diff --git a/configuration.nix b/configuration.nix index 79f0159..3c0fdf6 100644 --- a/configuration.nix +++ b/configuration.nix @@ -73,6 +73,8 @@ ./services/harmonia.nix ./services/ddns-updater.nix + + ./services/traccar.nix ]; # Hosts entries for CI/CD deploy targets diff --git a/service-configs.nix b/service-configs.nix index 4cb200d..77fecca 100644 --- a/service-configs.nix +++ b/service-configs.nix @@ -68,6 +68,10 @@ rec { port = 64738; proto = "both"; }; + traccar_tracking = { + port = 5056; + proto = "tcp"; + }; }; # Ports bound to localhost / VPN only. The flake asserts none of @@ -197,6 +201,10 @@ rec { port = 5500; proto = "tcp"; }; + traccar_web = { + port = 8082; + proto = "tcp"; + }; }; }; @@ -330,6 +338,10 @@ rec { dataDir = services_dir + "/trilium"; }; + traccar = { + domain = "traccar.${https.domain}"; + }; + media = { moviesDir = torrents_path + "/media/movies"; tvDir = torrents_path + "/media/tv"; diff --git a/services/traccar.nix b/services/traccar.nix new file mode 100644 index 0000000..4c43aa2 --- /dev/null +++ b/services/traccar.nix @@ -0,0 +1,36 @@ +{ + service_configs, + lib, + ... +}: +{ + imports = [ + (lib.serviceMountWithZpool "traccar" service_configs.zpool_ssds [ + "/var/lib/private/traccar" + ]) + (lib.serviceFilePerms "traccar" [ + "Z /var/lib/private/traccar 0700 root root" + ]) + (lib.mkCaddyReverseProxy { + subdomain = "traccar"; + port = service_configs.ports.private.traccar_web.port; + }) + ]; + + services.traccar = { + enable = true; + settings = { + web.port = toString service_configs.ports.private.traccar_web.port; + + # Only enable OsmAnd protocol (phone app). Prevents Traccar from + # opening 200+ default protocol ports that conflict with other services. + protocols.enable = "osmand"; + osmand.port = toString service_configs.ports.public.traccar_tracking.port; + }; + }; + + # OsmAnd tracking port must be reachable from the internet for the phone app + networking.firewall.allowedTCPPorts = [ + service_configs.ports.public.traccar_tracking.port + ]; +}