From 701e47473a8ac50f712a81f8eab55a3420d0d9dd Mon Sep 17 00:00:00 2001
From: coolneng <akasroua@gmail.com>
Date: Wed, 24 May 2023 14:15:15 +0200
Subject: [PATCH] Set up CGM repository
---
configuration.nix | 5 +++++
modules/containers.nix | 24 ++++++++++++++++++++++++
modules/periodic.nix | 2 ++
modules/webstack.nix | 10 ++++++++++
scripts/motd.sh | 1 +
secrets/nightscout.age | Bin 0 -> 477 bytes
secrets/secrets.nix | 1 +
7 files changed, 43 insertions(+)
create mode 100644 secrets/nightscout.age
diff --git a/configuration.nix b/configuration.nix
index c05351e..6d63fec 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -161,6 +161,11 @@ with pkgs;
owner = "mosquitto";
group = "mosquitto";
};
+ secrets.nightscout = {
+ file = secrets/nightscout.age;
+ owner = "coolneng";
+ group = "podman";
+ };
identityPaths = [ "/etc/ssh/id_ed25519" ];
};
diff --git a/modules/containers.nix b/modules/containers.nix
index 431cc70..9fe0902 100644
--- a/modules/containers.nix
+++ b/modules/containers.nix
@@ -27,7 +27,31 @@
ports = [ "127.0.0.1:9641:9641" ];
volumes = [ "/vault/mqtt2prometheus/config.yaml:/config.yaml" ];
};
+ # CGM repository
+ nightscout = {
+ image =
+ "nightscout/cgm-remote-monitor@sha256:ce522a9fe9b1373f576329e48349a622c8a9b6177c93dc2771152df36dd90876";
+ environmentFiles = [ config.age.secrets.nightscout.path ];
+ extraOptions = [ "--pod=cgm-repo" ];
+ dependsOn = [ "mongodb" ];
+ };
+ # CGM repository database
+ mongodb = {
+ image =
+ "mongo:4.4.9@sha256:0837a92d01bcc8c750a8d692ed4df33f0befd07ef261b23e7d9feda04bacd3eb";
+ volumes = [ "/vault/mongodb:/data/db" ];
+ extraOptions = [ "--pod=cgm-repo" ];
+ };
};
};
};
+
+ # Allow networking between Cgm-Repo and MongoDB
+ systemd.services.create-cgm-repo-pod = {
+ serviceConfig.Type = "oneshot";
+ wantedBy = [ "podman-mongodb.service" ];
+ script = with pkgs; ''
+ ${podman}/bin/podman pod exists cgm-repo || ${podman}/bin/podman pod create -n cgm-repo -p '127.0.0.1:1337:1337'
+ '';
+ };
}
diff --git a/modules/periodic.nix b/modules/periodic.nix
index 04fc06e..a5aadd8 100644
--- a/modules/periodic.nix
+++ b/modules/periodic.nix
@@ -63,6 +63,8 @@ in {
systemctl restart gitea
systemctl restart podman-openbooks
systemctl restart podman-mqtt2prometheus
+ systemctl restart podman-mongodb
+ systemctl restart podman-nightscout
'';
serviceConfig.Type = "oneshot";
requires = [ "sata-hat.service" ];
diff --git a/modules/webstack.nix b/modules/webstack.nix
index 9e9e835..ddc4a98 100644
--- a/modules/webstack.nix
+++ b/modules/webstack.nix
@@ -170,6 +170,16 @@
deny all;
'';
};
+ "nightscout.coolneng.duckdns.org" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = {
+ proxyPass = "http://localhost:1337";
+ extraConfig = ''
+ proxy_set_header X-Forwarded-For $remote_addr;
+ '';
+ };
+ };
};
};
diff --git a/scripts/motd.sh b/scripts/motd.sh
index 22e7311..bb2a38b 100755
--- a/scripts/motd.sh
+++ b/scripts/motd.sh
@@ -37,6 +37,7 @@ services=(
"podman-mqtt2prometheus.service"
"prometheus.service"
"grafana.service"
+ "podman-nightscout.service"
)
for var in "${services[@]}"; do
diff --git a/secrets/nightscout.age b/secrets/nightscout.age
new file mode 100644
index 0000000000000000000000000000000000000000..064638cddc801476f28d7661508acf5cfd2b861a
GIT binary patch
literal 477
zcmV<30V4ikXJsvAZewzJaCB*JZZ2<fXD@a!3N1b$b8~1dWn?lnH8D9LX;ooTM`s{N
zFK}>Kb7V(QW^7Djax_(LMJqRVLNqlsM{hKDc}+@kIAUdZMo4T-cxwtsZh1FtOJ_oG
zSyfqDbyGxfGjnuIaaL_LYfff2NOg8}VR3F(OKL(?Lw5=-J|HPrW-VuOWnpt=AZKBC
zb|q(NL<%`qbU068PB&*(P)K-sS50|sOhR}?R6}q_K`S_JZ$~skLv43)X>2iaIB_^h
zWJX#=WluSDN=^zbEiE89N@j0GM{qJnPIO0WO?P2pRCG#ER%bbCXH98LWlvBxZck5X
zPA@TcG%yNrdx%*8z2~IOfEW+R^Pk6%Wc<+(z*Ak#PU_s%>YXyKGKaO+4lmwB&Dipb
z7TQ^aWT|I_RDyP7NEyr{y%ZEXNF&@8>}-|0y>U^&QdHxw5X6^cmK>%_lZ$Al3tM=x
z41{qgMI`QwdO!%9L01xCTNH-^=-4BB2R|I}Za3lD?}Fwb+*IH4<weF;s2L6GTC}v{
zzI?`T9_P=czdM{2X=b;l_qZ2xu|q`!inzB1xMxDx@l0XcMUhVJ6S)m6WMFmuNXsp(
T#mNaQWEj;N$@LQf1JKVSRo=hO
literal 0
HcmV?d00001
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 3136522..63fee05 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -14,4 +14,5 @@ in {
"telegram.age".publicKeys = [ zion ];
"mqtt-sender.age".publicKeys = [ zion ];
"mqtt-receiver.age".publicKeys = [ zion ];
+ "nightscout.age".publicKeys = [ zion ];
}