infra/hosts/monitoring/nginx.nix

{ config, ... }:

{
  services.nginx = {
    upstreams."grafana".servers."[${config.services.grafana.settings.server.http_addr}]:${toString config.services.grafana.settings.server.http_port}" = {};
    virtualHosts."monitoring.${config.networking.domain}" = {
      default = true;
      quic = true;
      kTLS = true;
      forceSSL = true;
      enableACME = true;
      #extraConfig = ''
      #  map $http_upgrade $connection_upgrade {
      #    default upgrade;
      #    \'\' close;
      #  }
      #'';
      locations = {
        "/" = {
          basicAuthFile = config.age.secrets.grafana_basic_auth.path;
          proxyPass = "http://grafana";
          recommendedProxySettings = true;
        };
        "/api/live/" = {
          proxyPass = "http://grafana";
          recommendedProxySettings = true;
          proxyWebsockets = true;
        };
      };
    };
  };
}