blob: 77a1ab730aee9ad0403a530721455db6a59282b1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
{ config, lib, pkgs, inputs, ... }:
let
tracktrain-config = ''
dbstring: "dbname=tracktrain user=tracktrain"
gtfs: ${pkgs.copyPathToStore ./gtfs.zip}
assets: ${pkgs.tracktrain}/assets
warp:
port: 4000
'';
in
{
sops.secrets = {
"tracktrain/env" = {};
"nginx/tracktrain-auth" = {
owner = "nginx";
};
};
services.nginx.recommendedProxySettings = true;
services.nginx.virtualHosts."tracktrain.stuebinm.eu" = {
serverAliases = [ "tracktrain.ilztalbahn.eu" "ilztalbahn.infra4future.de" ];
locations."/" = {
proxyPass = "http://192.168.42.41:4000";
proxyWebsockets = true;
basicAuthFile = "/run/secrets/nginx/tracktrain-auth";
};
locations."/api" = {
proxyPass = "http://192.168.42.41:4000";
proxyWebsockets = true;
extraConfig = ''
add_header 'Access-Control-Allow-Origin' '*' always;
'';
};
locations."/metrics/" = {
proxyPass = "http://localhost:2342";
proxyWebsockets = true;
extraConfig = ''
rewrite ^/metrics/(.*) /$1 break;
'';
};
enableACME = true;
forceSSL = true;
};
# services.prometheus = {
# enable = true;
# port = 9001;
# scrapeConfigs = [ {
# job_name = "tracktrain";
# static_configs = [{
# targets = [ "192.168.42.41:4000" ];
# }];
# } ];
# };
# services.grafana = {
# enable = true;
# settings.server = {
# serve_from_sub_path = true;
# domain = "tracktrain.ilztalbahn.eu";
# root_url = "%(protocol)s://%(domain)s:/metrics/";
# http_port = 2342;
# http_addr = "0.0.0.0";
# };
# provision = {
# enable = true;
# datasources.settings.datasources = [ {
# url = "http://localhost:9001";
# type = "prometheus";
# name = "prometheus";
# } ];
# };
# };
networking.firewall.allowedTCPPorts = [ 443 ];
containers.tracktrain = {
autoStart = true;
privateNetwork = true;
hostAddress6 = "fd00::42:40";
localAddress6 = "fd00::42:41";
hostAddress = "192.168.42.40";
localAddress = "192.168.42.41";
config = { config, ... }: {
systemd.services.tracktrain = {
enable = true;
description = "tracks trains, hopefully";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
# EnvironmentFile = "/secrets/env";
DynamicUser = true;
};
path = [ pkgs.wget pkgs.ntfy-sh ];
script = ''
cd /tmp
ln -sf ${pkgs.writeText "config.yaml" tracktrain-config} "config.yaml"
sleep 3
${pkgs.tracktrain}/bin/tracktrain +RTS -T
'';
};
systemd.services.postgresql.wantedBy = [ "tracktrain.service" ];
services.postgresql = {
enable = true;
ensureDatabases = [ "tracktrain" ];
ensureUsers = [ {
name = "tracktrain";
ensureDBOwnership = true;
} ];
authentication = ''
local all all trust
'';
};
networking.firewall.enable = false;
system.stateVersion = "25.11";
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
};
};
networking.nat = {
enable = true;
internalInterfaces = [ "ve-tracktrain" ];
externalInterface = "ens3";
};
}
|
