From 701e47473a8ac50f712a81f8eab55a3420d0d9dd Mon Sep 17 00:00:00 2001 From: coolneng Date: Wed, 24 May 2023 14:15:15 +0200 Subject: [PATCH] Set up CGM repository --- configuration.nix | 5 +++++ modules/containers.nix | 24 ++++++++++++++++++++++++ modules/periodic.nix | 2 ++ modules/webstack.nix | 10 ++++++++++ scripts/motd.sh | 1 + secrets/nightscout.age | Bin 0 -> 477 bytes secrets/secrets.nix | 1 + 7 files changed, 43 insertions(+) create mode 100644 secrets/nightscout.age diff --git a/configuration.nix b/configuration.nix index c05351e..6d63fec 100644 --- a/configuration.nix +++ b/configuration.nix @@ -161,6 +161,11 @@ with pkgs; owner = "mosquitto"; group = "mosquitto"; }; + secrets.nightscout = { + file = secrets/nightscout.age; + owner = "coolneng"; + group = "podman"; + }; identityPaths = [ "/etc/ssh/id_ed25519" ]; }; diff --git a/modules/containers.nix b/modules/containers.nix index 431cc70..9fe0902 100644 --- a/modules/containers.nix +++ b/modules/containers.nix @@ -27,7 +27,31 @@ ports = [ "127.0.0.1:9641:9641" ]; volumes = [ "/vault/mqtt2prometheus/config.yaml:/config.yaml" ]; }; + # CGM repository + nightscout = { + image = + "nightscout/cgm-remote-monitor@sha256:ce522a9fe9b1373f576329e48349a622c8a9b6177c93dc2771152df36dd90876"; + environmentFiles = [ config.age.secrets.nightscout.path ]; + extraOptions = [ "--pod=cgm-repo" ]; + dependsOn = [ "mongodb" ]; + }; + # CGM repository database + mongodb = { + image = + "mongo:4.4.9@sha256:0837a92d01bcc8c750a8d692ed4df33f0befd07ef261b23e7d9feda04bacd3eb"; + volumes = [ "/vault/mongodb:/data/db" ]; + extraOptions = [ "--pod=cgm-repo" ]; + }; }; }; }; + + # Allow networking between Cgm-Repo and MongoDB + systemd.services.create-cgm-repo-pod = { + serviceConfig.Type = "oneshot"; + wantedBy = [ "podman-mongodb.service" ]; + script = with pkgs; '' + ${podman}/bin/podman pod exists cgm-repo || ${podman}/bin/podman pod create -n cgm-repo -p '127.0.0.1:1337:1337' + ''; + }; } diff --git a/modules/periodic.nix b/modules/periodic.nix index 04fc06e..a5aadd8 100644 --- a/modules/periodic.nix +++ b/modules/periodic.nix @@ -63,6 +63,8 @@ in { systemctl restart gitea systemctl restart podman-openbooks systemctl restart podman-mqtt2prometheus + systemctl restart podman-mongodb + systemctl restart podman-nightscout ''; serviceConfig.Type = "oneshot"; requires = [ "sata-hat.service" ]; diff --git a/modules/webstack.nix b/modules/webstack.nix index 9e9e835..ddc4a98 100644 --- a/modules/webstack.nix +++ b/modules/webstack.nix @@ -170,6 +170,16 @@ deny all; ''; }; + "nightscout.coolneng.duckdns.org" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:1337"; + extraConfig = '' + proxy_set_header X-Forwarded-For $remote_addr; + ''; + }; + }; }; }; diff --git a/scripts/motd.sh b/scripts/motd.sh index 22e7311..bb2a38b 100755 --- a/scripts/motd.sh +++ b/scripts/motd.sh @@ -37,6 +37,7 @@ services=( "podman-mqtt2prometheus.service" "prometheus.service" "grafana.service" + "podman-nightscout.service" ) for var in "${services[@]}"; do diff --git a/secrets/nightscout.age b/secrets/nightscout.age new file mode 100644 index 0000000000000000000000000000000000000000..064638cddc801476f28d7661508acf5cfd2b861a GIT binary patch literal 477 zcmV<30V4ikXJsvAZewzJaCB*JZZ2Kb7V(QW^7Djax_(LMJqRVLNqlsM{hKDc}+@kIAUdZMo4T-cxwtsZh1FtOJ_oG zSyfqDbyGxfGjnuIaaL_LYfff2NOg8}VR3F(OKL(?Lw5=-J|HPrW-VuOWnpt=AZKBC zb|q(NL<%`qbU068PB&*(P)K-sS50|sOhR}?R6}q_K`S_JZ$~skLv43)X>2iaIB_^h zWJX#=WluSDN=^zbEiE89N@j0GM{qJnPIO0WO?P2pRCG#ER%bbCXH98LWlvBxZck5X zPA@TcG%yNrdx%*8z2~IOfEW+R^Pk6%Wc<+(z*Ak#PU_s%>YXyKGKaO+4lmwB&Dipb z7TQ^aWT|I_RDyP7NEyr{y%ZEXNF&@8>}-|0y>U^&QdHxw5X6^cmK>%_lZ$Al3tM=x z41{qgMI`QwdO!%9L01xCTNH-^=-4BB2R|I}Za3lD?}Fwb+*IH4