genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-03-27 09:27:44 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

OwnTracks works now

Browse source
This commit is contained in:
Gene Liverman 2024-06-16 07:31:27 -04:00
parent c68680eff4
commit 158397df0c
5 changed files with 108 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

9
modules/hosts/nixos/hetznix01/default.nix
View file

@ -1,8 +1,7 @@
{ username, ... }: { { pkgs, username, ... }: {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./disk-config.nix ./disk-config.nix
./owntracks.nix
./post-install-general.nix ./post-install-general.nix
./post-install-nginx.nix ./post-install-nginx.nix
]; ];
@ -17,6 +16,11 @@
efiInstallAsRemovable = true; efiInstallAsRemovable = true;
}; };
environment.systemPackages = with pkgs; [
podman-tui # status of containers in the terminal
podman-compose
];
networking = { networking = {
# Open ports in the firewall. # Open ports in the firewall.
firewall.allowedTCPPorts = [ firewall.allowedTCPPorts = [
@ -74,6 +78,7 @@
isNormalUser = true; isNormalUser = true;
description = "Gene Liverman"; description = "Gene Liverman";
extraGroups = [ "networkmanager" "wheel" ]; extraGroups = [ "networkmanager" "wheel" ];
linger = true;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjigwV0KnnaTnFmKjjvnULa5X+hvsy2FAlu+lUUY59f gene@rainbow-planet" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjigwV0KnnaTnFmKjjvnULa5X+hvsy2FAlu+lUUY59f gene@rainbow-planet"
]; ];

53
modules/hosts/nixos/hetznix01/owntracks.nix
View file

@ -1,9 +1,42 @@
{ config, pkgs, ... }: let { config, pkgs, ... }: let
frontend_port = "8082"; frontend_port = "8082";
in { in {
environment.systemPackages = with pkgs; [ environment = {
owntracks-recorder etc = {
]; "default/ot-recorder".text = ''
OTR_USER="recorder"
OTR_PASS="toenail-madmen-nazareth-fum"
OTR_GEOKEY="opencage:b85db97221cc4239b34e0ca07e71471e"
OTR_TOPICS="owntracks/#"
OTR_HTTPHOST="127.0.0.1"
OTR_HTTPPREFIX="owntracks"
'';
};
};
services.mosquitto = {
enable = true;
persistence = true;
listeners = [
{
address = "127.0.0.1";
port = 1883;
users = {
recorder.passwordFile = config.sops.secrets.mqtt_recorder_pass.path;
};
}
];
};
users = {
groups.owntracks.gid = config.users.users.owntracks.uid;
users.owntracks = {
isSystemUser = true;
description = "OwnTracks";
group = "owntracks";
home = "/home/owntracks";
};
};
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
"owntracks-frontend" = { "owntracks-frontend" = {
@ -11,10 +44,18 @@ in {
image = "docker.io/owntracks/frontend:2.15.3"; image = "docker.io/owntracks/frontend:2.15.3";
environment = { environment = {
LISTEN = frontend_port; LISTEN = frontend_port;
SERVER_HOST = config.networking.hostName; SERVER_HOST = "ot-recorder";
SERVER_PORT = "8083";
}; };
ports = [ "${frontend_port}:${frontend_port}" ]; ports = [ "127.0.0.1:${frontend_port}:80" ];
};
"ot-recorder" = {
autoStart = true;
image = "docker.io/owntracks/frontend:2.15.3";
ports = [ "127.0.0.1:8083:8083" ];
volumes = [
"/etc/default/config:/config"
"/var/spool/owntracks/recorder/store:/store"
];
}; };
}; };
} }

19
modules/hosts/nixos/hetznix01/post-install-general.nix
View file

@ -32,9 +32,28 @@
owner = "${username}"; owner = "${username}";
path = "/home/${username}/.private-env"; path = "/home/${username}/.private-env";
}; };
mqtt_recorder_pass.restartUnits = ["mosquitto.service"];
owntracks_basic_auth = {
owner = config.users.users.nginx.name;
restartUnits = ["nginx.service"];
};
tailscale_key = { tailscale_key = {
restartUnits = [ "tailscaled-autoconnect.service" ]; restartUnits = [ "tailscaled-autoconnect.service" ];
}; };
}; };
}; };
# Enable common container config files in /etc/containers
virtualisation.containers.enable = true;
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
};
} }

50
modules/hosts/nixos/hetznix01/post-install-nginx.nix
View file

@ -3,6 +3,7 @@
http_port = 80; http_port = 80;
https_port = 443; https_port = 443;
in { in {
imports = [ imports = [
../../../system/common/linux/lets-encrypt.nix ../../../system/common/linux/lets-encrypt.nix
]; ];
@ -38,7 +39,7 @@ in {
''; '';
}; };
}; };
"ot.${domain}}" = { "ot.${domain}" = {
listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }]; listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
@ -47,34 +48,43 @@ in {
locations = { locations = {
# OwnTracks Frontend container # OwnTracks Frontend container
"/" = { "/" = {
proxypass = "http://127.0.0.1:8082"; proxyPass = "http://127.0.0.1:8082";
recommendedproxysettings = true; recommendedProxySettings = true;
}; };
};
};
"recorder.${domain}" = {
listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
enableACME = true;
acmeRoot = null;
forceSSL = true;
basicAuthFile = config.sops.secrets.owntracks_basic_auth.path;
locations = {
# OwnTracks Recorder # OwnTracks Recorder
"/owntracks/" = { "/" = {
proxypass = "http://127.0.0.1:8083"; proxyPass = "http://127.0.0.1:8083";
recommendedproxysettings = true; recommendedProxySettings = true;
}; };
"/owntracks/pub" = { # Client apps need to point to this path "/pub" = { # Client apps need to point to this path
extraConfig = "proxy_set_header X-Limit-U $remote_user;"; extraConfig = "proxy_set_header X-Limit-U $remote_user;";
proxypass = "http://127.0.0.1:8083/pub"; proxyPass = "http://127.0.0.1:8083/pub";
recommendedproxysettings = true; recommendedProxySettings = true;
}; };
"/owntracks/static/" = { "/static/" = {
proxypass = "http://127.0.0.1:8083/static/"; proxyPass = "http://127.0.0.1:8083/static/";
recommendedproxysettings = true; recommendedProxySettings = true;
}; };
"/owntracks/utils/" = { "/utils/" = {
proxypass = "http://127.0.0.1:8083/utils/"; proxyPass = "http://127.0.0.1:8083/utils/";
recommendedproxysettings = true; recommendedProxySettings = true;
}; };
"/owntracks/view/" = { "/view/" = {
extraConfig = "proxy_buffering off;"; extraConfig = "proxy_buffering off;";
proxypass = "http://127.0.0.1:8083/view/"; proxyPass = "http://127.0.0.1:8083/view/";
recommendedproxysettings = true; recommendedProxySettings = true;
}; };
"/owntracks/ws" = { "/ws" = {
extraConfig = "rewrite ^/owntracks/(.*) /$1 break;"; extraConfig = "rewrite ^/(.*) /$1 break;";
proxyPass = "http://127.0.0.1:8083"; proxyPass = "http://127.0.0.1:8083";
recommendedProxySettings = true; recommendedProxySettings = true;
}; };

6
modules/hosts/nixos/hetznix01/secrets.yaml
View file

@ -1,5 +1,7 @@
local_git_config: ENC[AES256_GCM,data:BulcGoJ85+BA3maqbMewUdaNOl3feaJMq/4yZL8Y8SLOHqzmA/DUO7k=,iv:V7wpSiEQpt7AhKd+MUyGqTsO6YZovpkj+AaqpLnfRM0=,tag:7f3fFzQX3bpjokVPnUKDPQ==,type:str] local_git_config: ENC[AES256_GCM,data:BulcGoJ85+BA3maqbMewUdaNOl3feaJMq/4yZL8Y8SLOHqzmA/DUO7k=,iv:V7wpSiEQpt7AhKd+MUyGqTsO6YZovpkj+AaqpLnfRM0=,tag:7f3fFzQX3bpjokVPnUKDPQ==,type:str]
local_private_env: ENC[AES256_GCM,data:OFcCaE9/hpd6JIoUTTxg0pEFL3rkUE3G+JzP/wjFXpa/AJa2Rr0Kv42Pu+iwgPMWgcpp50ChjVxGvbceNQ==,iv:I2LyWwvdMdE4wKLb3udLVMu3jFsvYR1ruZvaVt9GG7c=,tag:tBPmlNr0iNdLRU1GIRV2mg==,type:str] local_private_env: ENC[AES256_GCM,data:OFcCaE9/hpd6JIoUTTxg0pEFL3rkUE3G+JzP/wjFXpa/AJa2Rr0Kv42Pu+iwgPMWgcpp50ChjVxGvbceNQ==,iv:I2LyWwvdMdE4wKLb3udLVMu3jFsvYR1ruZvaVt9GG7c=,tag:tBPmlNr0iNdLRU1GIRV2mg==,type:str]
mqtt_recorder_pass: ENC[AES256_GCM,data:N44nv2mk5zguWXNHdKsxhoKUjiduD1hzsAb6,iv:aLudKuUBTPXgtAF33exELH/PESD0CqoDaydeqdhcmbA=,tag:3lhrqO8jxJiRHWZjWSRa0g==,type:str]
owntracks_basic_auth: ENC[AES256_GCM,data:GX1U1uf7+erE+g9GzhXK5ED2QicfcbpRCwpJDw6Zr9X2FtdMYleH5mhLxw==,iv:PflRq+P50+oFf4wv5wwlY6V9bApGuJ3tlYTvJZ5mg0E=,tag:VHBY5qv7rX74DGURsYaWpw==,type:str]
tailscale_key: ENC[AES256_GCM,data:Bl00WuIrLvxmt7aNsoXC6G7XFls7waZMzdfo/MsEOZl/i3wHwrjrmgwd3V4GkaJ42UjrC1OLobrkuLves4w=,iv:tlCu0EWgvhvs1ANdtQr7KWHJ2RjpHniUm/rFC4L/MHs=,tag:+8eov9w+SPGZPnjMdrN8gA==,type:str] tailscale_key: ENC[AES256_GCM,data:Bl00WuIrLvxmt7aNsoXC6G7XFls7waZMzdfo/MsEOZl/i3wHwrjrmgwd3V4GkaJ42UjrC1OLobrkuLves4w=,iv:tlCu0EWgvhvs1ANdtQr7KWHJ2RjpHniUm/rFC4L/MHs=,tag:+8eov9w+SPGZPnjMdrN8gA==,type:str]
sops: sops:
kms: [] kms: []
@ -16,8 +18,8 @@ sops:
WkI4ejBaODI0d0tjWHpTT3VWTXNyaXcKMDtvHN4gcZqBNslyC+NwYW05zgs8QuPV WkI4ejBaODI0d0tjWHpTT3VWTXNyaXcKMDtvHN4gcZqBNslyC+NwYW05zgs8QuPV
W6EktAz+xu6kx5BJbli5GkUFmj52AtEGIqZ1Sr4a0pKQACC87XcTQA== W6EktAz+xu6kx5BJbli5GkUFmj52AtEGIqZ1Sr4a0pKQACC87XcTQA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-15T20:49:45Z" lastmodified: "2024-06-16T03:36:06Z"
mac: ENC[AES256_GCM,data:TPY25QfdBEoQbOMoF0kDIv9P3uwqY5pq2HyFIckhidaKvUNog5OVHmXsycpEZ+JC6NOPHWpd0wrYB8XYJI4R3ND/w3Gjl/NGEnDjX7FihkhQZOlTUap+/7UBL3gTQKR/jd0enWn1FIQuOrXmNsJ3RhPStQNpHRmgSPR5FVecJFI=,iv:dIQmQjKK7VFnxOYxkDSRDZNFpsv1+6YU9tpOr8XsTtw=,tag:FDlGiuJR2mwuci+z2Pa5rg==,type:str] mac: ENC[AES256_GCM,data:KkJ7awR2HwH8MBHrDzOifwD6ePACWsGFaNg8/eixKvb+/V4k2NkOxZPzdemcqMaCPCzhX9bGlE76MGy9y6JWvln+yKkBx7uilSdfGu5bVnMQY0JT8r2nW4tCfJ1VpLOxdvcw8pUjeK/oizvUolk7DJ1PecrPQuSmhGkOAL6h6dA=,iv:nd0F7sU9hYOu3qb0kXSstRt8M3QDmciSs5ArtiXI6XQ=,tag:gGG8NnO690UrTq6y4NnK9w==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1