sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: disable access logs for uninteresting high volume endpoint (telegraf write api), and internal nginx_status

Browse source
This commit is contained in:
oddlama 2023-07-06 12:38:20 +02:00
parent f2a97b16c6
commit 13d9baedc1
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
2 changed files with 15 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

18
hosts/ward/microvms/influxdb.nix
View file

@ -23,7 +23,13 @@ in {
keepalive 2;
'';
};
virtualHosts.${influxdbDomain} = {
virtualHosts.${influxdbDomain} = let
accessRules = ''
satisfy any;
${lib.concatMapStrings (ip: "allow ${ip};\n") sentinelCfg.meta.wireguard.proxy-sentinel.server.reservedAddresses}
deny all;
'';
in {
forceSSL = true;
useACMEWildcardHost = true;
oauth2.enable = true;
@ -31,10 +37,14 @@ in {
locations."/" = {
proxyPass = "http://influxdb";
proxyWebsockets = true;
extraConfig = accessRules;
};
locations."/api/v2/write" = {
proxyPass = "http://influxdb/api/v2/write";
proxyWebsockets = true;
extraConfig = ''
satisfy any;
${lib.concatMapStrings (ip: "allow ${ip};\n") sentinelCfg.meta.wireguard.proxy-sentinel.server.reservedAddresses}
deny all;
${accessRules}
access_log off;
'';
};
};