obs-portal: init obs-portal on nachtigall
All checks were successful
Flake checks / Check (pull_request) Successful in 5m58s
All checks were successful
Flake checks / Check (pull_request) Successful in 5m58s
This follows the official installation instructions at https://github.com/openbikesensor/portal/blob/main/docs/production-deployment.md Unfortunately, the postgres database needs to have postgis enabled, so we'll have to start a second instance. To stay close to the official deployment instructions, this is running in docker. The secrets were taken from the old installation instance. During initial installation, we'll need to import data from the old instance into this one, which might take a while.
This commit is contained in:
parent
d62b6cda92
commit
4f86c92941
140
hosts/nachtigall/apps/obs-portal.nix
Normal file
140
hosts/nachtigall/apps/obs-portal.nix
Normal file
|
@ -0,0 +1,140 @@
|
||||||
|
{ config
|
||||||
|
, lib
|
||||||
|
, pkgs
|
||||||
|
, self
|
||||||
|
, flake
|
||||||
|
, ...
|
||||||
|
}: let
|
||||||
|
configPy = pkgs.writeText "obs-portal-config.py" ''
|
||||||
|
DEBUG = False
|
||||||
|
VERBOSE = DEBUG
|
||||||
|
AUTO_RESTART = DEBUG
|
||||||
|
LEAN_MODE = False
|
||||||
|
FRONTEND_URL = None
|
||||||
|
FRONTEND_HTTPS = True
|
||||||
|
FRONTEND_DIR = "../frontend/build/"
|
||||||
|
FRONTEND_CONFIG = {
|
||||||
|
"imprintUrl": "https://pub.solar/about",
|
||||||
|
"privacyPolicyUrl": "https://pub.solar/privacy",
|
||||||
|
"mapHome": {"zoom": 12, "latitude": 50.93, "longitude": 6.97},
|
||||||
|
"banner": {
|
||||||
|
"text": "This is an installation serving the Cologne/Bonn region run for Team OBSKöln by pub.solar n.e.V.",
|
||||||
|
"style": "info"
|
||||||
|
},
|
||||||
|
}
|
||||||
|
TILES_FILE = None
|
||||||
|
ADDITIONAL_CORS_ORIGINS = None
|
||||||
|
'';
|
||||||
|
|
||||||
|
env = {
|
||||||
|
OBS_KEYCLOAK_URI = "auth.pub.solar";
|
||||||
|
OBS_PORTAL_URI = "obs-portal.pub.solar";
|
||||||
|
|
||||||
|
OBS_POSTGRES_MAX_OVERFLOW = "20";
|
||||||
|
OBS_POSTGRES_POOL_SIZE = "40";
|
||||||
|
|
||||||
|
OBS_HOST = "0.0.0.0";
|
||||||
|
OBS_PORT = "3000";
|
||||||
|
OBS_KEYCLOAK_URL = "https://auth.pub.solar/realms/pub.solar/";
|
||||||
|
OBS_KEYCLOAK_CLIENT_ID = "openbikesensor-portal";
|
||||||
|
OBS_DEDICATED_WORKER = "True";
|
||||||
|
OBS_DATA_DIR = "/data";
|
||||||
|
OBS_PROXIES_COUNT = "1";
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
age.secrets.obs-portal-env = {
|
||||||
|
file = "${flake.self}/secrets/obs-portal-env.age";
|
||||||
|
mode = "600";
|
||||||
|
};
|
||||||
|
|
||||||
|
age.secrets.obs-portal-database-env = {
|
||||||
|
file = "${flake.self}/secrets/obs-portal-database-env.age";
|
||||||
|
mode = "600";
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services."docker-network-obs-portal" =
|
||||||
|
let
|
||||||
|
docker = config.virtualisation.oci-containers.backend;
|
||||||
|
dockerBin = "${pkgs.${docker}}/bin/${docker}";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
serviceConfig.Type = "oneshot";
|
||||||
|
before = [ "docker-obs-portal.service" ];
|
||||||
|
script = ''
|
||||||
|
${dockerBin} network inspect obs-portal-net >/dev/null 2>&1 || ${dockerBin} network create obs-portal-net --subnet 172.20.0.0/24
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."obs-portal.pub.solar" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
proxyWebsockets = true;
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_pass http://127.0.0.1:3001;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
virtualisation = {
|
||||||
|
oci-containers = {
|
||||||
|
backend = "docker";
|
||||||
|
|
||||||
|
containers."obs-portal" = {
|
||||||
|
image = "git.pub.solar/pub-solar/obs-portal:latest";
|
||||||
|
autoStart = true;
|
||||||
|
ports = [ "localhost:3001:${env.OBS_PORT}" ];
|
||||||
|
|
||||||
|
environment = env;
|
||||||
|
environmentFiles = [ config.age.secrets.obs-portal-env.path ];
|
||||||
|
|
||||||
|
volumes = [
|
||||||
|
"${configPy}:/opt/obs/api/config.py"
|
||||||
|
"/var/lib/obs-portal${env.OBS_DATA_DIR}:${env.OBS_DATA_DIR}"
|
||||||
|
"/var/lib/obs-portal/tiles/:/tiles"
|
||||||
|
"/var/lib/obs-portal/pbf/:/pbf"
|
||||||
|
];
|
||||||
|
|
||||||
|
extraOptions = [
|
||||||
|
"--network=obs-portal-net"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
containers."obs-portal-worker" = {
|
||||||
|
image = "git.pub.solar/pub-solar/obs-portal:latest";
|
||||||
|
autoStart = true;
|
||||||
|
|
||||||
|
cmd = [ "python" "tools/process_track.py" ];
|
||||||
|
|
||||||
|
environment = env;
|
||||||
|
environmentFiles = [ config.age.secrets.obs-portal-env.path ];
|
||||||
|
|
||||||
|
volumes = [
|
||||||
|
"${configPy}:/opt/obs/api/config.py"
|
||||||
|
"/var/lib/obs-portal${env.OBS_DATA_DIR}:${env.OBS_DATA_DIR}"
|
||||||
|
];
|
||||||
|
|
||||||
|
extraOptions = [
|
||||||
|
"--network=obs-portal-net"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
containers."obs-portal-db" = {
|
||||||
|
image = "openmaptiles/postgis:7.0";
|
||||||
|
autoStart = true;
|
||||||
|
|
||||||
|
environmentFiles = [ config.age.secrets.obs-portal-database-env.path ];
|
||||||
|
|
||||||
|
volumes = [
|
||||||
|
"/var/lib/postgres-obs-portal/data:/var/lib/postgresql/data"
|
||||||
|
];
|
||||||
|
|
||||||
|
extraOptions = [
|
||||||
|
"--network=obs-portal-net"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -32,6 +32,7 @@
|
||||||
./apps/promtail.nix
|
./apps/promtail.nix
|
||||||
./apps/searx.nix
|
./apps/searx.nix
|
||||||
./apps/tmate.nix
|
./apps/tmate.nix
|
||||||
|
./apps/obs-portal.nix
|
||||||
|
|
||||||
./apps/matrix/irc.nix
|
./apps/matrix/irc.nix
|
||||||
./apps/matrix/mautrix-telegram.nix
|
./apps/matrix/mautrix-telegram.nix
|
||||||
|
|
27
secrets/obs-portal-database-env.age
Normal file
27
secrets/obs-portal-database-env.age
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 iDKjwg hAoEiOaK1U0HImALePEYHiE6xebOOqtVujaBWgNBZF8
|
||||||
|
ecf/ykqYPihRJxI/Y7Oh6QhWSyncwevlzEZoRqm3aGM
|
||||||
|
-> ssh-ed25519 uYcDNw NcIttsTn6wPCmoOYGtZ66IYhthjLDI3sYFe4pbW6cB4
|
||||||
|
9hv4dEYoXXWSZ2pG1hy68vmTf++v+g3q7wVhT6cAog0
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
KoW3J2Tw90chM6Oy17umOQN0WFI4je7CBk3IgdImsd4Mz5q17/nXlhVlFFhx4ZEk
|
||||||
|
Or9LaqytVk1NA6J4+suMRlx4Pd6oberXu1KBkFQMr1B3LKhNOaOZ+W1mrbQLGG9U
|
||||||
|
YUTyOpkHxVkw0IOsvxB/0reMCHtjKHo661zFjim1YFmEk0WRt4hU1XqsMNiE4wbc
|
||||||
|
GF0t9EWMN2pU2p7DpX/DzVTqu8yk8SQhCZc9kfzWcuawwf0rcjwUJ/Rk1MH5tMpK
|
||||||
|
odRXXl1slPPwQinE+KJqeyrfuRDHqwqmxnOfOWG6KQwWkVSE1btiHEvfuuLOjSjl
|
||||||
|
3wO+veRC9hW5sSCPANoFbuSQ1dprmoyaZnOyeRTbgw91ks/ogLBezF/KSkaMQeHx
|
||||||
|
XRnfcceBmeeqHl9L3Z+3EmBjwIqu2Og0pvhDU8G/ZeA0cHS/22QYGzeD/gOqaEW7
|
||||||
|
d1VyA6LZd8PxIjoBamdipIpY0TqZ8+cA/yaUKNnYXXRSlKQ5ggPxh7ZXfvRbGg+m
|
||||||
|
WbNiHxBPcTK7/Bpzes4LJVcx0Ar4XeDxVQe1MITLpFWh+FDEQZEA3630JngZ153J
|
||||||
|
vBvw+VFedPSr6Ov+/33/J3LKC0XRatGnc++AWfo4rWPLCE6qovEDyY+wmct8gv0j
|
||||||
|
rMEK7OaNfyy+Z21mjrkwcEUbyoGt9ksEplaRblE0Lsk
|
||||||
|
-> ssh-ed25519 YFSOsg LmLRtBYMSzjid3VkUgAQvDOS9r0imWSKE7fm0t/x41Y
|
||||||
|
0mae0vsNmaS5aVOKezXit7KV44JKLpU+GWpuA++dCVo
|
||||||
|
-> ssh-ed25519 iHV63A Tc2z2JciftAikoj4Hv9IBgkcYWAcyGuPJTNA3Yw2K1w
|
||||||
|
cO5o/pbaZAtTvXUskOah9vWP/Tuvyi3QDM7g4AQ+b8s
|
||||||
|
-> ssh-ed25519 BVsyTA mk6n6ytaI4V9JVoUZFtwfFOgaLYc6gvVOcSZXQj/FVI
|
||||||
|
etqbUCqe0eY81qaVco7pMJjhfM+sA/bXLMW0bEsCLxI
|
||||||
|
--- CmNq6ZPxFoFTsySVfr7BTHV0tm9cbRYGG6IR7DNgbEY
|
||||||
|
!è烈í}
|
||||||
|
ùSê<>ŸSl®Ds;!ÁjršZçR"—ë#ž¿»ÙÅ~!›Ÿ¤6AùwEn ? kËAcx~—ŽÜGVæ&M¯ý¾ä,
|
||||||
|
a›U
|
BIN
secrets/obs-portal-env.age
Normal file
BIN
secrets/obs-portal-env.age
Normal file
Binary file not shown.
|
@ -1,4 +1,5 @@
|
||||||
let
|
let
|
||||||
|
<<<<<<< HEAD
|
||||||
admins = import ../logins/admins.nix;
|
admins = import ../logins/admins.nix;
|
||||||
|
|
||||||
nachtigall-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7G0ufi+MNvaAZLDgpieHrABPGN7e/kD5kMFwSk4ABj root@nachtigall";
|
nachtigall-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7G0ufi+MNvaAZLDgpieHrABPGN7e/kD5kMFwSk4ABj root@nachtigall";
|
||||||
|
@ -64,4 +65,7 @@ in
|
||||||
|
|
||||||
"nachtigall-metrics-nginx-basic-auth.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"nachtigall-metrics-nginx-basic-auth.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
"nachtigall-metrics-prometheus-basic-auth-password.age".publicKeys = flora6Keys ++ nachtigallKeys ++ adminKeys;
|
"nachtigall-metrics-prometheus-basic-auth-password.age".publicKeys = flora6Keys ++ nachtigallKeys ++ adminKeys;
|
||||||
|
|
||||||
|
"obs-portal-env.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
"obs-portal-database-env.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue