wow containerized db is epic

2026-01-11 09:44:08 -05:00 · 2025-02-15 15:24:18 -05:00 · 2025-02-15 15:24:18 -05:00 · 218e12ec06
commit 218e12ec06
parent db775d3ca4
3 changed files with 68 additions and 57 deletions
--- a/flake.lock
+++ b/flake.lock
@ -168,11 +168,11 @@
    },
    "nix-secrets": {
      "locked": {
-        "lastModified": 1739551046,
-        "narHash": "sha256-Rzr7Jj80lYm9EqTMXQXO8WFBs5uK7Hzo490SptJwTJQ=",
+        "lastModified": 1739650303,
+        "narHash": "sha256-ijb3zxFUQJ9+UXoNW2VxGuaWF0dQZoihJEL8+LiccDs=",
        "ref": "refs/heads/master",
-        "rev": "71b5c2ce2b4e45c236b99982999caac1e75141ae",
-        "revCount": 45,
+        "rev": "d31054406479b1cd148954706662f8510abe16ce",
+        "revCount": 46,
        "type": "git",
        "url": "ssh://git@github.com/TheWanderingCrow/nix-secrets"
      },
--- a/modules/users/overseer/acme.nix
+++ b/modules/users/overseer/acme.nix
@ -36,6 +36,7 @@ lib.mkIf config.user.overseer.enable {
    };
    certs = {
      "wanderingcrow.net" = {};
+      "umami.wanderingcrow.net" = {};
      "bar.wanderingcrow.net" = {};
      "home.wanderingcrow.net" = {};
      "homebox.wanderingcrow.net" = {};
--- a/modules/users/overseer/services/umami.nix
+++ b/modules/users/overseer/services/umami.nix
@ -1,55 +1,65 @@
-{
-  lib,
-  config,
-  ...
-}:
-lib.mkIf config.user.overseer.enable {
-  ###########
-  # Service #
-  ###########
+let
+  volumePath = "/overseer/services";
+in
+  {
+    lib,
+    config,
+    ...
+  }:
+    lib.mkIf config.user.overseer.enable {
+      systemd.tmpfiles.rules = [
+        "d ${volumePath}/umami"
+      ];
+      ###########
+      # Service #
+      ###########

-  sops = {
-    secrets."umami/secret" = {};
-    secrets."umami/db_url" = {};
-    secrets."umami/db_pass" = {};
-    templates."umami-env".content = ''
-      APP_SECRET=${config.sops.placeholder."umami/secret"}
-      DATABASE_TYPE=mysql
-      DATABASE_URL=${config.sops.placeholder."umami/db_url"}
-    '';
-    templates."umami-sql".content = ''
-      ALTER USER 'umami"@'localhost' IDENTIFIED BY '${config.sops.placeholder."umami/db_pass"}';
-    '';
-  };
-
-  services.mysql = {
-    enable = true;
-    initialDatabases = [
-      {
-        name = "umami";
-      }
-    ];
-    initialScript = config.sops.templates."umami-sql".path;
-    ensureUsers = [
-      {
-        name = "umami";
-        ensurePermissions = {
-          "umami.*" = "ALL PRIVILEGES";
-        };
-      }
-    ];
-  };
-
-  virtualisation.oci-containers = {
-    backend = "podman";
-    containers = {
-      umami = {
-        image = "ghcr.io/umami-software/umami:mysql-v2.15.1";
-        ports = ["3000:3000"];
-        environmentFiles = [
-          config.sops.templates."umami-env".path
-        ];
+      sops = {
+        secrets."umami/secret" = {};
+        secrets."umami/db_url" = {};
+        secrets."umami/db_pass" = {};
+        templates."umami-env".content = ''
+          APP_SECRET=${config.sops.placeholder."umami/secret"}
+          DATABASE_TYPE=postgresql
+          DATABASE_URL=${config.sops.placeholder."umami/db_url"}
+        '';
+        templates."umami-db".content = ''
+          POSTGRES_DB=umami
+          POSTGRES_USER=umami
+          POSTGRES_PASSWORD=${config.sops.placeholder."umami/db_pass"}
+        '';
      };
-    };
-  };
-}
+
+      services.nginx = {
+        enable = true;
+        recommendedProxySettings = true;
+        virtualHosts = {
+          "umami.wanderingcrow.net" = {
+            forceSSL = true;
+            useACMEHost = "umami.wanderingcrow.net";
+            locations."/" = {
+              proxyPass = "http://10.88.0.6:3000";
+              proxyWebsockets = true;
+            };
+          };
+        };
+      };
+
+      virtualisation.oci-containers = {
+        backend = "podman";
+        containers = {
+          "umami" = {
+            image = "ghcr.io/umami-software/umami:postgresql-latest";
+            dependsOn = ["umami-db"];
+            extraOptions = ["--ip=10.88.0.6"];
+            environmentFiles = [config.sops.templates."umami-env".path];
+          };
+          "umami-db" = {
+            image = "postgres:15-alpine";
+            volumes = ["${volumePath}/umami:/var/lib/postgresql/data"];
+            extraOptions = ["--ip=10.88.0.7"];
+            environmentFiles = [config.sops.templates."umami-db".path];
+          };
+        };
+      };
+    }