "revision": "614e256310e0a4f8a9ccae3fa80c11844fba7042",
- "url": "https://github.com/Mic92/sops-nix/archive/614e256310e0a4f8a9ccae3fa80c11844fba7042.tar.gz",
- "hash": "09zy236xxrj2i85lwzcl4agmdfkf7hxnxiz5nyq350hb0wjbh4by"
+ "revision": "8adb84861fe70e131d44e1e33c426a51e2e0bfa5",
+ "url": "https://github.com/Mic92/sops-nix/archive/8adb84861fe70e131d44e1e33c426a51e2e0bfa5.tar.gz",
+ "hash": "1dk6y6khmx8kqf382qvvksb9kvppp200hmj9sbfd95a7035n1sqg"
+ },
+ "tracktrain": {
+ "type": "Git",
+ "repository": {
+ "type": "Git",
+ "url": "https://stuebinm.eu/git/tracktrain"
+ },
+ "branch": "main",
+ "submodules": false,
+ "revision": "3cd83d99fe477e78639c795a6b8ff4c844eb34a1",
+ "url": null,
+ "hash": "143ijhqir43a054abaagsjngxlc9j6vm0wfqw3gfwkhm5m9nic2c"
},
"traveltext": {
"type": "Git",
diff --git a/pkgs/default.nix b/pkgs/default.nix
index 2eeaf7c..5563b52 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -6,7 +6,7 @@
isabelle-utils isabat travelynx crs-tracker crs-php bahnhof-name matrix-to
hikari heartwood radicle-interface radicle-tui inweb nomsring bookwyrm
mollysocket git-annex-remote-remarkable2 ntfy-matrix-bot transport_validator
- mergiraf git-who plover plover-dev;
+ mergiraf git-who plover plover-dev tracktrain;
pkgs = nixpkgs;
}
diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix
index 10796b1..abd3da2 100644
--- a/pkgs/overlay.nix
+++ b/pkgs/overlay.nix
@@ -180,6 +180,10 @@ in
'';
};
+ tracktrain = self.callPackage inputs.tracktrain {
+ compiler = "default";
+ };
+
bahnhof-name =
let
haskellPkgs = self.haskellPackages.override (old: {
diff --git a/secrets/chaski.yaml b/secrets/chaski.yaml
index 7f07b2c..31c18b3 100644
--- a/secrets/chaski.yaml
+++ b/secrets/chaski.yaml
@@ -1,10 +1,10 @@
ntfy-matrix-bot:
env: ENC[AES256_GCM,data:mk/7fcdfsq+BOB8QK7LzVhYMDmMLw0cB0qq3p2IGWQAJtodqlqQMJukVF0jpoJLB/9GMcCweloVikus9K23/lcUPMZFHCdpMRR94puGROub8RF+v6XvegC741utlsLWGnS+Z/U8atHoI2rptdh4OV9lwELFYMpwDC/2IhxnhIyqWbAKnuWGdJcNVAKF6QxI0gY854xKoxRNXs3BrctoubSbBSyarjQiFgpk=,iv:jip5eTFPyBa199/SZhfezMY+Og8i1rh+2dmfVzBRPpo=,tag:xyLR34PqtJI63M5qnMvemQ==,type:str]
+tracktrain:
+ env: ""
+nginx:
+ tracktrain-auth: ENC[AES256_GCM,data:VlcsqohpTdTJ56DtKfjkGZD671jW5LBLWhcKfBQAmYq0RBtiBTzM0oZTYGl7quUZPuIAB0bM8alEcGsPQep8wAre,iv:+I0PQr4LwjwC2xTJDXpr7UxqTAhDCk3JvMlsmaOK6L8=,tag:LzjbqFruDNWGFm03yft79A==,type:str]
sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
age:
- recipient: age18wkr3kjalalzrq9l05q32gnlaqr7t6rqqzde307m83rs9fp4xcfsdtj9gt
enc: |
@@ -24,8 +24,7 @@ sops:
aFF6Nkowc3kxckFGNWRqSUxYdXZOd0kKsoRAtnnhIkaPACXgaGzMNW6uAG4pAg4d
DdgcTPKdAEv0uAqAmndsll+vWE1C0FaUwe37/jmBfAKrXpN7GwVa4g==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2024-03-27T22:32:40Z"
- mac: ENC[AES256_GCM,data:MJTMrHLh9rL7p1Y+e4if51ZYvfYWDV25eJvJ3unZwIAahF5GoOav4rb1hU1hLObZFhtlyjgHe/VGP2D+QsDARJOop0kGiybnfHqz7Vh7KIWhjDwsxaBPkxMUovxrEhxnwHR8+zKqNs+Vcl06ZaJ2F6U0rJRqyxO2CK5aSnuqDtE=,iv:qDsnPrVlnwnmWFJYxgCBCvg1/qgFl1IOC3QEifXaEbs=,tag:/oVJDam2l7pD+g2tIBAakg==,type:str]
- pgp: []
+ lastmodified: "2026-03-29T21:30:26Z"
+ mac: ENC[AES256_GCM,data:4zial4AotTlj7/EifC6A9SptDM0HjdBJcINRUPGv0FT8QjinfQD8kQTlRh6LOr+2jfcNkoll5Inxt4Aibl0FpYjiaiML2T2RZXb3e12JE7gcE1ndNBWMbS2DRF2DWPrQywoW2a6IzI3oAC9dZxrFBVkx8mPYGWBtxifmYCBqPfU=,iv:9OBOAR+HS/hDwEh7DK+Vc6s+pwFWDlduq1sxb9aXkvk=,tag:hCFbxL8pFivX7QCDQ6QmYg==,type:str]
unencrypted_suffix: _unencrypted
- version: 3.8.1
+ version: 3.12.1
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-30 18:43:02 +0000