};
};
config = lib.mkIf config.myServices.status.enable {
- secrets.keys = [
- {
- dest = "naemon-status/environment";
- user = "naemon";
- group = "naemon";
- permission = "0400";
- text = ''
- TOKENS=${builtins.concatStringsSep " " config.myEnv.monitoring.nrdp_tokens}
- '';
- }
- ];
+ secrets.keys."naemon-status/environment" = {
+ user = "naemon";
+ group = "naemon";
+ permissions = "0400";
+ text = ''
+ TOKENS=${builtins.concatStringsSep " " config.myEnv.monitoring.nrdp_tokens}
+ '';
+ };
services.nginx = {
enable = true;
recommendedOptimisation = true;
upstreams."netdata".extraConfig = ''
keepalive 64;
'';
- virtualHosts."status.eban.bzh" = {
- acmeRoot = config.myServices.certificates.webroot;
- useACMEHost = name;
- forceSSL = true;
- locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/";
- };
virtualHosts."status.immae.eu" = {
acmeRoot = config.myServices.certificates.webroot;
useACMEHost = name;
};
};
security.acme.certs."${name}" = {
- extraDomains."status.immae.eu" = null;
- extraDomains."status.eban.bzh" = null;
- user = config.services.nginx.user;
+ extraDomainNames = [ "status.immae.eu" ];
group = config.services.nginx.group;
};
Type = "simple";
WorkingDirectory = "${./status}";
ExecStart = let
- python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.flask_login ]);
+ python = pkgs.python38.withPackages (p: [ p.gunicorn p.flask p.flask_login ]);
in
"${python}/bin/gunicorn -w4 --bind unix:/run/naemon-status/socket.sock app:app";
User = "naemon";
projects / perso / Immae / Config / Nix.git / blobdiff