diff --git a/flake.lock b/flake.lock index 68355ea..2189b3d 100644 --- a/flake.lock +++ b/flake.lock @@ -234,11 +234,11 @@ "nix-secrets": { "flake": false, "locked": { - "lastModified": 1722808247, - "narHash": "sha256-86DGPkJh8dXSS/M5F6a0M7roGdn3QSTGY0X5fUyZk/M=", + "lastModified": 1723834524, + "narHash": "sha256-MmOQDY6EjyzyX0HLFjOV3EgUqtHrcXRdjhc6eIE/wyc=", "ref": "refs/heads/main", - "rev": "1cc4e1ea861931fccbfd7d7ca8e364ca277138d6", - "revCount": 57, + "rev": "6ca21756c9f3653a0f1e60c5cb7abc8ea5ab0d46", + "revCount": 58, "type": "git", "url": "file:./nix-secrets" }, diff --git a/hosts/Dimaga/default.nix b/hosts/Dimaga/default.nix index d28944e..1474bcf 100644 --- a/hosts/Dimaga/default.nix +++ b/hosts/Dimaga/default.nix @@ -11,6 +11,7 @@ let subdomains = [ config.secrets.services.airsonic.url + config.secrets.services.cockpit.url config.secrets.services.forgejo.url config.secrets.services.gremlin-lab.url config.secrets.services.jellyfin.url @@ -141,6 +142,11 @@ in domain = config.secrets.networking.primaryDomain; url = config.secrets.services.airsonic.url; }; + cockpit = { + enable = true; + domain = config.secrets.networking.primaryDomain; + url = config.secrets.services.cockpit.url; + }; jellyfin = { enable = true; autostart = false; diff --git a/modules/services/cockpit.nix b/modules/services/cockpit.nix new file mode 100644 index 0000000..847f24c --- /dev/null +++ b/modules/services/cockpit.nix @@ -0,0 +1,61 @@ +{ config, lib, ... }: +let + cfg = config.aux.system.services.cockpit; +in +{ + options = { + aux.system.services.cockpit = { + enable = lib.mkEnableOption "Enables Cockpit monitoring."; + domain = lib.mkOption { + default = ""; + type = lib.types.str; + description = "The root domain that Cockpit will be hosted on."; + example = "example.com"; + }; + url = lib.mkOption { + default = ""; + type = lib.types.str; + description = "The complete URL where Cockpit is hosted."; + example = "https://cockpit.example.com"; + }; + }; + }; + + config = lib.mkIf cfg.enable { + + services = { + nginx.virtualHosts."${cfg.url}" = { + useACMEHost = cfg.domain; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:9090"; + extraConfig = '' + # Taken from https://garrett.github.io/cockpit-project.github.io/external/wiki/Proxying-Cockpit-over-NGINX + # Required to proxy the connection to Cockpit + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto $scheme; + + # Required for web sockets to function + proxy_http_version 1.1; + proxy_buffering off; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + ''; + }; + }; + + cockpit = { + enable = true; + port = 9090; + settings = { + WebService = { + Origins = "https://${cfg.url} wss://${cfg.url}"; + ProtocolHeader = "X-Forwarded-Proto"; + }; + }; + }; + }; + systemd.services.nginx.wants = [ config.systemd.services.cockpit.name ]; + + }; +} diff --git a/nix-secrets b/nix-secrets index 1cc4e1e..6ca2175 160000 --- a/nix-secrets +++ b/nix-secrets @@ -1 +1 @@ -Subproject commit 1cc4e1ea861931fccbfd7d7ca8e364ca277138d6 +Subproject commit 6ca21756c9f3653a0f1e60c5cb7abc8ea5ab0d46