Klub-RZ/infrastructure
4
0
Fork 0
Code Issues 7 Pull requests Projects Releases Packages Wiki Activity
infrastructure/machines/core-services-01/monitoring.nix
raito 2283ee602a Integrate core-services-01 in a nice workflow (#1) 
This enables the tracking of core-services-01 over the infrastructure repository.

Co-authored-by: Gabriel DORIATH DOHLER <gabriel.doriath.dohler@ens.psl.eu>
Reviewed-on: https://git.rz.ens.wtf/Klub-RZ/infrastructure/pulls/1
Co-authored-by: raito <raito@noreply.git.rz.ens.wtf>
Co-committed-by: raito <raito@noreply.git.rz.ens.wtf>
2021-07-26 01:29:05 +02:00

44 lines
1.2 KiB
Nix
Raw Blame History

{ config, pkgs, ... }:
let
my = config.my;
realm = "ClubReseau";
in
{
services.netdata.enable = true;
services.oauth2_proxy = {
enable = true;
keyFile = config.age.secrets.oauth2ProxyKeyFile.path;
provider = "keycloak";
email.domains = [ "*" ];
setXauthrequest = true;
scope = "profile";
loginURL = "https://auth.${my.subZone}/auth/realms/${realm}/protocol/openid-connect/auth";
redeemURL = "https://auth.${my.subZone}/auth/realms/${realm}/protocol/openid-connect/token";
profileURL = "https://auth.${my.subZone}/auth/realms/${realm}/protocol/openid-connect/userinfo";
validateURL = "https://auth.${my.subZone}/auth/realms/${realm}/protocol/openid-connect/userinfo";
redirectURL = "https://monitoring.${my.subZone}/oauth2/callback";
reverseProxy = true;
passHostHeader = true;
nginx = {
virtualHosts = [ "monitoring.${my.subZone}" ];
};
};
services.nginx = {
enable = true;
virtualHosts."monitoring.${my.subZone}" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://localhost:19999";
};
};
# services.smartd = {
# enable = true;
# extraOptions = [ "-A /var/log/smartd/" ]; # For netdata
# };
}
Reference in a new issue View git blame Copy permalink