]>
Commit | Line | Data |
---|---|---|
1 | { config, pkgs, lib, name, ... }: | |
2 | { | |
3 | options = { | |
4 | myServices.status = { | |
5 | enable = lib.mkOption { | |
6 | type = lib.types.bool; | |
7 | default = false; | |
8 | description = '' | |
9 | Whether to enable status app. | |
10 | ''; | |
11 | }; | |
12 | }; | |
13 | }; | |
14 | config = lib.mkIf config.myServices.status.enable { | |
15 | secrets.keys = [ | |
16 | { | |
17 | dest = "naemon-status/environment"; | |
18 | user = "naemon"; | |
19 | group = "naemon"; | |
20 | permission = "0400"; | |
21 | text = '' | |
22 | TOKENS=${builtins.concatStringsSep " " config.myEnv.monitoring.nrdp_tokens} | |
23 | ''; | |
24 | } | |
25 | ]; | |
26 | services.nginx = { | |
27 | enable = true; | |
28 | recommendedOptimisation = true; | |
29 | recommendedGzipSettings = true; | |
30 | recommendedProxySettings = true; | |
31 | virtualHosts."status.immae.eu" = { | |
32 | useACMEHost = name; | |
33 | forceSSL = true; | |
34 | locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/"; | |
35 | }; | |
36 | }; | |
37 | security.acme2.certs."${name}".extraDomains."status.immae.eu" = null; | |
38 | ||
39 | myServices.certificates.enable = true; | |
40 | networking.firewall.allowedTCPPorts = [ 80 443 ]; | |
41 | systemd.services.naemon-status = { | |
42 | description = "Naemon status"; | |
43 | after = [ "network.target" ]; | |
44 | wantedBy = [ "multi-user.target" ]; | |
45 | ||
46 | serviceConfig = { | |
47 | EnvironmentFile = config.secrets.fullPaths."naemon-status/environment"; | |
48 | Type = "simple"; | |
49 | WorkingDirectory = "${./status}"; | |
50 | ExecStart = let | |
51 | python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.flask_login ]); | |
52 | in | |
53 | "${python}/bin/gunicorn -w4 --bind unix:/run/naemon-status/socket.sock app:app"; | |
54 | User = "naemon"; | |
55 | RuntimeDirectory = "naemon-status"; | |
56 | StandardOutput = "journal"; | |
57 | StandardError = "inherit"; | |
58 | }; | |
59 | }; | |
60 | }; | |
61 | } |