ngp.computer / nixos
Configuration for my NixOS based systems and Home Manager
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Simple auth for victoriatraces

Noah Pederson 2fcb7722 5373c42a

+27 -12
-2
host-specific/misaki/networking.nix
··· 102 102 564 103 103 # Misc development 104 104 3000 105 - # Victoria Traces 106 - 10428 107 105 # Victoria Logs 108 106 9428 109 107 # Syncthing GUI
+26 -10
host-specific/misaki/services.nix
··· 591 591 owner = "root"; 592 592 group = "root"; 593 593 }; 594 + age.secrets.victoriatraces-write-pass = { 595 + file = ../../secrets/victoriatraces-write-pass.age; 596 + owner = "root"; 597 + group = "root"; 598 + }; 594 599 services.victorialogs = { 595 600 enable = true; 596 601 basicAuthUsername = "noah"; ··· 599 604 600 605 services.victoriatraces = { 601 606 enable = true; 602 - basicAuthUsername = "noah"; 603 - basicAuthPasswordFile = config.age.secrets.victoriapass.path; 607 + listenAddress = "127.0.0.1:10428"; 604 608 }; 609 + 610 + system.activationScripts.nginx-victoriatraces-htpasswd = '' 611 + mkdir -p /var/lib/nginx 612 + ${pkgs.apacheHttpd}/bin/htpasswd -nbB noah "$(cat ${config.age.secrets.victoriapass.path})" > /var/lib/nginx/victoriatraces.htpasswd 613 + ${pkgs.apacheHttpd}/bin/htpasswd -nbB noah "$(cat ${config.age.secrets.victoriapass.path})" > /var/lib/nginx/victoriatraces-insert.htpasswd 614 + ${pkgs.apacheHttpd}/bin/htpasswd -nbB publisher "$(cat ${config.age.secrets.victoriatraces-write-pass.path})" >> /var/lib/nginx/victoriatraces-insert.htpasswd 615 + ''; 605 616 606 617 # Litterbox, collect my IRC logs 607 618 systemd = { ··· 818 829 }; 819 830 virtualHosts."traces.ngp.computer" = { 820 831 http2 = true; 832 + extraConfig = '' 833 + allow 192.168.0.0/16; 834 + allow 10.0.0.0/8; 835 + allow 172.16.0.0/12; 836 + allow 127.0.0.1; 837 + allow ::1; 838 + deny all; 839 + ''; 821 840 locations."/" = { 822 841 proxyPass = "http://localhost:10428/"; 823 - extraConfig = '' 824 - allow 192.168.0.0/16; 825 - allow 10.0.0.0/8; 826 - allow 172.16.0.0/12; 827 - allow 127.0.0.1; 828 - allow ::1; 829 - deny all; 830 - ''; 842 + basicAuthFile = "/var/lib/nginx/victoriatraces.htpasswd"; 843 + }; 844 + locations."/insert/" = { 845 + proxyPass = "http://localhost:10428/"; 846 + basicAuthFile = "/var/lib/nginx/victoriatraces-insert.htpasswd"; 831 847 }; 832 848 }; 833 849
+1
secrets/secrets.nix
··· 30 30 "garage_admin_secret.age".publicKeys = [ misaki ] ++ noah; 31 31 "garage_metrics_secret.age".publicKeys = [ misaki ] ++ noah; 32 32 "victoria-secret.age".publicKeys = [ misaki ] ++ noah; 33 + "victoriatraces-write-pass.age".publicKeys = [ misaki ] ++ noah; 33 34 "obsidian-auth-token.age".publicKeys = [ misaki ] ++ noah; 34 35 "pocket-id-encryption-key.age".publicKeys = [ misaki ] ++ noah; 35 36 "coder-client-secret.age".publicKeys = [ odin ] ++ noah;
secrets/victoriatraces-write-pass.age

This is a binary file and will not be displayed.