motiejus
/
config
1
Fork 0
Code Packages Releases Activity

bring back https to grafana 

not good with oicd
This commit is contained in:
Motiejus Jakštys 2024-08-03 12:10:29 +03:00
parent ebd263189e
commit 43337b2e0a
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
hosts/vno1-oh2/configuration.nix
View File

@ -162,6 +162,7 @@
zones = { zones = {
"irc.jakstys.lt".accountKey = accountKey; "irc.jakstys.lt".accountKey = accountKey;
"hdd.jakstys.lt".accountKey = accountKey; "hdd.jakstys.lt".accountKey = accountKey;
"grafana.jakstys.lt".accountKey = accountKey;
"bitwarden.jakstys.lt".accountKey = accountKey; "bitwarden.jakstys.lt".accountKey = accountKey;
}; };
}; };
@ -232,10 +233,11 @@
abort @denied abort @denied
reverse_proxy ${fwminex-jakst}:${toString myData.ports.hass} reverse_proxy ${fwminex-jakst}:${toString myData.ports.hass}
''; '';
"grafana.jakstys.lt:80".extraConfig = '' "grafana.jakstys.lt".extraConfig = ''
@denied not remote_ip ${myData.subnets.tailscale.cidr} @denied not remote_ip ${myData.subnets.tailscale.cidr}
abort @denied abort @denied
reverse_proxy ${fwminex-jakst}:${toString myData.ports.grafana} reverse_proxy ${fwminex-jakst}:${toString myData.ports.grafana}
tls {$CREDENTIALS_DIRECTORY}/grafana.jakstys.lt-cert.pem {$CREDENTIALS_DIRECTORY}/grafana.jakstys.lt-key.pem
''; '';
"bitwarden.jakstys.lt".extraConfig = '' "bitwarden.jakstys.lt".extraConfig = ''
@denied not remote_ip ${myData.subnets.tailscale.cidr} @denied not remote_ip ${myData.subnets.tailscale.cidr}
@ -389,21 +391,26 @@
caddy = caddy =
let let
irc = config.mj.services.nsd-acme.zones."irc.jakstys.lt"; irc = config.mj.services.nsd-acme.zones."irc.jakstys.lt";
grafana = config.mj.services.nsd-acme.zones."grafana.jakstys.lt";
bitwarden = config.mj.services.nsd-acme.zones."bitwarden.jakstys.lt"; bitwarden = config.mj.services.nsd-acme.zones."bitwarden.jakstys.lt";
in in
{ {
serviceConfig.LoadCredential = [ serviceConfig.LoadCredential = [
"irc.jakstys.lt-cert.pem:${irc.certFile}" "irc.jakstys.lt-cert.pem:${irc.certFile}"
"irc.jakstys.lt-key.pem:${irc.keyFile}" "irc.jakstys.lt-key.pem:${irc.keyFile}"
"grafana.jakstys.lt-cert.pem:${grafana.certFile}"
"grafana.jakstys.lt-key.pem:${grafana.keyFile}"
"bitwarden.jakstys.lt-cert.pem:${bitwarden.certFile}" "bitwarden.jakstys.lt-cert.pem:${bitwarden.certFile}"
"bitwarden.jakstys.lt-key.pem:${bitwarden.keyFile}" "bitwarden.jakstys.lt-key.pem:${bitwarden.keyFile}"
]; ];
after = [ after = [
"nsd-acme-irc.jakstys.lt.service" "nsd-acme-irc.jakstys.lt.service"
"nsd-acme-grafana.jakstys.lt.service"
"nsd-acme-bitwarden.jakstys.lt.service" "nsd-acme-bitwarden.jakstys.lt.service"
]; ];
requires = [ requires = [
"nsd-acme-irc.jakstys.lt.service" "nsd-acme-irc.jakstys.lt.service"
"nsd-acme-grafana.jakstys.lt.service"
"nsd-acme-bitwarden.jakstys.lt.service" "nsd-acme-bitwarden.jakstys.lt.service"
]; ];
}; };
@ -451,6 +458,7 @@
pathConfig = { pathConfig = {
PathChanged = [ PathChanged = [
config.mj.services.nsd-acme.zones."irc.jakstys.lt".certFile config.mj.services.nsd-acme.zones."irc.jakstys.lt".certFile
config.mj.services.nsd-acme.zones."grafana.jakstys.lt".certFile
config.mj.services.nsd-acme.zones."bitwarden.jakstys.lt".certFile config.mj.services.nsd-acme.zones."bitwarden.jakstys.lt".certFile
]; ];
Unit = "cert-watcher.service"; Unit = "cert-watcher.service";