aires/nix-configuration
aires/nix-configuration
1
0
Fork 0
Code Actions Activity

Services: add Cockpit

Browse source
This commit is contained in:
Aires 2024-08-16 14:57:31 -04:00
parent dd8e3cc2ff
commit 446c0afd75
4 changed files with 72 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
flake.lock
View file

@ -234,11 +234,11 @@
"nix-secrets": { "nix-secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1722808247, "lastModified": 1723834524,
"narHash": "sha256-86DGPkJh8dXSS/M5F6a0M7roGdn3QSTGY0X5fUyZk/M=", "narHash": "sha256-MmOQDY6EjyzyX0HLFjOV3EgUqtHrcXRdjhc6eIE/wyc=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "1cc4e1ea861931fccbfd7d7ca8e364ca277138d6", "rev": "6ca21756c9f3653a0f1e60c5cb7abc8ea5ab0d46",
"revCount": 57, "revCount": 58,
"type": "git", "type": "git",
"url": "file:./nix-secrets" "url": "file:./nix-secrets"
}, },

6
hosts/Dimaga/default.nix
View file

@ -11,6 +11,7 @@ let
subdomains = [ subdomains = [
config.secrets.services.airsonic.url config.secrets.services.airsonic.url
config.secrets.services.cockpit.url
config.secrets.services.forgejo.url config.secrets.services.forgejo.url
config.secrets.services.gremlin-lab.url config.secrets.services.gremlin-lab.url
config.secrets.services.jellyfin.url config.secrets.services.jellyfin.url
@ -141,6 +142,11 @@ in
domain = config.secrets.networking.primaryDomain; domain = config.secrets.networking.primaryDomain;
url = config.secrets.services.airsonic.url; url = config.secrets.services.airsonic.url;
}; };
cockpit = {
enable = true;
domain = config.secrets.networking.primaryDomain;
url = config.secrets.services.cockpit.url;
};
jellyfin = { jellyfin = {
enable = true; enable = true;
autostart = false; autostart = false;

61
modules/services/cockpit.nix Normal file
View file

@ -0,0 +1,61 @@
{ config, lib, ... }:
let
cfg = config.aux.system.services.cockpit;
in
{
options = {
aux.system.services.cockpit = {
enable = lib.mkEnableOption "Enables Cockpit monitoring.";
domain = lib.mkOption {
default = "";
type = lib.types.str;
description = "The root domain that Cockpit will be hosted on.";
example = "example.com";
};
url = lib.mkOption {
default = "";
type = lib.types.str;
description = "The complete URL where Cockpit is hosted.";
example = "https://cockpit.example.com";
};
};
};
config = lib.mkIf cfg.enable {
services = {
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = cfg.domain;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:9090";
extraConfig = ''
# Taken from https://garrett.github.io/cockpit-project.github.io/external/wiki/Proxying-Cockpit-over-NGINX
# Required to proxy the connection to Cockpit
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
# Required for web sockets to function
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
};
};
cockpit = {
enable = true;
port = 9090;
settings = {
WebService = {
Origins = "https://${cfg.url} wss://${cfg.url}";
ProtocolHeader = "X-Forwarded-Proto";
};
};
};
};
systemd.services.nginx.wants = [ config.systemd.services.cockpit.name ];
};
}

2
nix-secrets

@ -1 +1 @@
Subproject commit 1cc4e1ea861931fccbfd7d7ca8e364ca277138d6 Subproject commit 6ca21756c9f3653a0f1e60c5cb7abc8ea5ab0d46