diff options
Diffstat (limited to 'modules/private/monitoring/status.nix')
-rw-r--r-- | modules/private/monitoring/status.nix | 93 |
1 files changed, 0 insertions, 93 deletions
diff --git a/modules/private/monitoring/status.nix b/modules/private/monitoring/status.nix deleted file mode 100644 index ab0290c..0000000 --- a/modules/private/monitoring/status.nix +++ /dev/null | |||
@@ -1,93 +0,0 @@ | |||
1 | { config, pkgs, lib, name, ... }: | ||
2 | { | ||
3 | options = { | ||
4 | myServices.status = { | ||
5 | enable = lib.mkOption { | ||
6 | type = lib.types.bool; | ||
7 | default = false; | ||
8 | description = '' | ||
9 | Whether to enable status app. | ||
10 | ''; | ||
11 | }; | ||
12 | }; | ||
13 | }; | ||
14 | config = lib.mkIf config.myServices.status.enable { | ||
15 | secrets.keys."naemon-status/environment" = { | ||
16 | user = "naemon"; | ||
17 | group = "naemon"; | ||
18 | permissions = "0400"; | ||
19 | text = '' | ||
20 | TOKENS=${builtins.concatStringsSep " " config.myEnv.monitoring.nrdp_tokens} | ||
21 | ''; | ||
22 | }; | ||
23 | services.nginx = { | ||
24 | enable = true; | ||
25 | recommendedOptimisation = true; | ||
26 | recommendedGzipSettings = true; | ||
27 | recommendedProxySettings = true; | ||
28 | upstreams."netdata".servers = { "127.0.0.1:19999" = {}; }; | ||
29 | upstreams."netdata".extraConfig = '' | ||
30 | keepalive 64; | ||
31 | ''; | ||
32 | virtualHosts."status.eban.bzh" = { | ||
33 | acmeRoot = config.myServices.certificates.webroot; | ||
34 | useACMEHost = name; | ||
35 | forceSSL = true; | ||
36 | locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/"; | ||
37 | }; | ||
38 | virtualHosts."status.immae.eu" = { | ||
39 | acmeRoot = config.myServices.certificates.webroot; | ||
40 | useACMEHost = name; | ||
41 | forceSSL = true; | ||
42 | locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/"; | ||
43 | |||
44 | locations."= /netdata".return = "301 /netdata/"; | ||
45 | locations."~ /netdata/(?<ndpath>.*)".extraConfig = '' | ||
46 | proxy_redirect off; | ||
47 | proxy_set_header Host $host; | ||
48 | |||
49 | proxy_set_header X-Forwarded-Host $host; | ||
50 | proxy_set_header X-Forwarded-Server $host; | ||
51 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
52 | proxy_http_version 1.1; | ||
53 | proxy_pass_request_headers on; | ||
54 | proxy_set_header Connection "keep-alive"; | ||
55 | proxy_store off; | ||
56 | proxy_pass http://netdata/$ndpath$is_args$args; | ||
57 | |||
58 | gzip on; | ||
59 | gzip_proxied any; | ||
60 | gzip_types *; | ||
61 | ''; | ||
62 | }; | ||
63 | }; | ||
64 | security.acme.certs."${name}" = { | ||
65 | extraDomains."status.immae.eu" = null; | ||
66 | extraDomains."status.eban.bzh" = null; | ||
67 | user = config.services.nginx.user; | ||
68 | group = config.services.nginx.group; | ||
69 | }; | ||
70 | |||
71 | myServices.certificates.enable = true; | ||
72 | networking.firewall.allowedTCPPorts = [ 80 443 ]; | ||
73 | systemd.services.naemon-status = { | ||
74 | description = "Naemon status"; | ||
75 | after = [ "network.target" ]; | ||
76 | wantedBy = [ "multi-user.target" ]; | ||
77 | |||
78 | serviceConfig = { | ||
79 | EnvironmentFile = config.secrets.fullPaths."naemon-status/environment"; | ||
80 | Type = "simple"; | ||
81 | WorkingDirectory = "${./status}"; | ||
82 | ExecStart = let | ||
83 | python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.flask_login ]); | ||
84 | in | ||
85 | "${python}/bin/gunicorn -w4 --bind unix:/run/naemon-status/socket.sock app:app"; | ||
86 | User = "naemon"; | ||
87 | RuntimeDirectory = "naemon-status"; | ||
88 | StandardOutput = "journal"; | ||
89 | StandardError = "inherit"; | ||
90 | }; | ||
91 | }; | ||
92 | }; | ||
93 | } | ||