config

NixOS config
Log | Files | Refs | README | LICENSE
commit 97521d99ae5fb9687a7e1a4cd48d1464dbc982a2 (tree)
parent c440ee3043c2be1e0efd45fc5f7e78029357fcb3
Author: Motiejus Jakštys <motiejus@jakstys.lt>
Date:   Fri,  2 Aug 2024 16:35:26 +0300

grafana is non-https

Diffstat:

Mhosts/vno1-oh2/configuration.nix | 12++----------


1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix
@@ -172,7 +172,6 @@
           zones = {
             "irc.jakstys.lt".accountKey = accountKey;
             "hdd.jakstys.lt".accountKey = accountKey;
-            "grafana.jakstys.lt".accountKey = accountKey;
             "bitwarden.jakstys.lt".accountKey = accountKey;
           };
         };
@@ -242,11 +241,10 @@
           abort @denied
           reverse_proxy 127.0.0.1:8123
         '';
-        "grafana.jakstys.lt".extraConfig = ''
+        "grafana.jakstys.lt:80".extraConfig = ''
           @denied not remote_ip ${myData.subnets.tailscale.cidr}
           abort @denied
           reverse_proxy 127.0.0.1:3000
-          tls {$CREDENTIALS_DIRECTORY}/grafana.jakstys.lt-cert.pem {$CREDENTIALS_DIRECTORY}/grafana.jakstys.lt-key.pem
         '';
         "bitwarden.jakstys.lt".extraConfig = ''
           @denied not remote_ip ${myData.subnets.tailscale.cidr}
@@ -390,7 +388,7 @@
         paths.logs = "/var/log/grafana";
         server = {
           domain = "grafana.jakstys.lt";
-          root_url = "https://grafana.jakstys.lt";
+          root_url = "http://grafana.jakstys.lt";
           enable_gzip = true;
           http_addr = "0.0.0.0";
           http_port = myData.ports.grafana;
@@ -532,26 +530,21 @@
     caddy =
       let
         irc = config.mj.services.nsd-acme.zones."irc.jakstys.lt";
-        grafana = config.mj.services.nsd-acme.zones."grafana.jakstys.lt";
         bitwarden = config.mj.services.nsd-acme.zones."bitwarden.jakstys.lt";
       in
       {
         serviceConfig.LoadCredential = [
           "irc.jakstys.lt-cert.pem:${irc.certFile}"
           "irc.jakstys.lt-key.pem:${irc.keyFile}"
-          "grafana.jakstys.lt-cert.pem:${grafana.certFile}"
-          "grafana.jakstys.lt-key.pem:${grafana.keyFile}"
           "bitwarden.jakstys.lt-cert.pem:${bitwarden.certFile}"
           "bitwarden.jakstys.lt-key.pem:${bitwarden.keyFile}"
         ];
         after = [
           "nsd-acme-irc.jakstys.lt.service"
-          "nsd-acme-grafana.jakstys.lt.service"
           "nsd-acme-bitwarden.jakstys.lt.service"
         ];
         requires = [
           "nsd-acme-irc.jakstys.lt.service"
-          "nsd-acme-grafana.jakstys.lt.service"
           "nsd-acme-bitwarden.jakstys.lt.service"
         ];
       };
@@ -632,7 +625,6 @@
       pathConfig = {
         PathChanged = [
           config.mj.services.nsd-acme.zones."irc.jakstys.lt".certFile
-          config.mj.services.nsd-acme.zones."grafana.jakstys.lt".certFile
           config.mj.services.nsd-acme.zones."bitwarden.jakstys.lt".certFile
         ];
         Unit = "cert-watcher.service";