infrastructure/machines/core-services-01/monitoring.nix

{ config, pkgs, ... }:
let
  my = config.my;
  realm = "ClubReseau";
in
{
  services.netdata.enable = true;

  services.oauth2_proxy = {
    enable = true;
    keyFile = config.age.secrets.oauth2ProxyKeyFile.path;
    provider = "keycloak";
    email.domains = [ "*" ];
    setXauthrequest = true;
    scope = "profile";
    loginURL = "https://auth.${my.subZone}/auth/realms/${realm}/protocol/openid-connect/auth";
    redeemURL = "https://auth.${my.subZone}/auth/realms/${realm}/protocol/openid-connect/token";
    profileURL = "https://auth.${my.subZone}/auth/realms/${realm}/protocol/openid-connect/userinfo";
    validateURL = "https://auth.${my.subZone}/auth/realms/${realm}/protocol/openid-connect/userinfo";
    redirectURL = "https://monitoring.${my.subZone}/oauth2/callback";
    reverseProxy = true;
    passHostHeader = true;

    nginx = {
      virtualHosts = [ "monitoring.${my.subZone}" ];
    };
  };

  services.nginx = {
    enable = true;

    virtualHosts."monitoring.${my.subZone}" = {
      enableACME = true;
      forceSSL = true;

      locations."/".proxyPass = "http://localhost:19999";
    };
  };

  # services.smartd = {
  #   enable = true;
  #   extraOptions = [ "-A /var/log/smartd/" ]; # For netdata
  # };
}
Integrate core-services-01 in a nice workflow (#1) This enables the tracking of core-services-01 over the infrastructure repository. Co-authored-by: Gabriel DORIATH DOHLER <gabriel.doriath.dohler@ens.psl.eu> Reviewed-on: https://git.rz.ens.wtf/Klub-RZ/infrastructure/pulls/1 Co-authored-by: raito <raito@noreply.git.rz.ens.wtf> Co-committed-by: raito <raito@noreply.git.rz.ens.wtf> 2021-07-26 01:29:05 +02:00			`{ config, pkgs, ... }:`
			`let`
			`my = config.my;`
			`realm = "ClubReseau";`
			`in`
			`{`
			`services.netdata.enable = true;`

			`services.oauth2_proxy = {`
			`enable = true;`
			`keyFile = config.age.secrets.oauth2ProxyKeyFile.path;`
			`provider = "keycloak";`
			`email.domains = [ "*" ];`
			`setXauthrequest = true;`
			`scope = "profile";`
			`loginURL = "https://auth.${my.subZone}/auth/realms/${realm}/protocol/openid-connect/auth";`
			`redeemURL = "https://auth.${my.subZone}/auth/realms/${realm}/protocol/openid-connect/token";`
			`profileURL = "https://auth.${my.subZone}/auth/realms/${realm}/protocol/openid-connect/userinfo";`
			`validateURL = "https://auth.${my.subZone}/auth/realms/${realm}/protocol/openid-connect/userinfo";`
			`redirectURL = "https://monitoring.${my.subZone}/oauth2/callback";`
			`reverseProxy = true;`
			`passHostHeader = true;`

			`nginx = {`
			`virtualHosts = [ "monitoring.${my.subZone}" ];`
			`};`
			`};`

			`services.nginx = {`
			`enable = true;`

			`virtualHosts."monitoring.${my.subZone}" = {`
			`enableACME = true;`
			`forceSSL = true;`

			`locations."/".proxyPass = "http://localhost:19999";`
			`};`
			`};`

			`# services.smartd = {`
			`# enable = true;`
			`# extraOptions = [ "-A /var/log/smartd/" ]; # For netdata`
			`# };`
			`}`