mirror of
https://github.com/nmasur/dotfiles
synced 2024-11-22 13:25:38 +00:00
remote prometheus and reconfig server modules
This commit is contained in:
parent
cd0c93c6d9
commit
066ea8e440
11
flake.nix
11
flake.nix
@ -105,7 +105,8 @@
|
|||||||
let
|
let
|
||||||
|
|
||||||
# Global configuration for my systems
|
# Global configuration for my systems
|
||||||
globals = rec {
|
globals = let baseName = "masu.rs";
|
||||||
|
in rec {
|
||||||
user = "noah";
|
user = "noah";
|
||||||
fullName = "Noah Masur";
|
fullName = "Noah Masur";
|
||||||
gitName = fullName;
|
gitName = fullName;
|
||||||
@ -114,6 +115,14 @@
|
|||||||
mail.imapHost = "imap.purelymail.com";
|
mail.imapHost = "imap.purelymail.com";
|
||||||
mail.smtpHost = "smtp.purelymail.com";
|
mail.smtpHost = "smtp.purelymail.com";
|
||||||
dotfilesRepo = "git@github.com:nmasur/dotfiles";
|
dotfilesRepo = "git@github.com:nmasur/dotfiles";
|
||||||
|
gitServer = "git.${baseName}";
|
||||||
|
metricsServer = "metrics.${baseName}";
|
||||||
|
prometheusServer = "prom.${baseName}";
|
||||||
|
secretsServer = "vault.${baseName}";
|
||||||
|
streamServer = "stream.${baseName}";
|
||||||
|
contentServer = "cloud.${baseName}";
|
||||||
|
bookServer = "books.${baseName}";
|
||||||
|
downloadServer = "download.${baseName}";
|
||||||
};
|
};
|
||||||
|
|
||||||
# Common overlays to always use
|
# Common overlays to always use
|
||||||
|
@ -10,7 +10,7 @@ inputs.nixpkgs.lib.nixosSystem {
|
|||||||
system = "aarch64-linux";
|
system = "aarch64-linux";
|
||||||
specialArgs = { };
|
specialArgs = { };
|
||||||
modules = [
|
modules = [
|
||||||
(removeAttrs globals [ "mail.server" ])
|
globals
|
||||||
inputs.home-manager.nixosModules.home-manager
|
inputs.home-manager.nixosModules.home-manager
|
||||||
../../modules/common
|
../../modules/common
|
||||||
../../modules/nixos
|
../../modules/nixos
|
||||||
@ -43,14 +43,16 @@ inputs.nixpkgs.lib.nixosSystem {
|
|||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
|
||||||
|
|
||||||
# Programs and services
|
# Programs and services
|
||||||
caddy.enable = true;
|
|
||||||
cloudflare.enable = true; # Proxy traffic with Cloudflare
|
cloudflare.enable = true; # Proxy traffic with Cloudflare
|
||||||
dotfiles.enable = true; # Clone dotfiles
|
dotfiles.enable = true; # Clone dotfiles
|
||||||
gaming.minecraft-server.enable = true; # Setup Minecraft server
|
|
||||||
giteaServer = "git.masu.rs";
|
|
||||||
metricsServer = "metrics.masu.rs";
|
|
||||||
neovim.enable = true;
|
neovim.enable = true;
|
||||||
vaultwardenServer = "vault.masu.rs";
|
|
||||||
|
services.caddy.enable = true;
|
||||||
|
services.grafana.enable = true;
|
||||||
|
services.prometheus.enable = true;
|
||||||
|
services.gitea.enable = true;
|
||||||
|
services.vaultwarden.enable = true;
|
||||||
|
services.minecraft-server.enable = true; # Setup Minecraft server
|
||||||
|
|
||||||
cloudflareTunnel = {
|
cloudflareTunnel = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -48,14 +48,16 @@ inputs.nixpkgs.lib.nixosSystem {
|
|||||||
theme = { colors = (import ../../colorscheme/gruvbox).dark; };
|
theme = { colors = (import ../../colorscheme/gruvbox).dark; };
|
||||||
nixpkgs.overlays = overlays;
|
nixpkgs.overlays = overlays;
|
||||||
neovim.enable = true;
|
neovim.enable = true;
|
||||||
caddy.enable = true;
|
|
||||||
cloudflare.enable = true;
|
cloudflare.enable = true;
|
||||||
dotfiles.enable = true;
|
dotfiles.enable = true;
|
||||||
streamServer = "stream.masu.rs";
|
arrs.enable = true;
|
||||||
nextcloudServer = "cloud.masu.rs";
|
|
||||||
bookServer = "books.masu.rs";
|
services.caddy.enable = true;
|
||||||
arrServer = "download.masu.rs";
|
services.jellyfin.enable = true;
|
||||||
samba.enable = true;
|
services.nextcloud.enable = true;
|
||||||
|
services.calibre-web.enable = true;
|
||||||
|
services.prometheus.enable = true;
|
||||||
|
services.samba.enable = true;
|
||||||
|
|
||||||
cloudflareTunnel = {
|
cloudflareTunnel = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -33,7 +33,6 @@
|
|||||||
vimium
|
vimium
|
||||||
multi-account-containers
|
multi-account-containers
|
||||||
facebook-container
|
facebook-container
|
||||||
temporary-containers
|
|
||||||
(lib.mkIf config._1password.enable onepassword-password-manager)
|
(lib.mkIf config._1password.enable onepassword-password-manager)
|
||||||
okta-browser-plugin
|
okta-browser-plugin
|
||||||
sponsorblock
|
sponsorblock
|
||||||
|
@ -9,10 +9,7 @@ let
|
|||||||
|
|
||||||
in {
|
in {
|
||||||
|
|
||||||
options.gaming.minecraft-server.enable =
|
config = lib.mkIf config.services.minecraft-server.enable {
|
||||||
lib.mkEnableOption "Minecraft Server.";
|
|
||||||
|
|
||||||
config = lib.mkIf config.gaming.minecraft-server.enable {
|
|
||||||
|
|
||||||
unfreePackages = [ "minecraft-server" ];
|
unfreePackages = [ "minecraft-server" ];
|
||||||
|
|
||||||
|
@ -1,14 +1,15 @@
|
|||||||
{ config, lib, ... }: {
|
{ config, lib, ... }: {
|
||||||
|
|
||||||
options = {
|
options = {
|
||||||
arrServer = lib.mkOption {
|
arrs.enable = lib.mkEnableOption "Arr services";
|
||||||
|
downloadServer = lib.mkOption {
|
||||||
type = lib.types.nullOr lib.types.str;
|
type = lib.types.nullOr lib.types.str;
|
||||||
description = "Hostname for arr services";
|
description = "Hostname for download services";
|
||||||
default = null;
|
default = null;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf (config.arrServer != null) {
|
config = lib.mkIf config.arrs.enable {
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
bazarr = {
|
bazarr = {
|
||||||
|
@ -1,7 +1,6 @@
|
|||||||
{ config, pkgs, lib, ... }: {
|
{ config, pkgs, lib, ... }: {
|
||||||
|
|
||||||
options = {
|
options = {
|
||||||
caddy.enable = lib.mkEnableOption "Caddy reverse proxy.";
|
|
||||||
caddy.tlsPolicies = lib.mkOption {
|
caddy.tlsPolicies = lib.mkOption {
|
||||||
type = lib.types.listOf lib.types.attrs;
|
type = lib.types.listOf lib.types.attrs;
|
||||||
description = "Caddy JSON TLS policies";
|
description = "Caddy JSON TLS policies";
|
||||||
@ -19,35 +18,35 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf (config.caddy.enable && config.caddy.routes != [ ]) {
|
config =
|
||||||
|
lib.mkIf (config.services.caddy.enable && config.caddy.routes != [ ]) {
|
||||||
|
|
||||||
services.caddy = {
|
services.caddy = {
|
||||||
enable = true;
|
adapter = "''"; # Required to enable JSON
|
||||||
adapter = "''"; # Required to enable JSON
|
configFile = pkgs.writeText "Caddyfile" (builtins.toJSON {
|
||||||
configFile = pkgs.writeText "Caddyfile" (builtins.toJSON {
|
apps.http.servers.main = {
|
||||||
apps.http.servers.main = {
|
listen = [ ":443" ];
|
||||||
listen = [ ":443" ];
|
routes = config.caddy.routes;
|
||||||
routes = config.caddy.routes;
|
errors.routes = config.caddy.blocks;
|
||||||
errors.routes = config.caddy.blocks;
|
# logs = { }; # Uncomment to collect access logs
|
||||||
# logs = { }; # Uncomment to collect access logs
|
|
||||||
};
|
|
||||||
apps.tls.automation.policies = config.caddy.tlsPolicies;
|
|
||||||
logging.logs.main = {
|
|
||||||
encoder = { format = "console"; };
|
|
||||||
writer = {
|
|
||||||
output = "file";
|
|
||||||
filename = "${config.services.caddy.logDir}/caddy.log";
|
|
||||||
roll = true;
|
|
||||||
};
|
};
|
||||||
level = "INFO";
|
apps.tls.automation.policies = config.caddy.tlsPolicies;
|
||||||
};
|
logging.logs.main = {
|
||||||
});
|
encoder = { format = "console"; };
|
||||||
|
writer = {
|
||||||
|
output = "file";
|
||||||
|
filename = "${config.services.caddy.logDir}/caddy.log";
|
||||||
|
roll = true;
|
||||||
|
};
|
||||||
|
level = "INFO";
|
||||||
|
};
|
||||||
|
});
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
networking.firewall.allowedUDPPorts = [ 443 ];
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
||||||
networking.firewall.allowedUDPPorts = [ 443 ];
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -19,10 +19,9 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf (config.bookServer != null) {
|
config = lib.mkIf config.services.calibre-web.enable {
|
||||||
|
|
||||||
services.calibre-web = {
|
services.calibre-web = {
|
||||||
enable = true;
|
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
options = {
|
options = {
|
||||||
reverseProxyAuth.enable = false;
|
reverseProxyAuth.enable = false;
|
||||||
|
@ -9,6 +9,7 @@
|
|||||||
./cloudflare.nix
|
./cloudflare.nix
|
||||||
./gitea.nix
|
./gitea.nix
|
||||||
./gnupg.nix
|
./gnupg.nix
|
||||||
|
./grafana.nix
|
||||||
./honeypot.nix
|
./honeypot.nix
|
||||||
./jellyfin.nix
|
./jellyfin.nix
|
||||||
./keybase.nix
|
./keybase.nix
|
||||||
|
@ -6,23 +6,22 @@ in {
|
|||||||
|
|
||||||
options = {
|
options = {
|
||||||
|
|
||||||
giteaServer = lib.mkOption {
|
gitServer = lib.mkOption {
|
||||||
description = "Hostname for Gitea.";
|
description = "Hostname for git server (Gitea).";
|
||||||
type = lib.types.nullOr lib.types.str;
|
type = lib.types.nullOr lib.types.str;
|
||||||
default = null;
|
default = null;
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf (config.giteaServer != null) {
|
config = lib.mkIf config.services.gitea.enable {
|
||||||
services.gitea = {
|
services.gitea = {
|
||||||
enable = true;
|
|
||||||
database.type = "sqlite3";
|
database.type = "sqlite3";
|
||||||
settings = {
|
settings = {
|
||||||
repository = {
|
repository = {
|
||||||
DEFAULT_PUSH_CREATE_PRIVATE = true;
|
DEFAULT_PUSH_CREATE_PRIVATE = true;
|
||||||
DISABLE_HTTP_GIT = false;
|
DISABLE_HTTP_GIT = false;
|
||||||
ACCESS_CONTROL_ALLOW_ORIGIN = config.giteaServer;
|
ACCESS_CONTROL_ALLOW_ORIGIN = config.gitServer;
|
||||||
ENABLE_PUSH_CREATE_USER = true;
|
ENABLE_PUSH_CREATE_USER = true;
|
||||||
ENABLE_PUSH_CREATE_ORG = true;
|
ENABLE_PUSH_CREATE_ORG = true;
|
||||||
DEFAULT_BRANCH = "main";
|
DEFAULT_BRANCH = "main";
|
||||||
@ -30,7 +29,7 @@ in {
|
|||||||
server = {
|
server = {
|
||||||
HTTP_PORT = 3001;
|
HTTP_PORT = 3001;
|
||||||
HTTP_ADDRESS = "127.0.0.1";
|
HTTP_ADDRESS = "127.0.0.1";
|
||||||
ROOT_URL = "https://${config.giteaServer}/";
|
ROOT_URL = "https://${config.gitServer}/";
|
||||||
SSH_PORT = 22;
|
SSH_PORT = 22;
|
||||||
START_SSH_SERVER = false; # Use sshd instead
|
START_SSH_SERVER = false; # Use sshd instead
|
||||||
DISABLE_SSH = false;
|
DISABLE_SSH = false;
|
||||||
@ -47,7 +46,7 @@ in {
|
|||||||
networking.firewall.allowedTCPPorts = [ 122 ];
|
networking.firewall.allowedTCPPorts = [ 122 ];
|
||||||
|
|
||||||
caddy.routes = [{
|
caddy.routes = [{
|
||||||
match = [{ host = [ config.giteaServer ]; }];
|
match = [{ host = [ config.gitServer ]; }];
|
||||||
handle = [{
|
handle = [{
|
||||||
handler = "reverse_proxy";
|
handler = "reverse_proxy";
|
||||||
upstreams = [{ dial = "localhost:3001"; }];
|
upstreams = [{ dial = "localhost:3001"; }];
|
||||||
|
24
modules/nixos/services/grafana.nix
Normal file
24
modules/nixos/services/grafana.nix
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
{ config, lib, ... }: {
|
||||||
|
|
||||||
|
options.metricsServer = lib.mkOption {
|
||||||
|
type = lib.types.nullOr lib.types.str;
|
||||||
|
description = "Hostname of the metrics server.";
|
||||||
|
default = null;
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf config.services.grafana.enable {
|
||||||
|
|
||||||
|
# Required to fix error in latest nixpkgs
|
||||||
|
services.grafana.settings = { };
|
||||||
|
|
||||||
|
caddy.routes = [{
|
||||||
|
match = [{ host = [ config.metricsServer ]; }];
|
||||||
|
handle = [{
|
||||||
|
handler = "reverse_proxy";
|
||||||
|
upstreams = [{ dial = "localhost:3000"; }];
|
||||||
|
}];
|
||||||
|
}];
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
@ -8,9 +8,8 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf (config.streamServer != null) {
|
config = lib.mkIf config.services.jellyfin.enable {
|
||||||
|
|
||||||
services.jellyfin.enable = true;
|
|
||||||
services.jellyfin.group = "media";
|
services.jellyfin.group = "media";
|
||||||
users.users.jellyfin = { isSystemUser = true; };
|
users.users.jellyfin = { isSystemUser = true; };
|
||||||
|
|
||||||
|
@ -2,15 +2,15 @@
|
|||||||
|
|
||||||
options = {
|
options = {
|
||||||
|
|
||||||
nextcloudServer = lib.mkOption {
|
contentServer = lib.mkOption {
|
||||||
type = lib.types.nullOr lib.types.str;
|
type = lib.types.nullOr lib.types.str;
|
||||||
description = "Hostname for Nextcloud";
|
description = "Hostname for personal content system (Nextcloud)";
|
||||||
default = null;
|
default = null;
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf (config.nextcloudServer != null) {
|
config = lib.mkIf config.services.nextcloud.enable {
|
||||||
|
|
||||||
services.nextcloud = {
|
services.nextcloud = {
|
||||||
enable = true;
|
enable = true;
|
||||||
@ -21,7 +21,7 @@
|
|||||||
maxUploadSize = "50G";
|
maxUploadSize = "50G";
|
||||||
config = {
|
config = {
|
||||||
adminpassFile = config.secrets.nextcloud.dest;
|
adminpassFile = config.secrets.nextcloud.dest;
|
||||||
extraTrustedDomains = [ config.nextcloudServer ];
|
extraTrustedDomains = [ config.contentServer ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -33,7 +33,7 @@
|
|||||||
|
|
||||||
# Point Caddy to Nginx
|
# Point Caddy to Nginx
|
||||||
caddy.routes = [{
|
caddy.routes = [{
|
||||||
match = [{ host = [ config.nextcloudServer ]; }];
|
match = [{ host = [ config.contentServer ]; }];
|
||||||
handle = [{
|
handle = [{
|
||||||
handler = "reverse_proxy";
|
handler = "reverse_proxy";
|
||||||
upstreams = [{ dial = "localhost:8080"; }];
|
upstreams = [{ dial = "localhost:8080"; }];
|
||||||
|
@ -1,32 +1,64 @@
|
|||||||
{ config, lib, ... }: {
|
{ config, pkgs, lib, ... }: {
|
||||||
|
|
||||||
options.metricsServer = lib.mkOption {
|
options.prometheusServer = lib.mkOption {
|
||||||
type = lib.types.nullOr lib.types.str;
|
type = lib.types.nullOr lib.types.str;
|
||||||
description = "Hostname of the Grafana server.";
|
description = "Hostname of the Prometheus server.";
|
||||||
default = null;
|
default = null;
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf (config.metricsServer != null) {
|
# If hosting Grafana, host local Prometheus and listen for inbound jobs.
|
||||||
|
# If not hosting Grafana, send remote Prometheus writes to primary host
|
||||||
|
|
||||||
services.grafana.enable = true;
|
config = lib.mkIf config.services.prometheus.enable {
|
||||||
|
|
||||||
# Required to fix error in latest nixpkgs
|
|
||||||
services.grafana.settings = { };
|
|
||||||
|
|
||||||
services.prometheus = {
|
services.prometheus = {
|
||||||
enable = true;
|
|
||||||
exporters.node.enable = true;
|
exporters.node.enable = true;
|
||||||
scrapeConfigs = [{
|
scrapeConfigs = [{
|
||||||
job_name = "local";
|
job_name = "local";
|
||||||
static_configs = [{ targets = [ "127.0.0.1:9100" ]; }];
|
static_configs = [{ targets = [ "127.0.0.1:9100" ]; }];
|
||||||
}];
|
}];
|
||||||
|
webExternalUrl = lib.mkIf config.services.grafana.enable
|
||||||
|
"https://${config.prometheusServer}";
|
||||||
|
webConfigFile =
|
||||||
|
lib.mkIf config.services.grafana.enable (pkgs.formats.yaml { }).generate
|
||||||
|
"webconfig.yml" {
|
||||||
|
basic_auth_users = {
|
||||||
|
# Generate password: htpasswd -nBC 10 "" | tr -d ':\n'
|
||||||
|
# Encrypt and place in private/prometheus.age
|
||||||
|
"prometheus" =
|
||||||
|
"$2y$10$r7FWHLHTGPAY312PdhkPEuvb05aGn9Nk1IO7qtUUUjmaDl35l6sLa";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
remoteWrite = lib.mkIf (!config.services.grafana.enable) [{
|
||||||
|
name = config.networking.hostName;
|
||||||
|
url = "https://${config.prometheusServer}";
|
||||||
|
basic_auth = {
|
||||||
|
# Uses password hashed with bcrypt above
|
||||||
|
username = "prometheus";
|
||||||
|
password_file = config.secrets.prometheus.dest;
|
||||||
|
};
|
||||||
|
}];
|
||||||
};
|
};
|
||||||
|
|
||||||
caddy.routes = [{
|
# Create credentials file for remote Prometheus push
|
||||||
match = [{ host = [ config.metricsServer ]; }];
|
secrets.prometheus = lib.mkIf (!config.services.grafana.enable) {
|
||||||
|
source = ../../../private/prometheus.age;
|
||||||
|
dest = "${config.secretsDirectory}/prometheus";
|
||||||
|
owner = "prometheus";
|
||||||
|
group = "prometheus";
|
||||||
|
permissions = "0440";
|
||||||
|
};
|
||||||
|
systemd.services.prometheus-secret =
|
||||||
|
lib.mkIf (!config.services.grafana.enable) {
|
||||||
|
requiredBy = [ "prometheus.service" ];
|
||||||
|
before = [ "prometheus.service" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
caddy.routes = lib.mkIf config.services.grafana.enable [{
|
||||||
|
match = [{ host = [ config.prometheusServer ]; }];
|
||||||
handle = [{
|
handle = [{
|
||||||
handler = "reverse_proxy";
|
handler = "reverse_proxy";
|
||||||
upstreams = [{ dial = "localhost:3000"; }];
|
upstreams = [{ dial = "localhost:9090"; }];
|
||||||
}];
|
}];
|
||||||
}];
|
}];
|
||||||
|
|
||||||
|
@ -1,11 +1,8 @@
|
|||||||
{ config, lib, ... }: {
|
{ config, lib, ... }: {
|
||||||
|
|
||||||
options = { samba.enable = lib.mkEnableOption "Enable Samba sharing."; };
|
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
|
|
||||||
services.samba = lib.mkIf (config.samba.enable) {
|
services.samba = lib.mkIf config.services.samba.enable {
|
||||||
enable = true;
|
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
shares.data = {
|
shares.data = {
|
||||||
path = "/data";
|
path = "/data";
|
||||||
|
@ -6,19 +6,18 @@ in {
|
|||||||
|
|
||||||
options = {
|
options = {
|
||||||
|
|
||||||
vaultwardenServer = lib.mkOption {
|
secretsServer = lib.mkOption {
|
||||||
description = "Hostname for Vaultwarden.";
|
description = "Hostname for passwords and secrets (Vaultwarden).";
|
||||||
type = lib.types.nullOr lib.types.str;
|
type = lib.types.nullOr lib.types.str;
|
||||||
default = null;
|
default = null;
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf (config.vaultwardenServer != null) {
|
config = lib.mkIf config.services.vaultwarden.enable {
|
||||||
services.vaultwarden = {
|
services.vaultwarden = {
|
||||||
enable = true;
|
|
||||||
config = {
|
config = {
|
||||||
DOMAIN = "https://${config.vaultwardenServer}";
|
DOMAIN = "https://${config.secretsServer}";
|
||||||
SIGNUPS_ALLOWED = false;
|
SIGNUPS_ALLOWED = false;
|
||||||
SIGNUPS_VERIFY = true;
|
SIGNUPS_VERIFY = true;
|
||||||
INVITATIONS_ALLOWED = true;
|
INVITATIONS_ALLOWED = true;
|
||||||
@ -47,7 +46,7 @@ in {
|
|||||||
networking.firewall.allowedTCPPorts = [ 3012 ];
|
networking.firewall.allowedTCPPorts = [ 3012 ];
|
||||||
|
|
||||||
caddy.routes = [{
|
caddy.routes = [{
|
||||||
match = [{ host = [ config.vaultwardenServer ]; }];
|
match = [{ host = [ config.secretsServer ]; }];
|
||||||
handle = [{
|
handle = [{
|
||||||
handler = "reverse_proxy";
|
handler = "reverse_proxy";
|
||||||
upstreams = [{ dial = "localhost:8222"; }];
|
upstreams = [{ dial = "localhost:8222"; }];
|
||||||
|
12
private/prometheus.age
Normal file
12
private/prometheus.age
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBDRWNi
|
||||||
|
YlJubmg1Ly94cHgxbHV3dStaRkZDRXdNZzVjRCt0R2RNMFkxUEZNCnJxZnc1UHFB
|
||||||
|
MURselZuL1U5OHFQb0tPLytWelRzYXlvNngya3RQOXREUEkKLT4gc3NoLWVkMjU1
|
||||||
|
MTkgWXlTVU1RIDRiR2ZEMUZsYTlGbXFoR0NyZXVXMEZmS3BONDNFQUo4VU1XNkZ0
|
||||||
|
ZWFzMHcKM1crbDVsR2VmVTFNckxaa21MTW9UVWE3Z01qMi9VT0kwMm80V0tMSWM1
|
||||||
|
bwotPiBzc2gtZWQyNTUxOSBuanZYNUEgd0tIampOVU5ZeWtxNWZpaGdFQTBlWlha
|
||||||
|
Z0lBQWp0dzhMRHU5UnVzWVlUSQpnUHlCZ0w5Z1hMYm1Dc1UxQ1lLRHlnaUhJQllW
|
||||||
|
RGMvTEhhc29VL2JXZnhNCi0tLSB6TThQbmV0eFJ0d2pZd1h0c2RuTGFzUHhyYWJp
|
||||||
|
b2RhVTNkSXczRGJpN1UwCt7I+OsqQdQbFXhYPV5/kqDAr/jVoJ9H5PSfdLkeVIrr
|
||||||
|
AqScUaOrdctUZEBIF8/FouJkSbIiU8muBNrBKx9CylI=
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
Loading…
Reference in New Issue
Block a user