Add goatcounter.

common/services/goatcounter.nix

@@ -0,0 +1,45 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib) mkEnableOption mkIf mkOption;
+
+  cfg = config.foehammer.services.goatcounter;
+in {
+  options.foehammer.services.goatcounter = {
+    enable = mkEnableOption "Enable goatcounter server";
+
+    port = mkOption {
+      type = lib.types.port;
+      default = 8223;
+      description = ''
+        What external port to serve over.
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    users.users.goatcounter = {
+      isSystemUser = true;
+      createHome = true;
+      group = "goatcounter";
+    };
+    users.groups.goatcounter = {};
+
+    systemd.services.goatcounter = {
+      serviceConfig = {
+        User = "goatcounter";
+        DynamicUser = lib.mkForce false;
+      };
+    };
+
+    services.goatcounter = {
+      enable = true;
+      proxy = true;
+      address = "0.0.0.0";
+      port = cfg.port;
+    };
+  };
+}

machines/lebesgue/config/configuration.nix

@@ -10,6 +10,10 @@
       hashedPasswordFile = config.sops.secrets.admin-password.path;
     };
 
+    services.goatcounter = {
+      enable = true;
+    };
+
     services.vaultwarden = {
       enable = true;
       domain = "https://passwords.foehammer.me";

machines/lebesgue/config/routing.nix

@@ -13,6 +13,11 @@
           reverse_proxy :${toString config.foehammer.services.authelia.port}
         '';
       };
+      "goatcounter.foehammer.me" = {
+        extraConfig = ''
+          reverse_proxy :${toString config.foehammer.services.goatcounter.port}
+        '';
+      };
     };
   };
 }

machines/lebesgue/config/state.nix

@@ -5,6 +5,7 @@
     directories = [
       "/var/cache/restic-backups-s3"
       "/var/lib/tailscale"
+      "/var/lib/goatcounter"
       "/var/log"
       "/var/lib/nixos"
       "/var/lib/docker"