{ config , lib , pkgs , self , flake , ... }: let configPy = pkgs.writeText "obs-portal-config.py" '' DEBUG = False VERBOSE = DEBUG AUTO_RESTART = DEBUG LEAN_MODE = False FRONTEND_URL = None FRONTEND_HTTPS = True FRONTEND_DIR = "../frontend/build/" FRONTEND_CONFIG = { "imprintUrl": "https://pub.solar/about", "privacyPolicyUrl": "https://pub.solar/privacy", "mapHome": {"zoom": 12, "latitude": 50.93, "longitude": 6.97}, "banner": { "text": "This is an installation serving the Cologne/Bonn region run for Team OBSKöln by pub.solar n.e.V.", "style": "info" }, } TILES_FILE = None ADDITIONAL_CORS_ORIGINS = None ''; env = { OBS_KEYCLOAK_URI = "auth.pub.solar"; OBS_PORTAL_URI = "obs-portal.pub.solar"; OBS_POSTGRES_MAX_OVERFLOW = "20"; OBS_POSTGRES_POOL_SIZE = "40"; OBS_HOST = "0.0.0.0"; OBS_PORT = "3000"; OBS_KEYCLOAK_URL = "https://auth.pub.solar/realms/pub.solar/"; OBS_KEYCLOAK_CLIENT_ID = "openbikesensor-portal"; OBS_DEDICATED_WORKER = "True"; OBS_DATA_DIR = "/data"; OBS_PROXIES_COUNT = "1"; }; in { age.secrets.obs-portal-env = { file = "${flake.self}/secrets/obs-portal-env.age"; mode = "600"; }; age.secrets.obs-portal-database-env = { file = "${flake.self}/secrets/obs-portal-database-env.age"; mode = "600"; }; systemd.services."docker-network-obs-portal" = let docker = config.virtualisation.oci-containers.backend; dockerBin = "${pkgs.${docker}}/bin/${docker}"; in { serviceConfig.Type = "oneshot"; before = [ "docker-obs-portal.service" "docker-obs-portal-db.service" "docker-obs-portal-worker.service" ]; requiredBy = [ "docker-obs-portal.service" "docker-obs-portal-db.service" "docker-obs-portal-worker.service" ]; script = '' ${dockerBin} network inspect obs-portal-net >/dev/null 2>&1 || ${dockerBin} network create obs-portal-net --subnet 172.20.0.0/24 ''; }; services.nginx.virtualHosts."obs-portal.pub.solar" = { enableACME = true; forceSSL = true; locations."/" = { proxyWebsockets = true; extraConfig = '' proxy_pass http://127.0.0.1:3001; proxy_set_header Host $host; ''; }; }; virtualisation = { oci-containers = { backend = "docker"; containers."obs-portal" = { image = "git.pub.solar/pub-solar/obs-portal:latest"; autoStart = true; ports = [ "127.0.0.1:3001:${env.OBS_PORT}" ]; dependsOn = [ "obs-portal-db" "obs-portal-worker" ]; environment = env; environmentFiles = [ config.age.secrets.obs-portal-env.path ]; volumes = [ "${configPy}:/opt/obs/api/config.py" "/var/lib/obs-portal${env.OBS_DATA_DIR}:${env.OBS_DATA_DIR}" "/var/lib/obs-portal/tiles/:/tiles" "/var/lib/obs-portal/pbf/:/pbf" ]; extraOptions = [ "--network=obs-portal-net" ]; }; containers."obs-portal-worker" = { image = "git.pub.solar/pub-solar/obs-portal:latest"; autoStart = true; cmd = [ "python" "tools/process_track.py" ]; environment = env; environmentFiles = [ config.age.secrets.obs-portal-env.path ]; volumes = [ "${configPy}:/opt/obs/api/config.py" "/var/lib/obs-portal${env.OBS_DATA_DIR}:${env.OBS_DATA_DIR}" ]; extraOptions = [ "--network=obs-portal-net" ]; }; containers."obs-portal-db" = { image = "openmaptiles/postgis:7.0"; autoStart = true; environmentFiles = [ config.age.secrets.obs-portal-database-env.path ]; volumes = [ "/var/lib/postgres-obs-portal/data:/var/lib/postgresql/data" ]; extraOptions = [ "--network=obs-portal-net" ]; }; }; }; }