sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: unfortunately basic-auth conflicts with influxdb

Browse source
This commit is contained in:
oddlama 2023-06-25 14:59:41 +02:00
parent 10a52642ad
commit 1aa2a8d8b7
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
1 changed files with 0 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

22
hosts/ward/microvms/influxdb/default.nix
View file

@ -36,26 +36,6 @@ in {
nodes.sentinel = {
providedDomains.influxdb = influxdbDomain;
# Not actually used on the system, but to allow us to provision tokens
# when generating secrets.
age.secrets.admin-influxdb-basic-auth-password = {
rekeyFile = ./secrets/admin-influxdb-basic-auth-password.age;
generator = "alnum";
mode = "000";
};
age.secrets.influxdb-basic-auth-hashes = {
rekeyFile = ./secrets/influxdb-basic-auth-hashes.age;
# Copy only the script so the dependencies can be added by the nodes
# that define passwords (using distributed-config).
generator = {
inherit (config.age.generators.basic-auth) script;
dependencies = [sentinelCfg.age.secrets.admin-influxdb-basic-auth-password];
};
mode = "440";
group = "nginx";
};
services.nginx = {
upstreams.influxdb = {
servers."${config.services.influxdb2.settings.http-bind-address}" = {};
@ -74,8 +54,6 @@ in {
proxyWebsockets = true;
extraConfig = ''
satisfy any;
auth_basic "Authentication required";
auth_basic_user_file ${sentinelCfg.age.secrets.influxdb-basic-auth-hashes.path};
${lib.concatMapStrings (ip: "allow ${ip};\n") sentinelCfg.extra.wireguard.proxy-sentinel.server.reservedAddresses}
deny all;
'';