Squash changes containing private information

[perso/Immae/Config/Nix.git] / modules / private / monitoring / status.nix

diff --git a/modules/private/monitoring/status.nix b/modules/private/monitoring/status.nix
deleted file mode 100644 (file)
index ab0290c..0000000
--- a/modules/private/monitoring/status.nix
+++ /dev/null
@@ -1,93 +0,0 @@
-{ config, pkgs, lib, name, ... }:
-{
-  options = {
-    myServices.status = {
-      enable = lib.mkOption {
-        type = lib.types.bool;
-        default = false;
-        description = ''
-          Whether to enable status app.
-        '';
-      };
-    };
-  };
-  config = lib.mkIf config.myServices.status.enable {
-    secrets.keys."naemon-status/environment" = {
-      user = "naemon";
-      group = "naemon";
-      permissions = "0400";
-      text = ''
-        TOKENS=${builtins.concatStringsSep " " config.myEnv.monitoring.nrdp_tokens}
-        '';
-    };
-    services.nginx = {
-      enable = true;
-      recommendedOptimisation = true;
-      recommendedGzipSettings = true;
-      recommendedProxySettings = true;
-      upstreams."netdata".servers = { "127.0.0.1:19999" = {}; };
-      upstreams."netdata".extraConfig = ''
-        keepalive 64;
-        '';
-      virtualHosts."status.eban.bzh" = {
-        acmeRoot = config.myServices.certificates.webroot;
-        useACMEHost = name;
-        forceSSL = true;
-        locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/";
-      };
-      virtualHosts."status.immae.eu" = {
-        acmeRoot = config.myServices.certificates.webroot;
-        useACMEHost = name;
-        forceSSL = true;
-        locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/";
-
-        locations."= /netdata".return = "301 /netdata/";
-        locations."~ /netdata/(?<ndpath>.*)".extraConfig = ''
-          proxy_redirect off;
-          proxy_set_header Host $host;
-
-          proxy_set_header X-Forwarded-Host $host;
-          proxy_set_header X-Forwarded-Server $host;
-          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-          proxy_http_version 1.1;
-          proxy_pass_request_headers on;
-          proxy_set_header Connection "keep-alive";
-          proxy_store off;
-          proxy_pass http://netdata/$ndpath$is_args$args;
-
-          gzip on;
-          gzip_proxied any;
-          gzip_types *;
-          '';
-      };
-    };
-    security.acme.certs."${name}" = {
-      extraDomains."status.immae.eu" = null;
-      extraDomains."status.eban.bzh" = null;
-      user = config.services.nginx.user;
-      group = config.services.nginx.group;
-    };
-
-    myServices.certificates.enable = true;
-    networking.firewall.allowedTCPPorts = [ 80 443 ];
-    systemd.services.naemon-status = {
-      description = "Naemon status";
-      after = [ "network.target" ];
-      wantedBy = [ "multi-user.target" ];
-
-      serviceConfig = {
-        EnvironmentFile = config.secrets.fullPaths."naemon-status/environment";
-        Type = "simple";
-        WorkingDirectory = "${./status}";
-        ExecStart = let
-          python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.flask_login ]);
-        in
-          "${python}/bin/gunicorn -w4 --bind unix:/run/naemon-status/socket.sock app:app";
-        User = "naemon";
-        RuntimeDirectory = "naemon-status";
-        StandardOutput = "journal";
-        StandardError = "inherit";
-      };
-    };
-  };
-}