};
};
config = lib.mkIf config.myServices.status.enable {
- secrets.keys = [
- {
- dest = "naemon-status/environment";
- user = "naemon";
- group = "naemon";
- permission = "0400";
- text = ''
- TOKENS=${builtins.concatStringsSep " " config.myEnv.monitoring.nrdp_tokens}
- '';
- }
- ];
+ secrets.keys."naemon-status/environment" = {
+ user = "naemon";
+ group = "naemon";
+ permissions = "0400";
+ text = ''
+ TOKENS=${builtins.concatStringsSep " " config.myEnv.monitoring.nrdp_tokens}
+ '';
+ };
services.nginx = {
enable = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
+ upstreams."netdata".servers = { "127.0.0.1:19999" = {}; };
+ upstreams."netdata".extraConfig = ''
+ keepalive 64;
+ '';
+ virtualHosts."status.eban.bzh" = {
+ acmeRoot = config.myServices.certificates.webroot;
+ useACMEHost = name;
+ forceSSL = true;
+ locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/";
+ };
virtualHosts."status.immae.eu" = {
acmeRoot = config.myServices.certificates.webroot;
useACMEHost = name;
forceSSL = true;
locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/";
+
+ locations."= /netdata".return = "301 /netdata/";
+ locations."~ /netdata/(?<ndpath>.*)".extraConfig = ''
+ proxy_redirect off;
+ proxy_set_header Host $host;
+
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Forwarded-Server $host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_http_version 1.1;
+ proxy_pass_request_headers on;
+ proxy_set_header Connection "keep-alive";
+ proxy_store off;
+ proxy_pass http://netdata/$ndpath$is_args$args;
+
+ gzip on;
+ gzip_proxied any;
+ gzip_types *;
+ '';
};
};
security.acme.certs."${name}" = {
extraDomains."status.immae.eu" = null;
+ extraDomains."status.eban.bzh" = null;
user = config.services.nginx.user;
group = config.services.nginx.group;
};
projects / perso / Immae / Config / Nix.git / blobdiff