summaryrefslogtreecommitdiff
path: root/hosts/vidhar/default.nix
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-01-23 16:43:34 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2022-01-23 16:43:34 +0100
commitc1c8242845b1006f0cccef7211deef8195cbd1b0 (patch)
tree5ef65c7422a2d7075bee2f907f3ce199a8b04de4 /hosts/vidhar/default.nix
parent99f7fa13ee3967370c2dbce49c54e834ef9a0565 (diff)
downloadnixos-c1c8242845b1006f0cccef7211deef8195cbd1b0.tar
nixos-c1c8242845b1006f0cccef7211deef8195cbd1b0.tar.gz
nixos-c1c8242845b1006f0cccef7211deef8195cbd1b0.tar.bz2
nixos-c1c8242845b1006f0cccef7211deef8195cbd1b0.tar.xz
nixos-c1c8242845b1006f0cccef7211deef8195cbd1b0.zip
vidhar: selfsigned tls cert
Diffstat (limited to 'hosts/vidhar/default.nix')
-rw-r--r--hosts/vidhar/default.nix11
1 files changed, 11 insertions, 0 deletions
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
index 0cb11ec8..16405a26 100644
--- a/hosts/vidhar/default.nix
+++ b/hosts/vidhar/default.nix
@@ -123,6 +123,10 @@
123 }; 123 };
124 virtualHosts = { 124 virtualHosts = {
125 ${config.services.grafana.domain} = { 125 ${config.services.grafana.domain} = {
126 addSSL = true;
127 forceSSL = true;
128 sslCertificate = ./selfsigned.crt;
129 sslCertificateKey = config.sops.secrets."selfsigned.key".path;
126 locations."/" = { 130 locations."/" = {
127 proxyPass = "http://grafana/"; 131 proxyPass = "http://grafana/";
128 proxyWebsockets = true; 132 proxyWebsockets = true;
@@ -149,6 +153,13 @@
149 sopsFile = ./grafana-secret-key; 153 sopsFile = ./grafana-secret-key;
150 owner = "grafana"; 154 owner = "grafana";
151 }; 155 };
156 sops.secrets."selfsigned.key" = {
157 format = "binary";
158 sopsFile = ./selfsigned.key;
159 group = "ssl";
160 mode = "0440";
161 };
162 users.groups.ssl.members = ["nginx"];
152 163
153 services.loki = { 164 services.loki = {
154 enable = true; 165 enable = true;
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-28 00:22:55 +0000