bring back https to grafana

not good with oicd
2024-08-03 12:10:29 +03:00 · 2024-08-03 12:10:29 +03:00 · 43337b2e0a
parent ebd263189e
commit 43337b2e0a
1 changed files with 12 additions and 4 deletions
--- a/hosts/vno1-oh2/configuration.nix
+++ b/hosts/vno1-oh2/configuration.nix
@ -162,6 +162,7 @@
          zones = {
            "irc.jakstys.lt".accountKey = accountKey;
            "hdd.jakstys.lt".accountKey = accountKey;
+            "grafana.jakstys.lt".accountKey = accountKey;
            "bitwarden.jakstys.lt".accountKey = accountKey;
          };
        };
@ -232,10 +233,11 @@
            abort @denied
            reverse_proxy ${fwminex-jakst}:${toString myData.ports.hass}
          '';
-          "grafana.jakstys.lt:80".extraConfig = ''
-            @denied not remote_ip ${myData.subnets.tailscale.cidr}
-            abort @denied
-            reverse_proxy ${fwminex-jakst}:${toString myData.ports.grafana}
+          "grafana.jakstys.lt".extraConfig = ''
+              @denied not remote_ip ${myData.subnets.tailscale.cidr}
+              abort @denied
+              reverse_proxy ${fwminex-jakst}:${toString myData.ports.grafana}
+            tls {$CREDENTIALS_DIRECTORY}/grafana.jakstys.lt-cert.pem {$CREDENTIALS_DIRECTORY}/grafana.jakstys.lt-key.pem
          '';
          "bitwarden.jakstys.lt".extraConfig = ''
            @denied not remote_ip ${myData.subnets.tailscale.cidr}
@ -389,21 +391,26 @@
    caddy =
      let
        irc = config.mj.services.nsd-acme.zones."irc.jakstys.lt";
+        grafana = config.mj.services.nsd-acme.zones."grafana.jakstys.lt";
        bitwarden = config.mj.services.nsd-acme.zones."bitwarden.jakstys.lt";
      in
      {
        serviceConfig.LoadCredential = [
          "irc.jakstys.lt-cert.pem:${irc.certFile}"
          "irc.jakstys.lt-key.pem:${irc.keyFile}"
+          "grafana.jakstys.lt-cert.pem:${grafana.certFile}"
+          "grafana.jakstys.lt-key.pem:${grafana.keyFile}"
          "bitwarden.jakstys.lt-cert.pem:${bitwarden.certFile}"
          "bitwarden.jakstys.lt-key.pem:${bitwarden.keyFile}"
        ];
        after = [
          "nsd-acme-irc.jakstys.lt.service"
+          "nsd-acme-grafana.jakstys.lt.service"
          "nsd-acme-bitwarden.jakstys.lt.service"
        ];
        requires = [
          "nsd-acme-irc.jakstys.lt.service"
+          "nsd-acme-grafana.jakstys.lt.service"
          "nsd-acme-bitwarden.jakstys.lt.service"
        ];
      };
@ -451,6 +458,7 @@
      pathConfig = {
        PathChanged = [
          config.mj.services.nsd-acme.zones."irc.jakstys.lt".certFile
+          config.mj.services.nsd-acme.zones."grafana.jakstys.lt".certFile
          config.mj.services.nsd-acme.zones."bitwarden.jakstys.lt".certFile
        ];
        Unit = "cert-watcher.service";