From a5e186ee87c3821c34b103c1ba9c3e1291935de8 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Mon, 10 Oct 2022 18:11:08 +0000
Subject: [PATCH] netdata metrics with basic auth

seems to have performance problems with caddy
---
 hosts/oracle/default.nix     |  6 +++++
 modules/services/metrics.nix | 43 ++++++++++++++++++++++++++++++++++++
 2 files changed, 49 insertions(+)
 create mode 100644 modules/services/metrics.nix

diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix
index 5b1f3ba..73653e8 100644
--- a/hosts/oracle/default.nix
+++ b/hosts/oracle/default.nix
@@ -21,12 +21,17 @@ nixpkgs.lib.nixosSystem {
       streamServer = "stream.masu.rs";
       nextcloudServer = "cloud.masu.rs";
       transmissionServer = "download.masu.rs";
+      metricsServer = "metrics.masu.rs";
 
       # Disable passwords, only use SSH key
       passwordHash = null;
       publicKey =
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
 
+      # Password for metrics server
+      metricsPasswordHashed =
+        "$2a$14$rr.lPIF8ktl5bepks1iD3OXu5Se11/uAog01wlFMwgk0MCb1Rm3PG";
+
       # Nextcloud backup config
       backupS3 = {
         endpoint = "s3.us-west-002.backblazeb2.com";
@@ -77,5 +82,6 @@ nixpkgs.lib.nixosSystem {
     ../../modules/services/jellyfin.nix
     ../../modules/services/nextcloud.nix
     ../../modules/services/transmission.nix
+    ../../modules/services/metrics.nix
   ];
 }
diff --git a/modules/services/metrics.nix b/modules/services/metrics.nix
new file mode 100644
index 0000000..8239fdd
--- /dev/null
+++ b/modules/services/metrics.nix
@@ -0,0 +1,43 @@
+{ config, lib, ... }: {
+
+  options = {
+    metricsServer = lib.mkOption {
+      type = lib.types.str;
+      description = "Hostname for Metrics server";
+    };
+    metricsPasswordHashed = lib.mkOption {
+      type = lib.types.str;
+      description = "Metrics password hashed with `caddy hash-password`";
+    };
+  };
+
+  imports = [ ./caddy.nix ];
+
+  config = {
+
+    services.netdata.enable = true;
+
+    caddyRoutes = [{
+      match = [{ host = [ config.metricsServer ]; }];
+      handle = [
+        {
+          handler = "authentication";
+          providers = {
+            http_basic = {
+              accounts = [{
+                username = config.user;
+                password = config.metricsPasswordHashed;
+              }];
+            };
+          };
+        }
+        {
+          handler = "reverse_proxy";
+          upstreams = [{ dial = "localhost:19999"; }];
+        }
+      ];
+    }];
+
+  };
+
+}