From 4366232f187c1b81676401b1e7d94d01798cffa4 Mon Sep 17 00:00:00 2001
From: sora-ext <sora.ext@helcel.net>
Date: Tue, 12 May 2026 17:45:34 +0200
Subject: [PATCH] Update modules/server/containers/apps/umami.nix

---
 modules/server/containers/apps/umami.nix | 59 +++++++++++++++++++++++-
 1 file changed, 57 insertions(+), 2 deletions(-)

diff --git a/modules/server/containers/apps/umami.nix b/modules/server/containers/apps/umami.nix
index 6d83f94..aaa0240 100644
--- a/modules/server/containers/apps/umami.nix
+++ b/modules/server/containers/apps/umami.nix
@@ -1,3 +1,58 @@
-{...}:{
-    
+{ config, containerCfg, pkgs, lib, builder, name,... }:
+let 
+  serverCfg = config.syscfg.server;
+  
+  # Umami image built from nixpkgs
+  image = pkgs.dockerTools.streamLayeredImage {
+    name = pkgs.umami.name;
+    tag = pkgs.umami.version;
+    contents = [ pkgs.cacert ];
+    config = {
+      # Umami in nixpkgs typically provides a binary or script to start the server
+      Entrypoint = [ "${pkgs.umami}/bin/umami-server" ];
+      ExposedPorts = { "3000/tcp" = {}; };
+      Env = [ "NODE_ENV=production" ];
+    };
+  };
+in {
+  sops = true;
+  db = true;
+  paths = [{
+    path = "${serverCfg.configPath}/umami/";
+    mode = "0444";
+  }];
+
+  containers = {
+    server = builder.mkContainer {
+      subdomain = containerCfg.subdomain;
+      imageStream = image;
+      port = 3000;
+      secret = name;
+      extraEnv = {
+        PORT = "3000";
+        # HOSTNAME = "${containerCfg.subdomain}.${serverCfg.hostDomain}";
+        DATABASE_TYPE = "postgresql";
+        REDIS_URL = "redis://${builder.host}";
+        CLIENT_IP_HEADER = "X-Forwarded-For";
+        BASE_PATH = lib.optionalString (containerCfg.subpath or null != null) "/${containerCfg.subpath}";
+        # DISABLE_LOGIN = "1";#(if serverCfg.containers?authentik then "1" else "0");
+
+      };
+      extraLabels = { 
+        "traefik.http.middlewares.umami-global.plugin.umami-feeder.umamiHost" = "http://umami-server:3000";
+        "traefik.http.middlewares.umami-global.plugin.umami-feeder.umamiUsername" = "admin";
+        "traefik.http.middlewares.umami-global.plugin.umami-feeder.umamiPassword" = "umami";
+        "traefik.http.middlewares.umami-global.plugin.umami-feeder.createNewWebsites" = "true";
+      } // ( if serverCfg.containers?authentik then {
+        "traefik.http.routers.${containerCfg.subdomain}.middlewares" = if serverCfg.containers?authentik then "authentik" else "";
+      } else {});
+      extraOptions = [
+        "--tmpfs=/tmp:rw,noexec,nosuid,size=512m"
+      ];
+      overrides = {
+        cmd = [ "start" ]; # Specific command for the umami binary
+       };
+    };
+  };
+
 }
\ No newline at end of file