From eb7f79456e7010aeaf9ced9c9c86cf56982b8a06 Mon Sep 17 00:00:00 2001
From: Felix Tenley <dev@felschr.com>
Date: Wed, 2 Dec 2020 10:33:12 +0100
Subject: [PATCH] feat(rpi4): add owntracks config

---
 rpi4.nix               |  1 +
 services/owntracks.nix | 57 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 58 insertions(+)
 create mode 100644 services/owntracks.nix

diff --git a/rpi4.nix b/rpi4.nix
index 7e4d73d..978c3dd 100644
--- a/rpi4.nix
+++ b/rpi4.nix
@@ -10,6 +10,7 @@ with builtins; {
     ./services/syncthing/rpi4.nix
     ./services/jellyfin.nix
     ./services/home-assistant.nix
+    ./services/owntracks.nix
   ];
 
   nixpkgs.config.allowUnfree = true;
diff --git a/services/owntracks.nix b/services/owntracks.nix
new file mode 100644
index 0000000..c2c62e0
--- /dev/null
+++ b/services/owntracks.nix
@@ -0,0 +1,57 @@
+{ config, pkgs, ... }:
+
+let
+  frontend-config = builtins.toFile "owntracks-frontend-config.js" ''
+    window.owntracks = window.owntracks || {};
+    window.owntracks.config = {};
+  '';
+in {
+  virtualisation.oci-containers.containers = {
+    owntracks-recorder = {
+      # official image does not support aarch64
+      # image = "owntracks/recorder";
+      image = "easypi/ot-recorder-arm";
+      ports = [ "8083:8083" ];
+      environment = {
+        OTR_HOST = "localhost";
+        OTR_PORT = "1883";
+        OTR_USER = "owntracks";
+        OTR_PASS = ""; # TODO
+      };
+      # easypi/ot-recorder-arm uses different store location
+      # volumes = [ "/var/lib/owntracks/recorder/store:/store" ];
+      volumes = [ "/var/lib/owntracks/recorder/store:/var/spool/owntracks/recorder/store" ];
+      extraOptions = [
+        # TODO systemd doesn't substitute variables because it doesn't run in a shell
+        # "-e OTR_PASS=\"$(cat /etc/nixos/secrets/mqtt/owntracks-plain)\""
+        "--network=host"
+      ];
+    };
+
+    owntracks-frontend = {
+      image = "owntracks/frontend";
+      ports = [ "8085:8085" ];
+      environment = {
+        SERVER_HOST = "localhost";
+        SERVER_PORT = "8083";
+        LISTEN_PORT = "8085";
+      };
+      volumes = [
+        "${frontend-config}:/usr/share/nginx/html/config/config.js"
+      ];
+      extraOptions = [ "--network=host" ];
+    };
+  };
+
+  services = {
+    nginx = {
+      virtualHosts."owntracks.felschr.com" = {
+        enableACME = true;
+        forceSSL = true;
+        locations."/".proxyPass = "http://localhost:8085";
+        basicAuthFile = "/etc/nixos/secrets/owntracks/htpasswd";
+      };
+    };
+  };
+
+}