diff options
author | Franck Cuny <franck@fcuny.net> | 2023-05-09 18:47:24 -0700 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2023-05-09 18:47:24 -0700 |
commit | 7f8b7e24fe67cfdb407f1415d6e7b223d2600f58 (patch) | |
tree | 5d72336b99adee6c7216ec7fa681977c185cdaba | |
parent | tahoe: move the initrd code (diff) | |
download | world-7f8b7e24fe67cfdb407f1415d6e7b223d2600f58.tar.gz |
profiles/nginx: move common configuration to a profile
Both tahoe and carmel are using nginx, and we can simplify the configuration by moving common parts to the profile and have these hosts import it.
-rw-r--r-- | hosts/carmel/default.nix | 1 | ||||
-rw-r--r-- | hosts/carmel/services.nix | 6 | ||||
-rw-r--r-- | hosts/tahoe/default.nix | 1 | ||||
-rw-r--r-- | hosts/tahoe/services.nix | 1 | ||||
-rw-r--r-- | modules/services/default.nix | 1 | ||||
-rw-r--r-- | modules/services/monitoring/prometheus.nix | 11 | ||||
-rw-r--r-- | modules/services/nginx/default.nix | 39 | ||||
-rw-r--r-- | profiles/nginx.nix | 23 |
8 files changed, 36 insertions, 47 deletions
diff --git a/hosts/carmel/default.nix b/hosts/carmel/default.nix index c9915d2..1006f1e 100644 --- a/hosts/carmel/default.nix +++ b/hosts/carmel/default.nix @@ -8,6 +8,7 @@ ./services.nix "${self}/profiles/server.nix" "${self}/profiles/hardware/amd.nix" + "${self}/profiles/nginx.nix" ]; # This value determines the NixOS release from which the default diff --git a/hosts/carmel/services.nix b/hosts/carmel/services.nix index 89f888d..4c17fd8 100644 --- a/hosts/carmel/services.nix +++ b/hosts/carmel/services.nix @@ -74,12 +74,6 @@ }; services.nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - virtualHosts."dnsmasq" = { listen = [ { diff --git a/hosts/tahoe/default.nix b/hosts/tahoe/default.nix index 7cb25fd..aacc41a 100644 --- a/hosts/tahoe/default.nix +++ b/hosts/tahoe/default.nix @@ -11,6 +11,7 @@ in "${self}/profiles/btrfs.nix" "${self}/profiles/nas.nix" "${self}/profiles/acme.nix" + "${self}/profiles/nginx.nix" "${self}/profiles/hardware/amd.nix" ]; diff --git a/hosts/tahoe/services.nix b/hosts/tahoe/services.nix index 0227f4c..894f345 100644 --- a/hosts/tahoe/services.nix +++ b/hosts/tahoe/services.nix @@ -45,7 +45,6 @@ in enable = true; stateDir = "/var/lib/gitolite"; }; - nginx = { enable = true; }; transmission = { enable = true; vhostName = "bt.fcuny.xyz"; diff --git a/modules/services/default.nix b/modules/services/default.nix index b6b34d5..ac20bf6 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -8,7 +8,6 @@ ./gitolite ./monitoring ./navidrome - ./nginx ./samba ./sendsms ./syncthing diff --git a/modules/services/monitoring/prometheus.nix b/modules/services/monitoring/prometheus.nix index 916302b..45fa22c 100644 --- a/modules/services/monitoring/prometheus.nix +++ b/modules/services/monitoring/prometheus.nix @@ -84,6 +84,17 @@ in scrapeConfigs = [ { + job_name = "nginx"; + static_configs = [{ + targets = [ + "127.0.0.1:${ + toString config.services.prometheus.exporters.nginx.port + }" + ]; + labels = { instance = config.networking.hostName; }; + }]; + } + { job_name = "blackbox-ping"; metrics_path = "/probe"; params = { module = [ "icmp" ]; }; diff --git a/modules/services/nginx/default.nix b/modules/services/nginx/default.nix deleted file mode 100644 index ec71ba2..0000000 --- a/modules/services/nginx/default.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ config, lib, pkgs, ... }: -let cfg = config.my.services.nginx; -in -{ - options.my.services.nginx = with lib; { enable = mkEnableOption "Nginx"; }; - config = lib.mkIf cfg.enable { - services.nginx = { - enable = true; - statusPage = true; # For monitoring scraping. - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - recommendedProxySettings = true; - }; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - - # Nginx needs to be able to read the certificates - users.users.nginx.extraGroups = [ "acme" ]; - - services.prometheus = { - exporters.nginx = { - enable = true; - listenAddress = "127.0.0.1"; - }; - scrapeConfigs = [{ - job_name = "nginx"; - static_configs = [{ - targets = [ - "127.0.0.1:${ - toString config.services.prometheus.exporters.nginx.port - }" - ]; - labels = { instance = config.networking.hostName; }; - }]; - }]; - }; - }; -} diff --git a/profiles/nginx.nix b/profiles/nginx.nix new file mode 100644 index 0000000..766739b --- /dev/null +++ b/profiles/nginx.nix @@ -0,0 +1,23 @@ +{ pkgs, lib, config, ... }: +{ + services.nginx = { + enable = true; + statusPage = true; # For monitoring scraping. + + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + recommendedProxySettings = true; + }; + + services.prometheus.exporters.nginx = { + enable = true; + listenAddress = "127.0.0.1"; + port = 9113; + }; + + # Nginx needs to be able to read the certificates + users.users.nginx.extraGroups = [ "acme" ]; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; +} |