sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: adguardhome use DoT; fix loki home proxy; allow arbitrary telegraf secrets

Browse source
This commit is contained in:
oddlama 2024-05-25 15:49:41 +02:00
parent 93061af475
commit 045f15239a
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
11 changed files with 114 additions and 173 deletions
Download patch file Download diff file Expand all files Collapse all files

9
hosts/sire/guests/loki.nix
View file

@ -1,12 +1,10 @@
{
config,
lib,
nodes,
...
}: let
sentinelCfg = nodes.sentinel.config;
wardWebProxyCfg = nodes.ward-web-proxy.config;
wardCfg = nodes.ward.config;
lokiDomain = "loki.${config.repo.secrets.global.domains.me}";
in {
wireguard.proxy-sentinel = {
@ -44,14 +42,11 @@ in {
proxyWebsockets = true;
extraConfig = ''
auth_basic "Authentication required";
auth_basic_user_file ${wardWebProxyCfg.age.secrets.loki-basic-auth-hashes.path};
auth_basic_user_file ${sentinelCfg.age.secrets.loki-basic-auth-hashes.path};
proxy_read_timeout 1800s;
proxy_connect_timeout 1600s;
${lib.concatMapStrings (ip: "allow ${ip};\n") wardCfg.wireguard.proxy-home.server.reservedAddresses}
deny all;
access_log off;
'';
};
@ -89,7 +84,7 @@ in {
proxyWebsockets = true;
extraConfig = ''
auth_basic "Authentication required";
auth_basic_user_file ${sentinelCfg.age.secrets.loki-basic-auth-hashes.path};
auth_basic_user_file ${wardWebProxyCfg.age.secrets.loki-basic-auth-hashes.path};
proxy_read_timeout 1800s;
proxy_connect_timeout 1600s;