fix(owntracks): add secret to owntracks-recorder

And fix `secrets/mqtt/owntracks.age`.
2022-05-30 01:43:22 +02:00 · 2022-05-30 01:43:22 +02:00 · 62bc964785
parent 6efc9cea3f
commit 62bc964785
6 changed files with 19 additions and 19 deletions
--- a/secrets/mqtt/owntracks-plain.age
+++ b/secrets/mqtt/owntracks-plain.age
@ -1,11 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 OAZQhA EUCAFvv0lXb1aUeNwfETPZPjnPu2jvfE/Y2oDqWxsS0
 90gepjWnqV1y2fy/fXtseGWoVYZZ7gqotYbRlqwoJkk
 -> ssh-ed25519 lJaKnA 7qZgtht5htf04vvKyS6clUDdDl79XXiz5tfMCADuCng
 XpnIlDH9G/kVKsrRQqvhMq0WzyCKU1uxewBB6+gUl7I
 -> ssh-ed25519 72ij7w VD0nT2Xe1FyS65birBDixk6wGo65X/BbWciIr7RbEmI
 JyjbLeJihjduMjj1s3FwONYLDOtlpgGaLFe6PQyAubw
 -> T-grease
 7dwzA+u7t5WSPe0rR0cptQivYAmlIAd1MRgn5cfyoQ
 --- NPZDG+VU3AvoxqrA86Gk6CNbyGVX3yeT/+ZTymgwKVs
 »äñ™ýûáÏ¬ÕVÆ }$•æÍ`Z¨$¬6~Í‚ÂÈ!Ê„s“Gš½Rüh<1F>¡mEíS[{éóTÏ§
--- a/secrets/mqtt/owntracks.age
+++ b/secrets/mqtt/owntracks.age
--- a/secrets/owntracks/recorder.env.age
+++ b/secrets/owntracks/recorder.env.age
@ -0,0 +1,13 @@
 age-encryption.org/v1
 -> ssh-ed25519 OAZQhA Qnhjg0aiCjjpq5S9uUqZUamO6lX0aoNutCYgqh0vbBI
 ZGEbJUs9WsQKgb4F13QYGgFvYXBTCCpxfMiAadz3l4g
 -> ssh-ed25519 lJaKnA jOejc7Gj3MrwLY5xOCZh8hJjQ3+bY8ZOhRipLu20TCc
 fyXQHrrYzAQTDc0VGTDw5tc9Sl/KoS7bVsmOKmxXUcE
 -> ssh-ed25519 72ij7w E4hDPtzBc5TA9di+fDx6wZ8DVfT38jffoToijv5SLB0
 /KNjXHUZKtA90H1xWc30vvhXB/lKmOXA5UC7yG4c5mE
 -> 9zk}K-grease kS{7C :,4?G Y7kE pX
 9AqBHJDka8OWGDWlxoe/+KNygaTB4NyTVy/NTnhywmebFLmWCFKjcQPB1v5HJf9E
 te6IjpnLvwI5wrW48Q
 --- vVz2GKYi4Q2ChGi0QjHVZgN2B8I8srC4DWwiH8zh0N0
 ]¦B{¼0Û@fèE5¿þ„eøƒ[¥õÅd¢GúžšW)<29>SEŽŠûJð:Œ,¥?´¶žDíKeþ7nU
 À¼5Ò6‘jæ<EFBFBD>)@—~Ç›
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -20,8 +20,8 @@ in {
  "mqtt/hass.age".publicKeys = [ felschr home-pc home-server ];
  "mqtt/tasmota.age".publicKeys = [ felschr home-pc home-server ];
  "mqtt/owntracks.age".publicKeys = [ felschr home-pc home-server ];
  "mqtt/owntracks-plain.age".publicKeys = [ felschr home-pc home-server ];
  "cloudflare.age".publicKeys = [ felschr home-pc home-server ];
  "owntracks/recorder.env.age".publicKeys = [ felschr home-pc home-server ];
  "owntracks/htpasswd.age".publicKeys = [ felschr home-pc home-server ];
  "etebase-server.age".publicKeys = [ felschr home-pc home-server ];
  "miniflux.age".publicKeys = [ felschr home-pc home-server ];
--- a/services/mosquitto.nix
+++ b/services/mosquitto.nix
@ -17,7 +17,6 @@ in {
    mqtt-hass = mkSecret ../secrets/mqtt/hass.age;
    mqtt-tasmota = mkSecret ../secrets/mqtt/tasmota.age;
    mqtt-owntracks = mkSecret ../secrets/mqtt/owntracks.age;
    mqtt-owntracks-plain = mkSecret ../secrets/mqtt/owntracks-plain.age;
  };
  services.nginx = {
--- a/services/owntracks.nix
+++ b/services/owntracks.nix
@ -6,6 +6,8 @@ let
    window.owntracks.config = {};
  '';
 in {
  age.secrets.owntracks-recorder-env.file =
    ../secrets/owntracks/recorder.env.age;
  age.secrets.owntracks-htpasswd.file = ../secrets/owntracks/htpasswd.age;
  virtualisation.oci-containers.containers = {
@ -18,18 +20,15 @@ in {
        OTR_HOST = "localhost";
        OTR_PORT = "1883";
        OTR_USER = "owntracks";
        OTR_PASS = ""; # TODO
      };
      # provide OTR_PASS
      environmentFiles = [ config.age.secrets.owntracks-recorder-env.path ];
      # easypi/ot-recorder-arm uses different store location
      # volumes = [ "/var/lib/owntracks/recorder/store:/store" ];
      volumes = [
        "/var/lib/owntracks/recorder/store:/var/spool/owntracks/recorder/store"
      ];
-      extraOptions = [
+      extraOptions = [ "--network=host" ];
        # TODO systemd doesn't substitute variables because it doesn't run in a shell
        # "-e OTR_PASS=\"$(cat ${config.age.secrets.mqtt-owntracks-plain.path})\""
        "--network=host"
      ];
    };
    owntracks-frontend = {