From 1a64deeb894dc95e2645a75771732c6cc53a79ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Wed, 4 Oct 2023 01:35:06 +0200
Subject: Squash changes containing private information

There were a lot of changes since the previous commit, but a lot of them
contained personnal information about users. All thos changes got
stashed into a single commit (history is kept in a different place) and
private information was moved in a separate private repository
---
 systems/eldiron/websites/stats/default.nix | 51 ++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 systems/eldiron/websites/stats/default.nix

(limited to 'systems/eldiron/websites/stats')

diff --git a/systems/eldiron/websites/stats/default.nix b/systems/eldiron/websites/stats/default.nix
new file mode 100644
index 0000000..665010b
--- /dev/null
+++ b/systems/eldiron/websites/stats/default.nix
@@ -0,0 +1,51 @@
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.myServices.websites.tools.stats;
+  myCfg = config.myEnv.tools.umami;
+in
+{
+  options.myServices.websites.tools.stats.enable = lib.mkEnableOption "Enable stats site";
+  config = lib.mkIf cfg.enable {
+    secrets.keys = {
+      "uami/env" = {
+        permission = "0400";
+        text = ''
+          PORT=${toString myCfg.listenPort}
+          HOSTNAME=127.0.0.1
+          DATABASE_URL=postgresql://${myCfg.postgresql.user}:${myCfg.postgresql.password}@localhost:${myCfg.postgresql.port}/${myCfg.postgresql.database}?sslmode=disable&host=${myCfg.postgresql.socket}
+          HASH_SALT=${myCfg.hashSalt}
+        '';
+      };
+    };
+
+    security.acme.certs.eldiron.extraDomainNames = [ "stats.immae.eu" ];
+    services.websites.env.tools.vhostConfs.stats = {
+      certName = "eldiron";
+      hosts = [ "stats.immae.eu" ];
+      root = null;
+      extraConfig = [
+        ''
+          ProxyPass / http://localhost:${toString myCfg.listenPort}/
+          ProxyPassReverse / http://localhost:${toString myCfg.listenPort}/
+          ProxyPreserveHost On
+        ''
+      ];
+    };
+    systemd.services.umami = {
+      description = "Umami service";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      wants = [ "postgresql.service" ];
+      path = [ pkgs.nodejs pkgs.bashInteractive ];
+      serviceConfig = {
+        Type = "simple";
+        User = "umami";
+        Group = "umami";
+        DynamicUser = true;
+        SupplementaryGroups = [ "keys" ];
+        ExecStart = "${pkgs.umami}/bin/umami";
+        EnvironmentFile = config.secrets.fullPaths."umami/env";
+      };
+    };
+  };
+}
-- 
cgit v1.2.3