feat(sterni/ingeborg/monitoring): expose netdata via nginx

Change-Id: Iea81625180526a36f8646539e8da0ccdaed79d43
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12804
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
This commit is contained in:
sterni 2024-11-18 12:12:36 +01:00 committed by clbot
parent 0a6b387738
commit 27828e8167
3 changed files with 37 additions and 1 deletions

View file

@ -1,4 +1,4 @@
{ pkgs, lib, config, ... }: { pkgs, lib, config, depot, ... }:
let let
ircChannel = "#sterni.lv"; ircChannel = "#sterni.lv";
@ -136,6 +136,34 @@ in
}; };
}; };
}; };
# https://learn.netdata.cloud/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/nginx
nginx.virtualHosts."monitoring.sterni.lv" = {
forceSSL = true;
enableACME = true;
extraConfig = ''
auth_basic "netdata";
auth_basic_user_file ${config.age.secretsDir}/netdata-htpasswd;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:${toString netdataPort};
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Connection "keep-alive";
proxy_store off;
}
'';
};
};
age.secrets.netdata-htpasswd = {
file = depot.users.sterni.secrets."netdata-htpasswd.age";
inherit (config.services.nginx) group;
owner = config.services.nginx.user;
mode = "700";
}; };
}; };
} }

View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 aXKGcg 7NJ/tDM/OcSOfQPYDTCtanHGSx0S4Awh46yVd6En+gM
6EVvqfDHsozsS85uAUz7wkYWXR0/Q2OETPSRVlMQ7F4
-> ssh-ed25519 OaL1CA oqGrI9yqsDCrzQ8Axz3TX2ebbzWhYSCojYLMlOxl/Eo
+tgAb1bkK1TdoHesJu2Ui8VMSMNLtA5U5/ia+Ntruas
--- 8Th6voNgkxciDPXDn6vVFemwZNNTukp40sriXYDRS5E
dÀ¥×ÿ6šÅ+ƒéâØ©¼‚;¡Ñ´ 6 í7N :bQƒ˜†d—˯åù NÅ ‘öý-2žö\ÎG³aºä KÇ c§¢á¬Ùü

View file

@ -12,4 +12,5 @@ in
"warteraum-salt.age".publicKeys = nonremote ++ ingeborg; "warteraum-salt.age".publicKeys = nonremote ++ ingeborg;
"warteraum-tokens.age".publicKeys = nonremote ++ ingeborg; "warteraum-tokens.age".publicKeys = nonremote ++ ingeborg;
"minecraft-rcon.age".publicKeys = nonremote ++ ingeborg; "minecraft-rcon.age".publicKeys = nonremote ++ ingeborg;
"netdata-htpasswd.age".publicKeys = nonremote ++ ingeborg;
} }