Configure Uptime-Kuma host

This commit is contained in:
June 2024-08-04 02:19:26 +02:00 committed by echtnurich
parent fe24a029cc
commit 94f8269d22
Signed by: echtnurich
SSH key fingerprint: SHA256:1eIkxME0VPeXC2WMl9Haus+q0SLFymSAWU7f6Z+A8Aw
7 changed files with 216 additions and 0 deletions

View file

@ -9,6 +9,7 @@
services.nginx.streamConfig = '' services.nginx.streamConfig = ''
map $ssl_preread_server_name $address { map $ssl_preread_server_name $address {
status.ccchh.net 10.31.206.15:8443; status.ccchh.net 10.31.206.15:8443;
status.hamburg.ccc.de 10.31.206.15:8443;
} }
# Listen on port 443 as a reverse proxy and use PROXY Protocol for the # Listen on port 443 as a reverse proxy and use PROXY Protocol for the

View file

@ -0,0 +1,10 @@
{ ... }:
{
networking = {
hostName = "status";
domain = "z9.ccchh.net";
};
system.stateVersion = "24.05";
}

View file

@ -0,0 +1,10 @@
{ ... }:
{
imports = [
./configuration.nix
./networking.nix
./nginx.nix
./uptime-kuma.nix
];
}

View file

@ -0,0 +1,29 @@
{ ... }:
{
networking = {
interfaces.net0 = {
ipv4.addresses = [
{
address = "10.31.206.15";
prefixLength = 23;
}
];
ipv6.addresses = [
{
address = "2a07:c480:0:1ce::f";
prefixLength = 64;
}
];
};
defaultGateway = "10.31.206.1";
defaultGateway6 = "2a07:c480:0:1ce::1";
nameservers = [ "10.31.206.1" "2a07:c480:0:1ce::1" ];
search = [ "z9.ccchh.net" ];
};
systemd.network.links."10-net0" = {
matchConfig.MACAddress = "BC:24:11:79:D3:E1";
linkConfig.Name = "net0";
};
}

View file

@ -0,0 +1,149 @@
# Sources for this configuration:
# - https://github.com/louislam/uptime-kuma/wiki/Reverse-Proxy
{ config, ... }:
{
services.nginx = {
enable = true;
virtualHosts = {
"status.hamburg.ccc.de" = {
forceSSL = true;
enableACME = true;
serverName = "status.hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 80;
}
{
addr = "[::]";
port = 443;
ssl = true;
}
];
locations."/" = {
proxyPass = "http://localhost:3001";
proxyWebsockets = true;
};
};
"status-proxyprotocol.hamburg.ccc.de" = {
forceSSL = true;
useACMEHost = "status.hamburg.ccc.de";
serverName = "status.hamburg.ccc.de";
listen = [
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
locations."/" = {
proxyPass = "http://localhost:3001";
proxyWebsockets = true;
};
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
# First set our proxy protocol proxy as trusted.
set_real_ip_from 10.31.206.11;
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;
'';
};
"status.ccchh.net" = {
forceSSL = true;
useACMEHost = "status.hamburg.ccc.de";
serverName = "status.ccchh.net";
listen = [
{
addr = "[::]";
port = 80;
}
{
addr = "[::]";
port = 443;
ssl = true;
}
];
globalRedirect = "status.hamburg.ccc.de";
redirectCode = 307;
};
"status-proxyprotocol.ccchh.net" = {
forceSSL = true;
useACMEHost = "status.hamburg.ccc.de";
serverName = "status.ccchh.net";
listen = [
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
globalRedirect = "status.hamburg.ccc.de";
redirectCode = 307;
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
# First set our proxy protocol proxy as trusted.
set_real_ip_from 10.31.206.11;
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;
'';
};
"status.z9.ccchh.net" = {
forceSSL = true;
useACMEHost = "status.hamburg.ccc.de";
serverName = "status.z9.ccchh.net";
listen = [
{
addr = "0.0.0.0";
port = 80;
}
{
addr = "[::]";
port = 80;
}
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
{
addr = "[::]";
port = 443;
ssl = true;
}
];
globalRedirect = "status.hamburg.ccc.de";
redirectCode = 307;
};
};
};
security.acme.certs."status.hamburg.ccc.de".extraDomainNames = [
"status.ccchh.net"
"status.z9.ccchh.net"
];
networking.firewall.allowedTCPPorts = [ 80 443 8443 ];
}

View file

@ -0,0 +1,7 @@
{ ... }:
{
services.uptime-kuma = {
enable = true;
};
}

View file

@ -225,6 +225,16 @@
inherit pkgs-unstable; inherit pkgs-unstable;
}; };
}; };
status = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
./config/common
./config/proxmox-vm
sops-nix.nixosModules.sops
./config/hosts/status
];
};
}; };
packages.x86_64-linux = { packages.x86_64-linux = {