+++ /dev/null
-{ config, pkgs, lib, name, ... }:
-{
- options = {
- myServices.status = {
- enable = lib.mkOption {
- type = lib.types.bool;
- default = false;
- description = ''
- Whether to enable status app.
- '';
- };
- };
- };
- config = lib.mkIf config.myServices.status.enable {
- secrets.keys."naemon-status/environment" = {
- user = "naemon";
- group = "naemon";
- permissions = "0400";
- text = ''
- TOKENS=${builtins.concatStringsSep " " config.myEnv.monitoring.nrdp_tokens}
- '';
- };
- services.nginx = {
- enable = true;
- recommendedOptimisation = true;
- recommendedGzipSettings = true;
- recommendedProxySettings = true;
- upstreams."netdata".servers = { "127.0.0.1:19999" = {}; };
- upstreams."netdata".extraConfig = ''
- keepalive 64;
- '';
- virtualHosts."status.eban.bzh" = {
- acmeRoot = config.myServices.certificates.webroot;
- useACMEHost = name;
- forceSSL = true;
- locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/";
- };
- virtualHosts."status.immae.eu" = {
- acmeRoot = config.myServices.certificates.webroot;
- useACMEHost = name;
- forceSSL = true;
- locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/";
-
- locations."= /netdata".return = "301 /netdata/";
- locations."~ /netdata/(?<ndpath>.*)".extraConfig = ''
- proxy_redirect off;
- proxy_set_header Host $host;
-
- proxy_set_header X-Forwarded-Host $host;
- proxy_set_header X-Forwarded-Server $host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_http_version 1.1;
- proxy_pass_request_headers on;
- proxy_set_header Connection "keep-alive";
- proxy_store off;
- proxy_pass http://netdata/$ndpath$is_args$args;
-
- gzip on;
- gzip_proxied any;
- gzip_types *;
- '';
- };
- };
- security.acme.certs."${name}" = {
- extraDomains."status.immae.eu" = null;
- extraDomains."status.eban.bzh" = null;
- user = config.services.nginx.user;
- group = config.services.nginx.group;
- };
-
- myServices.certificates.enable = true;
- networking.firewall.allowedTCPPorts = [ 80 443 ];
- systemd.services.naemon-status = {
- description = "Naemon status";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
-
- serviceConfig = {
- EnvironmentFile = config.secrets.fullPaths."naemon-status/environment";
- Type = "simple";
- WorkingDirectory = "${./status}";
- ExecStart = let
- python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.flask_login ]);
- in
- "${python}/bin/gunicorn -w4 --bind unix:/run/naemon-status/socket.sock app:app";
- User = "naemon";
- RuntimeDirectory = "naemon-status";
- StandardOutput = "journal";
- StandardError = "inherit";
- };
- };
- };
-}