hosts/VEGAS: add uptime-kuma

This commit is contained in:
Max Headroom 2022-04-27 22:08:49 +02:00
parent 8c384c69a8
commit fd7ae38e66
2 changed files with 81 additions and 0 deletions

View file

@ -0,0 +1,80 @@
{ config, inputs, lib, pkgs, tools, ... }:
let
inherit (tools.meta) domain;
flakePkgs = inputs.self.packages.${pkgs.system};
port = config.portsStr.uptime-kuma;
dataDir = "/srv/storage/private/uptime-kuma";
in
{
reservePortsFor = [ "uptime-kuma" ];
users.users.uptime-kuma = {
isSystemUser = true;
home = "${dataDir}/.home";
group = "uptime-kuma";
};
users.groups.uptime-kuma = {};
systemd.tmpfiles.rules = [
"d '${dataDir}' 0700 uptime-kuma uptime-kuma - -"
];
systemd.services.uptime-kuma = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "uptime-kuma";
Group = "uptime-kuma";
ProtectSystem = "strict";
ReadWritePaths = [ dataDir ];
ProtectHome = "tmpfs";
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_NETLINK"
];
NoNewPrivileges = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateUsers = true;
LockPersonality = true;
SystemCallArchitectures = [ "native" ];
ProtectClock = true;
ProtectControlGroups = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ExecStart = flakePkgs.uptime-kuma + /bin/uptime-kuma;
};
environment = {
NODE_ENV = "production";
DATA_DIR = dataDir;
UPTIME_KUMA_HOST = "127.0.0.1";
UPTIME_KUMA_PORT = port;
UPTIME_KUMA_HIDE_LOG = lib.concatStringsSep "," [
"debug_monitor"
"info_monitor"
];
};
};
services.nginx.virtualHosts."status.${domain}" = lib.recursiveUpdate (tools.nginx.vhosts.proxy "http://127.0.0.1:${port}") {
locations = {
"/".proxyWebsockets = true;
"=/".return = "302 /status/${builtins.replaceStrings ["."] ["-"] domain}";
};
};
}

View file

@ -37,6 +37,7 @@
./services/openvpn
./services/sips
./services/sso
./services/uptime-kuma
./services/vault
./services/warehouse
./services/websites