Add netdata configuration

[perso/Immae/Config/Nix.git] / modules / private / monitoring / status.nix

diff --git a/modules/private/monitoring/status.nix b/modules/private/monitoring/status.nix
index d25d9344247d35acc806cc7c6322d54d4a93ed44..4ca0327e80e88d7a6650fb1ba2a7a5d3c34e4a7a 100644 (file)
--- a/modules/private/monitoring/status.nix
+++ b/modules/private/monitoring/status.nix
@@ -28,13 +28,41 @@
       recommendedOptimisation = true;
       recommendedGzipSettings = true;
       recommendedProxySettings = true;
+      upstreams."netdata".servers = { "127.0.0.1:19999" = {}; };
+      upstreams."netdata".extraConfig = ''
+        keepalive 64;
+        '';
       virtualHosts."status.immae.eu" = {
+        acmeRoot = config.myServices.certificates.webroot;
         useACMEHost = name;
         forceSSL = true;
         locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/";
+
+        locations."= /netdata".return = "301 /netdata/";
+        locations."~ /netdata/(?<ndpath>.*)".extraConfig = ''
+          proxy_redirect off;
+          proxy_set_header Host $host;
+
+          proxy_set_header X-Forwarded-Host $host;
+          proxy_set_header X-Forwarded-Server $host;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_http_version 1.1;
+          proxy_pass_request_headers on;
+          proxy_set_header Connection "keep-alive";
+          proxy_store off;
+          proxy_pass http://netdata/$ndpath$is_args$args;
+
+          gzip on;
+          gzip_proxied any;
+          gzip_types *;
+          '';
       };
     };
-    security.acme.certs."${name}".extraDomains."status.immae.eu" = null;
+    security.acme.certs."${name}" = {
+      extraDomains."status.immae.eu" = null;
+      user = config.services.nginx.user;
+      group = config.services.nginx.group;
+    };
 
     myServices.certificates.enable = true;
     networking.firewall.allowedTCPPorts = [ 80 443 ];