From eac7803895890b42fb8235bf85f1927de38e3810 Mon Sep 17 00:00:00 2001
From: sid <sid@sid.ovh>
Date: Fri, 22 May 2026 21:17:28 +0200
Subject: [PATCH] netdata: ui should only be reachable inside tailnet

---
 hosts/sid/services/netdata.nix | 29 +++++++++++++++--------------
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/hosts/sid/services/netdata.nix b/hosts/sid/services/netdata.nix
index b69a02b..046f2eb 100644
--- a/hosts/sid/services/netdata.nix
+++ b/hosts/sid/services/netdata.nix
@@ -55,20 +55,21 @@ in
     NETDATA_USER_CONFIG_DIR = "/etc/netdata/conf.d";
   };
 
-  services.nginx.virtualHosts."${constants.services.netdata.fqdn}" = {
-    enableACME = true;
-    forceSSL = true;
-
-    locations."/" = {
-      root = netdata-dashboard;
-      tryFiles = "$uri $uri/ /index.html";
-    };
-
-    locations."~ ^/(api|v[0-9]+|netdata.conf|registry|stream|version.txt)(/|$)" = {
-      proxyPass = "http://127.0.0.1:${toString constants.services.netdata.port}";
-      recommendedProxySettings = true;
-    };
-  };
+  # TODO: move into Tailnet
+  # services.nginx.virtualHosts."${constants.services.netdata.fqdn}" = {
+  #   enableACME = true;
+  #   forceSSL = true;
+  #
+  #   locations."/" = {
+  #     root = netdata-dashboard;
+  #     tryFiles = "$uri $uri/ /index.html";
+  #   };
+  #
+  #   locations."~ ^/(api|v[0-9]+|netdata.conf|registry|stream|version.txt)(/|$)" = {
+  #     proxyPass = "http://127.0.0.1:${toString constants.services.netdata.port}";
+  #     recommendedProxySettings = true;
+  #   };
+  # };
 
   services.journald.storage = "persistent";