mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00
Code Activity

feat: add grafana test setup with oauth2

Browse source
This commit is contained in:
oddlama 2023-06-02 01:28:35 +02:00
parent a7c1fb016b
commit 135528e082
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
7 changed files with 146 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

21
hosts/sentinel/nginx.nix
View file

@ -1,5 +1,6 @@
{
config,
lib,
nodes,
...
}: let
@ -34,10 +35,13 @@ in {
services.nginx = let
authDomain = nodes.ward-nginx.config.services.kanidm.serverSettings.domain;
authPort = lib.last (lib.splitString ":" nodes.ward-nginx.config.services.kanidm.serverSettings.bindaddress);
grafanaDomain = nodes.ward-test.config.services.grafana.settings.server.domain;
grafanaPort = toString nodes.ward-test.config.services.grafana.settings.server.http_port;
in {
enable = true;
upstreams."kanidm" = {
servers."${nodes.ward-nginx.config.extra.wireguard.proxy-sentinel.ipv4}:8300" = {};
upstreams.kanidm = {
servers."${nodes.ward-nginx.config.extra.wireguard.proxy-sentinel.ipv4}:${authPort}" = {};
extraConfig = ''
zone kanidm 64k;
keepalive 2;
@ -54,5 +58,18 @@ in {
proxy_ssl_verify off;
'';
};
upstreams.grafana = {
servers."${nodes.ward-test.config.extra.wireguard.proxy-sentinel.ipv4}:${grafanaPort}" = {};
extraConfig = ''
zone grafana 64k;
keepalive 2;
'';
};
virtualHosts.${grafanaDomain} = {
forceSSL = true;
useACMEHost = config.lib.extra.matchingWildcardCert grafanaDomain;
locations."/".proxyPass = "http://grafana";
};
};
}