diff options
author | Franck Cuny <franck@fcuny.net> | 2022-04-13 12:08:25 -0700 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2022-04-13 12:08:25 -0700 |
commit | 1f2b5c4412560bf77ef6995905d1356dd224b7c3 (patch) | |
tree | 0500eaf3e89d32d38979516fa902ca46e055d9d7 | |
parent | nginx: get a simple solution to work first (diff) | |
download | world-1f2b5c4412560bf77ef6995905d1356dd224b7c3.tar.gz |
grafana: try to configure the domain with acme+dns
-rw-r--r-- | hosts/tahoe/secrets/acme/credentials.age | 7 | ||||
-rw-r--r-- | hosts/tahoe/secrets/acme/gcp_service_account.json.age | bin | 0 -> 2827 bytes | |||
-rw-r--r-- | hosts/tahoe/secrets/secrets.nix | 3 | ||||
-rw-r--r-- | modules/services/grafana/default.nix | 18 |
4 files changed, 26 insertions, 2 deletions
diff --git a/hosts/tahoe/secrets/acme/credentials.age b/hosts/tahoe/secrets/acme/credentials.age new file mode 100644 index 0000000..5b79f73 --- /dev/null +++ b/hosts/tahoe/secrets/acme/credentials.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 dtgBNg uA1fVGl4O/Dh2SigMhPzDfqXUBT22kIypRFyhnKTLVA +oyJUlB0Q381w9ZdyAkQVIB+1F1cDiBkLsq6KJM5U5Rk +-> &`(il-grease +UYI7ukzTm4M7kZvl7qq8p/na +--- Gno1Ou1gtlurTyiaf66uq777VPs9E8QMZ9xBtfvXSns +_wS?(0XEYqJ36h,ѼƏelusIrv~A1gPx(`k:!:K2I}P5#ҳ)F%=\9N8@~Sa5 \ No newline at end of file diff --git a/hosts/tahoe/secrets/acme/gcp_service_account.json.age b/hosts/tahoe/secrets/acme/gcp_service_account.json.age new file mode 100644 index 0000000..0f99905 --- /dev/null +++ b/hosts/tahoe/secrets/acme/gcp_service_account.json.age Binary files differdiff --git a/hosts/tahoe/secrets/secrets.nix b/hosts/tahoe/secrets/secrets.nix index d6b7272..71b2bd1 100644 --- a/hosts/tahoe/secrets/secrets.nix +++ b/hosts/tahoe/secrets/secrets.nix @@ -4,7 +4,8 @@ let in { "wireguard_privatekey.age".publicKeys = [ fcuny_aptos ]; - "traefik/gcp_service_account.json.age".publicKeys = [ fcuny_aptos ]; + "acme/credentials.age".publicKeys = [ fcuny_aptos ]; + "acme/gcp_service_account.json.age".publicKeys = [ fcuny_aptos ]; "unifi/unifi-poller.age".publicKeys = [ fcuny_aptos ]; diff --git a/modules/services/grafana/default.nix b/modules/services/grafana/default.nix index 174ece9..bee67bd 100644 --- a/modules/services/grafana/default.nix +++ b/modules/services/grafana/default.nix @@ -1,5 +1,7 @@ { config, lib, pkgs, ... }: -let cfg = config.my.services.grafana; +let + cfg = config.my.services.grafana; + secrets = config.age.secrets; in { options.my.services.grafana = with lib; { enable = mkEnableOption "grafana observability stack"; @@ -29,6 +31,20 @@ in { }; }; + services.nginx.virtualHosts."dash.fcuny.xyz" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:9090"; + proxyWebsockets = true; + }; + }; + + security.acme.certs."dash.fcuny.xyz" = { + dnsProvider = "gcloud"; + credentialsFile = secrets."acme/credentials".path; + }; + my.services.backup = { paths = [ "/var/lib/grafana" ]; }; }; } |