pub-solar/infra
6
1
Fork 3
Code Issues 18 Pull requests 11 Actions Packages Projects 1 Releases Wiki Activity
infra/modules/obs-portal/default.nix
teutat3s 27dc20dd04
All checks were successful
Flake checks / Check (pull_request) Successful in 23m21s
Details
obs-portal: add backups to garage bucket + storagebox 
Restic backups to garage S3 bucket nachtigall-backups
2024-08-29 10:09:04 +02:00

173 lines
4.6 KiB
Nix
Raw Blame History

{
config,
lib,
pkgs,
self,
flake,
...
}:
let
configPy = pkgs.writeText "obs-portal-config.py" ''
DEBUG = False
VERBOSE = DEBUG
AUTO_RESTART = DEBUG
LEAN_MODE = False
FRONTEND_URL = None
FRONTEND_HTTPS = True
FRONTEND_DIR = "../frontend/build/"
FRONTEND_CONFIG = {
"imprintUrl": "${config.pub-solar-os.imprintUrl}",
"privacyPolicyUrl": "${config.pub-solar-os.privacyPolicyUrl}",
"mapHome": {"zoom": 12, "latitude": 50.93, "longitude": 6.97},
"banner": {
"text": "This is an installation serving the Cologne/Bonn region run for Team OBSKöln by pub.solar n.e.V.",
"style": "info"
},
}
TILES_FILE = None
ADDITIONAL_CORS_ORIGINS = None
'';
env = {
OBS_KEYCLOAK_URI = "auth.${config.pub-solar-os.networking.domain}";
OBS_PORTAL_URI = "obs-portal.${config.pub-solar-os.networking.domain}";
OBS_POSTGRES_MAX_OVERFLOW = "20";
OBS_POSTGRES_POOL_SIZE = "40";
OBS_HOST = "0.0.0.0";
OBS_PORT = "3000";
OBS_KEYCLOAK_URL = "https://auth.${config.pub-solar-os.networking.domain}/realms/${config.pub-solar-os.auth.realm}/";
OBS_KEYCLOAK_CLIENT_ID = "openbikesensor-portal";
OBS_DEDICATED_WORKER = "True";
OBS_DATA_DIR = "/data";
OBS_PROXIES_COUNT = "1";
};
in
{
age.secrets.obs-portal-env = {
file = "${flake.self}/secrets/obs-portal-env.age";
mode = "600";
};
age.secrets.obs-portal-database-env = {
file = "${flake.self}/secrets/obs-portal-database-env.age";
mode = "600";
};
systemd.services."docker-network-obs-portal" =
let
docker = config.virtualisation.oci-containers.backend;
dockerBin = "${pkgs.${docker}}/bin/${docker}";
in
{
serviceConfig.Type = "oneshot";
before = [
"docker-obs-portal.service"
"docker-obs-portal-db.service"
"docker-obs-portal-worker.service"
];
requiredBy = [
"docker-obs-portal.service"
"docker-obs-portal-db.service"
"docker-obs-portal-worker.service"
];
script = ''
${dockerBin} network inspect obs-portal-net >/dev/null 2>&1 || ${dockerBin} network create obs-portal-net --subnet 172.20.0.0/24
'';
};
services.nginx.virtualHosts."obs-portal.${config.pub-solar-os.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyWebsockets = true;
extraConfig = ''
proxy_pass http://127.0.0.1:3001;
proxy_set_header Host $host;
'';
};
};
virtualisation = {
oci-containers = {
backend = "docker";
containers."obs-portal" = {
image = "git.pub.solar/pub-solar/obs-portal:latest";
autoStart = true;
ports = [ "127.0.0.1:3001:${env.OBS_PORT}" ];
dependsOn = [
"obs-portal-db"
"obs-portal-worker"
];
environment = env;
environmentFiles = [ config.age.secrets.obs-portal-env.path ];
volumes = [
"${configPy}:/opt/obs/api/config.py"
"/var/lib/obs-portal${env.OBS_DATA_DIR}:${env.OBS_DATA_DIR}"
"/var/lib/obs-portal/pbf/:/pbf"
];
extraOptions = [ "--network=obs-portal-net" ];
};
containers."obs-portal-worker" = {
image = "git.pub.solar/pub-solar/obs-portal:latest";
autoStart = true;
cmd = [
"python"
"tools/process_track.py"
];
environment = env;
environmentFiles = [ config.age.secrets.obs-portal-env.path ];
volumes = [
"${configPy}:/opt/obs/api/config.py"
"/var/lib/obs-portal${env.OBS_DATA_DIR}:${env.OBS_DATA_DIR}"
];
extraOptions = [ "--network=obs-portal-net" ];
};
containers."obs-portal-db" = {
image = "openmaptiles/postgis:7.0";
autoStart = true;
environmentFiles = [ config.age.secrets.obs-portal-database-env.path ];
volumes = [ "/var/lib/postgres-obs-portal/data:/var/lib/postgresql/data" ];
extraOptions = [ "--network=obs-portal-net" ];
};
};
};
pub-solar-os.backups.restic.obs-portal = {
paths = [
"/var/lib/obs-portal/data"
"/tmp/obs-portal-backup.sql"
];
timerConfig = {
OnCalendar = "*-*-* 00:30:00 Etc/UTC";
};
initialize = true;
backupPrepareCommand = ''
${pkgs.docker}/bin/docker exec -ti --user postgres obs-portal-db pg_dump obs > /tmp/obs-portal-backup.sql
'';
backupCleanupCommand = ''
rm /tmp/obs-portal-backup.sql
'';
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 4"
"--keep-monthly 3"
];
};
}
Reference in a new issue View git blame Copy permalink