From fb28e9e1339028dd3876c0b25bb74aaee8033702 Mon Sep 17 00:00:00 2001
From: teidesu <alina@tei.su>
Date: Sat, 16 Nov 2024 01:28:16 +0300
Subject: [PATCH] feat(koi): made umami a proper service

---
 hosts/koi/containers/zond/default.nix |  50 +++++++++++++++++++++++---
 secrets/teisu-env.age                 | Bin 1172 -> 1177 bytes
 secrets/umami-env.age                 | Bin 0 -> 259 bytes
 3 files changed, 46 insertions(+), 4 deletions(-)
 create mode 100644 secrets/umami-env.age

diff --git a/hosts/koi/containers/zond/default.nix b/hosts/koi/containers/zond/default.nix
index 0e7adb8..7081585 100644
--- a/hosts/koi/containers/zond/default.nix
+++ b/hosts/koi/containers/zond/default.nix
@@ -1,14 +1,56 @@
-{ ... }:
+{ abs, config, ... }:
 
-{
-  # todo - move this from an ad-hoc docker compose to a proper service
+let 
+  secrets = import (abs "lib/secrets.nix");
+
+  UID = 1116;
+in {
   # todo 2: update UMAMI_HOST in teisu-env
+
+  imports = [
+    (secrets.declare [
+      {
+        name = "umami-env";
+        owner = "umami";
+      }
+    ])
+  ];
+
+  users.users.umami = {
+    isNormalUser = true;
+    uid = UID;
+  };
+
+  services.postgresql.ensureUsers = [
+    { name = "umami"; ensureDBOwnership = true; }
+  ];
+  services.postgresql.ensureDatabases = [ "umami" ];
+  desu.postgresql.ensurePasswords.umami = "umami";
+
+  systemd.services.docker-umami.after = [ "postgresql.service" ];
+  virtualisation.oci-containers.containers.umami = {
+    image = "ghcr.io/umami-software/umami:postgresql-v2.13.2";
+
+    environment = {
+      DATABASE_TYPE = "postgresql";
+      DATABASE_URL = "postgresql://umami:umami@172.17.0.1:5432/umami";
+      DISABLE_TELEMETRY = "1";
+      DISABLE_UPDATES = "1";
+    };
+
+    environmentFiles = [
+      (secrets.file config "umami-env")
+    ];
+
+    user = "${builtins.toString UID}";
+  };
+
   services.nginx.virtualHosts."zond.tei.su" = {
     forceSSL = true;
     useACMEHost = "tei.su";
     
     locations."/" = {
-      proxyPass = "http://umami.umami.docker:3000$request_uri";
+      proxyPass = "http://umami.docker:3000$request_uri";
     };
   };
 }
\ No newline at end of file
diff --git a/secrets/teisu-env.age b/secrets/teisu-env.age
index 08cb2793175054271344d644a24841bf6236bb8b..ad8de5979cd348b55b38f90b96dd792c34230d07 100644
GIT binary patch
delta 1148
zcmV-?1cUpO37H9yEPqZ>S$9w?Hgr~1c1~(@D@8<fQe|;RSVw1MT1!o3aAsm@X>WOB
zFiKHKQ3`5TRdY;gV@OmoO)zv*RW?#Ea#2=qR&Q)*HD!5qS3x#3dT~fpPERX(a|$gj
zEg(x)VRBk?Wo~Y2LNR7hZaHsORYqoLK}<GBMn+6fIA>%;H-A(zctdzXN^c7Pbu=m=
zsT{3?-v?5+fpEWhidxL8`e-=W6al=^c}(6C=%~?QA>!MWvEah{j0cJB+j9f1{AoC>
zlh&@`p|g(d;Yi2~%(t8X^DvRf39>qACVh+D6quvkQyUcj(W3NF@=9yI@UXNP0cQ5>
z@y(TJU23rs+J9wJZA=#JkKd7wm$fO0>O+RbbhNc~zU5_U-QJy-if+IMj?-xdWlIB@
zppaqUPLUmTV%eMgEQb-RaO(in6fwPh-h$u$G@%)Kp>|Ik_brN#O@Lk9fu6_GW0?rh
zt#O4*`Nr2|#4nIwHg5@fV!BK2^>9&c$c9*Z)jpPSdw(tkxL4Uy<PO?i)`l_MVqCS>
zaOhuBt@KVLJx_8$ygE|&T<<E1XI0j!26vst>V5|6BDQ_*k|S+vTME-#8%s4i745r-
z#KY7nVz`FAc4kiag3vEiuF2$Z$=eC#rv$S$PCR~37El`EYe1-iJb#RQWvQJ#P1YW~
zJKDm}gMa2dRp9Cp+E5JB)CEKE_KNnmT;Ppb+-?4Qah2DeW5%`<lRgX_aEv)4jh75(
z?#&Q(vJ-l_8WDI5o!Kx&6#aeT4@2jMdH^a#0*CrzKQoBirUWn;okl7I@0azjH5Ua>
zc-G9isb*4O`6%0uAT%3VdmG<Wa<8cr162M4NPiU7U;Y)^kz9e6o5{42{)H%?#YI<~
zqCHCqS%xJ8A1kq=kcWggn`&nH7aT0``-d~_Nz(dj4X4prfI1jfsuJe#Udq!%m*nD9
z!c4OQot#56S_}YeaohJMx?KoSX=wz<?`$aa1_Z{XHQ`aRL4XN`O4DsTR)d=f6$6i(
zIe(P~P$UQ_ABMl_5~03><i?0n-^l7t{$oLgbGy_J{@6`5&q~hhx88Ae0^i$p6X<wL
zWxx+Ab{<&B4JkPgmL@pUWTzzt=;*rF((pH>dEHgBU4suL`(HmF;LyZ1AG1hdP)jrR
zr&OVPy9In==eT)9Ed9PzhnP$!jAGeBqJNqKQJMJ*Py05N7g-kMPi<rBT&QuKvNPZ4
z8q25TGJhJ_J`{pIwa8G7b6Ab=4qNAW5n#yhTS)!|S53kR^c!A4dQ_G^@XX&i)_P&`
zN4*ZH<&a4cS|>CdrXzm*3-aUF6y`-upGapenP>OZa)?R?5HUlvsKIYkOgmKLw{?s#
zf+qf%$VbX_@nc1s`;E0T@cF}0L|DUNlvWBWtY3CGxba3v&tHOd+}z34D~p274~`d;
z=~yk=@Xb48$p|Wt?^6lrd>0?3vF-?SAzcp3ygkbG!a^YvrSSbu_kg)MXr=b0a2zWW
OOTjk1XX%SAo=}>q*CJQ|

delta 1143
zcmV--1c>{Y36u$tEPpslc4t#YZDo3MNOEgeV|7b3XH8jGGEO!@X+cUuV@pwOFK=&l
zGFoggFbZ~5Gh|3JZB1xZVQDmYGeLD&IC3#;SZPy1F-Un#IAdB(PcUd{Zb@!OV+t)T
zEg)26D{NI^S7=vkVs%SdbXrGeQf+E7Ls2wLMQc}PWH4lAMt@mWV>wB1Su_ec1K;Qe
zFXr~%Gezhy!anq^HHefzrfw&R0k1fE*t))~&Hs<hIv7UG>Sn#(Wzv7viP~nK?j?O8
zmu7}-L%@4D(oW6;xJ<?!uV2`ts5`V>s_qZ#B735Pe(nzsvtmtE6kLv=u(#reza##`
zlM_9W!QT*ZaevvaMA)o9$o{=*us5>m`@$zd{l8QU&p03W@@Rb<7?)Vt#Sbqu?S;QI
zWpH%NQbgZ$jmKGbTNdX*K)9AC$^OaepsBhxU~5|R3(w**>x}sHu3m$hXp7el+O(L*
zec?2bass3e(2;@s2t6Qcn>#o&t>D3-i8{d1TAs6P|9?;E!Zmd)=PLI8_0j~7hb!7<
z)!b>$1#-*0QgnoqeFNEJI}xSX<#lqET9RL6S9!>iP6$gJIPmOh=Y;(CXy?M~ed0n^
z*dY1)oNu5*5cq#$!_J`8npD%!V)0fQTEos|Ve6F`E)}6qCoUxfZlJzrqJtEQL^jO_
zaT0qL6@Ta+!4nM!h0^FPZA(jRS-2{%&?mp4c;c7;;NgP;2{Y9amc=a;N(6t=8(PY+
zxGvcG5zR?H+s<gNQ!9byiqlU+Wjv+u0jU!_z3nd!zZm)SbPJI*phJO?l5fUY%_QxG
z$PdAKc1atG8<&M$xz~&(uqmF0y@*ZS+DEMkI)Ak{T+lzzZq^y1_xR4;GT??x=-c$`
z_K=Nl*EH@g`$7Au36R6e1G37DMrVD}(|GtqX(LjxMinB6*Rpr9PA@WMLOSi}CB=jp
z7UIY*bzSv=ZHQ0!AA<eYj7ZEwmfZSc@|q_AhH|`2V^-%VxGgAIZor7{!Bp#kD+77W
zU4Ld`mAsMe{QCQosX~O}2-m2m=RQWPWY3nc0?)p9DZ2OxxM}XHzZ}Umw&>$nEML72
z+;sK4HvMI2$y}}v_Wrh$il3g@t6aa;o}tgkYgMa*9ry}NQ*Ddt<!lHvL~JHI#GIZC
z=Uqo+j{oHOAvmbtn(L%Uff}S*2TG#5Lw{zKl7A~-57l3t0YW;O7L!7CU46?3`x}xq
zCt-dL{0PYlD#qPW+3Z?K%(07i$Pwp?qrz1=P%5Ro7f82^&<!<M@YmC|t~RcaB(aM*
z|60AtSzGPtR#9u}iNW)NhyFQSeQQ*!57-u_WMOSkx1}TnmMJnlr(Cf0BVR~;oN)0;
zPDXePT}%@U&oq1v4J&_1!L`T$!nWd2_&C;_JGN`vdq7hBH1>2JwpA>wPQo5(Rggpk
z3rX`W)C`V6F@QnrL;td!J#E)wit$~zw}L;e@<=v<#Q&8gpm>7E7Tn(P0Ehw>Khn?c
JlodE`>%<rNFzx^V

diff --git a/secrets/umami-env.age b/secrets/umami-env.age
new file mode 100644
index 0000000000000000000000000000000000000000..2235a1bc9a4979ebb44879d7c4a37e53929311f4
GIT binary patch
literal 259
zcmV+e0sQ`9XJsvAZewzJaCB*JZZ2<fXD@a!3N1b$b8~1dWn?lnH8D9Lb80v^Sa%?2
zFf~hMG-qvOFfe&SY;9F+V@+6dL~U+&O-W^OYk4<VId(EyX>==gcToyBN=i0jR#<5<
zH)2dHWO`UbL|SrkI8i}bVM%mpbWvAWGBry}LQZu}RYeLdEiE8ML1%PiNG~sAcQ!9X
zZ*?<rK~-)|FEmSLb~9N^IZtaxT2xt5a4$}0Z&3=GhBkMf0;~#?KlhnOTLjZGHW?WM
ze*i}25WF>)p$XG5m_<WTG80f-4w8z^+BK4<`ncx&fBVqyfCaiklldd#bm;TRH-R>r
J2-p%(%rn(*UVs1q

literal 0
HcmV?d00001