X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fmonitoring%2Fstatus.nix;fp=modules%2Fprivate%2Fmonitoring%2Fstatus.nix;h=0000000000000000000000000000000000000000;hb=1a64deeb894dc95e2645a75771732c6cc53a79ad;hp=ab0290c3909fc2eed700287906b5c6decbd4e6e3;hpb=fa25ffd4583cc362075cd5e1b4130f33306103f0;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/monitoring/status.nix b/modules/private/monitoring/status.nix deleted file mode 100644 index ab0290c..0000000 --- a/modules/private/monitoring/status.nix +++ /dev/null @@ -1,93 +0,0 @@ -{ config, pkgs, lib, name, ... }: -{ - options = { - myServices.status = { - enable = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - Whether to enable status app. - ''; - }; - }; - }; - config = lib.mkIf config.myServices.status.enable { - secrets.keys."naemon-status/environment" = { - user = "naemon"; - group = "naemon"; - permissions = "0400"; - text = '' - TOKENS=${builtins.concatStringsSep " " config.myEnv.monitoring.nrdp_tokens} - ''; - }; - services.nginx = { - enable = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - upstreams."netdata".servers = { "127.0.0.1:19999" = {}; }; - upstreams."netdata".extraConfig = '' - keepalive 64; - ''; - virtualHosts."status.eban.bzh" = { - acmeRoot = config.myServices.certificates.webroot; - useACMEHost = name; - forceSSL = true; - locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/"; - }; - virtualHosts."status.immae.eu" = { - acmeRoot = config.myServices.certificates.webroot; - useACMEHost = name; - forceSSL = true; - locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/"; - - locations."= /netdata".return = "301 /netdata/"; - locations."~ /netdata/(?.*)".extraConfig = '' - proxy_redirect off; - proxy_set_header Host $host; - - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_http_version 1.1; - proxy_pass_request_headers on; - proxy_set_header Connection "keep-alive"; - proxy_store off; - proxy_pass http://netdata/$ndpath$is_args$args; - - gzip on; - gzip_proxied any; - gzip_types *; - ''; - }; - }; - security.acme.certs."${name}" = { - extraDomains."status.immae.eu" = null; - extraDomains."status.eban.bzh" = null; - user = config.services.nginx.user; - group = config.services.nginx.group; - }; - - myServices.certificates.enable = true; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - systemd.services.naemon-status = { - description = "Naemon status"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - EnvironmentFile = config.secrets.fullPaths."naemon-status/environment"; - Type = "simple"; - WorkingDirectory = "${./status}"; - ExecStart = let - python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.flask_login ]); - in - "${python}/bin/gunicorn -w4 --bind unix:/run/naemon-status/socket.sock app:app"; - User = "naemon"; - RuntimeDirectory = "naemon-status"; - StandardOutput = "journal"; - StandardError = "inherit"; - }; - }; - }; -}