diff --git a/modules/system/default.nix b/modules/system/default.nix index bde223f..756d29d 100644 --- a/modules/system/default.nix +++ b/modules/system/default.nix @@ -9,7 +9,7 @@ ./cloudreve.nix ./do-agent.nix ./element-web.nix - ./fieldseeker-sync.nix + ./fieldseeker-sync ./fish.nix ./librechat.nix ./openssh.nix diff --git a/modules/system/fieldseeker-sync.nix b/modules/system/fieldseeker-sync/default.nix similarity index 69% rename from modules/system/fieldseeker-sync.nix rename to modules/system/fieldseeker-sync/default.nix index 716b85f..893ed64 100644 --- a/modules/system/fieldseeker-sync.nix +++ b/modules/system/fieldseeker-sync/default.nix @@ -4,24 +4,37 @@ let src = pkgs.callPackage (pkgs.fetchFromGitHub { owner = "Gleipnir-Technology"; repo = "fieldseeker-sync"; - rev = "2aa2d37e1ccd9471d332d36042fb0b1edd89d08f"; - sha256 = "sha256-Sa69TONC+EJW9/SmbrimJptnqmxQc1uh2NfY9UuD7e0="; + rev = "ecc408d09e7769dc43cd6a01c09c8d00255802bf"; + sha256 = "sha256-hPdtf78PlkMCXZC3fG7Q7ZVM8moYlwbVnkElR5yx6yA="; }) { }; in { options.myModules.fieldseeker-sync.enable = mkEnableOption "custom fieldseeker-sync configuration"; config = mkIf config.myModules.fieldseeker-sync.enable { + environment.etc."fieldseeker-sync.toml" = { + group = "fieldseeker-sync"; + source = ./fieldseeker-sync.toml; + user = "fieldseeker-sync"; + }; environment.systemPackages = [ src ]; - services.postgresql.enable = true; + services.postgresql = { + enable = true; + ensureDatabases = [ "fieldseeker-sync" ]; + ensureUsers = [{ + ensureClauses.login = true; + ensureDBOwnership = true; + name = "fieldseeker-sync"; + }]; + }; sops.secrets.fieldseeker-sync-env = { format = "dotenv"; group = "fieldseeker-sync"; mode = "0440"; owner = "fieldseeker-sync"; restartUnits = ["fieldseeker-sync.service"]; - sopsFile = ../../secrets/fieldseeker-sync.env; + sopsFile = ../../../secrets/fieldseeker-sync.env; }; systemd.services.fieldseeker-sync = { after=["network.target" "network-online.target"]; diff --git a/modules/system/fieldseeker-sync/fieldseeker-sync.toml b/modules/system/fieldseeker-sync/fieldseeker-sync.toml new file mode 100644 index 0000000..7759623 --- /dev/null +++ b/modules/system/fieldseeker-sync/fieldseeker-sync.toml @@ -0,0 +1,5 @@ +[database] +url = "postgres://fieldseeker:letmein@127.0.0.1:5432/fieldseeker" + +[userfiles] +directory = "/opt/fieldseeker-sync" diff --git a/secrets/fieldseeker-sync.env b/secrets/fieldseeker-sync.env index 2c44254..267ff19 100644 --- a/secrets/fieldseeker-sync.env +++ b/secrets/fieldseeker-sync.env @@ -2,6 +2,9 @@ FIELDSEEKER_SYNC_ARCGIS_TOKEN=ENC[AES256_GCM,data:2nGMctSAu2vtjxArncKBN5ko2mz1De FIELDSEEKER_SYNC_ARCGIS_TENANTID=ENC[AES256_GCM,data:Zc3qodyvIvG49pbTe0DRfmZT,iv:0kLZXrwkmXjd65ZWcP6K39oVDHlkB8KE3AC91p/xsCo=,tag:374VpZWprTsmMGgJnjiHmQ==,type:str] FIELDSEEKER_SYNC_ARCGIS_SERVICEROOT=ENC[AES256_GCM,data:zZsg/B9ZdMQybxTGeQa55ZLJCMFau6Ephz8Dtgjd,iv:45mC2/kBS6Yf6CRy+4WH+8wuG0A1c/3OBNU4rpzGbtA=,tag:JHC0oHJnhR6H7VO2CgPnXA==,type:str] FIELDSEEKER_SYNC_ARCGIS_FIELDSEEKERSERVICE=ENC[AES256_GCM,data:OFIYNlq2d7lDXp5vsoB7Sw==,iv:K7FB0pqc55PBsmeLmQZysXksyscYbZkDBVTJfX2faYM=,tag:woTG5DQOOQvPwirwz7wfYg==,type:str] +FIELDSEEKER_SYNC_DATABASE_URL=ENC[AES256_GCM,data:3VvsXW6eSIRKV04hW0eIlwB73/2pNLFpqZQgjH2VYwy+9XKmFuVzWq5gs43vFWumzNt3nSXplgE=,iv:H2YwilwJ0+taW3/KqmG8ZkuyRjNW1XbCL1i6vxxP/38=,tag:a2TRIlOIlhUKqEy+J+tanw==,type:str] +FIELDSEEKER_SYNC_USERFILES_DIRECTORY=ENC[AES256_GCM,data:vYCnRcmRLFo/jD72ENjLRSa8s6kYB78=,iv:LycJvFSAbTscLZvGRMDdWS1E11yb+O6qbzTZiJ8TlNk=,tag:P+OH9M7DdhDahKShGTEgCg==,type:str] +FIELDSEEKER_SYNC_WEBHOOK_SECRET=ENC[AES256_GCM,data:3LL/GRSBYO6zi2jCiKDw/snVPOD5dA86yjGXsIEl+ObcfBmm5jQ=,iv:6z7pjBu3dQPbvPc4SCvKNzG2Fv3ro6FKxB9D9vQU00w=,tag:vaha53IJd0z5ifdssLGmNg==,type:str] sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2aDBVNlFtZURTTjA5TlNF\nbkJzcitOVU0wcmtlWTVKMUoxMXpuNXpiSXk4ClFzeVZUZ01MOTFtYXhwN0FEa09K\nR3VnN2VkWFJxbk9XWmNySjV1SGt2VmcKLS0tIC80cXBFYkRMWXRvU0VJTEk0MGVR\nN1pZd3NvTW9wN2ZsaTdNRG5GdkU0YnMKAPo8196+qeVdJ02stQzbTWDCAJYHiXDe\nAu0F41aqf0oZxV0WcYDJsGXY3JhDmIN9b/HnMOfOlo+kCvmhTO81yw==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_recipient=age1x704pjnueguchkl54ly8w4w26ltys5900v7xnl7w3zlgasus09jszz45t8 sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiMzErWXdVTmp5UVRkbFdl\nTWNFODVuYUdQc0krQ1QrSzNOMXZidTRqM3lnCkVZb2lveXNXUE50L2MxUGdham4x\nVEQ4KzFrQ05oa0Y2Vm9FdkZEQm1VRlEKLS0tIHNWU0ZqZVdSaTk4M3BrMnRqS1B2\nOHNKNWUvRFZwN0NqdlYyVzVZanlOQXcKvEEhTHo3w+tWt5+KbT1V9oD1YxNv9zD7\nkIengTgFISPoO8IR866B/6LPm4rTUzbgfnIFD9JNqMvBlPxt3y8NFA==\n-----END AGE ENCRYPTED FILE-----\n @@ -12,7 +15,7 @@ sops_age__list_3__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb2 sops_age__list_3__map_recipient=age1t3ryfktuhr3cysf49m9q2n8fkjf9ajjjnhztxw9hz8paxgk4lpcq065jge sops_age__list_4__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUjk1K0ppMjIyLzBwT3Vy\nb2pwMmxHT3dQaHYvT1lDZ3lJNWc0bkRrYkhjCjVnNTJBMHJRUXpScUQ1U1dnU1Vr\nSE9xL3p6dUg5QXlIVkhXMWpuTGE5MmsKLS0tIEhlSVp4Wk1nT3ZUTVpBOXZYK0xC\nOXlxcU82WDNpMHBpdkUyNHlta1JGTXMKnMd11f0LvkmON+IYIvdJoM+vwyvQ0H8g\nCEkwR4OGve0MrGqCtt7itRUWThQJ8pVewjNxoX7KRA95K6ZQWM37Hw==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_4__map_recipient=age1j90h7hcp4fctr2xwj4zf9cxuelm43wkujvryc9hk6rzzc37rwdmss035w7 -sops_lastmodified=2025-08-18T20:26:09Z -sops_mac=ENC[AES256_GCM,data:rTOgxLFMSuj/hHT5V0sczc5hhjTwMLoeNFV4N+wSU46hk75mlpY7/+C1UaGUCfDYib7XY6sjuBqDccY89erVvnRFDQfoeZCOw/uQe1hfANT+mNLOpsVtN3MzIefvwRm4uMVCmpEZDZ3seSHXM8qfyNPAUgkCuNTZeM5vsfRQBDw=,iv:HKGYeLhI0mX2xx2RO1pquFdevxMeh14TOByRMLej7x8=,tag:mHHxKSXXGQ1Q/qdvnDDNAg==,type:str] +sops_lastmodified=2025-08-18T21:25:11Z +sops_mac=ENC[AES256_GCM,data:en7Rr8aJX0OqWyL0BI47LaQGFKtl9HSqByLKHgRJccN3bhbKhSGNnKipd32Bf99ZtEfdfo+GT9VD/rOhxoJgntDwBd4cLy+sj/VeEMnKoNxiYvL3Ym2Z/vW6Jt623rs+dmzxeaYm+HG9og/jHEVsyBBk5FHudxpniiwHltVaR0g=,iv:aBv5wI9+X/um8MfaxonTq9rSJ2LkMxITZbZQqHPRaK0=,tag:oD5dZbrdhL4zLviwSuw2Ew==,type:str] sops_unencrypted_suffix=_unencrypted sops_version=3.10.2