fix(owntracks): add secret to owntracks-recorder

And fix `secrets/mqtt/owntracks.age`.
2022-05-30 01:43:22 +02:00 · 2022-05-30 01:43:22 +02:00 · 62bc964785
commit 62bc964785
parent 6efc9cea3f
6 changed files with 19 additions and 19 deletions
--- a/services/mosquitto.nix
+++ b/services/mosquitto.nix
@ -17,7 +17,6 @@ in {
    mqtt-hass = mkSecret ../secrets/mqtt/hass.age;
    mqtt-tasmota = mkSecret ../secrets/mqtt/tasmota.age;
    mqtt-owntracks = mkSecret ../secrets/mqtt/owntracks.age;
-    mqtt-owntracks-plain = mkSecret ../secrets/mqtt/owntracks-plain.age;
  };

  services.nginx = {
--- a/services/owntracks.nix
+++ b/services/owntracks.nix
@ -6,6 +6,8 @@ let
    window.owntracks.config = {};
  '';
 in {
+  age.secrets.owntracks-recorder-env.file =
+    ../secrets/owntracks/recorder.env.age;
  age.secrets.owntracks-htpasswd.file = ../secrets/owntracks/htpasswd.age;

  virtualisation.oci-containers.containers = {
@ -18,18 +20,15 @@ in {
        OTR_HOST = "localhost";
        OTR_PORT = "1883";
        OTR_USER = "owntracks";
-        OTR_PASS = ""; # TODO
      };
+      # provide OTR_PASS
+      environmentFiles = [ config.age.secrets.owntracks-recorder-env.path ];
      # easypi/ot-recorder-arm uses different store location
      # volumes = [ "/var/lib/owntracks/recorder/store:/store" ];
      volumes = [
        "/var/lib/owntracks/recorder/store:/var/spool/owntracks/recorder/store"
      ];
-      extraOptions = [
-        # TODO systemd doesn't substitute variables because it doesn't run in a shell
-        # "-e OTR_PASS=\"$(cat ${config.age.secrets.mqtt-owntracks-plain.path})\""
-        "--network=host"
-      ];
+      extraOptions = [ "--network=host" ];
    };

    owntracks-frontend = {