netdata: ui should only be reachable inside tailnet

2026-05-22 21:17:28 +02:00 · 2026-05-22 21:17:28 +02:00 · eac7803895
commit eac7803895
parent 69d12812df
1 changed files with 15 additions and 14 deletions
--- a/hosts/sid/services/netdata.nix
+++ b/hosts/sid/services/netdata.nix
@ -55,20 +55,21 @@ in
    NETDATA_USER_CONFIG_DIR = "/etc/netdata/conf.d";
  };

-  services.nginx.virtualHosts."${constants.services.netdata.fqdn}" = {
-    enableACME = true;
-    forceSSL = true;
-
-    locations."/" = {
-      root = netdata-dashboard;
-      tryFiles = "$uri $uri/ /index.html";
-    };
-
-    locations."~ ^/(api|v[0-9]+|netdata.conf|registry|stream|version.txt)(/|$)" = {
-      proxyPass = "http://127.0.0.1:${toString constants.services.netdata.port}";
-      recommendedProxySettings = true;
-    };
-  };
+  # TODO: move into Tailnet
+  # services.nginx.virtualHosts."${constants.services.netdata.fqdn}" = {
+  #   enableACME = true;
+  #   forceSSL = true;
+  #
+  #   locations."/" = {
+  #     root = netdata-dashboard;
+  #     tryFiles = "$uri $uri/ /index.html";
+  #   };
+  #
+  #   locations."~ ^/(api|v[0-9]+|netdata.conf|registry|stream|version.txt)(/|$)" = {
+  #     proxyPass = "http://127.0.0.1:${toString constants.services.netdata.port}";
+  #     recommendedProxySettings = true;
+  #   };
+  # };

  services.journald.storage = "persistent";