NixOS/system/services/cockpit.nix

53 lines
1.2 KiB
Nix
Raw Normal View History

{
config,
lib,
pkgs,
...
}:
2024-06-13 13:52:45 +07:00
let
cfg = config.profile.services.cockpit;
inherit (lib) mkIf;
2024-06-13 13:52:45 +07:00
in
{
config = mkIf cfg.enable {
environment.systemPackages = mkIf config.profile.podman.enable [
(pkgs.callPackage ../packages/cockpit-podman.nix { })
];
2024-11-24 20:16:30 +07:00
services.nginx.virtualHosts."cockpit.tigor.web.id" = {
useACMEHost = "tigor.web.id";
2024-11-24 20:16:30 +07:00
forceSSL = true;
locations."/" = {
proxyPass = "http://0.0.0.0:9090";
proxyWebsockets = true;
};
};
security.acme.certs."tigor.web.id".extraDomainNames = [ "cockpit.tigor.web.id" ];
services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = # caddyfile
''
@denied not remote_ip private_ranges
respond @denied "Access denied" 403
reverse_proxy 0.0.0.0:9090
'';
services.udisks2.enable = true;
2024-06-13 13:52:45 +07:00
services.cockpit = {
enable = true;
openFirewall = true;
settings = {
WebService = {
AllowUnencrypted = true;
ProtocolHeader = "X-Forwarded-Proto";
ForwardedForHeader = "X-Forwarded-For";
};
Session = {
IdleTimeout = 120; # 2 hours.
};
};
};
};
}