Add umami

4 files changed, 64 insertions, 0 deletions

diff --git a/modules/private/default.nix b/modules/private/default.nix
index 9f99ed9..0ff5214 100644
--- a/modules/private/default.nix
+++ b/modules/private/default.nix
@@ -101,6 +101,7 @@ set = {
   performanceTool = ./websites/tools/performance;
   toolsTool = ./websites/tools/tools;
   mailTool = ./websites/tools/mail;
+  statsTool = ./websites/tools/stats;
 
   # Games
   codenamesGame = ./websites/tools/games/codenames;
diff --git a/modules/private/environment.nix b/modules/private/environment.nix
index 980b878..719bf8f 100644
--- a/modules/private/environment.nix
+++ b/modules/private/environment.nix
@@ -1193,6 +1193,16 @@ in
               };
             };
           };
+          umami = mkOption {
+            description = "Umami configuration";
+            type = submodule {
+              options = {
+                listenPort = mkOption { type = port; description = "Port to listen to"; };
+                postgresql = mkPsqlOptions "Umami";
+                hashSalt = mkOption { type = str; description = "Hash salt"; };
+              };
+            };
+          };
           yourls = mkOption {
             description = "Yourls configuration";
             type = submodule {
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix
index 07ffc3e..fa9ee8d 100644
--- a/modules/private/websites/default.nix
+++ b/modules/private/websites/default.nix
@@ -317,6 +317,7 @@ in
       tools.performance.enable = true;
       tools.tools.enable = true;
       tools.email.enable = true;
+      tools.stats.enable = false;
 
       games.codenames.enable = true;
       games.terraforming-mars.enable = true;
diff --git a/modules/private/websites/tools/stats/default.nix b/modules/private/websites/tools/stats/default.nix
new file mode 100644
index 0000000..5f184bc
--- /dev/null
+++ b/modules/private/websites/tools/stats/default.nix
@@ -0,0 +1,52 @@
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.myServices.websites.tools.stats;
+  myCfg = config.myEnv.tools.umami;
+in
+{
+  options.myServices.websites.tools.stats.enable = lib.mkEnableOption "Enable stats site";
+  config = lib.mkIf cfg.enable {
+    secrets.keys = [
+      {
+        dest = "umami/env";
+        permission = "0400";
+        text = ''
+          PORT=${toString myCfg.listenPort}
+          HOSTNAME=127.0.0.1
+          DATABASE_URL=postgresql://${myCfg.postgresql.user}:${myCfg.postgresql.password}@localhost:${myCfg.postgresql.port}/${myCfg.postgresql.database}?sslmode=disable&host=${myCfg.postgresql.socket}
+          HASH_SALT=${myCfg.hashSalt}
+        '';
+      }
+    ];
+
+    services.websites.env.tools.vhostConfs.stats = {
+      certName = "eldiron";
+      addToCerts = true;
+      hosts = [ "stats.immae.eu" ];
+      root = null;
+      extraConfig = [
+        ''
+          ProxyPass / http://localhost:${toString myCfg.listenPort}/
+          ProxyPassReverse / http://localhost:${toString myCfg.listenPort}/
+          ProxyPreserveHost On
+        ''
+      ];
+    };
+    systemd.services.umami = {
+      description = "Umami service";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      wants = [ "postgresql.service" ];
+      path = [ pkgs.nodejs pkgs.bashInteractive ];
+      serviceConfig = {
+        Type = "simple";
+        User = "umami";
+        Group = "umami";
+        DynamicUser = true;
+        SupplementaryGroups = [ "keys" ];
+        ExecStart = "${pkgs.umami}/bin/umami";
+        EnvironmentFile = config.secrets.fullPaths."umami/env";
+      };
+    };
+  };
+}