summaryrefslogtreecommitdiff
path: root/hosts/vidhar/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/vidhar/default.nix')
-rw-r--r--hosts/vidhar/default.nix11
1 files changed, 11 insertions, 0 deletions
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
index 0cb11ec8..16405a26 100644
--- a/hosts/vidhar/default.nix
+++ b/hosts/vidhar/default.nix
@@ -123,6 +123,10 @@
123 }; 123 };
124 virtualHosts = { 124 virtualHosts = {
125 ${config.services.grafana.domain} = { 125 ${config.services.grafana.domain} = {
126 addSSL = true;
127 forceSSL = true;
128 sslCertificate = ./selfsigned.crt;
129 sslCertificateKey = config.sops.secrets."selfsigned.key".path;
126 locations."/" = { 130 locations."/" = {
127 proxyPass = "http://grafana/"; 131 proxyPass = "http://grafana/";
128 proxyWebsockets = true; 132 proxyWebsockets = true;
@@ -149,6 +153,13 @@
149 sopsFile = ./grafana-secret-key; 153 sopsFile = ./grafana-secret-key;
150 owner = "grafana"; 154 owner = "grafana";
151 }; 155 };
156 sops.secrets."selfsigned.key" = {
157 format = "binary";
158 sopsFile = ./selfsigned.key;
159 group = "ssl";
160 mode = "0440";
161 };
162 users.groups.ssl.members = ["nginx"];
152 163
153 services.loki = { 164 services.loki = {
154 enable = true; 165 enable = true;
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-28 15:37:58 +0000