{ pkgs, lib, config, ... }: { xyno.services.traefik.simpleProxy.traccar = { host = "track.66642.bot"; internal = "http://127.0.0.4:8082"; }; services.kanidm.provision = { groups = { traccar_users.members = [ "traccar_admins" ]; traccar_admins.members = [ "application_admins" ]; }; systems.oauth2.traccar = { displayName = "Traccar"; originUrl = "https://track.66642.bot/api/session/openid/callback"; originLanding = "https://track.66642.bot/login"; imageFile = "${pkgs.traccar}/web/logo.svg"; # public = true; scopeMaps."traccar_users" = [ "openid" "profile" "email" "groups" ]; allowInsecureClientDisablePkce = true; }; }; xyno.services.kanidm.templates."traccar" = { text = p: '' OPENID_CLIENT_ID=${p.clientId} OPENID_CLIENT_SECRET=${p.basicSecret} DATABASE_URL='jdbc:postgresql://localhost/traccar?socketFactory=org.newsclub.net.unix.AFUNIXSocketFactory$FactoryArg&socketFactoryArg=/run/postgresql/.s.PGSQL.5432' ''; wantedBy = [ "traccar.service" ]; }; systemd.services.traccar.serviceConfig.ExecStart = lib.mkForce "${pkgs.openjdk}/bin/java -cp './tracker-server.jar:./lib/*:${pkgs.junixsocket-common}/share/java/junixsocket-common-${pkgs.junixsocket-common.version}.jar:${pkgs.junixsocket-native-common}/share/java/junixsocket-native-common-${pkgs.junixsocket-common.version}.jar' org.traccar.Main /var/lib/traccar/config.xml"; # forgive it for what it has done services.traccar = { enable = true; environmentFile = config.xyno.services.kanidm.templates.traccar.path; settings = { database.driver = "org.postgresql.Driver"; database.url = "$DATABASE_URL"; database.user = "traccar"; mail.debug = "true"; # log mail content instead of sending email openid.adminGroup = "traccar_admins@idm.xyno.systems"; openid.allowGroup = "traccar_users@idm.xyno.systems"; openid.clientId = "$OPENID_CLIENT_ID"; openid.clientSecret = "$OPENID_CLIENT_SECRET"; openid.force = "true"; openid.issuerUrl = "https://idm.xyno.systems/oauth2/openid/traccar"; web.address = "127.0.0.4"; web.url = "https://track.66642.bot"; }; }; systemd.services.postgresql-install-timescale-in-traccar = { after = [ "postgresql.service" "postgresql-setup.service" ]; requires = [ "postgresql.service" "postgresql-setup.service" ]; requiredBy = [ "traccar.service" ]; serviceConfig = { User = "postgres"; Group = "postgres"; Type = "oneshot"; RemainAfterExit = true; }; path = [ config.services.postgresql.finalPackage ]; environment.PGPORT = builtins.toString config.services.postgresql.settings.port; script = '' psql -d traccar -tAc "CREATE EXTENSION IF NOT EXISTS timescaledb;" ''; }; services.postgresql.settings.shared_preload_libraries = [ "timescaledb" ]; services.postgresql.ensureDatabases = [ "traccar" ]; services.postgresql.ensureUsers = [ { name = "traccar"; ensureDBOwnership = true; } ]; }