diff --git a/modules/system/fieldseeker-sync.nix b/modules/system/fieldseeker-sync.nix index f553cbc..73386fe 100644 --- a/modules/system/fieldseeker-sync.nix +++ b/modules/system/fieldseeker-sync.nix @@ -4,8 +4,8 @@ let src = pkgs.callPackage (pkgs.fetchFromGitHub { owner = "Gleipnir-Technology"; repo = "fieldseeker-sync"; - rev = "ecc408d09e7769dc43cd6a01c09c8d00255802bf"; - sha256 = "sha256-hPdtf78PlkMCXZC3fG7Q7ZVM8moYlwbVnkElR5yx6yA="; + rev = "0.0.2"; + sha256 = "sha256-gLtHQn/5AK5SOT4vs3I/CrO+59dZFwEjuUbc4Aknr8k="; }) { }; in { options.myModules.fieldseeker-sync.enable = mkEnableOption "custom fieldseeker-sync configuration"; @@ -17,6 +17,9 @@ in { services.caddy.virtualHosts."deltamvcd.nidus.cloud".extraConfig = '' reverse_proxy http://127.0.0.1:3000 ''; + services.caddy.virtualHosts."gleipnir.nidus.cloud".extraConfig = '' + reverse_proxy http://127.0.0.1:3001 + ''; services.postgresql = { enable = true; ensureDatabases = [ "fieldseeker-sync" ]; @@ -34,6 +37,14 @@ in { restartUnits = ["fieldseeker-sync.service"]; sopsFile = ../../secrets/fieldseeker-sync.env; }; + sops.secrets.fieldseeker-sync-gleipnir-env = { + format = "dotenv"; + group = "fieldseeker-sync"; + mode = "0440"; + owner = "fieldseeker-sync"; + restartUnits = ["fieldseeker-sync-gleipnir.service"]; + sopsFile = ../../secrets/fieldseeker-sync-gleipnir.env; + }; systemd.services.fieldseeker-sync-export = { after=["network.target" "network-online.target"]; description="FieldSeeker sync periodic sync tool"; @@ -50,7 +61,25 @@ in { PrivateTmp = true; WorkingDirectory = "/tmp"; }; - wantedBy = ["timers.target"]; + wantedBy = ["multi-user.target"]; + }; + systemd.services.fieldseeker-sync-gleipnir-export = { + after=["network.target" "network-online.target"]; + description="FieldSeeker sync periodic sync tool"; + requires=["network-online.target"]; + restartIfChanged = false; + stopIfChanged = false; + serviceConfig = { + EnvironmentFile="/var/run/secrets/fieldseeker-sync-gleipnir-env"; + Type = "oneshot"; + User = "fieldseeker-sync"; + Group = "fieldseeker-sync"; + ExecStart = "${src}/bin/full-export"; + TimeoutStopSec = "5s"; + PrivateTmp = true; + WorkingDirectory = "/tmp"; + }; + wantedBy = ["multi-user.target"]; }; systemd.services.fieldseeker-sync-webserver = { after=["network.target" "network-online.target"]; @@ -68,6 +97,22 @@ in { }; wantedBy = ["multi-user.target"]; }; + systemd.services.fieldseeker-sync-gleipnir-webserver = { + after=["network.target" "network-online.target"]; + description="FieldSeeker sync"; + requires=["network-online.target"]; + serviceConfig = { + EnvironmentFile="/var/run/secrets/fieldseeker-sync-gleipnir-env"; + Type = "simple"; + User = "fieldseeker-sync"; + Group = "fieldseeker-sync"; + ExecStart = "${src}/bin/webserver"; + TimeoutStopSec = "5s"; + PrivateTmp = true; + WorkingDirectory = "/tmp"; + }; + wantedBy = ["multi-user.target"]; + }; systemd.timers.fieldseeker-sync-export = { wantedBy = ["timers.target"]; timerConfig = { @@ -76,6 +121,14 @@ in { Unit = "fieldseeker-sync-export.service"; }; }; + systemd.timers.fieldseeker-sync-gleipnir-export = { + wantedBy = ["timers.target"]; + timerConfig = { + OnBootSec = "15m"; + OnUnitActiveSec = "15m"; + Unit = "fieldseeker-sync-gleipnir-export.service"; + }; + }; users.groups.fieldseeker-sync = {}; users.users.fieldseeker-sync = { group = "fieldseeker-sync"; diff --git a/secrets/fieldseeker-sync-gleipnir.env b/secrets/fieldseeker-sync-gleipnir.env new file mode 100644 index 0000000..fbd345c --- /dev/null +++ b/secrets/fieldseeker-sync-gleipnir.env @@ -0,0 +1,22 @@ +FIELDSEEKER_SYNC_ARCGIS_TOKEN=ENC[AES256_GCM,data:2nGMctSAu2vtjxArncKBN5ko2mz1Des4svGTl0RWOevMmg6eoUtoMvgx4zj6MJtWsT4KgbACkVVBO0tQFrcPf9mCeqRRG8STn000AxX33IlDKbxm98xYLWu/tTUZM9Rtm5uPN6ZixX5ppQpLNT6ZNXp6qQJkLAoMZ2aPhVji2T+fThILZ6/jWR+Tb9xmeNdjWCHvl14axJV1fpeBzAAkTP5xkhkg8WIVHTe9NGYu9by75gtbNYkovbUtJkdHS19s/gFLDabRWgX5LM1FxBC5MsjkRilDGiX8Ys/cfPcEny7Y4erdABz5/23wQMJrR/XqANW1Whto/BpBVYJeuxoEetz+B43j9N3GlYHEuAAOXYrrhQ==,iv:xyi8I+/tgsBsAEwNB1Hl74J3K66rLVfM33zxZwz0WBA=,tag:Cf4MYljG/cWylFSc4xAnuA==,type:str] +FIELDSEEKER_SYNC_ARCGIS_TENANTID=ENC[AES256_GCM,data:Zc3qodyvIvG49pbTe0DRfmZT,iv:0kLZXrwkmXjd65ZWcP6K39oVDHlkB8KE3AC91p/xsCo=,tag:374VpZWprTsmMGgJnjiHmQ==,type:str] +FIELDSEEKER_SYNC_ARCGIS_SERVICEROOT=ENC[AES256_GCM,data:zZsg/B9ZdMQybxTGeQa55ZLJCMFau6Ephz8Dtgjd,iv:45mC2/kBS6Yf6CRy+4WH+8wuG0A1c/3OBNU4rpzGbtA=,tag:JHC0oHJnhR6H7VO2CgPnXA==,type:str] +FIELDSEEKER_SYNC_ARCGIS_FIELDSEEKERSERVICE=ENC[AES256_GCM,data:OFIYNlq2d7lDXp5vsoB7Sw==,iv:K7FB0pqc55PBsmeLmQZysXksyscYbZkDBVTJfX2faYM=,tag:woTG5DQOOQvPwirwz7wfYg==,type:str] +FIELDSEEKER_SYNC_DATABASE_URL=ENC[AES256_GCM,data:zKWSaiomQCZhw3FTPEtiAZq4j44WQtsA80aVBIRIlB7EgYHb4DmMRuQ2R8Xl+ifN17/ObZPnCFEGavV9FbjQINg=,iv:3GLaCkDAGL7YNcpdL5UDB0ODxrxCVG4Cm/snFHVQJpw=,tag:UGVye+DCbz/8udnB7sN1Cw==,type:str] +FIELDSEEKER_SYNC_USERFILES_DIRECTORY=ENC[AES256_GCM,data:h0a1UWtgpXGZuBLipXPkkFJBFAs82A9dHSFy45ihjtY=,iv:l7GUFO2vnDxyseMdABOP4tyWqU6xf1kx7biO/9D7/lw=,tag:fpsQ1sbjmnBeTWaNFxAtKw==,type:str] +FIELDSEEKER_SYNC_WEBSERVER_BIND=ENC[AES256_GCM,data:vaYE7zzNnbywlwYoBJcpwQ==,iv:jTnAoIqwSgKwV1HStTh/m6dORtrcSwGSgD61iWad3bs=,tag:rtGojwXoZJXVuHZabIXmFw==,type:str] +FIELDSEEKER_SYNC_WEBHOOK_SECRET=ENC[AES256_GCM,data:3LL/GRSBYO6zi2jCiKDw/snVPOD5dA86yjGXsIEl+ObcfBmm5jQ=,iv:6z7pjBu3dQPbvPc4SCvKNzG2Fv3ro6FKxB9D9vQU00w=,tag:vaha53IJd0z5ifdssLGmNg==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2aDBVNlFtZURTTjA5TlNF\nbkJzcitOVU0wcmtlWTVKMUoxMXpuNXpiSXk4ClFzeVZUZ01MOTFtYXhwN0FEa09K\nR3VnN2VkWFJxbk9XWmNySjV1SGt2VmcKLS0tIC80cXBFYkRMWXRvU0VJTEk0MGVR\nN1pZd3NvTW9wN2ZsaTdNRG5GdkU0YnMKAPo8196+qeVdJ02stQzbTWDCAJYHiXDe\nAu0F41aqf0oZxV0WcYDJsGXY3JhDmIN9b/HnMOfOlo+kCvmhTO81yw==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_0__map_recipient=age1x704pjnueguchkl54ly8w4w26ltys5900v7xnl7w3zlgasus09jszz45t8 +sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiMzErWXdVTmp5UVRkbFdl\nTWNFODVuYUdQc0krQ1QrSzNOMXZidTRqM3lnCkVZb2lveXNXUE50L2MxUGdham4x\nVEQ4KzFrQ05oa0Y2Vm9FdkZEQm1VRlEKLS0tIHNWU0ZqZVdSaTk4M3BrMnRqS1B2\nOHNKNWUvRFZwN0NqdlYyVzVZanlOQXcKvEEhTHo3w+tWt5+KbT1V9oD1YxNv9zD7\nkIengTgFISPoO8IR866B/6LPm4rTUzbgfnIFD9JNqMvBlPxt3y8NFA==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_1__map_recipient=age15y4k929zaj9fdg3vd40pa40tgvrgv9mn22xfummn5zxfmkcw5d0st6prjx +sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLZXh0Rkt6K1h1cGhkYUNa\nem03Y3VZY1JsZGZHbXNFU1lmNUdhbVBXVkJJCk1oVnhmNjJua3doNTRYQld1VjlS\nZG9OUE9sWGxQdnZMZE1DelA5ZENhOUEKLS0tIHRudCs3eXNzVEljTHBVd2NjYVpI\nYmpjbEZMN096VWpxQUhxR1dhTmkrdW8K/jYGghdR8+yIJRutbtxrqN30nOilpheb\nPO0Jwvm542zpu3oz5Z4uGBfApHcZtTH/mhAKJfR6JBXJinJfjDkNQw==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_2__map_recipient=age1kgwk20cc6t68kqj5nhem6swvx6k4e7zjx2xdwy382360h8tdyqrq0nn3gf +sops_age__list_3__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBraUN0Q242cnVuL0Y1U256\ncS9KbmpoemNoUU13c09DZ2VFbnp4bVFJaURnCmdadGlmOE9ycEFKemJYVllLY0s0\nek1ZV2NHSHNTbnl4MkxJZjk2WkVFTUEKLS0tIHZ1UG9ha0Nldi9TbS9rbE1nNmly\nbE1nN2gza245ZVFSbGplUzNHNmJIclkKYQ+pFH1mN4q0eoM/J+bQPFG2cTUK9Agy\nYtEufxWNZP9Iz0ewbW2zYo3Wx22T2bVnQRwo3wJqA+GXnrkHZNKHyQ==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_3__map_recipient=age1t3ryfktuhr3cysf49m9q2n8fkjf9ajjjnhztxw9hz8paxgk4lpcq065jge +sops_age__list_4__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUjk1K0ppMjIyLzBwT3Vy\nb2pwMmxHT3dQaHYvT1lDZ3lJNWc0bkRrYkhjCjVnNTJBMHJRUXpScUQ1U1dnU1Vr\nSE9xL3p6dUg5QXlIVkhXMWpuTGE5MmsKLS0tIEhlSVp4Wk1nT3ZUTVpBOXZYK0xC\nOXlxcU82WDNpMHBpdkUyNHlta1JGTXMKnMd11f0LvkmON+IYIvdJoM+vwyvQ0H8g\nCEkwR4OGve0MrGqCtt7itRUWThQJ8pVewjNxoX7KRA95K6ZQWM37Hw==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_4__map_recipient=age1j90h7hcp4fctr2xwj4zf9cxuelm43wkujvryc9hk6rzzc37rwdmss035w7 +sops_lastmodified=2025-08-23T17:25:46Z +sops_mac=ENC[AES256_GCM,data:3dvQFv+IINOnKDsQa7dGcG4gHax43E9A/EXZ7Yb1zRJe8FmEJytSyFpiF+ObcEAl5kzQIC4vyaDRZShmaHJLOqCunh0XQmFDcC9PObkIMdmHxmsdSkniRU06Pe8VrcUnArGRVSh6lC8TTiArn/uoEBR5k8nsGvv+d/Szn6p9yws=,iv:jmkHbS5qTB8+Oz4Y273OlbunDEc+kLHlUrxokWsIQBY=,tag:/KSzjgBOj1BK9wF14yRofw==,type:str] +sops_unencrypted_suffix=_unencrypted +sops_version=3.10.2