mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00
Code Activity

chore: disable access logs for uninteresting high volume endpoint (telegraf write api), and internal nginx_status

Browse source
This commit is contained in:
oddlama 2023-07-06 12:38:20 +02:00
parent f2a97b16c6
commit 13d9baedc1
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
2 changed files with 15 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

18
hosts/ward/microvms/influxdb.nix
View file

@ -23,7 +23,13 @@ in {
keepalive 2; keepalive 2;
''; '';
}; };
virtualHosts.${influxdbDomain} = { virtualHosts.${influxdbDomain} = let
accessRules = ''
satisfy any;
${lib.concatMapStrings (ip: "allow ${ip};\n") sentinelCfg.meta.wireguard.proxy-sentinel.server.reservedAddresses}
deny all;
'';
in {
forceSSL = true; forceSSL = true;
useACMEWildcardHost = true; useACMEWildcardHost = true;
oauth2.enable = true; oauth2.enable = true;
@ -31,10 +37,14 @@ in {
locations."/" = { locations."/" = {
proxyPass = "http://influxdb"; proxyPass = "http://influxdb";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = accessRules;
};
locations."/api/v2/write" = {
proxyPass = "http://influxdb/api/v2/write";
proxyWebsockets = true;
extraConfig = '' extraConfig = ''
satisfy any; ${accessRules}
${lib.concatMapStrings (ip: "allow ${ip};\n") sentinelCfg.meta.wireguard.proxy-sentinel.server.reservedAddresses} access_log off;
deny all;
''; '';
}; };
}; };

1
modules/meta/telegraf.nix
View file

@ -152,6 +152,7 @@ in {
allow ::1; allow ::1;
deny all; deny all;
stub_status; stub_status;
access_log off;
''; '';
}; };