add nginx reverse proxy behind gatus and prometheus

2024-03-09 10:19:06 +01:00 · 2024-03-09 10:19:06 +01:00 · 01138760f4
commit 01138760f4
parent 2f608a764a
1 changed files with 23 additions and 3 deletions
--- a/nix/modules/monitoring/default.nix
+++ b/nix/modules/monitoring/default.nix
@ -1,6 +1,7 @@
 { lib, pkgs, nixpkgs-unstable, config, machines, ... }:
 let
  cfg = config.lab.monitoring;
+  gatusPort = 8080;
 in
 {
  imports = [
@ -24,10 +25,11 @@ in

  config = lib.mkIf cfg.enable {
    networking.firewall.allowedTCPPorts = [ config.services.prometheus.exporters.node.port ]
-      ++ lib.lists.optionals cfg.server.enable [ config.services.prometheus.port ];
+      ++ lib.lists.optionals cfg.server.enable [ 80 ];

    services.prometheus = {
      enable = cfg.server.enable;
+      webExternalUrl = "/prometheus";

      exporters = {
        node = {
@ -39,6 +41,7 @@ in
        lib.attrsets.mapAttrsToList
          (name: machine:
            let
+              # TODO: should finally create my own lib...
              domain = if machine.isPhysical then "hyp" else "dmz";
            in
            {
@ -54,10 +57,9 @@ in
    services.gatus = lib.mkIf cfg.server.enable {
      enable = true;
      package = pkgs.unstable.gatus;
-      openFirewall = true;

      settings = {
-        web.port = 4242;
+        web.port = gatusPort;

        storage = {
          type = "sqlite";
@ -87,5 +89,23 @@ in
        chown gatus:gatus /srv/gatus
      '';
    };
+
+    services.nginx = lib.mkIf cfg.server.enable {
+      enable = true;
+
+      virtualHosts."${config.networking.fqdn}" = {
+        locations = {
+          "/" = {
+            proxyPass = "http://127.0.0.1:${toString gatusPort}";
+            recommendedProxySettings = true;
+          };
+
+          "/prometheus/" = {
+            proxyPass = "http://127.0.0.1:${toString config.services.prometheus.port}";
+            recommendedProxySettings = true;
+          };
+        };
+      };
+    };
  };
 }