diff --git a/agenix/hosts/tanker/config.nix b/agenix/hosts/tanker/config.nix index 0d98dc8..7d0bd7f 100644 --- a/agenix/hosts/tanker/config.nix +++ b/agenix/hosts/tanker/config.nix @@ -144,20 +144,16 @@ weewx-config = { file = ./weewx/config.age; - symlink = false; - path = "/var/lib/weewx/weewx.conf"; - mode = "640"; - owner = "421"; - group = "421"; + owner = "weewx"; + group = "weewx"; }; weewx-skin = { file = ./weewx/skin.age; symlink = false; - path = "/var/lib/weewx/skin-wdc/skin.conf"; - mode = "644"; - owner = "421"; - group = "421"; + path = "/var/lib/weewx-weather/overlay/upper/skins/weewx-wdc/skin.conf"; + owner = "weewx"; + group = "weewx"; }; }; } diff --git a/agenix/hosts/tanker/weewx/config.age b/agenix/hosts/tanker/weewx/config.age index 6edaa9c..f567b68 100644 Binary files a/agenix/hosts/tanker/weewx/config.age and b/agenix/hosts/tanker/weewx/config.age differ diff --git a/agenix/hosts/tanker/weewx/skin.age b/agenix/hosts/tanker/weewx/skin.age index 2aecef8..def31fa 100644 Binary files a/agenix/hosts/tanker/weewx/skin.age and b/agenix/hosts/tanker/weewx/skin.age differ diff --git a/container/weewx/default.nix b/container/weewx/default.nix index 57a3e80..a676e46 100644 --- a/container/weewx/default.nix +++ b/container/weewx/default.nix @@ -5,25 +5,25 @@ let data-dir = "/var/lib/weewx"; in { - virtualisation.oci-containers.containers.weewx = { - image = "git.kempkens.io/daniel/weewx-docker:latest"; - ports = [ "127.0.0.1:8000:8000" ]; - environment = { - "TZ" = "Europe/Berlin"; - }; - volumes = [ - "${data-dir}:/data" - ]; - extraOptions = [ - "--label=com.centurylinklabs.watchtower.enable=true" - "--label=io.containers.autoupdate=registry" - ]; - }; + # virtualisation.oci-containers.containers.weewx = { + # image = "git.kempkens.io/daniel/weewx-docker:latest"; + # ports = [ "127.0.0.1:8000:8000" ]; + # environment = { + # "TZ" = "Europe/Berlin"; + # }; + # volumes = [ + # "${data-dir}:/data" + # ]; + # extraOptions = [ + # "--label=com.centurylinklabs.watchtower.enable=true" + # "--label=io.containers.autoupdate=registry" + # ]; + # }; - systemd.services.podman-weewx.restartTriggers = [ - "${config.age.secrets.weewx-config.file}" - "${config.age.secrets.weewx-skin.file}" - ]; + # systemd.services.podman-weewx.restartTriggers = [ + # "${config.age.secrets.weewx-config.file}" + # "${config.age.secrets.weewx-skin.file}" + # ]; systemd.tmpfiles.rules = [ "d ${data-dir} 0755 421 421" diff --git a/system/hosts/tanker.nix b/system/hosts/tanker.nix index 36327ec..f376242 100644 --- a/system/hosts/tanker.nix +++ b/system/hosts/tanker.nix @@ -59,8 +59,10 @@ in ../nixos/websites-tanker.nix + ../nixos/weewx.nix + ../../container/proxitok - ../../container/weewx + #../../container/weewx ]; system.stateVersion = "22.11"; diff --git a/system/nixos/weewx.nix b/system/nixos/weewx.nix new file mode 100644 index 0000000..442d984 --- /dev/null +++ b/system/nixos/weewx.nix @@ -0,0 +1,148 @@ +{ pkgs, config, ... }: + +let + home = "/var/lib/weewx-weather"; + pkg = pkgs.weewx; + secret = import ../../secret/container/weewx; +in +{ + # weewx + + systemd.services.weewx = + let + mounts = [ + "var-lib-weewx\\x2dweather-weewx\\x2ddata.mount" + ]; + in + { + description = "WeeWX"; + requires = [ "time-sync.target" "mosquitto.service" ] ++ mounts; + after = [ "network-online.target" "time-sync.target" "mosquitto.service" ] ++ mounts; + wants = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + + path = [ pkg ]; + + environment = { + HOME = home; + LANG = "de_DE.UTF-8"; + TZ = "Europe/Berlin"; + }; + + serviceConfig = { + WorkingDirectory = "${pkg}/home/weewx-data"; + User = "weewx"; + Group = "weewx"; + ExecStart = "${pkg}/bin/weewxd --config=${config.age.secrets.weewx-config.path}"; + }; + }; + + systemd.tmpfiles.rules = [ + "d ${home} 0755 weewx weewx" + "d ${home}/data 0755 weewx weewx" + "d ${home}/data/db 0750 weewx weewx" + "d ${home}/data/html 0755 weewx weewx" + "d ${home}/data/html/wdc 0755 weewx weewx" + "d ${home}/overlay 750 weewx weewx" + "d ${home}/overlay/upper 750 weewx weewx" + "d ${home}/overlay/upper/skins 750 weewx weewx" + "d ${home}/overlay/upper/skins/weewx-wdc 750 weewx weewx" + "d ${home}/overlay/work 750 weewx weewx" + "d ${home}/weewx-data 750 weewx weewx" + ]; + + users.users.weewx = { + group = "weewx"; + isSystemUser = true; + inherit home; + uid = 421; + }; + + users.groups.weewx = { gid = 421; }; + + fileSystems.weewx-data = { + fsType = "overlay"; + mountPoint = "${home}/weewx-data"; + + overlay = { + lowerdir = [ "${pkg}/home/weewx-data" ]; + upperdir = "${home}/overlay/upper"; + workdir = "${home}/overlay/work"; + }; + }; + + # Dependencies + + i18n.supportedLocales = [ + "C.UTF-8/UTF-8" + "en_US.UTF-8/UTF-8" + "de_DE.UTF-8/UTF-8" + ]; + + services.mosquitto.listeners = [ + { + address = "0.0.0.0"; + port = 1883; + + settings = { + protocol = "mqtt"; + }; + + users = { + weewx-proxy = { + hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path; + acl = [ "write weewx/+" ]; + }; + + weewx = { + hashedPasswordFile = config.age.secrets.mosquitto-password-weewx.path; + acl = [ "read weewx/+" "write weather/+" ]; + }; + }; + } + { + address = "127.0.0.1"; + port = 9883; + + settings = { + protocol = "websockets"; + allow_anonymous = true; + }; + + acl = [ "topic read weather/+" ]; + } + ]; + + networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ 1883 ]; + + services.nginx.virtualHosts."${secret.container.weewx.hostname}" = { + quic = true; + http3 = true; + kTLS = true; + + root = "${home}/data/html/wdc"; + forceSSL = true; + useACMEHost = "kempkens.io"; + + extraConfig = '' + index index.html; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + ''; + + locations = { + "~* \.html$".extraConfig = '' + expires modified 120s; + ''; + + "~* \.(js|css)$".extraConfig = '' + expires 1h; + ''; + + "/mqtt" = { + recommendedProxySettings = true; + proxyPass = "http://127.0.0.1:9883"; + proxyWebsockets = true; + }; + }; + }; +}