hosts/elephant/owntracks.nix at master · ryan.freumh.org/nixos

ryan.freumh.org / nixos
btw i use nix
nixos / hosts / elephant / owntracks.nix
at master 3.0 kB view raw
  1{
  2  pkgs,
  3  config,
  4  lib,
  5  ...
  6}:
  7
  8let
  9  cfg = config.services.owntracks-recorder;
 10in
 11{
 12  options.services.owntracks-recorder = {
 13    enable = lib.mkEnableOption "Enable the Owntracks location tracker";
 14    host = lib.mkOption {
 15      type = lib.types.str;
 16      default = "127.0.0.1";
 17    };
 18    port = lib.mkOption {
 19      type = lib.types.port;
 20      default = 1883;
 21    };
 22    httpHost = lib.mkOption {
 23      type = lib.types.str;
 24      default = "127.0.0.1";
 25    };
 26    httpPort = lib.mkOption {
 27      type = lib.types.port;
 28      default = 8083;
 29    };
 30    domain = lib.mkOption {
 31      type = lib.types.nullOr lib.types.str;
 32      default = null;
 33    };
 34  };
 35
 36  config = lib.mkIf cfg.enable {
 37    # TODO TLS and passwords if not behind VPN
 38    services.mosquitto = {
 39      enable = true;
 40      logType = [ "debug" ];
 41      listeners = [
 42        {
 43          port = cfg.port;
 44          address = cfg.host;
 45          acl = [ "topic readwrite #" ];
 46          omitPasswordAuth = true;
 47          users = { };
 48          settings = {
 49            allow_anonymous = true;
 50          };
 51        }
 52      ];
 53    };
 54
 55    systemd.services.owntracks-recorder = {
 56      description = "OwnTracks Recorder Service";
 57      wantedBy = [ "multi-user.target" ];
 58      after = [
 59        "network.target"
 60        "mosquitto.service"
 61      ];
 62
 63      serviceConfig = {
 64        ExecStart =
 65          "${pkgs.owntracks-recorder}/bin/ot-recorder"
 66          + " --storage /var/lib/owntracks"
 67          + " --doc-root ${pkgs.owntracks-recorder.src}/docroot"
 68          + " --host ${cfg.host} --port ${builtins.toString cfg.port}"
 69          + " 'owntracks/#'";
 70        StateDirectory = "owntracks";
 71        Restart = "on-failure";
 72        User = "owntracks";
 73        Group = "owntracks";
 74      };
 75    };
 76    users.users.owntracks = {
 77      isSystemUser = true;
 78      group = "owntracks";
 79    };
 80    users.groups.owntracks = { };
 81
 82    services.nginx = lib.mkIf (cfg.domain != null) {
 83      enable = true;
 84      virtualHosts."${cfg.domain}" = {
 85        locations = {
 86          "/ws" = {
 87            proxyPass = "http://${cfg.httpHost}:${builtins.toString cfg.httpPort}";
 88            proxyWebsockets = true;
 89            recommendedProxySettings = true;
 90          };
 91          "/" = {
 92            proxyPass = "http://${cfg.httpHost}:${builtins.toString cfg.httpPort}/";
 93            recommendedProxySettings = true;
 94          };
 95          "/view/" = {
 96            proxyPass = "http://${cfg.httpHost}:${builtins.toString cfg.httpPort}/view/";
 97            recommendedProxySettings = true;
 98            # Chrome fix
 99            extraConfig = "proxy_buffering off;";
100          };
101          "/static/" = {
102            proxyPass = "http://${cfg.httpHost}:${builtins.toString cfg.httpPort}/static/";
103            recommendedProxySettings = true;
104          };
105          "/utils/" = {
106            proxyPass = "http://${cfg.httpHost}:${builtins.toString cfg.httpPort}/utils/";
107            recommendedProxySettings = true;
108          };
109        };
110      };
111    };
112  };
113}