blob: 3d59806363cc20418a3dc2f4229f8dba8fd9b190 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
{ config, lib, pkgs, inputs, ... }:
let
# this gets rid of the implicit dependency on ghc, reducing closure size
stripLib = drv: pkgs.stdenv.mkDerivation {
name = drv.name + "-without-lib";
src = drv.outPath;
buildPhase = ''
mkdir -p $out
cp -r $src/bin $out
'';
phases = [ "buildPhase" ];
};
in
{
services.nginx.recommendedProxySettings = true;
services.nginx.virtualHosts."tracktrain.stuebinm.eu" = {
locations."/" = {
proxyPass = "http://192.168.42.41:4000";
proxyWebsockets = true;
};
enableACME = true;
forceSSL = true;
extraConfig = ''
add_header 'Access-Control-Allow-Origin' '*' always;
'';
};
networking.firewall.allowedTCPPorts = [ 443 ];
containers.tracktrain = {
autoStart = true;
privateNetwork = true;
hostAddress6 = "fd00::42:40";
localAddress6 = "fd00::42:41";
hostAddress = "192.168.42.40";
localAddress = "192.168.42.41";
config = { config, pkgs, ... }: {
systemd.services.tracktrain = {
enable = true;
description = "tracks trains, hopefully";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig.Type = "simple";
path = [ pkgs.wget ];
script = ''
cd /tmp
wget "https://ilztalbahn.eu/wp-content/uploads/2020/07/gtfs.zip"
${stripLib (((import inputs.tracktrain {nixpkgs = pkgs;}))
# have to remove version constraints because some aren't in 22.05
.overrideAttrs (old: { patchPhase = ''
sed -i "s/base.*/base/g" *.cabal
sed -i "s/^>=.*//g" *.cabal
sed -i "s/>=.*//g" *.cabal
''; }))
}/bin/tracktrain --dbString="dbname=tracktrain user=tracktrain" --warp.port=4000
'';
startAt = "daily";
};
services.postgresql = {
enable = true;
ensureDatabases = [ "tracktrain" ];
ensureUsers = [ {
name = "tracktrain";
ensurePermissions = {
"DATABASE tracktrain" = "ALL PRIVILEGES";
};
} ];
authentication = ''
local all all trust
host all all 127.0.0.1/32 trust
'';
};
networking.firewall.allowedTCPPorts = [ 4000 ];
system.stateVersion = "22.05";
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
};
};
networking.nat = {
enable = true;
internalInterfaces = [ "ve-tracktrain" ];
externalInterface = "ens3";
};
}
|