umami test run

2026-01-26 08:34:17 -05:00 · 2025-02-14 12:13:55 -05:00 · 2025-02-14 12:13:55 -05:00 · 3f2dd8fc8a
commit 3f2dd8fc8a
parent 4a576f3550
5 changed files with 75 additions and 28 deletions
--- a/modules/users/overseer/services/default.nix
+++ b/modules/users/overseer/services/default.nix
@ -7,5 +7,6 @@
    ./grocy.nix
    ./attic.nix
    ./the-nest.nix
+    ./umami.nix
  ];
 }
--- a/modules/users/overseer/services/umami.nix
+++ b/modules/users/overseer/services/umami.nix
@ -0,0 +1,50 @@
+{
+  lib,
+  config,
+  ...
+}:
+lib.mkIf config.user.overseer.enable {
+  ###########
+  # Service #
+  ###########
+
+  sops = {
+    secrets."umami/secret" = {};
+    secrets."umami/db_url" = {};
+    templates."umami-env".content = ''
+      APP_SECRET=${config.sops.placeholder."umami/secret"}
+      DATABASE_TYPE=mysql
+      DATABASE_URL=${config.sops.placeholder."umami/db_url"}
+    '';
+    templates."umami-sql".content = ''
+      ALTER USER 'umami"@'localhost' IDENTIFIED BY '${config.sops.placeholder."umami/db_pass"}';
+    '';
+  };
+
+  services.mysql = {
+    enable = true;
+    initialDatabases = ["umami"];
+    initialScript = config.sops.templates."umami-sql".path;
+    ensureUsers = [
+      {
+        name = "umami";
+        ensurePermissions = {
+          "umami.*" = "ALL PRIVILEGES";
+        };
+      }
+    ];
+  };
+
+  virtualisation.oci-containers = {
+    backend = "podman";
+    containers = {
+      umami = {
+        image = "ghcr.io/umami-software/umami:mysql-v2.15.1";
+        ports = ["3000:3000"];
+        environmentFiles = [
+          config.sops.templates."umami-env".path
+        ];
+      };
+    };
+  };
+}