traccar: use postgresql via unix socket
Some checks failed
Build and Deploy / deploy (push) Failing after 59s
Some checks failed
Build and Deploy / deploy (push) Failing after 59s
This commit is contained in:
@@ -6,10 +6,10 @@
|
||||
{
|
||||
imports = [
|
||||
(lib.serviceMountWithZpool "traccar" service_configs.zpool_ssds [
|
||||
"/var/lib/private/traccar"
|
||||
"/var/lib/traccar"
|
||||
])
|
||||
(lib.serviceFilePerms "traccar" [
|
||||
"Z /var/lib/private/traccar 0700 root root"
|
||||
"Z /var/lib/traccar 0700 traccar traccar"
|
||||
])
|
||||
(lib.mkCaddyReverseProxy {
|
||||
subdomain = "traccar";
|
||||
@@ -17,11 +17,38 @@
|
||||
})
|
||||
];
|
||||
|
||||
users.users.traccar = {
|
||||
isSystemUser = true;
|
||||
group = "traccar";
|
||||
home = "/var/lib/traccar";
|
||||
description = "Traccar GPS Tracking";
|
||||
};
|
||||
users.groups.traccar = { };
|
||||
|
||||
# PostgreSQL database (auto-created, peer auth via Unix socket)
|
||||
services.postgresql = {
|
||||
ensureDatabases = [ "traccar" ];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "traccar";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
services.traccar = {
|
||||
enable = true;
|
||||
settings = {
|
||||
web.port = toString service_configs.ports.private.traccar_web.port;
|
||||
|
||||
# PostgreSQL via Unix socket (peer auth, junixsocket is bundled)
|
||||
database = {
|
||||
driver = "org.postgresql.Driver";
|
||||
url = "jdbc:postgresql:///traccar?socketFactory=org.newsclub.net.unix.AFUNIXSocketFactory$FactoryArg&socketFactoryArg=${service_configs.postgres.socket}/.s.PGSQL.5432";
|
||||
user = "traccar";
|
||||
password = "";
|
||||
};
|
||||
|
||||
# Only enable OsmAnd protocol (phone app). Prevents Traccar from
|
||||
# opening 200+ default protocol ports that conflict with other services.
|
||||
protocols.enable = "osmand";
|
||||
@@ -29,6 +56,17 @@
|
||||
};
|
||||
};
|
||||
|
||||
# Disable DynamicUser so we can use peer auth with PostgreSQL
|
||||
systemd.services.traccar = {
|
||||
after = [ "postgresql.service" ];
|
||||
requires = [ "postgresql.service" ];
|
||||
serviceConfig = {
|
||||
DynamicUser = lib.mkForce false;
|
||||
User = "traccar";
|
||||
Group = "traccar";
|
||||
};
|
||||
};
|
||||
|
||||
# OsmAnd tracking port must be reachable from the internet for the phone app
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
service_configs.ports.public.traccar_tracking.port
|
||||
|
||||
Reference in New Issue
Block a user