From 218e12ec06adcb6a409afb16667d9820bd6865ee Mon Sep 17 00:00:00 2001
From: TheWanderingCrow <contact@wanderingcrow.net>
Date: Sat, 15 Feb 2025 15:24:18 -0500
Subject: [PATCH] wow containerized db is epic

---
 flake.lock                                |   8 +-
 modules/users/overseer/acme.nix           |   1 +
 modules/users/overseer/services/umami.nix | 116 ++++++++++++----------
 3 files changed, 68 insertions(+), 57 deletions(-)

diff --git a/flake.lock b/flake.lock
index c5d2e62..42ca4a2 100644
--- a/flake.lock
+++ b/flake.lock
@@ -168,11 +168,11 @@
     },
     "nix-secrets": {
       "locked": {
-        "lastModified": 1739551046,
-        "narHash": "sha256-Rzr7Jj80lYm9EqTMXQXO8WFBs5uK7Hzo490SptJwTJQ=",
+        "lastModified": 1739650303,
+        "narHash": "sha256-ijb3zxFUQJ9+UXoNW2VxGuaWF0dQZoihJEL8+LiccDs=",
         "ref": "refs/heads/master",
-        "rev": "71b5c2ce2b4e45c236b99982999caac1e75141ae",
-        "revCount": 45,
+        "rev": "d31054406479b1cd148954706662f8510abe16ce",
+        "revCount": 46,
         "type": "git",
         "url": "ssh://git@github.com/TheWanderingCrow/nix-secrets"
       },
diff --git a/modules/users/overseer/acme.nix b/modules/users/overseer/acme.nix
index 058c0d3..867ed8f 100644
--- a/modules/users/overseer/acme.nix
+++ b/modules/users/overseer/acme.nix
@@ -36,6 +36,7 @@ lib.mkIf config.user.overseer.enable {
     };
     certs = {
       "wanderingcrow.net" = {};
+      "umami.wanderingcrow.net" = {};
       "bar.wanderingcrow.net" = {};
       "home.wanderingcrow.net" = {};
       "homebox.wanderingcrow.net" = {};
diff --git a/modules/users/overseer/services/umami.nix b/modules/users/overseer/services/umami.nix
index a50caa8..90a2e59 100644
--- a/modules/users/overseer/services/umami.nix
+++ b/modules/users/overseer/services/umami.nix
@@ -1,55 +1,65 @@
-{
-  lib,
-  config,
-  ...
-}:
-lib.mkIf config.user.overseer.enable {
-  ###########
-  # Service #
-  ###########
+let
+  volumePath = "/overseer/services";
+in
+  {
+    lib,
+    config,
+    ...
+  }:
+    lib.mkIf config.user.overseer.enable {
+      systemd.tmpfiles.rules = [
+        "d ${volumePath}/umami"
+      ];
+      ###########
+      # Service #
+      ###########
 
-  sops = {
-    secrets."umami/secret" = {};
-    secrets."umami/db_url" = {};
-    secrets."umami/db_pass" = {};
-    templates."umami-env".content = ''
-      APP_SECRET=${config.sops.placeholder."umami/secret"}
-      DATABASE_TYPE=mysql
-      DATABASE_URL=${config.sops.placeholder."umami/db_url"}
-    '';
-    templates."umami-sql".content = ''
-      ALTER USER 'umami"@'localhost' IDENTIFIED BY '${config.sops.placeholder."umami/db_pass"}';
-    '';
-  };
-
-  services.mysql = {
-    enable = true;
-    initialDatabases = [
-      {
-        name = "umami";
-      }
-    ];
-    initialScript = config.sops.templates."umami-sql".path;
-    ensureUsers = [
-      {
-        name = "umami";
-        ensurePermissions = {
-          "umami.*" = "ALL PRIVILEGES";
-        };
-      }
-    ];
-  };
-
-  virtualisation.oci-containers = {
-    backend = "podman";
-    containers = {
-      umami = {
-        image = "ghcr.io/umami-software/umami:mysql-v2.15.1";
-        ports = ["3000:3000"];
-        environmentFiles = [
-          config.sops.templates."umami-env".path
-        ];
+      sops = {
+        secrets."umami/secret" = {};
+        secrets."umami/db_url" = {};
+        secrets."umami/db_pass" = {};
+        templates."umami-env".content = ''
+          APP_SECRET=${config.sops.placeholder."umami/secret"}
+          DATABASE_TYPE=postgresql
+          DATABASE_URL=${config.sops.placeholder."umami/db_url"}
+        '';
+        templates."umami-db".content = ''
+          POSTGRES_DB=umami
+          POSTGRES_USER=umami
+          POSTGRES_PASSWORD=${config.sops.placeholder."umami/db_pass"}
+        '';
       };
-    };
-  };
-}
+
+      services.nginx = {
+        enable = true;
+        recommendedProxySettings = true;
+        virtualHosts = {
+          "umami.wanderingcrow.net" = {
+            forceSSL = true;
+            useACMEHost = "umami.wanderingcrow.net";
+            locations."/" = {
+              proxyPass = "http://10.88.0.6:3000";
+              proxyWebsockets = true;
+            };
+          };
+        };
+      };
+
+      virtualisation.oci-containers = {
+        backend = "podman";
+        containers = {
+          "umami" = {
+            image = "ghcr.io/umami-software/umami:postgresql-latest";
+            dependsOn = ["umami-db"];
+            extraOptions = ["--ip=10.88.0.6"];
+            environmentFiles = [config.sops.templates."umami-env".path];
+          };
+          "umami-db" = {
+            image = "postgres:15-alpine";
+            volumes = ["${volumePath}/umami:/var/lib/postgresql/data"];
+            extraOptions = ["--ip=10.88.0.7"];
+            environmentFiles = [config.sops.templates."umami-db".path];
+          };
+        };
+      };
+    }