traccar: use postgresql via unix socket

traccar: replace owntracks with traccar
2026-04-12 16:26:46 -04:00 · 2026-04-12 16:15:52 -04:00
3 changed files with 88 additions and 0 deletions
--- a/configuration.nix
+++ b/configuration.nix
@@ -73,6 +73,8 @@
    ./services/harmonia.nix
    ./services/ddns-updater.nix
    ./services/traccar.nix
  ];
  # Hosts entries for CI/CD deploy targets
--- a/service-configs.nix
+++ b/service-configs.nix
@@ -68,6 +68,10 @@ rec {
        port = 64738;
        proto = "both";
      };
      traccar_tracking = {
        port = 5056;
        proto = "tcp";
      };
    };
    # Ports bound to localhost / VPN only. The flake asserts none of
@@ -197,6 +201,10 @@ rec {
        port = 5500;
        proto = "tcp";
      };
      traccar_web = {
        port = 8082;
        proto = "tcp";
      };
    };
  };
@@ -330,6 +338,10 @@ rec {
    dataDir = services_dir + "/trilium";
  };
  traccar = {
    domain = "traccar.${https.domain}";
  };
  media = {
    moviesDir = torrents_path + "/media/movies";
    tvDir = torrents_path + "/media/tv";
--- a/services/traccar.nix
+++ b/services/traccar.nix
@@ -0,0 +1,74 @@
 {
  service_configs,
  lib,
  ...
 }:
 {
  imports = [
    (lib.serviceMountWithZpool "traccar" service_configs.zpool_ssds [
      "/var/lib/traccar"
    ])
    (lib.serviceFilePerms "traccar" [
      "Z /var/lib/traccar 0700 traccar traccar"
    ])
    (lib.mkCaddyReverseProxy {
      subdomain = "traccar";
      port = service_configs.ports.private.traccar_web.port;
    })
  ];
  users.users.traccar = {
    isSystemUser = true;
    group = "traccar";
    home = "/var/lib/traccar";
    description = "Traccar GPS Tracking";
  };
  users.groups.traccar = { };
  # PostgreSQL database (auto-created, peer auth via Unix socket)
  services.postgresql = {
    ensureDatabases = [ "traccar" ];
    ensureUsers = [
      {
        name = "traccar";
        ensureDBOwnership = true;
      }
    ];
  };
  services.traccar = {
    enable = true;
    settings = {
      web.port = toString service_configs.ports.private.traccar_web.port;
      # PostgreSQL via Unix socket (peer auth, junixsocket is bundled)
      database = {
        driver = "org.postgresql.Driver";
        url = "jdbc:postgresql:///traccar?socketFactory=org.newsclub.net.unix.AFUNIXSocketFactory$FactoryArg&socketFactoryArg=${service_configs.postgres.socket}/.s.PGSQL.5432";
        user = "traccar";
        password = "";
      };
      # Only enable OsmAnd protocol (phone app). Prevents Traccar from
      # opening 200+ default protocol ports that conflict with other services.
      protocols.enable = "osmand";
      osmand.port = toString service_configs.ports.public.traccar_tracking.port;
    };
  };
  # Disable DynamicUser so we can use peer auth with PostgreSQL
  systemd.services.traccar = {
    after = [ "postgresql.service" ];
    requires = [ "postgresql.service" ];
    serviceConfig = {
      DynamicUser = lib.mkForce false;
      User = "traccar";
      Group = "traccar";
    };
  };
  # OsmAnd tracking port must be reachable from the internet for the phone app
  networking.firewall.allowedTCPPorts = [
    service_configs.ports.public.traccar_tracking.port
  ];
 }
Author	SHA1	Message	Date
Simon Gardling	39a178d59b	traccar: use postgresql via unix socket Some checks failed Build and Deploy / deploy (push) Failing after 59s	2026-04-12 16:26:46 -04:00
Simon Gardling	932c9c17f2	traccar: replace owntracks with traccar Some checks failed Build and Deploy / deploy (push) Failing after 2m0s	2026-04-12 16:15:52 -04:00