From 701e47473a8ac50f712a81f8eab55a3420d0d9dd Mon Sep 17 00:00:00 2001
From: coolneng <akasroua@gmail.com>
Date: Wed, 24 May 2023 14:15:15 +0200
Subject: [PATCH] Set up CGM repository

---
 configuration.nix      |   5 +++++
 modules/containers.nix |  24 ++++++++++++++++++++++++
 modules/periodic.nix   |   2 ++
 modules/webstack.nix   |  10 ++++++++++
 scripts/motd.sh        |   1 +
 secrets/nightscout.age | Bin 0 -> 477 bytes
 secrets/secrets.nix    |   1 +
 7 files changed, 43 insertions(+)
 create mode 100644 secrets/nightscout.age

diff --git a/configuration.nix b/configuration.nix
index c05351e..6d63fec 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -161,6 +161,11 @@ with pkgs;
       owner = "mosquitto";
       group = "mosquitto";
     };
+    secrets.nightscout = {
+      file = secrets/nightscout.age;
+      owner = "coolneng";
+      group = "podman";
+    };
     identityPaths = [ "/etc/ssh/id_ed25519" ];
   };
 
diff --git a/modules/containers.nix b/modules/containers.nix
index 431cc70..9fe0902 100644
--- a/modules/containers.nix
+++ b/modules/containers.nix
@@ -27,7 +27,31 @@
           ports = [ "127.0.0.1:9641:9641" ];
           volumes = [ "/vault/mqtt2prometheus/config.yaml:/config.yaml" ];
         };
+        # CGM repository
+        nightscout = {
+          image =
+            "nightscout/cgm-remote-monitor@sha256:ce522a9fe9b1373f576329e48349a622c8a9b6177c93dc2771152df36dd90876";
+          environmentFiles = [ config.age.secrets.nightscout.path ];
+          extraOptions = [ "--pod=cgm-repo" ];
+          dependsOn = [ "mongodb" ];
+        };
+        # CGM repository database
+        mongodb = {
+          image =
+            "mongo:4.4.9@sha256:0837a92d01bcc8c750a8d692ed4df33f0befd07ef261b23e7d9feda04bacd3eb";
+          volumes = [ "/vault/mongodb:/data/db" ];
+          extraOptions = [ "--pod=cgm-repo" ];
+        };
       };
     };
   };
+
+  # Allow networking between Cgm-Repo and MongoDB
+  systemd.services.create-cgm-repo-pod = {
+    serviceConfig.Type = "oneshot";
+    wantedBy = [ "podman-mongodb.service" ];
+    script = with pkgs; ''
+      ${podman}/bin/podman pod exists cgm-repo || ${podman}/bin/podman pod create -n cgm-repo -p '127.0.0.1:1337:1337'
+    '';
+  };
 }
diff --git a/modules/periodic.nix b/modules/periodic.nix
index 04fc06e..a5aadd8 100644
--- a/modules/periodic.nix
+++ b/modules/periodic.nix
@@ -63,6 +63,8 @@ in {
       systemctl restart gitea
       systemctl restart podman-openbooks
       systemctl restart podman-mqtt2prometheus
+      systemctl restart podman-mongodb
+      systemctl restart podman-nightscout
     '';
     serviceConfig.Type = "oneshot";
     requires = [ "sata-hat.service" ];
diff --git a/modules/webstack.nix b/modules/webstack.nix
index 9e9e835..ddc4a98 100644
--- a/modules/webstack.nix
+++ b/modules/webstack.nix
@@ -170,6 +170,16 @@
           deny all;
         '';
       };
+      "nightscout.coolneng.duckdns.org" = {
+        enableACME = true;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://localhost:1337";
+          extraConfig = ''
+            proxy_set_header X-Forwarded-For $remote_addr;
+          '';
+        };
+      };
     };
   };
 
diff --git a/scripts/motd.sh b/scripts/motd.sh
index 22e7311..bb2a38b 100755
--- a/scripts/motd.sh
+++ b/scripts/motd.sh
@@ -37,6 +37,7 @@ services=(
 	"podman-mqtt2prometheus.service"
 	"prometheus.service"
 	"grafana.service"
+	"podman-nightscout.service"
 )
 
 for var in "${services[@]}"; do
diff --git a/secrets/nightscout.age b/secrets/nightscout.age
new file mode 100644
index 0000000000000000000000000000000000000000..064638cddc801476f28d7661508acf5cfd2b861a
GIT binary patch
literal 477
zcmV<30V4ikXJsvAZewzJaCB*JZZ2<fXD@a!3N1b$b8~1dWn?lnH8D9LX;ooTM`s{N
zFK}>Kb7V(QW^7Djax_(LMJqRVLNqlsM{hKDc}+@kIAUdZMo4T-cxwtsZh1FtOJ_oG
zSyfqDbyGxfGjnuIaaL_LYfff2NOg8}VR3F(OKL(?Lw5=-J|HPrW-VuOWnpt=AZKBC
zb|q(NL<%`qbU068PB&*(P)K-sS50|sOhR}?R6}q_K`S_JZ$~skLv43)X>2iaIB_^h
zWJX#=WluSDN=^zbEiE89N@j0GM{qJnPIO0WO?P2pRCG#ER%bbCXH98LWlvBxZck5X
zPA@TcG%yNrdx%*8z2~IOfEW+R^Pk6%Wc<+(z*Ak#PU_s%>YXyKGKaO+4lmwB&Dipb
z7TQ^aWT|I_RDyP7NEyr{y%ZEXNF&@8>}-|0y>U^&QdHxw5X6^cmK>%_lZ$Al3tM=x
z41{qgMI`QwdO!%9L01xCTNH-^=-4BB2R|I}Za3lD?}Fwb+*IH4<weF;s2L6GTC}v{
zzI?`T9_P=czdM{2X=b;l_qZ2xu|q`!inzB1xMxDx@l0XcMUhVJ6S)m6WMFmuNXsp(
T#mNaQWEj;N$@LQf1JKVSRo=hO

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 3136522..63fee05 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -14,4 +14,5 @@ in {
   "telegram.age".publicKeys = [ zion ];
   "mqtt-sender.age".publicKeys = [ zion ];
   "mqtt-receiver.age".publicKeys = [ zion ];
+  "nightscout.age".publicKeys = [ zion ];
 }