2022-01-14 20:05:57 +00:00
|
|
|
{ config, pkgs, ... }:
|
|
|
|
let
|
2022-01-14 20:20:48 +00:00
|
|
|
removeCIDR = cidr: builtins.elemAt (builtins.split "/" cidr) 0;
|
2022-01-14 20:24:20 +00:00
|
|
|
filterIPs = cidrs: builtins.map (f: "[${removeCIDR f}]") cidrs;
|
2022-01-14 20:05:57 +00:00
|
|
|
listenIPs = filterIPs config.networking.wireguard.interfaces."wg0".ips;
|
|
|
|
in
|
|
|
|
{
|
|
|
|
services.grafana = {
|
|
|
|
enable = true;
|
|
|
|
domain = "grafana.int.chir.rs";
|
|
|
|
port = 2342;
|
|
|
|
addr = "127.0.0.1";
|
|
|
|
};
|
|
|
|
|
|
|
|
services.nginx.virtualHosts.${config.services.grafana.domain} = {
|
|
|
|
forceSSL = true;
|
|
|
|
http2 = true;
|
|
|
|
http3 = true;
|
|
|
|
listenAddresses = listenIPs;
|
2022-01-14 20:12:11 +00:00
|
|
|
sslCertificate = "/var/lib/acme/int.chir.rs/cert.pem";
|
|
|
|
sslCertificateKey = "/var/lib/acme/int.chir.rs/key.pem";
|
2022-01-14 20:05:57 +00:00
|
|
|
locations."/" = {
|
|
|
|
proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
|
|
|
|
proxyWebsockets = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|