xengi/infra
0
1
Fork 0
Code Pull requests Activity Actions

grafana basic auth

Browse source
This commit is contained in:
XenGi 2026-02-17 19:22:11 +01:00
parent 57328d19e9
commit 11da229f3f
Signed by: xengi
SSH key fingerprint: SHA256:jxWM2RTHvxxcncXycwwWkP7HCWb4VREN05UGJTbIPZg
9 changed files with 23 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hosts/matrix/default.nix
View file

@ -5,6 +5,7 @@
../common.nix ../common.nix
../../services/openssh.nix ../../services/openssh.nix
../../services/nginx.nix ../../services/nginx.nix
../../services/prometheus-node.nix
./nginx.nix ./nginx.nix
./synapse.nix ./synapse.nix
./draupnir.nix ./draupnir.nix

1
hosts/md/default.nix
View file

@ -4,6 +4,7 @@
imports = [ imports = [
../common.nix ../common.nix
../../services/openssh.nix ../../services/openssh.nix
../../services/prometheus-node.nix
./hedgedoc.nix ./hedgedoc.nix
../../services/nginx.nix ../../services/nginx.nix
./nginx.nix ./nginx.nix

3
hosts/monitoring/default.nix
View file

@ -4,8 +4,9 @@
imports = [ imports = [
../common.nix ../common.nix
../../services/openssh.nix ../../services/openssh.nix
../../services/prometheus-node.nix
../../services/nginx.nix ../../services/nginx.nix
#./nginx.nix ./nginx.nix
#./prometheus.nix #./prometheus.nix
#./grafana.nix #./grafana.nix
]; ];

2
hosts/monitoring/nginx.nix
View file

@ -7,7 +7,7 @@
kTLS = true; kTLS = true;
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
#basicAuthFile = config.age.secrets.grafana_basic_auth.path; basicAuthFile = config.age.secrets.grafana_basic_auth.path;
locations = { locations = {
"/" = { "/" = {
#proxyPass = "http://"; #proxyPass = "http://";

1
hosts/sql/default.nix
View file

@ -4,6 +4,7 @@
imports = [ imports = [
../common.nix ../common.nix
../../services/openssh.nix ../../services/openssh.nix
../../services/prometheus-node.nix
./postgres.nix ./postgres.nix
]; ];

1
hosts/www/default.nix
View file

@ -5,6 +5,7 @@
../common.nix ../common.nix
../../services/openssh.nix ../../services/openssh.nix
./openssh.nix ./openssh.nix
../../services/prometheus-node.nix
../../services/nginx.nix ../../services/nginx.nix
./nginx.nix ./nginx.nix
]; ];

BIN
secrets/grafana_basic_auth.age Normal file
View file

Binary file not shown.

1
secrets/secrets.nix
View file

@ -35,6 +35,7 @@ in
"grafana_admin_password.age".publicKeys = users ++ [ _monitoring ]; "grafana_admin_password.age".publicKeys = users ++ [ _monitoring ];
"grafana_secret_key.age".publicKeys = users ++ [ _monitoring ]; "grafana_secret_key.age".publicKeys = users ++ [ _monitoring ];
"grafana_basic_auth.age".publicKeys = users ++ [ _monitoring ];
"postgres-matrix-synapse.age".publicKeys = users ++ [ _sql _matrix ]; "postgres-matrix-synapse.age".publicKeys = users ++ [ _sql _matrix ];
"postgres-hedgedoc.age".publicKeys = users ++ [ _sql _md ]; "postgres-hedgedoc.age".publicKeys = users ++ [ _sql _md ];

15
services/prometheus-node.nix Normal file
View file

@ -0,0 +1,15 @@
{ ... }:
{
services.prometheus.exporters.node = {
enable = true;
#listenAddress = "0.0.0.0";
firewallRules = ''
ip saddr 195.160.173.14/32 tcp dport ${config.services.prometheus.exporters.node.port} accept comment "Allow prometheus on monitoring.berlin.ccc.der"
ip6 saddr 2001:678:760:cccb::14/128 tcp dport ${config.services.prometheus.exporters.node.port} accept comment "Allow prometheus on monitoring.berlin.ccc.der"
'';
enabledCollectors = [];
disabledCollectors = [];
};
}