diff --git a/configuration.nix b/configuration.nix index 3c0fdf6..79f0159 100644 --- a/configuration.nix +++ b/configuration.nix @@ -73,8 +73,6 @@ ./services/harmonia.nix ./services/ddns-updater.nix - - ./services/traccar.nix ]; # Hosts entries for CI/CD deploy targets diff --git a/service-configs.nix b/service-configs.nix index 6623924..4cb200d 100644 --- a/service-configs.nix +++ b/service-configs.nix @@ -197,14 +197,6 @@ rec { port = 5500; proto = "tcp"; }; - traccar_web = { - port = 8082; - proto = "tcp"; - }; - traccar_tracking = { - port = 5056; - proto = "tcp"; - }; }; }; @@ -338,10 +330,6 @@ rec { dataDir = services_dir + "/trilium"; }; - traccar = { - domain = "traccar.${https.domain}"; - }; - media = { moviesDir = torrents_path + "/media/movies"; tvDir = torrents_path + "/media/tv"; diff --git a/services/traccar.nix b/services/traccar.nix deleted file mode 100644 index 36f7b71..0000000 --- a/services/traccar.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ - pkgs, - service_configs, - lib, - ... -}: -{ - imports = [ - (lib.serviceMountWithZpool "traccar" service_configs.zpool_ssds [ - "/var/lib/traccar" - ]) - (lib.serviceFilePerms "traccar" [ - "Z /var/lib/traccar 0700 traccar traccar" - ]) - ]; - - users.users.traccar = { - isSystemUser = true; - group = "traccar"; - home = "/var/lib/traccar"; - description = "Traccar GPS Tracking"; - }; - users.groups.traccar = { }; - - # PostgreSQL database (auto-created, peer auth via Unix socket) - services.postgresql = { - ensureDatabases = [ "traccar" ]; - ensureUsers = [ - { - name = "traccar"; - ensureDBOwnership = true; - } - ]; - }; - - services.traccar = { - enable = true; - - # The JDBC URL contains '$' (Java inner class) and '&' (query param - # separator) which break the NixOS module's XML generator + envsubst. - # Route it through environmentFile so envsubst replaces $TRACCAR_DB_URL - # with the literal value, and use & for valid XML (the XML parser - # decodes it back to & for JDBC). - environmentFile = pkgs.writeText "traccar-db-env" '' - TRACCAR_DB_URL=jdbc:postgresql:///traccar?socketFactory=org.newsclub.net.unix.AFUNIXSocketFactory$FactoryArg&socketFactoryArg=${service_configs.postgres.socket}/.s.PGSQL.5432 - ''; - - settings = { - web.port = toString service_configs.ports.private.traccar_web.port; - - # PostgreSQL via Unix socket (peer auth, junixsocket is bundled) - database = { - driver = "org.postgresql.Driver"; - url = "$TRACCAR_DB_URL"; - user = "traccar"; - password = ""; - }; - - # Only enable OsmAnd protocol (phone app). Prevents Traccar from - # opening 200+ default protocol ports that conflict with other services. - protocols.enable = "osmand"; - osmand.port = toString service_configs.ports.private.traccar_tracking.port; - }; - }; - - # Disable DynamicUser so we can use peer auth with PostgreSQL - systemd.services.traccar = { - after = [ "postgresql.service" ]; - requires = [ "postgresql.service" ]; - serviceConfig = { - DynamicUser = lib.mkForce false; - User = "traccar"; - Group = "traccar"; - }; - }; - - # Route tracking requests (OsmAnd protocol) through Caddy for TLS. - # The phone app connects via HTTPS instead of a separate plain port. - services.caddy.virtualHosts."${service_configs.traccar.domain}".extraConfig = '' - @tracking query id=* - reverse_proxy @tracking :${toString service_configs.ports.private.traccar_tracking.port} - reverse_proxy :${toString service_configs.ports.private.traccar_web.port} - ''; -}