hosts/VEGAS: add uptime-kuma
This commit is contained in:
parent
8c384c69a8
commit
fd7ae38e66
2 changed files with 81 additions and 0 deletions
80
hosts/VEGAS/services/uptime-kuma/default.nix
Normal file
80
hosts/VEGAS/services/uptime-kuma/default.nix
Normal file
|
@ -0,0 +1,80 @@
|
|||
{ config, inputs, lib, pkgs, tools, ... }:
|
||||
|
||||
let
|
||||
inherit (tools.meta) domain;
|
||||
|
||||
flakePkgs = inputs.self.packages.${pkgs.system};
|
||||
|
||||
port = config.portsStr.uptime-kuma;
|
||||
|
||||
dataDir = "/srv/storage/private/uptime-kuma";
|
||||
in
|
||||
|
||||
{
|
||||
reservePortsFor = [ "uptime-kuma" ];
|
||||
|
||||
users.users.uptime-kuma = {
|
||||
isSystemUser = true;
|
||||
home = "${dataDir}/.home";
|
||||
group = "uptime-kuma";
|
||||
};
|
||||
|
||||
users.groups.uptime-kuma = {};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${dataDir}' 0700 uptime-kuma uptime-kuma - -"
|
||||
];
|
||||
|
||||
systemd.services.uptime-kuma = {
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
User = "uptime-kuma";
|
||||
Group = "uptime-kuma";
|
||||
|
||||
ProtectSystem = "strict";
|
||||
ReadWritePaths = [ dataDir ];
|
||||
ProtectHome = "tmpfs";
|
||||
RestrictAddressFamilies = [
|
||||
"AF_INET"
|
||||
"AF_INET6"
|
||||
"AF_NETLINK"
|
||||
];
|
||||
NoNewPrivileges = true;
|
||||
PrivateTmp = true;
|
||||
PrivateDevices = true;
|
||||
PrivateUsers = true;
|
||||
LockPersonality = true;
|
||||
SystemCallArchitectures = [ "native" ];
|
||||
|
||||
ProtectClock = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
|
||||
ExecStart = flakePkgs.uptime-kuma + /bin/uptime-kuma;
|
||||
};
|
||||
|
||||
|
||||
environment = {
|
||||
NODE_ENV = "production";
|
||||
DATA_DIR = dataDir;
|
||||
UPTIME_KUMA_HOST = "127.0.0.1";
|
||||
UPTIME_KUMA_PORT = port;
|
||||
UPTIME_KUMA_HIDE_LOG = lib.concatStringsSep "," [
|
||||
"debug_monitor"
|
||||
"info_monitor"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."status.${domain}" = lib.recursiveUpdate (tools.nginx.vhosts.proxy "http://127.0.0.1:${port}") {
|
||||
locations = {
|
||||
"/".proxyWebsockets = true;
|
||||
"=/".return = "302 /status/${builtins.replaceStrings ["."] ["-"] domain}";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -37,6 +37,7 @@
|
|||
./services/openvpn
|
||||
./services/sips
|
||||
./services/sso
|
||||
./services/uptime-kuma
|
||||
./services/vault
|
||||
./services/warehouse
|
||||
./services/websites
|
||||
|
|
Loading…
Reference in a new issue