Services: add Cockpit

2024-08-16 14:57:31 -04:00 · 2024-08-16 14:57:31 -04:00 · 446c0afd75
parent dd8e3cc2ff
commit 446c0afd75
4 changed files with 72 additions and 5 deletions
--- a/flake.lock
+++ b/flake.lock
@ -234,11 +234,11 @@
    "nix-secrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1722808247,
-        "narHash": "sha256-86DGPkJh8dXSS/M5F6a0M7roGdn3QSTGY0X5fUyZk/M=",
+        "lastModified": 1723834524,
+        "narHash": "sha256-MmOQDY6EjyzyX0HLFjOV3EgUqtHrcXRdjhc6eIE/wyc=",
        "ref": "refs/heads/main",
-        "rev": "1cc4e1ea861931fccbfd7d7ca8e364ca277138d6",
-        "revCount": 57,
+        "rev": "6ca21756c9f3653a0f1e60c5cb7abc8ea5ab0d46",
+        "revCount": 58,
        "type": "git",
        "url": "file:./nix-secrets"
      },
--- a/hosts/Dimaga/default.nix
+++ b/hosts/Dimaga/default.nix
@ -11,6 +11,7 @@ let

  subdomains = [
    config.secrets.services.airsonic.url
+    config.secrets.services.cockpit.url
    config.secrets.services.forgejo.url
    config.secrets.services.gremlin-lab.url
    config.secrets.services.jellyfin.url
@ -141,6 +142,11 @@ in
        domain = config.secrets.networking.primaryDomain;
        url = config.secrets.services.airsonic.url;
      };
+      cockpit = {
+        enable = true;
+        domain = config.secrets.networking.primaryDomain;
+        url = config.secrets.services.cockpit.url;
+      };
      jellyfin = {
        enable = true;
        autostart = false;
--- a/modules/services/cockpit.nix
+++ b/modules/services/cockpit.nix
@ -0,0 +1,61 @@
+{ config, lib, ... }:
+let
+  cfg = config.aux.system.services.cockpit;
+in
+{
+  options = {
+    aux.system.services.cockpit = {
+      enable = lib.mkEnableOption "Enables Cockpit monitoring.";
+      domain = lib.mkOption {
+        default = "";
+        type = lib.types.str;
+        description = "The root domain that Cockpit will be hosted on.";
+        example = "example.com";
+      };
+      url = lib.mkOption {
+        default = "";
+        type = lib.types.str;
+        description = "The complete URL where Cockpit is hosted.";
+        example = "https://cockpit.example.com";
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+
+    services = {
+      nginx.virtualHosts."${cfg.url}" = {
+        useACMEHost = cfg.domain;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:9090";
+          extraConfig = ''
+            # Taken from https://garrett.github.io/cockpit-project.github.io/external/wiki/Proxying-Cockpit-over-NGINX
+            # Required to proxy the connection to Cockpit
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-Proto $scheme;
+
+            # Required for web sockets to function
+            proxy_http_version 1.1;
+            proxy_buffering off;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+          '';
+        };
+      };
+
+      cockpit = {
+        enable = true;
+        port = 9090;
+        settings = {
+          WebService = {
+            Origins = "https://${cfg.url} wss://${cfg.url}";
+            ProtocolHeader = "X-Forwarded-Proto";
+          };
+        };
+      };
+    };
+    systemd.services.nginx.wants = [ config.systemd.services.cockpit.name ];
+
+  };
+}
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 1cc4e1ea861931fccbfd7d7ca8e364ca277138d6
+Subproject commit 6ca21756c9f3653a0f1e60c5cb7abc8ea5ab0d46