xyno/nix-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

navidrome
Some checks failed
ci/woodpecker/push/build-cache Pipeline failed
Details
ci/woodpecker/cron/dependency-pr Pipeline was successful
Details

Browse source
This commit is contained in:
Lucy Hochkamp 2025-12-04 00:21:41 +01:00
parent 1408470a53
commit 28dc0896b9
No known key found for this signature in database
16 changed files with 969 additions and 171 deletions
Download patch file Download diff file Expand all files Collapse all files

93
instances/nemesis/services/traccar.nix Normal file
View file

@ -0,0 +1,93 @@
{
pkgs,
lib,
config,
...
}:
{
xyno.services.traefik.simpleProxy.traccar = {
host = "track.66642.bot";
internal = "http://127.0.0.4:8082";
};
services.kanidm.provision = {
groups = {
traccar_users.members = [ "traccar_admins" ];
traccar_admins.members = [ "application_admins" ];
};
systems.oauth2.traccar = {
displayName = "Traccar";
originUrl = "https://track.66642.bot/api/session/openid/callback";
originLanding = "https://track.66642.bot/login";
imageFile = "${pkgs.traccar}/web/logo.svg";
# public = true;
scopeMaps."traccar_users" = [
"openid"
"profile"
"email"
"groups"
];
allowInsecureClientDisablePkce = true;
};
};
xyno.services.kanidm.templates."traccar" = {
text = p: ''
OPENID_CLIENT_ID=${p.clientId}
OPENID_CLIENT_SECRET=${p.basicSecret}
DATABASE_URL='jdbc:postgresql://localhost/traccar?socketFactory=org.newsclub.net.unix.AFUNIXSocketFactory$FactoryArg&socketFactoryArg=/run/postgresql/.s.PGSQL.5432'
'';
wantedBy = [ "traccar.service" ];
};
systemd.services.traccar.serviceConfig.ExecStart =
lib.mkForce "${pkgs.openjdk}/bin/java -cp './tracker-server.jar:./lib/*:${pkgs.junixsocket-common}/share/java/junixsocket-common-${pkgs.junixsocket-common.version}.jar:${pkgs.junixsocket-native-common}/share/java/junixsocket-native-common-${pkgs.junixsocket-common.version}.jar' org.traccar.Main /var/lib/traccar/config.xml"; # forgive it for what it has done
services.traccar = {
enable = true;
environmentFile = config.xyno.services.kanidm.templates.traccar.path;
settings = {
database.driver = "org.postgresql.Driver";
database.url = "$DATABASE_URL";
database.user = "traccar";
mail.debug = "true"; # log mail content instead of sending email
openid.adminGroup = "traccar_admins@idm.xyno.systems";
openid.allowGroup = "traccar_users@idm.xyno.systems";
openid.clientId = "$OPENID_CLIENT_ID";
openid.clientSecret = "$OPENID_CLIENT_SECRET";
openid.force = "true";
openid.issuerUrl = "https://idm.xyno.systems/oauth2/openid/traccar";
web.address = "127.0.0.4";
web.url = "https://track.66642.bot";
};
};
systemd.services.postgresql-install-timescale-in-traccar = {
after = [
"postgresql.service"
"postgresql-setup.service"
];
requires = [
"postgresql.service"
"postgresql-setup.service"
];
requiredBy = [ "traccar.service" ];
serviceConfig = {
User = "postgres";
Group = "postgres";
Type = "oneshot";
RemainAfterExit = true;
};
path = [ config.services.postgresql.finalPackage ];
environment.PGPORT = builtins.toString config.services.postgresql.settings.port;
script = ''
psql -d traccar -tAc "CREATE EXTENSION IF NOT EXISTS timescaledb;"
'';
};
services.postgresql.settings.shared_preload_libraries = [ "timescaledb" ];
services.postgresql.ensureDatabases = [ "traccar" ];
services.postgresql.ensureUsers = [
{
name = "traccar";
ensureDBOwnership = true;
}
];
}