2024-10-21 12:31:30 +07:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
lib,
|
|
|
|
pkgs,
|
|
|
|
...
|
|
|
|
}:
|
2024-06-13 13:52:45 +07:00
|
|
|
let
|
|
|
|
cfg = config.profile.services.cockpit;
|
2024-06-13 14:04:10 +07:00
|
|
|
inherit (lib) mkIf;
|
2024-06-13 13:52:45 +07:00
|
|
|
in
|
|
|
|
{
|
|
|
|
config = mkIf cfg.enable {
|
|
|
|
environment.systemPackages = mkIf config.profile.podman.enable [
|
|
|
|
(pkgs.callPackage ../packages/cockpit-podman.nix { })
|
|
|
|
];
|
2024-11-24 20:16:30 +07:00
|
|
|
|
|
|
|
services.nginx.virtualHosts."cockpit.tigor.web.id" = {
|
2024-11-24 21:31:04 +07:00
|
|
|
useACMEHost = "tigor.web.id";
|
2024-11-24 20:16:30 +07:00
|
|
|
forceSSL = true;
|
|
|
|
locations."/" = {
|
|
|
|
proxyPass = "http://0.0.0.0:9090";
|
|
|
|
proxyWebsockets = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-11-24 21:31:04 +07:00
|
|
|
security.acme.certs."tigor.web.id".extraDomainNames = [ "cockpit.tigor.web.id" ];
|
|
|
|
|
2024-10-21 12:31:30 +07:00
|
|
|
services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = # caddyfile
|
|
|
|
''
|
|
|
|
@denied not remote_ip private_ranges
|
2024-07-28 21:05:39 +07:00
|
|
|
|
2024-10-21 12:31:30 +07:00
|
|
|
respond @denied "Access denied" 403
|
2024-07-28 21:05:39 +07:00
|
|
|
|
2024-10-21 12:31:30 +07:00
|
|
|
reverse_proxy 0.0.0.0:9090
|
|
|
|
'';
|
2024-07-06 22:01:57 +07:00
|
|
|
services.udisks2.enable = true;
|
2024-06-13 13:52:45 +07:00
|
|
|
services.cockpit = {
|
|
|
|
enable = true;
|
|
|
|
openFirewall = true;
|
|
|
|
settings = {
|
|
|
|
WebService = {
|
|
|
|
AllowUnencrypted = true;
|
|
|
|
ProtocolHeader = "X-Forwarded-Proto";
|
|
|
|
ForwardedForHeader = "X-Forwarded-For";
|
|
|
|
};
|
|
|
|
Session = {
|
|
|
|
IdleTimeout = 120; # 2 hours.
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|