forked from pub-solar/infra
Benjamin Yule Bädorf
d280b29394
This follows the official installation instructions at https://github.com/openbikesensor/portal/blob/main/docs/production-deployment.md Unfortunately, the postgres database needs to have postgis enabled, so we'll have to start a second instance. To stay close to the official deployment instructions, this is running in docker. The secrets were taken from the old installation instance. During initial installation, we'll need to import data from the old instance into this one, which might take a while.
141 lines
3.6 KiB
Nix
141 lines
3.6 KiB
Nix
{ config
|
|
, lib
|
|
, pkgs
|
|
, self
|
|
, flake
|
|
, ...
|
|
}: let
|
|
configPy = pkgs.writeText "obs-portal-config.py" ''
|
|
DEBUG = False
|
|
VERBOSE = DEBUG
|
|
AUTO_RESTART = DEBUG
|
|
LEAN_MODE = False
|
|
FRONTEND_URL = None
|
|
FRONTEND_HTTPS = True
|
|
FRONTEND_DIR = "../frontend/build/"
|
|
FRONTEND_CONFIG = {
|
|
"imprintUrl": "https://pub.solar/about",
|
|
"privacyPolicyUrl": "https://pub.solar/privacy",
|
|
"mapHome": {"zoom": 12, "latitude": 50.93, "longitude": 6.97},
|
|
"banner": {
|
|
"text": "This is an installation serving the Cologne/Bonn region run for Team OBSKöln by pub.solar n.e.V.",
|
|
"style": "info"
|
|
},
|
|
}
|
|
TILES_FILE = None
|
|
ADDITIONAL_CORS_ORIGINS = None
|
|
'';
|
|
|
|
env = {
|
|
OBS_KEYCLOAK_URI = "auth.pub.solar";
|
|
OBS_PORTAL_URI = "obs-portal.pub.solar";
|
|
|
|
OBS_POSTGRES_MAX_OVERFLOW = "20";
|
|
OBS_POSTGRES_POOL_SIZE = "40";
|
|
|
|
OBS_HOST = "0.0.0.0";
|
|
OBS_PORT = "3000";
|
|
OBS_KEYCLOAK_URL = "https://auth.pub.solar/realms/pub.solar/";
|
|
OBS_KEYCLOAK_CLIENT_ID = "openbikesensor-portal";
|
|
OBS_DEDICATED_WORKER = "True";
|
|
OBS_DATA_DIR = "/data";
|
|
OBS_PROXIES_COUNT = "1";
|
|
};
|
|
in {
|
|
age.secrets.obs-portal-env = {
|
|
file = "${flake.self}/secrets/obs-portal-env.age";
|
|
mode = "600";
|
|
};
|
|
|
|
age.secrets.obs-portal-database-env = {
|
|
file = "${flake.self}/secrets/obs-portal-database-env.age";
|
|
mode = "600";
|
|
};
|
|
|
|
systemd.services."docker-network-obs-portal" =
|
|
let
|
|
docker = config.virtualisation.oci-containers.backend;
|
|
dockerBin = "${pkgs.${docker}}/bin/${docker}";
|
|
in
|
|
{
|
|
serviceConfig.Type = "oneshot";
|
|
before = [ "docker-obs-portal.service" ];
|
|
script = ''
|
|
${dockerBin} network inspect obs-portal-net >/dev/null 2>&1 || ${dockerBin} network create obs-portal-net --subnet 172.20.0.0/24
|
|
'';
|
|
};
|
|
|
|
services.nginx.virtualHosts."obs-portal.pub.solar" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
locations."/" = {
|
|
proxyWebsockets = true;
|
|
extraConfig = ''
|
|
proxy_pass http://127.0.0.1:3001;
|
|
proxy_set_header Host $host;
|
|
'';
|
|
};
|
|
};
|
|
|
|
virtualisation = {
|
|
oci-containers = {
|
|
backend = "docker";
|
|
|
|
containers."obs-portal" = {
|
|
image = "git.pub.solar/pub-solar/obs-portal:latest";
|
|
autoStart = true;
|
|
ports = [ "localhost:3001:${env.OBS_PORT}" ];
|
|
|
|
environment = env;
|
|
environmentFiles = [ config.age.secrets.obs-portal-env.path ];
|
|
|
|
volumes = [
|
|
"${configPy}:/opt/obs/api/config.py"
|
|
"/var/lib/obs-portal${env.OBS_DATA_DIR}:${env.OBS_DATA_DIR}"
|
|
"/var/lib/obs-portal/tiles/:/tiles"
|
|
"/var/lib/obs-portal/pbf/:/pbf"
|
|
];
|
|
|
|
extraOptions = [
|
|
"--network=obs-portal-net"
|
|
];
|
|
};
|
|
|
|
containers."obs-portal-worker" = {
|
|
image = "git.pub.solar/pub-solar/obs-portal:latest";
|
|
autoStart = true;
|
|
|
|
cmd = [ "python" "tools/process_track.py" ];
|
|
|
|
environment = env;
|
|
environmentFiles = [ config.age.secrets.obs-portal-env.path ];
|
|
|
|
volumes = [
|
|
"${configPy}:/opt/obs/api/config.py"
|
|
"/var/lib/obs-portal${env.OBS_DATA_DIR}:${env.OBS_DATA_DIR}"
|
|
];
|
|
|
|
extraOptions = [
|
|
"--network=obs-portal-net"
|
|
];
|
|
};
|
|
|
|
containers."obs-portal-db" = {
|
|
image = "openmaptiles/postgis:7.0";
|
|
autoStart = true;
|
|
|
|
environmentFiles = [ config.age.secrets.obs-portal-database-env.path ];
|
|
|
|
volumes = [
|
|
"/var/lib/postgres-obs-portal/data:/var/lib/postgresql/data"
|
|
];
|
|
|
|
extraOptions = [
|
|
"--network=obs-portal-net"
|
|
];
|
|
};
|
|
};
|
|
};
|
|
}
|