netdata metrics with basic auth

seems to have performance problems with caddy

hosts/oracle/default.nix

@@ -21,12 +21,17 @@ nixpkgs.lib.nixosSystem {
       streamServer = "stream.masu.rs";
       nextcloudServer = "cloud.masu.rs";
       transmissionServer = "download.masu.rs";
+      metricsServer = "metrics.masu.rs";
 
       # Disable passwords, only use SSH key
       passwordHash = null;
       publicKey =
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
 
+      # Password for metrics server
+      metricsPasswordHashed =
+        "$2a$14$rr.lPIF8ktl5bepks1iD3OXu5Se11/uAog01wlFMwgk0MCb1Rm3PG";
+
       # Nextcloud backup config
       backupS3 = {
         endpoint = "s3.us-west-002.backblazeb2.com";
@@ -77,5 +82,6 @@ nixpkgs.lib.nixosSystem {
     ../../modules/services/jellyfin.nix
     ../../modules/services/nextcloud.nix
     ../../modules/services/transmission.nix
+    ../../modules/services/metrics.nix
   ];
 }

modules/services/metrics.nix

@@ -0,0 +1,43 @@
+{ config, lib, ... }: {
+
+  options = {
+    metricsServer = lib.mkOption {
+      type = lib.types.str;
+      description = "Hostname for Metrics server";
+    };
+    metricsPasswordHashed = lib.mkOption {
+      type = lib.types.str;
+      description = "Metrics password hashed with `caddy hash-password`";
+    };
+  };
+
+  imports = [ ./caddy.nix ];
+
+  config = {
+
+    services.netdata.enable = true;
+
+    caddyRoutes = [{
+      match = [{ host = [ config.metricsServer ]; }];
+      handle = [
+        {
+          handler = "authentication";
+          providers = {
+            http_basic = {
+              accounts = [{
+                username = config.user;
+                password = config.metricsPasswordHashed;
+              }];
+            };
+          };
+        }
+        {
+          handler = "reverse_proxy";
+          upstreams = [{ dial = "localhost:19999"; }];
+        }
+      ];
+    }];
+
+  };
+
+}