diff --git a/secrets/OVHCloud/default.yaml b/secrets/OVHCloud/default.yaml index 20ae41c..c5fbf11 100644 --- a/secrets/OVHCloud/default.yaml +++ b/secrets/OVHCloud/default.yaml @@ -49,6 +49,10 @@ stalwart-mail: ADMIN_SECRET: ENC[AES256_GCM,data:4ytiKxJ55Wm9p6M=,iv:dl1BCtxOu4o+2qC6ZlUw8cluoqDjp16/SN9bhGneRHs=,tag:qEgWrYHQJHDjR2PwK9y8UA==,type:str] shadowsocks: password: ENC[AES256_GCM,data:IdAvKXKckwvZUetkYSFTIPxd8nrwm13Ngc3KVDSmiW3AE4Rhmjk2VHjdUyQ=,iv:LVeQcL7XIEQyMTsXpXIROGte2+Z9+7FpemfiwhA0Pw0=,tag:qt+8jgN5UqwMeCV+D3stEQ==,type:str] +umami: + APP_SECRET: ENC[AES256_GCM,data:+WnBbgVY+YzMJ8yBeFUEhkqYfs7wamuC/VmgnSybOXnd/H6A+zgimBggFsU=,iv:9tWnwH1ZvvfaHbzhIkrsynnOywD0xkuQKkvYlnrxOy8=,tag:mld2+vqLCesDtSYbN8lECg==,type:str] + DB_USER: ENC[AES256_GCM,data:ue5HslI=,iv:kXJSHpbQ4HV9k4ZiouXoOjop7YdnJkhAy3OUh+6s90Y=,tag:KGNNA9gz30bo2nVLAkh4JQ==,type:str] + DB_PASS: ENC[AES256_GCM,data:KyVnQAWcLcttImqsyecIIYordN9LR0zg,iv:nTy7COxvg3nVpsMf9g7x+gwKLaonaxC53rIeeCIGqdk=,tag:XbX7qyjQn+6snnTbtLInLQ==,type:str] webdav: USER_PASSWORD: ENC[AES256_GCM,data:aULehVsCkGpsryQ=,iv:OD6ADWh62tvykGXP9Lmy4f9Iz9QuzyKMnGXGAvOv55s=,tag:ff47alP5Og7XaADzvZEMGA==,type:str] wireguard: @@ -78,8 +82,8 @@ sops: MFpMemF4MGg1bmVUeWV5N25LTUtyczQKss0x4zT1kyeRu+qenhrdbcPlU/p+yjVN y3j4eGpnwgc2rxSL9vkrrkzx/atUqUkgGU/YstszUrP6XKbJ+9ydpQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-05T13:47:17Z" - mac: ENC[AES256_GCM,data:Lku06chnlLsqvvd5ud/ovY/ymGknyIxcPirvQ2lrc/+7jMa6cGu3Q9piVv/gx6jMhQIuYnNjS5AKoNvNfXRgrpakzET5aNzLtWkaUplNQCAy+yuKkIdmGoMZ+J+l4SyMydKERpZmN+pLWAld8U+CFRaWGoCLHHQ8i60u4Gti7DY=,iv:DVcjFoncW0vPhBEA042DAWxJLnSCfwsJeYQcmhsWrbI=,tag:dL6L5CfrB4ZVMytkGfPSYA==,type:str] + lastmodified: "2024-11-06T07:57:13Z" + mac: ENC[AES256_GCM,data:5IkklIfJTvQwkSDasZwzEAiXEcRwGS5v6C/Bqp/MitVSYwky/kvSVlTWavQpOV1UHv5eraL45+QMkz1lMUF6C6X7en96KdZQV15omIvhxBdIKwvnZmmc83vGh75WJJ9688z1Pj/djUhH3qR1Pzj2v0tlkJCSIZK0oR4Eaj8400k=,iv:4pAhCYEONQ8KvTwBUuBneJS/zd+Ef9yVgVb5IO47PBo=,tag:au9L0qOQahndmn8/WSLdLg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1 diff --git a/services/default.nix b/services/default.nix index b65b842..53c5e1f 100644 --- a/services/default.nix +++ b/services/default.nix @@ -6,6 +6,7 @@ ./penpot ./shadowsocks ./stalwart-mail + ./umami ./uptime-kuma ./webdav ./wireguard diff --git a/services/umami/default.nix b/services/umami/default.nix new file mode 100644 index 0000000..e6cd279 --- /dev/null +++ b/services/umami/default.nix @@ -0,0 +1,52 @@ +{config, ...}: { + services.caddy.virtualHosts."analytics.gasdev.fr".extraConfig = '' + reverse_proxy http://127.0.0.1:4341 + ''; + + sops.secrets."umami/APP_SECRET".owner = "root"; + sops.secrets."umami/DB_USER".owner = "root"; + sops.secrets."umami/DB_PASS".owner = "root"; + + sops.templates."umami.env" = { + content = '' + APP_SECRET=${config.sops.placeholder."umami/APP_SECRET"} + DATABASE_URL=postgresql://${config.sops.placeholder."umami/DB_USER"}:${config.sops.placeholder."umami/DB_PASS"}@umami-db:5432/umami + ''; + owner = "root"; + }; + sops.templates."umami-db.env" = { + content = '' + POSTGRES_USER=${config.sops.placeholder."umami/DB_USER"} + POSTGRES_PASSWORD=${config.sops.placeholder."umami/DB_PASS"} + ''; + owner = "root"; + }; + + virtualisation.oci-containers.containers = { + umami = { + image = "ghcr.io/umami-software/umami:postgresql-latest"; + autoStart = true; + ports = ["4341:3000"]; + dependsOn = ["umami-db"]; + environment = { + DATABASE_TYPE = "postgresql"; + }; + environmentFiles = [ + config.sops.templates."umami.env".path + ]; + }; + umami-db = { + image = "docker.io/postgres:15-alpine"; + autoStart = true; + environment = { + POSTGRES_DB = "umami"; + }; + environmentFiles = [ + config.sops.templates."umami-db.env".path + ]; + volumes = [ + "umami-db-data:/var/lib/postgresql/data" + ]; + }; + }; +}