obs-portal: init obs-portal on nachtigall #115
140
hosts/nachtigall/apps/obs-portal.nix
Normal file
140
hosts/nachtigall/apps/obs-portal.nix
Normal file
|
@ -0,0 +1,140 @@
|
|||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, self
|
||||
, flake
|
||||
, ...
|
||||
}: let
|
||||
configPy = pkgs.writeText "obs-portal-config.py" ''
|
||||
DEBUG = False
|
||||
VERBOSE = DEBUG
|
||||
AUTO_RESTART = DEBUG
|
||||
LEAN_MODE = False
|
||||
FRONTEND_URL = None
|
||||
FRONTEND_HTTPS = True
|
||||
FRONTEND_DIR = "../frontend/build/"
|
||||
FRONTEND_CONFIG = {
|
||||
"imprintUrl": "https://pub.solar/about",
|
||||
"privacyPolicyUrl": "https://pub.solar/privacy",
|
||||
"mapHome": {"zoom": 12, "latitude": 50.93, "longitude": 6.97},
|
||||
"banner": {
|
||||
"text": "This is an installation serving the Cologne/Bonn region run for Team OBSKöln by pub.solar n.e.V.",
|
||||
"style": "info"
|
||||
},
|
||||
}
|
||||
TILES_FILE = None
|
||||
ADDITIONAL_CORS_ORIGINS = None
|
||||
'';
|
||||
|
||||
env = {
|
||||
OBS_KEYCLOAK_URI = "auth.pub.solar";
|
||||
OBS_PORTAL_URI = "obs-portal.pub.solar";
|
||||
|
||||
OBS_POSTGRES_MAX_OVERFLOW = "20";
|
||||
OBS_POSTGRES_POOL_SIZE = "40";
|
||||
|
||||
OBS_HOST = "0.0.0.0";
|
||||
OBS_PORT = "3000";
|
||||
OBS_KEYCLOAK_URL = "https://auth.pub.solar/realms/pub.solar/";
|
||||
OBS_KEYCLOAK_CLIENT_ID = "openbikesensor-portal";
|
||||
OBS_DEDICATED_WORKER = "True";
|
||||
OBS_DATA_DIR = "/data";
|
||||
OBS_PROXIES_COUNT = "1";
|
||||
};
|
||||
in {
|
||||
age.secrets.obs-portal-env = {
|
||||
file = "${flake.self}/secrets/obs-portal-env.age";
|
||||
mode = "600";
|
||||
};
|
||||
|
||||
age.secrets.obs-portal-database-env = {
|
||||
file = "${flake.self}/secrets/obs-portal-database-env.age";
|
||||
mode = "600";
|
||||
};
|
||||
|
||||
systemd.services."docker-network-obs-portal" =
|
||||
let
|
||||
docker = config.virtualisation.oci-containers.backend;
|
||||
dockerBin = "${pkgs.${docker}}/bin/${docker}";
|
||||
in
|
||||
{
|
||||
serviceConfig.Type = "oneshot";
|
||||
before = [ "docker-obs-portal.service" ];
|
||||
script = ''
|
||||
${dockerBin} network inspect obs-portal-net >/dev/null 2>&1 || ${dockerBin} network create obs-portal-net --subnet 172.20.0.0/24
|
||||
'';
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."obs-portal.pub.solar" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
locations."/" = {
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
proxy_pass http://127.0.0.1:3001;
|
||||
proxy_set_header Host $host;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
virtualisation = {
|
||||
oci-containers = {
|
||||
backend = "docker";
|
||||
|
||||
containers."obs-portal" = {
|
||||
image = "git.pub.solar/pub-solar/obs-portal:latest";
|
||||
autoStart = true;
|
||||
ports = [ "localhost:3001:${env.OBS_PORT}" ];
|
||||
|
||||
environment = env;
|
||||
environmentFiles = [ config.age.secrets.obs-portal-env.path ];
|
||||
|
||||
volumes = [
|
||||
"${configPy}:/opt/obs/api/config.py"
|
||||
"/var/lib/obs-portal${env.OBS_DATA_DIR}:${env.OBS_DATA_DIR}"
|
||||
"/var/lib/obs-portal/tiles/:/tiles"
|
||||
"/var/lib/obs-portal/pbf/:/pbf"
|
||||
];
|
||||
|
||||
extraOptions = [
|
||||
"--network=obs-portal-net"
|
||||
];
|
||||
};
|
||||
|
||||
containers."obs-portal-worker" = {
|
||||
image = "git.pub.solar/pub-solar/obs-portal:latest";
|
||||
autoStart = true;
|
||||
|
||||
cmd = [ "python" "tools/process_track.py" ];
|
||||
|
||||
environment = env;
|
||||
environmentFiles = [ config.age.secrets.obs-portal-env.path ];
|
||||
|
||||
volumes = [
|
||||
"${configPy}:/opt/obs/api/config.py"
|
||||
"/var/lib/obs-portal${env.OBS_DATA_DIR}:${env.OBS_DATA_DIR}"
|
||||
];
|
||||
|
||||
extraOptions = [
|
||||
"--network=obs-portal-net"
|
||||
];
|
||||
};
|
||||
|
||||
containers."obs-portal-db" = {
|
||||
image = "openmaptiles/postgis:7.0";
|
||||
autoStart = true;
|
||||
|
||||
environmentFiles = [ config.age.secrets.obs-portal-database-env.path ];
|
||||
|
||||
volumes = [
|
||||
"/var/lib/postgres-obs-portal/data:/var/lib/postgresql/data"
|
||||
];
|
||||
|
||||
extraOptions = [
|
||||
"--network=obs-portal-net"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -32,6 +32,7 @@
|
|||
./apps/promtail.nix
|
||||
./apps/searx.nix
|
||||
./apps/tmate.nix
|
||||
./apps/obs-portal.nix
|
||||
|
||||
./apps/matrix/irc.nix
|
||||
./apps/matrix/mautrix-telegram.nix
|
||||
|
|
27
secrets/obs-portal-database-env.age
Normal file
27
secrets/obs-portal-database-env.age
Normal file
|
@ -0,0 +1,27 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 iDKjwg hAoEiOaK1U0HImALePEYHiE6xebOOqtVujaBWgNBZF8
|
||||
ecf/ykqYPihRJxI/Y7Oh6QhWSyncwevlzEZoRqm3aGM
|
||||
-> ssh-ed25519 uYcDNw NcIttsTn6wPCmoOYGtZ66IYhthjLDI3sYFe4pbW6cB4
|
||||
9hv4dEYoXXWSZ2pG1hy68vmTf++v+g3q7wVhT6cAog0
|
||||
-> ssh-rsa kFDS0A
|
||||
KoW3J2Tw90chM6Oy17umOQN0WFI4je7CBk3IgdImsd4Mz5q17/nXlhVlFFhx4ZEk
|
||||
Or9LaqytVk1NA6J4+suMRlx4Pd6oberXu1KBkFQMr1B3LKhNOaOZ+W1mrbQLGG9U
|
||||
YUTyOpkHxVkw0IOsvxB/0reMCHtjKHo661zFjim1YFmEk0WRt4hU1XqsMNiE4wbc
|
||||
GF0t9EWMN2pU2p7DpX/DzVTqu8yk8SQhCZc9kfzWcuawwf0rcjwUJ/Rk1MH5tMpK
|
||||
odRXXl1slPPwQinE+KJqeyrfuRDHqwqmxnOfOWG6KQwWkVSE1btiHEvfuuLOjSjl
|
||||
3wO+veRC9hW5sSCPANoFbuSQ1dprmoyaZnOyeRTbgw91ks/ogLBezF/KSkaMQeHx
|
||||
XRnfcceBmeeqHl9L3Z+3EmBjwIqu2Og0pvhDU8G/ZeA0cHS/22QYGzeD/gOqaEW7
|
||||
d1VyA6LZd8PxIjoBamdipIpY0TqZ8+cA/yaUKNnYXXRSlKQ5ggPxh7ZXfvRbGg+m
|
||||
WbNiHxBPcTK7/Bpzes4LJVcx0Ar4XeDxVQe1MITLpFWh+FDEQZEA3630JngZ153J
|
||||
vBvw+VFedPSr6Ov+/33/J3LKC0XRatGnc++AWfo4rWPLCE6qovEDyY+wmct8gv0j
|
||||
rMEK7OaNfyy+Z21mjrkwcEUbyoGt9ksEplaRblE0Lsk
|
||||
-> ssh-ed25519 YFSOsg LmLRtBYMSzjid3VkUgAQvDOS9r0imWSKE7fm0t/x41Y
|
||||
0mae0vsNmaS5aVOKezXit7KV44JKLpU+GWpuA++dCVo
|
||||
-> ssh-ed25519 iHV63A Tc2z2JciftAikoj4Hv9IBgkcYWAcyGuPJTNA3Yw2K1w
|
||||
cO5o/pbaZAtTvXUskOah9vWP/Tuvyi3QDM7g4AQ+b8s
|
||||
-> ssh-ed25519 BVsyTA mk6n6ytaI4V9JVoUZFtwfFOgaLYc6gvVOcSZXQj/FVI
|
||||
etqbUCqe0eY81qaVco7pMJjhfM+sA/bXLMW0bEsCLxI
|
||||
--- CmNq6ZPxFoFTsySVfr7BTHV0tm9cbRYGG6IR7DNgbEY
|
||||
!è烈í}
|
||||
ùSê<>ŸSl®Ds;!ÁjršZçR"—ë#ž¿»ÙÅ~!›Ÿ¤6AùwEn ? kËAcx~—ŽÜGVæ&M¯ý¾ä,
|
||||
a›U
|
BIN
secrets/obs-portal-env.age
Normal file
BIN
secrets/obs-portal-env.age
Normal file
Binary file not shown.
|
@ -1,4 +1,5 @@
|
|||
let
|
||||
<<<<<<< HEAD
|
||||
|
||||
admins = import ../logins/admins.nix;
|
||||
|
||||
nachtigall-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7G0ufi+MNvaAZLDgpieHrABPGN7e/kD5kMFwSk4ABj root@nachtigall";
|
||||
|
@ -64,4 +65,7 @@ in
|
|||
|
||||
"nachtigall-metrics-nginx-basic-auth.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||
"nachtigall-metrics-prometheus-basic-auth-password.age".publicKeys = flora6Keys ++ nachtigallKeys ++ adminKeys;
|
||||
|
||||
"obs-portal-env.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||
"obs-portal-database-env.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue
Merge conflict leftover