From f3063dd250a8d3e2aa3559d577cfffa59be04b37 Mon Sep 17 00:00:00 2001 From: tux Date: Fri, 14 Nov 2025 14:13:37 +0530 Subject: [PATCH] feat: add umami --- hosts/arcturus/default.nix | 6 +++++- hosts/arcturus/secrets.yaml | 5 +++-- modules/nixos/selfhosted/umami.nix | 32 ++++++++++++++++++++++++++++++ 3 files changed, 40 insertions(+), 3 deletions(-) create mode 100644 modules/nixos/selfhosted/umami.nix diff --git a/hosts/arcturus/default.nix b/hosts/arcturus/default.nix index 5336f84..cd8e32a 100644 --- a/hosts/arcturus/default.nix +++ b/hosts/arcturus/default.nix @@ -19,7 +19,7 @@ ../../modules/nixos/selfhosted/headscale.nix ../../modules/nixos/selfhosted/vaultwarden.nix ../../modules/nixos/selfhosted/gitea.nix - ../../modules/nixos/selfhosted/plausible.nix + ../../modules/nixos/selfhosted/umami.nix ../../modules/nixos/selfhosted/monitoring/grafana.nix ../../modules/nixos/selfhosted/monitoring/loki.nix ../../modules/nixos/selfhosted/monitoring/promtail.nix @@ -97,6 +97,10 @@ aiostreams = { sopsFile = ./secrets.yaml; }; + + umami = { + sopsFile = ./secrets.yaml; + }; }; nixpkgs = { diff --git a/hosts/arcturus/secrets.yaml b/hosts/arcturus/secrets.yaml index 7dc3544..dab586a 100644 --- a/hosts/arcturus/secrets.yaml +++ b/hosts/arcturus/secrets.yaml @@ -12,6 +12,7 @@ cs2_secrets: CS2_RCONPW: ENC[AES256_GCM,data:ZyVeoOngZjxKR/ObYo5yJC1ViCNufuA=,iv:+fJK0sY39V/iH7OjT0AzQq6RefVzLZCDETYcAMFnZNU=,tag:IOhRUQRdffNMXa2cKZvi/w==,type:str] CS2_PW: ENC[AES256_GCM,data:W1Cur7YT1F/+45vmqif2JbpjVURfnfo=,iv:sBNDM2N+QWDAMculBBZtYZcM7ILEfpwkwOd7ErORQhI=,tag:XFsxTUjctZKU38RQUfJ8HQ==,type:str] aiostreams: ENC[AES256_GCM,data:2U2EoRUsKr4OIkqrudmIUEp2bABNlSlNUTzR3vtvTfSJVemIGK31iu0SG8aR4tLSQFEZyhIP9M22zZJVWY5hX1UcMEJ1rmtXnaRjTiurRSpTj76pT9plnrjp0NWDcSWY+uhDrAsEko4oPPJEECTT3qMYLXipnzqpPeWsTrNYiuxmfDPcZw==,iv:tHKbtnLMNfY7B2ssE8x0dri9XhA2M6jIj2KOxOsmG2o=,tag:8hjqmniL/P+PfwfYiAdAwA==,type:str] +umami: ENC[AES256_GCM,data:BJN9VpwknBaX+mz6xjq1GX9epM2bukplraPw67TttnLhM9JTmZiela5oFWZiaGjG3Oss3n4WPsPvhC4m28Ah+TQLCoiDFCFqervk228=,iv:YwbJ2/1hXs5Jbqx1dNj1t4ExFS27PWbA4NT9h8/tyU8=,tag:+R1aRF/TaMSGbLDi9GnYwA==,type:str] sops: age: - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4 @@ -32,7 +33,7 @@ sops: NGprRGVyZ2plWVNrM3drM3JSUjM2L0UKuNk5DqYn2DIfRpY72zDRP5BKoVAXtNv9 uLI//8wc7f4I3uBdARQdpRE1fapY1UOJOn3i0yndrZARPEbdohRK1Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-11-14T07:04:37Z" - mac: ENC[AES256_GCM,data:6fiO+dtyMqVH+KeZerAwjYpK1pwa9bLcSSinA6U/UZa5r8GsVlL2C3Z0edsuqgyC84rYZKF7rbV41earhds2i29RhrfiJUeGdTG04ce3ncWlqHWL8gtyw+wop3FYgC2UYi0IwhLxd8vYQe2XqD6Ml949SsqkKe/taIf7uJ9aDXA=,iv:IlgHvw5XB847ZhFFiy2Vmbm3/zQW6mvVv3VX6pSzh7o=,tag:nqDDq+jAjDP+/QbhOu9JNg==,type:str] + lastmodified: "2025-11-14T08:22:34Z" + mac: ENC[AES256_GCM,data:IiZKrdo500rf0JS2c94u1XiCtIB6QguJr1XKFcPilxN4G7coUJyD8v/z/BDqSyCDbiY6RjRWoyttyi1gzKlj/WQsJh65tbDHTXhk2nPGBoHL4ojnP1a7PYCaRKk64SyBg6vjNWHb0wILc2wu/yvKNfVKX6FtMEGhUcpReoJomAI=,iv:a4hmm47FAHnY2k+YY+WmLUWjpEE+5KwtUxc+Dq6sCMQ=,tag:Rx0yOoiKd2mRx/H5k8Hq8w==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/modules/nixos/selfhosted/umami.nix b/modules/nixos/selfhosted/umami.nix new file mode 100644 index 0000000..7f815f8 --- /dev/null +++ b/modules/nixos/selfhosted/umami.nix @@ -0,0 +1,32 @@ +{ + lib, + config, + ... +}: { + services = { + umami = { + enable = true; + settings = { + APP_SECRET_FILE = config.sops.secrets.umami.path; + PORT = 4645; + }; + createPostgresqlDatabase = true; + }; + + nginx = { + enable = lib.mkForce true; + virtualHosts = { + "umami.tux.rs" = { + forceSSL = true; + useACMEHost = "tux.rs"; + locations = { + "/" = { + proxyPass = "http://localhost:${toString config.services.umami.settings.PORT}"; + proxyWebsockets = true; + }; + }; + }; + }; + }; + }; +}