Set up CGM repository

This commit is contained in:
coolneng 2023-05-24 14:15:15 +02:00
parent 98f1492da8
commit 2df2bddaee
Signed by: coolneng
GPG Key ID: 9893DA236405AF57
7 changed files with 48 additions and 0 deletions

View File

@ -161,6 +161,11 @@ with pkgs;
owner = "mosquitto"; owner = "mosquitto";
group = "mosquitto"; group = "mosquitto";
}; };
secrets.nightscout = {
file = secrets/nightscout.age;
owner = "coolneng";
group = "podman";
};
identityPaths = [ "/etc/ssh/id_ed25519" ]; identityPaths = [ "/etc/ssh/id_ed25519" ];
}; };

View File

@ -27,7 +27,29 @@
ports = [ "127.0.0.1:9641:9641" ]; ports = [ "127.0.0.1:9641:9641" ];
volumes = [ "/vault/mqtt2prometheus/config.yaml:/config.yaml" ]; volumes = [ "/vault/mqtt2prometheus/config.yaml:/config.yaml" ];
}; };
# CGM repository
nightscout = {
image = "nightscout/cgm-remote-monitor@sha256:ce522a9fe9b1373f576329e48349a622c8a9b6177c93dc2771152df36dd90876";
environmentFiles = [ config.age.secrets.nightscout.path ];
extraOptions = ["--pod=cgm-repo"];
dependsOn = [ "mongodb" ];
};
# CGM repository database
mongodb = {
image = "mongo:4.4.9@sha256:0837a92d01bcc8c750a8d692ed4df33f0befd07ef261b23e7d9feda04bacd3eb";
volumes = ["/vault/mongodb:/data/db"];
extraOptions = ["--pod=cgm-repo"];
};
}; };
}; };
}; };
# Allow networking between Cgm-Repo and MongoDB
systemd.services.create-cgm-repo-pod = {
serviceConfig.Type = "oneshot";
wantedBy = [ "podman-mongodb.service" ];
script = with pkgs; ''
${podman}/bin/podman pod exists cgm-repo || ${podman}/bin/podman pod create -n cgm-repo -p '127.0.0.1:1337:1337'
'';
};
} }

View File

@ -63,6 +63,8 @@ in {
systemctl restart gitea systemctl restart gitea
systemctl restart podman-openbooks systemctl restart podman-openbooks
systemctl restart podman-mqtt2prometheus systemctl restart podman-mqtt2prometheus
systemctl restart podman-mongodb
systemctl restart podman-nightscout
''; '';
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
requires = [ "sata-hat.service" ]; requires = [ "sata-hat.service" ];

View File

@ -170,6 +170,16 @@
deny all; deny all;
''; '';
}; };
"nightscout.coolneng.duckdns.org" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:1337";
extraConfig = ''
proxy_set_header X-Forwarded-For $remote_addr;
'';
};
};
}; };
}; };

View File

@ -37,6 +37,7 @@ services=(
"podman-mqtt2prometheus.service" "podman-mqtt2prometheus.service"
"prometheus.service" "prometheus.service"
"grafana.service" "grafana.service"
"podman-nightscout.service"
) )
for var in "${services[@]}"; do for var in "${services[@]}"; do

7
secrets/nightscout.age Normal file
View File

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 iUaRGg NZSMxPHyuZano1tMkjZzhPEfnBwWwOtDTooV867g3Qw
Ssp5a60zPbHr77RfbvQdKFNzLaq/fBZin1Rct8Zw2jQ
-> #~O6EL*-grease I?m(Z\ aUDPI+
QcXMNHYJv2PQRY77oASq/8x3L9hv5m6a+Hd36ok
--- tAdv5iia1ggSTOAF3Wnt+GKK1ulw1FO1FqVSU+cT5MQ
}/ITiÌU§.-n”<6E>p®ü™o<E284A2>$EðòØÀ½8ÝÛ¬×jp¢ªêEåo°è÷P â<>š˜ìúej¸Š<¬þ<C2AC>6Æ6€g:W,b±çõÕ®Ÿ8·±…ofÁîóÞG<C39E>€º I ΢ãÍ}B[F§<46>ýü|âS¤÷ ½ÿמêÐ¥Pw™ï]ǽ fßZœd'nòâv͇»P1¡2μúšƒƒê$_?*§9É­y<C2AD>Èÿùù'n§

View File

@ -14,4 +14,5 @@ in {
"telegram.age".publicKeys = [ zion ]; "telegram.age".publicKeys = [ zion ];
"mqtt-sender.age".publicKeys = [ zion ]; "mqtt-sender.age".publicKeys = [ zion ];
"mqtt-receiver.age".publicKeys = [ zion ]; "mqtt-receiver.age".publicKeys = [ zion ];
"nightscout.age".publicKeys = [ zion ];
} }