netdata: make ui available in tailnet
This commit is contained in:
parent
eac7803895
commit
84d04fa1ad
2 changed files with 39 additions and 17 deletions
|
|
@ -35,6 +35,7 @@ radicale:
|
||||||
step-ca:
|
step-ca:
|
||||||
password: ENC[AES256_GCM,data:8/6NA3WpII0LmDOp5ISnHKeaXn5LM4gpiI47JTso23c=,iv:fi2eMGG1lOwdK5+98Hp7vZ101GKRip5Xgq9k+vnC9yI=,tag:oENvvsEbKSHFfLoXcJlPkg==,type:str]
|
password: ENC[AES256_GCM,data:8/6NA3WpII0LmDOp5ISnHKeaXn5LM4gpiI47JTso23c=,iv:fi2eMGG1lOwdK5+98Hp7vZ101GKRip5Xgq9k+vnC9yI=,tag:oENvvsEbKSHFfLoXcJlPkg==,type:str]
|
||||||
intermediate-key: ENC[AES256_GCM,data:yGZLSd7ydx9wNFpWWPcyUBwZQZbyziGleCWSxurFniBCauw2h4hcPc4c4I/7cjl1vRUv41WfzWu1PtXnZ3lNHOC6tTbiikHFBgGiHk2Lhddx+NESUWmgNiejJR/UDW4T25W9OHxwLCV9pmHf4fjyT/REymGIB7kbcRryWqcWtoZWYaL7JooJornm5mMU1Be+MCfxusTGQA4gQsT5/bu20iEGPwgY3fEgZLQWzKFI2kD2lYlMC8CRxoZO32uTizzooW1+zKng1qSZ7aobFJsbSKRYpYDv9Vvfwltcczb+xo+yZL3pfoEiqAxPzeG/48lRVNf1nftM5esBRGIIPr9BV9+7fbe5DFbSRDtAWspEnp9R5ENj1rbNint/fjCcStg3OfFMdv6N8cQyIpQyHCiBLiG4z+xyFcn0iW4=,iv:BhUoeaoetI5vJk9wOHhBI2ebHWCPeXz8U2ta/xEeUxM=,tag:7xg5ilOSJP1rFlSmmZVZUg==,type:str]
|
intermediate-key: ENC[AES256_GCM,data:yGZLSd7ydx9wNFpWWPcyUBwZQZbyziGleCWSxurFniBCauw2h4hcPc4c4I/7cjl1vRUv41WfzWu1PtXnZ3lNHOC6tTbiikHFBgGiHk2Lhddx+NESUWmgNiejJR/UDW4T25W9OHxwLCV9pmHf4fjyT/REymGIB7kbcRryWqcWtoZWYaL7JooJornm5mMU1Be+MCfxusTGQA4gQsT5/bu20iEGPwgY3fEgZLQWzKFI2kD2lYlMC8CRxoZO32uTizzooW1+zKng1qSZ7aobFJsbSKRYpYDv9Vvfwltcczb+xo+yZL3pfoEiqAxPzeG/48lRVNf1nftM5esBRGIIPr9BV9+7fbe5DFbSRDtAWspEnp9R5ENj1rbNint/fjCcStg3OfFMdv6N8cQyIpQyHCiBLiG4z+xyFcn0iW4=,iv:BhUoeaoetI5vJk9wOHhBI2ebHWCPeXz8U2ta/xEeUxM=,tag:7xg5ilOSJP1rFlSmmZVZUg==,type:str]
|
||||||
|
hetzner-api-key: ENC[AES256_GCM,data:NhgWjitvgJrcBEDSkZH0S0VmaW37NupkiEUcQDZe/6oYyrE/VgEwrGSag/s2Fgv6uHmSsdbv1vqdc0iDO8GJ8w==,iv:ChEicL0jtjQrgn8CCUnrzErRr3YVdDhMbvcIlI3t7H8=,tag:cjjbEEYqEyNa5qDZCytjxw==,type:str]
|
||||||
sops:
|
sops:
|
||||||
age:
|
age:
|
||||||
- recipient: age19yeqvv28fgrtk6jsh3xyaf0lch86kna6rcz4dwe962yyyyevu30sx474xy
|
- recipient: age19yeqvv28fgrtk6jsh3xyaf0lch86kna6rcz4dwe962yyyyevu30sx474xy
|
||||||
|
|
@ -55,7 +56,7 @@ sops:
|
||||||
RzhnczA0S1pxcXZncGpWVHNYQW96L28K+ytH3PPyg4+wibpAQhp02RiSfZ83EDRB
|
RzhnczA0S1pxcXZncGpWVHNYQW96L28K+ytH3PPyg4+wibpAQhp02RiSfZ83EDRB
|
||||||
UJ8UV1d+51D0e2A1sI95r2AzDj4jfwUnI+LYDPC/qEpsu5LFLGVyeg==
|
UJ8UV1d+51D0e2A1sI95r2AzDj4jfwUnI+LYDPC/qEpsu5LFLGVyeg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2026-05-02T17:10:22Z"
|
lastmodified: "2026-05-22T19:19:21Z"
|
||||||
mac: ENC[AES256_GCM,data:f4KQ26/zvg2nLLeW5qVeI8uH2GmPpJUKohNu68nEiIjP5AT53zjBaGoLOTGl9+oVRomSOGZtLGkJGaExB6tLMon5HN6xkQbugqvq08UkZ7FnR1Sa8/OtTr/+eexPNzF8VSdZE2TZCboUSQODV8+0Cy5T918g5kedxnT62SyY4As=,iv:P4TnpJvHwnZPl7kRNjv9d1WLZP9J0sg6R3KbdDMJqyc=,tag:ylYOcg6825jT29lWUaFRYA==,type:str]
|
mac: ENC[AES256_GCM,data:hOtmWizEaIcybM14UEDsXw4GNQZob5SoFn49bWeccxA3dkGlYl67kVkDJGg0cQIO1qr/vGcZ8h/OmnOxU3geP0DaflG0h1/40lDQ3+E6BTb6HP2JmhgEmlRBRBdv87cRDHnDytBzcWARTvff3SsP2J2pLpLBTDiihlaZaiQYtgU=,iv:TvFpvcTydXO3fbh5x9ZXIOtMChlE7WXl2Xx2a9ujh00=,tag:XHvsZh6r9fzbbYFWWQyI5g==,type:str]
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.12.1
|
version: 3.12.1
|
||||||
|
|
|
||||||
|
|
@ -55,21 +55,36 @@ in
|
||||||
NETDATA_USER_CONFIG_DIR = "/etc/netdata/conf.d";
|
NETDATA_USER_CONFIG_DIR = "/etc/netdata/conf.d";
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO: move into Tailnet
|
services.nginx.virtualHosts."${constants.services.netdata.fqdn}" = {
|
||||||
# services.nginx.virtualHosts."${constants.services.netdata.fqdn}" = {
|
useACMEHost = constants.services.netdata.fqdn;
|
||||||
# enableACME = true;
|
forceSSL = true;
|
||||||
# forceSSL = true;
|
listen = [
|
||||||
#
|
{
|
||||||
# locations."/" = {
|
addr = "${constants.hosts.sid.ip}:443";
|
||||||
# root = netdata-dashboard;
|
ssl = true;
|
||||||
# tryFiles = "$uri $uri/ /index.html";
|
}
|
||||||
# };
|
];
|
||||||
#
|
|
||||||
# locations."~ ^/(api|v[0-9]+|netdata.conf|registry|stream|version.txt)(/|$)" = {
|
locations."/" = {
|
||||||
# proxyPass = "http://127.0.0.1:${toString constants.services.netdata.port}";
|
root = netdata-dashboard;
|
||||||
# recommendedProxySettings = true;
|
tryFiles = "$uri $uri/ /index.html";
|
||||||
# };
|
};
|
||||||
# };
|
|
||||||
|
locations."~ ^/(api|v[0-9]+|netdata.conf|registry|stream|version.txt)(/|$)" = {
|
||||||
|
proxyPass = "http://127.0.0.1:${toString constants.services.netdata.port}";
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
security.acme = {
|
||||||
|
acceptTerms = true;
|
||||||
|
certs."${constants.services.netdata.fqdn}" = {
|
||||||
|
domain = constants.services.netdata.fqdn;
|
||||||
|
dnsProvider = "hetzner";
|
||||||
|
credentialFiles.HETZNER_API_TOKEN_FILE = config.sops.secrets.hetzner-api-key.path;
|
||||||
|
group = "nginx";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
services.journald.storage = "persistent";
|
services.journald.storage = "persistent";
|
||||||
|
|
||||||
|
|
@ -83,6 +98,12 @@ in
|
||||||
restartUnits = [ "netdata.service" ];
|
restartUnits = [ "netdata.service" ];
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
secrets.hetzner-api-key = {
|
||||||
|
inherit mode;
|
||||||
|
owner = "acme";
|
||||||
|
group = "acme";
|
||||||
|
};
|
||||||
|
|
||||||
secrets."netdata/stream/rx4/uuid" = {
|
secrets."netdata/stream/rx4/uuid" = {
|
||||||
inherit
|
inherit
|
||||||
owner
|
owner
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue