Compare commits

...

2 Commits

Author SHA1 Message Date
Adrian G L 05589e7520 fix: put loki behind nginx proxy to hide debug/pprof endpoint and only allow push. 2026-06-12 13:28:27 +02:00
Adrian G L b592f0100a feat: add radicle to bekkalokk 2026-05-31 02:22:24 +02:00
3 changed files with 61 additions and 3 deletions
+1
View File
@@ -7,6 +7,7 @@
./services/alps.nix ./services/alps.nix
./services/bluemap.nix ./services/bluemap.nix
./services/radicle.nix
./services/idp-simplesamlphp ./services/idp-simplesamlphp
./services/kerberos.nix ./services/kerberos.nix
./services/mediawiki ./services/mediawiki
+40
View File
@@ -0,0 +1,40 @@
{ config, lib, ... }:
let
domain = "dav.pvv.ntnu.no";
radicalePort = 5232;
in {
services.radicale = {
enable = true;
settings = {
server = {
hosts = [ "127.0.0.1:${toString radicalePort}" ];
};
auth = {
type = "imap";
imap_host = "imap.pvv.ntnu.no";
imap_security = "tls";
};
storage = {
filesystem_folder = "/var/lib/radicale/collections";
};
};
};
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
kTLS = true;
extraConfig = ''
client_max_body_size 128M;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:${toString radicalePort}";
proxyWebsockets = true;
};
};
networking.firewall.allowedTCPPorts = [ radicalePort ];
}
+20 -3
View File
@@ -3,14 +3,15 @@
let let
cfg = config.services.loki; cfg = config.services.loki;
stateDir = "/data/monitoring/loki"; stateDir = "/data/monitoring/loki";
internalPort = 83100;
in { in {
services.loki = { services.loki = {
enable = true; enable = true;
configuration = { configuration = {
auth_enabled = false; auth_enabled = false;
server = { server = {
http_listen_port = 3100; http_listen_port = internalPort;
http_listen_address = "0.0.0.0"; http_listen_address = "127.0.0.1";
grpc_listen_port = 9096; grpc_listen_port = 9096;
}; };
@@ -81,5 +82,21 @@ in {
}; };
}; };
networking.firewall.allowedTCPPorts = [ cfg.configuration.server.http_listen_port ]; services.nginx.virtualHosts."loki-internal" = {
listen = [{
addr = "0.0.0.0";
port = 3100;
ssl = false;
}];
locations = {
"/loki/api/v1/push" = {
proxyPass = "http://127.0.0.1:${toString internalPort}";
};
"/" = {
return = "403";
};
};
};
networking.firewall.allowedTCPPorts = [ 3100 ];
} }